You already have that, it is called the ignition key. The fact that the driver didn't think to either switch off the engine, put the gear in neutral, or slam on the brakes, makes me think he also wouldn't think to press the big red button.
Also pilots get proper training to handle their vehicles, car drivers not so much.
On my (older) Prius, when I insert my mystical key fob into the dashboard and turn on the car, I can't remove it until I've turned the power off: it's held physically in the slot. (I haven't tried yanking hard.) As far as I know, the "On" button is electronic rather than physical. The gearshift is also just sending instructions to a computer: it doesn't even stay in position after you've used it. And I honestly don't know how the break pedal works: it somehow swaps over from magnetic regenerative breaking to traditional friction brakes at some point, but I'm not sure to what degree that's electronic vs. mechanical. (Maybe the parking break is purely mechanical: it's definitely on my "in case of emergencies, try this" list.)
The point is, most of the options you've listed there really may be computer-mediated in modern cars. (And yes, I've heard that there's a strong correlation between unintended acceleration and older drivers, and that a lot of those cases really are driver error. But I don't think you're making that case here.)
The Prius uses hyraulic brakes, which are at times assisted by the electromechanical motor.
The drivetrain spins the electromechanical motor at all times, adding drag. The drag is not just from the added mass of rotation, but also a dynamic resistance caused by electrical properties of the motor being varied in different ways so that the computer can achieve either regeneration (by temporarily changing modes to allow the motor and circuitry to act as a generator, usually during a coast downhill or to a stop), or additional braking (by electrically braking the motor, using the energy stored in the batteries, to add further resistance to the drive train at the cost of heat generation and range reduction).
If a check engine light that has to do with the electromechanical subgroups of your prius comes on (indicating a fault) those systems are disabled, meaning that the car is more or less non-hybrid during those times. Braking will feel stiff, and the car sluggish, but it is by no means dangerous to drive (unless you consider the new learning curve for the cars' performance profile to be dangerous, which it is.)
Also : Your emergency brake is indeed fully mechanical, but on newer models they may be released electromechanically via a command, i'm unsure. I haven't worked on one since the second generation.
p.s. you forgot a sub group. Your steering rack is also electromechanical. One of the first of its' kind in production. Meaning, if you ever experienced a total blackout, your steering would, too, become much more resistant. This , however, isn't considered to be a safety hazard, because at speed the steering rack does little to assist the driver. the forward momentum takes care of that. The steering assistance is mostly there for parking lot situations.
(source : I was at one time a toyota technician, and my back still remembers the recall on first generation prius battery packs, they weighed 124lbs and were way awkward to remove.)
As far as I know, the "On" button is electronic rather than physical. The gearshift is also just sending instructions to a computer: it doesn't even stay in position after you've used it. And I honestly don't know how the break pedal works: it somehow swaps over from magnetic regenerative breaking to traditional friction brakes at some point, but I'm not sure to what degree that's electronic vs. mechanical.
All of these functions are electronic on the Prius (and indeed on every hybrid car that I know of that's on the roads). The balance between regenerative and regular friction braking in particular requires quite a bit of computer code and calibration to get right.
Vehicle tests confirmed that one particular dead task would result in loss of throttle control, and that the driver might have to fully remove their foot from the brake during an unintended acceleration event before being able to end the unwanted acceleration.
Every one of those approaches you suggested are, in many modern cars, fully software driven. And the article even shows an example of how a bug in the software can only be resolved through the exact opposite of what a rational person would do in a crisis.
I think the only actual mechanical failsafe left is the handbrake. Please tell me that's still sacred...
Handbrakes are almost always mechanical cables, but they're almost definitely not enough to stop a car under high engine output. They're mechanical and not power-boosted (see comments on how much force is needed on the brake pedal without power assistance) and plus, most people have at some point driven around for a few miles before they realized that beeping sound was the parking brake stuck on the whole time.
Even if you are able to, fully engaging the handbrake in a car at highway speeds, while the drivetrain is in runaway, wouldn't be helpful.
source: I have tested this at ~30-40 mph and nothing about that experience leads me to believe that it would be safer if I had been going faster, and at full throttle.
Oh, of course - I've left the "emergency 'smell funny' lever" on before (thanks Mitch Hedberg).
So you're probably right, it's a stretch to call the handbrake something useful in emergencies when in reality it probably wouldn't perform that function.
It might be sensible, though, to couple a killswitch to the handbrake, so that engaging it switches the engine off, or cuts off all electronic control, or something.
I don't drive cars, so i have no idea if that would conflict with normal uses of the handbrake. Perhaps it could have a position beyond the normal brake-engaging position that did this? So that if someone panics and yanks on it as hard as they can, they get the result they probably want.
