GM Valukas Report

I recently read the report (119 MB pdf download) by Anton R. Valukas to the GM board of directors about GM's recent recall of millions of cars with defective ignition switches.  Because of a poor design the torque (twisting force) required to turn the key and move the switch position from "Run" to "Accessory" is unduly small enabling unintended accidental shutdowns of the engine while driving.  This causes loss of the power assists to steering and braking although in most cases the car will remain controllable.  Less obviously it also means the airbags will no longer activate in a crash.  This long (325 page) report is by an outside lawyer tasked with determining why the mistake was made and why it took GM so long (10+ years) to realize there was a safety problem and issue a recall. I found the report interesting (although I just skimmed it in a few places) and think it raises a number points worth noting.

The first point is why GM thought it best to assign this report to a lawyer rather than an engineer.  This suggests that they feel the legal aspects are more important than the engineering aspects.  They are probably correct (especially going forward) but this means the report (in my view at least) somewhat neglects the engineering aspects.  The report also seems to avoid asking questions which might aggravate GM's legal problems.

The GM engineer responsible for the ignition switch design had inherited the design from another engineer.  When the first prototypes from the outside supplier (Eaton which was later purchased by Delphi) failed to meet the torque requirement he chose to waive it.  It appears he did so because he did not focus on the role of the requirement in preventing unintended operation of the switch while driving.  The report (and others) have emphasized the fact that the switch didn't meet GM's requirement but this seems just a matter of semantics to me.  GM could just as well have changed the requirement rather than waiving it.  The requirement doesn't appear to have been based on any sort of careful analysis of what was required to prevent unintended operation of the switch.  It would not surprise me if it had just been copied from an earlier design. 

After the car went into production it soon became apparent there was a problem.  There were numerous complaints about inadvertent operation of the switch while driving.  This seems to have occurred most often when the driver had a key ring with lots of things on it and bumped them with their knee.  This is not a rare situation, currently I have 8 keys (besides 2 car keys) on my key ring and they are normally in contact with my knee as I drive.  I have never had the impression for my current car (or any of my previous cars) that this was risking accidental operation of the switch and I certainly would be extremely annoyed if I bought a car where this was a problem.  In my case although I have a bunch of keys on my key ring there is sufficient space for the key ring to hang freely from the ignition key.  This limits the torque you can exert by pulling on the other keys (because the lever arm is so short).  I have vague recollections of seeing people with key rings so tightly packed with stuff that they might not hang freely which would greatly increase the lever arm and the potential for a problem.  The report does not discuss this apparently assuming the weight of the key ring is the only important factor.  Nor does the report perform any sort of comparison with other ignition switches, it would interesting to know how much of an outlier the switch really was.

At this point GM decided the problem was a customer satisfaction issue rather than a safety issue.  While it is true that inadvertent operation of the switch would not always (or even usually) cause an accident it obviously is potentially hazardous.  But there seemed to be a feeling that something wasn't a safety issue unless it contravened some specific government safety regulation and the government has neglected to specify torque standards for ignition switches.  Of course the government has specified standards for airbags but apparently no one was alert to the fact that shutting down the engine also turns off the airbag actuator.  This would not have been a major problem if inadvertent operation of the switch and serious accidents were uncorrelated rare events as in that case having both happen at the same time would have been extremely unlikely.  However there is no reason to believe these events are uncorrelated.  There is clearly potential for unexpected operation of the switch to trigger an accident although it is unclear how likely this is.  GM received numerous complaints about unintended operation of the switch but the report doesn't mention (as I recall) that any claimed that this had caused an accident.  Of course if the driver is killed in the accident he isn't in a position to complain but if accidents are being triggered I would expect non-fatal accidents to be much more common.  Another possibility is for the accident sequence to trigger unintended operation of the switch prior to the final impact.  This could occur for example if the driver lost control and ran off the road for some distance before hitting a tree.  The bumpy ride before the final impact could operate the switch, turn off the engine and deactivate the airbags (if there is sufficient delay prior to the final impact, the final impact itself should not deactivate the airbag actuator before it triggers).  Apparently this scenario is consistent with several serious accidents in which the airbags unexpectedly failed to deploy.

