A few days back at a birthday party, I had a very interesting conversation on the Germanwings crash with a Cargo pilot from Lufthansa. We talked about the door lock set-up that was installed after 9/11 and the new “cockpit rule” that quite some airlines were setting in place. As everybody probably knows by now, the new cockpit rule, makes it mandatory for 2 people of airplane staff to be present within the cockpit at all times.
The new “cockpit rule” as a stupid business rule
Basically whenever a pilot has to go for a pit-stop they have to call in a steward/stewardess. “What do you think about this rule?” I asked. “This will probably result in some stereotype-jokes on pilot/stewardess no?”. In what followed we agreed that a pilot could always knock-out his colleague pilot or steward colleague.
What was more annoying though for the pilot, was the trust-aspect. It’s like putting a babysitter next to you for controlling purpose. And this after having to pass thorough screenings and air miles buildup. Every three months “simulator time” is part of the job to prepare for every plausible issue that could have disastrous consequences on the safety of the passengers and the crew. We concluded that the airlines wanted to win the trust of the public again and that the cockpit rule was probably the first immediate procedure they could install and communicate on. We also concluded it was a stupid business rule.
A deeper look into the lock-door system
We took it back to the rules that were installed after 9/11. The lock-door button from within the cockpit could have been the implementation consequence of a thorough risk analysis. I imagined some security consultants sitting in a dark room around an xls-spreadsheet and weighing the risk of a passenger or crew-member with bad intentions entering the cockpit as “higher” than the risk of a pilot with bad intentions not opening the door for a co-pilote or crew-member.
What struck me and probably the rest of the world, was that it was basically impossible for the pilot of Germanwings to get into the cockpit after the lock-door button was pushed within the cock-pit. I asked the stupid question: “Was it really not possible to bash the door?” Apparently the door was reinforced and even bullet-proof. We concluded that every pilot should always have the possibility to enter the cockpit. A good old-fashion key, a security keyboard or biometrics solutions of eye- and fingerprint scanners can all safeguard this possibility to greater or lesser degree.
Now let’s just say German wings had implemented this solution. In that case the second pilot could have entered the cockpit. Of course he could have been knocked-down. So again not a good enough solution.
Data Quality rules on next generation navigators data
So let’s take this topic away from the access-to-the-cockpit topic, to the navigator-system and freedom degrees of pilot actions. From my understanding pilots typically do the take-offs and landings. The auto-pilot is typically flying most of the time of the flight. In case of an event such as turbulence, bad weather or technical issues occurring, the manual pilots can at any time take-over the airplane.
All of these events are very specific ones why a pilot wants to take-over that can be fact-checked in near real time. As such I wonder if proper governance controls around these data fields couldn’t have prevented the disaster. Let’s imagine a pilot wanting to take-over from the auto-pilot , can only do so, when selecting a valid purpose to do so. The validity of this purpose can immediately or after little time be fact-checked. In case of detection of a non-complying purpose, the auto-pilot should maybe be allowed to take-over from the manual pilot. This solution could both be implemented within a plane as from a distance.
Policy for sharing sensitive healthcare data?
A last thought was on the pilot. A few days after the Germanwings crash it was stated in many news channels that the pilot suffered from mental health problems such as suicidal thoughts and anxiety attacks. This raises the question as from when sensitive healthcare data of pilots should be shared with airlines.
And secondly for what purposes this data can be used within an airline. Who would be able to access this data within an airline and for what purposes? Maybe only specific cells of people with very high standards of confidentiality within airlines should be able to take difficult decisions based on the reception of such data.
Maybe outside the working of line managers and HR to ensure negative impacts or leaks on a career. These are very difficult boundaries between right of privacy of people on healthcare data and super ceding powers that should oblige the sharing of the data.
Such sharing of data requires new levels of maturity in treatment and should come with very strict rules to ensure privacy is guaranteed. Unfortunately a few days after the crash this sensitive data was shared with the web, sensation clicks and social media, resulting in a demonization and postmortem crusade of the pilot. All discussions on pilot bashing and cockpit rules lead the topic away from the institutional system failure of poor governance on data issues.
To summarize, waterproof systems do not exist but I cannot stop but wonder if a higher maturity around data governance within the aviation and healthcare sectors could maybe prevent such disasters from ever happening again.