Very well said. The focus on convenience and cool features over safety makes me really sad, and want to force automotive engineers to watch some Alan Kay talks. He loves to talk how people who don't know the history and basics of their craft will arrive at inferior solutions, for example in this one:
http://www.youtube.com/watch?v=FvmTSpJU-Xc
Electric hand brake is very common in modern cars. Luckily most the features you listed are usually implemented in separate ECUs. Neutral probably goes through the gearbox ecu, handbrake through the brake ecu etc.
>Electric hand brake is very common in modern cars.
Yuck!
>Luckily most the features you listed are usually implemented in separate ECUs.
What concerns me would be how the systems handle unexpected inputs.
In the article it notes that the only way to end one unexpected acceleration event was to stop using the brakes. I'm not sure if the vehicle in question has separate controllers, but if it doesn't that's a real concern that unexpected input from one tickles a bug in another.
The previous sentence in the article seems to indicate that a "dead task" in this context will only happen if a specific bit in the controller's RAM is corrupted.
No, you don't. Many modern cars use contactless/electronic ignition keys and start buttons connected to software. Braking is a software function (I.e. ABS) and most Americans drive automatic (software) transmissions.
Are you sure? It seems sensible to me that accelerator inputs would factor heavily into the braking system, so it seems very sensible to me that an unexpected condition in one could translate over to the other - as the article noted the only way to undo one unexpected acceleration condition was to completely remove your foot from the brake pedal. Sounds like cross-over to me...
>you still have a neutral position.
... which is likely just a software input to the transmission computer.
In all likelihood the only non-electronic failsafe is the handbrake, which I still think is a direct mechanical connection in almost all cars.
> In all likelihood the only non-electronic failsafe is the handbrake
Not on my Nissan Leaf. The brake lever is a switch that turns what I assume (based on the noise) is a small motor to engage the rear brakes. As far as I can tell, everything is electronically controlled. Brakes, accelerator, "ignition", "transmission" (both in quotes because the Leaf really has neither), parking brake. If there's a firmware failure, there's not a mechanically-operated fail safe to save me.
I was a passenger in a 2005 Prius going at ~65 mph when the driver tried it. It didn't work. Needless to say, you can switch into neutral when stopped, so I gather there is some speed threshold above which it doesn't let you switch into neutral.
Edit: this made me curious, so I did some cursory research and found this:
According to one commenter, to shift into neutral when driving you can do one of the following:
1. Press the park button
2. Shift into reverse
3. Hold the shifter in the neutral position for 3 seconds
A video posted by a different commenter shows the driver holding the shifter in the neutral position for not quite 3 seconds, but still longer than is required to shift the car into other gears (and if my memory is serving me right, longer than is required to shift into neutral when stopped).
In any case, the most obvious way to shift the car into neutral did not work for us, and it's unlikely a panicked driver would think to try any of the methods listed above.
The cost of the level of training airline pilots get (around 100kUSD) would be prohibitive for individual driving. Also, they fly with an equally well trained colleague who will run the checklists in an emergency and correct their mistakes. I assume private pilots make as stupid mistakes as individual drivers.
Aircraft investigation is really good at overcoming hindsight bias and looking at human factors in a more objective way. What seems absolutely logical for you to type, having read about these incidents before, might not be as obvious to a driver who hasn't read about unwanted acceleration but is suddenly experiencing it.
My car doesn't have an ignition key, it has a button. If you press the button while in motion, I'm not sure what happens, but I'd bet it would ignore it.
2013 Prius here. So, I tried it on the way home. A quick push of the button is ignored, but if I hold it down the car shuts off. It takes power steering with it though, so I don't recommend it under uncontrolled circumstances. I had to come to a stop to restart as well.
Of course, if the computer is busted, I'm assuming the long button press will be sent to /dev/null.
I had my old Caravan chew threw a serpentine belt once...
Getting that boat of a minivan around the next corner in traffic was both entertaining, dangerous, and probably the best upper-body workout I got that year.
A number of cars these days are actually removing the ignition key entirely. Just look up the cars with "push button start" Most of them no longer have key's but instead the keyfob that opens the doors also acts as a signal that it's ok to start the car. It's one big reason that I don't want to buy any car that doesn't require a key. I know they're easy to duplicate, but i don't believe them when they say that the fobs are hard to duplicate.
Yes, better driver training could have made some of these faults less serious. Either by fully braking properly, switching into neutral, or other techniques. That doesn't excuse the faults though.
My wife's old Camry once got its starter motor stuck on – she could remove her key and it kept running until it smoked itself out. Needless to say we don't own that car any more.
Software that ensures safety like this really ought to be mandated to be open-source.
Also pilots get proper training to handle their vehicles, car drivers not so much.