An issue here is the somewhat artificial distinction between customer satisfaction problems for which cost benefit analysis is deemed appropriate and safety issues which are supposedly fixed regardless of cost.  Since in reality cost will always be a consideration this encourages a hidden cost benefit calculation which results in classifying safety problems that don't seem to be worth fixing as customer satisfaction  issues.  While this may have legal and public relations benefits the double think involved is likely causing a misallocation of resources with some safety issues receiving too much attention and others too little.

Eventually GM started to be sued over serious or fatal accidents in which airbags unexpectedly failed to deploy.  It took GM a very long time to realize that this was likely a consequence of inadvertent operation of the ignition switch.  According to the report this was due in part to the fact that many of the people involved either didn't know or didn't appropriately consider the fact that switching off the ignition also (after a slight delay) deactivates the airbags. 

A complicating factor was the switch was modified after a few years in a way that alleviated the problem.  Much has been made of the fact that the GM engineer that approved the modification (the same one responsible for the bad design) didn't assign a new part number and later claimed (including under oath in a lawsuit) no changes had been made.  Perhaps this was all part of a conscious cover up by the engineer of his original error but I am not totally convinced.  Another report suggested the change was initiated by the part's supplier and the GM engineer just signed off on it.  In which case it is vaguely plausible that several years later he would have forgotten doing so.  The part number issue also doesn't seem totally clear cut, I expect parts are changed all the time in apparently minor ways without a new part number being assigned.  Suppose for example the part supplier had itself changed spring suppliers (a spring within the switch held the switch in position, the modification seems to have been basically use of a stronger spring).  Would this have required a new part number?  However it does appear clear the GM engineer was not eager to acknowledge his original error in waiving the specification.  In any case this delayed GM's recognition that the switch was the problem as the investigators didn't understand how the switch could be responsible for a problem that had gone away if the switch hadn't been changed.  Although perhaps they put undue weight on the GM engineer's claim that no changes had been made.  It seems like double checking with the supplier at least would have been prudent. 

An issue here is that it is impractical for car companies to initiate a recall without understanding the problem enough to have a fix in place.  It is not very feasible to provide millions of loaner cars while GM tries to figure out what the problem is and how to fix it.  However it is clear that GM didn't give this sufficient attention.

It is in fact unclear whether GM even now really understands the problem.  While GM contends the modified switch is safe they also have recalled hundreds of thousands of cars just because of a slight possibility that the cars may have had a repair in which the new switch was replaced with the old switch.  GM claims it is not practical to tell the switches apart (which is in tension with their claim that a new part number was clearly required).  But it should be easy to measure how much force is required to operate the switch.  Even if there is some overlap between the old switches and the new switches this should distinguish between safe switches and unsafe switches which is the important point.  However setting a cutoff point between safe and unsafe would involve the sort of cost benefit analysis that GM doesn't want to acknowledge conducting with regard to safety issues.  Even though no switch is going to be totally safe (incapable of inadvertent operation under all circumstances no matter how unlikely).

GM has reportedly fired 15 people in connection with this incident.  Based on the report this seems rather harsh in cases where as the report acknowledges the failures were largely due to systematic problems rather than individual lapses.  This doesn't apply to the engineer responsible for the design who (assuming the account in the report has some relation to reality) seems to have failed in multiple ways, approving a bad design and then failing to step up and get the problem fixed.  I was initially sympathetic for the top GM lawyer involved who seems to have been fired largely for failing to tell his boss about the issue as I doubt this would have made a difference.  But upon reflection Warren Buffett tells his managers that he hear wants to learn about serious problems in their domain from them and not by reading about them in the newspapers which makes sense to me so I suppose the lawyer did have a responsibility to recognize the potential magnitude of the problem and inform his boss (GM's general counsel).  However I have trouble with coming up with 15 people who deserved being fired.  Of course GM can claim that public outrage demanded some scapegoats and they have little real choice than to provide them.  Sufficiently generous severance arrangements (which haven't been made public as far as I know) could mitigate some of the unfairness involved. 

In summary this long report won't be of much interest to many people but I found some of the issues raised thought provoking.