At the Wednesday press conference in Tokyo, Toyota slipped in the remark that they “will more actively use on-board event data recorders, which can, in the event of a malfunction, provide information necessary for conducting such activities as technological investigations and repairs.”
This remark was widely overlooked. It should not have been.
Five days before, the Wall Street Journal had written:
“The safety problems that have engulfed Toyota Motor Corp. are focusing renewed attention on one of the most controversial components in an automobile: the black box. The box, officially called an “event data recorder,” is a small, square, virtually indestructible container akin to those found on commercial airplanes. Tucked inside the dash or under the front seats of most newer vehicles, it records vehicle and engine speeds as well as brake, accelerator and throttle positions and other data that can help determine the causes of accidents.”
If there would have been such a black box in the Toyotas that had crashed, it would have been easy to read out whether the foot was on the gas or on the brake. Guess what: Toyota has this box. It had been in many of the crashed vehicles, says the Wall Street Journal:
“Toyota, like Japanese peers Honda Motor Co. and Nissan Motor Co., has a proprietary black-box system, and it says the data it collects isn’t intended or capable of accident reconstruction because it is only recorded for a short duration—about one second. The system mainly monitors the performance of a vehicle’s safety devices, such as air bags, seat belts and, in some cases, throttle application. Toyota says there is no rule or legislation that requires otherwise until a new NHTSA rule comes into effect later in the decade.”
One would think that Toyota is pouring over the contents of its data recorders to prove that nothing more serious than a loose carpet or a missing metal shim creates mayhem in their cars. Instead, Toyota seems to have strange troubles with its proprietary system, as chronicled by the Wall Street Journal:
- On Nov. 27, 2009, 55-year-old Barbara A. Kraushaar drove through three Auburn, NY, downtown stoplights at high speed and crashed into another vehicle, killing its driver, Colleen Trousdale. Says the WSJ: “According to the Auburn police, an investigator from the National Highway Traffic Safety Administration arrived in town and took the Camry’s data recorder, saying he planned to take it to California, where Toyota has its U.S. headquarters, so their expert could download the data.” Auburn Police never heard from Toyota, says the WSJ. Also “NHTSA didn’t reply to requests for comment on the Auburn incident.”
- “In 2007, Bulent Ezal was pulling into the parking lot of a cliffside restaurant in Pismo Beach, Calif., when his 2005 Camry surged, went over the bluff and crashed on rocks 70 feet below. Mr. Ezal, 75, survived, but his wife, who was in the passenger seat, was killed.” Police could find no mechanical fault, and concluded that Ezal was at fault. Ezal’s Lawyer, Donald Slavik, has been trying to get data from the car’s black box for nearly three years. He was told by Toyota that the data would only be provided if Mr. Slavik got a court to order the company to do so. Later, Toyota told the lawyer “the data in the black box was unusable.”
- “On Dec. 26, Monty Hardy, 56, was driving three passengers in his 2008 Toyota Avalon on Lonesome Dove Drive in Southlake, Texas, when the car ran through a stop sign at about 45 mile per hour, crashed through a fence, struck a tree and landed upside down in a pond, according to a police report. All four occupants were killed… After the crash, investigators from NHTSA and Toyota’s black-box expert flew to Texas to join police in searching for the cause of the accident. They found the black box in the car covered in muck from the pond. According to police reports, the Toyota investigator tapped into the box and said the only data it contained was the difference in the speed of the car immediately before and after hitting the fence and the tree.”
- A black box was in the 2009 Lexus ES350, driven by Mark Saylor, a 45-year-old California Highway Patrol officer. He and three members of his family were killed when their vehicle hit speeds exceeding 120 mph and crashed. The 911 call made by one of the family members was on all the airwaves. In an answer to the questions of the LA Times, Toyota said :“Toyota agreed to perform a readout of the EDR in the Saylor vehicle. In the presence of representatives of all interested parties and the Sheriff’s department, Toyota attempted to perform the readout as agreed. However, due to the extensive damage to the EDR unit from the crash, it was impossible to perform a readout.”
Is the black box technology in such an early stage of development that there is only one prototype readout tool, as Toyota said to the LA Times, and that it is so hard to retrieve conclusive data? Thetruthaboutcars.com asked an interested reader with 20 years experience in automotive safety components and recall investigation to give us an update on the state of the black box art. Here is his report:
Event Data Recorder Access: What Is Toyota Hiding Behind Its Black Box?
For almost a decade, the increasing sophistication and interconnectedness of the electronically-controlled devices and systems in passenger vehicles has offered the opportunity to collect and store ample data for post-crash accident investigation.
Since the late 1990’s, individuals have participated in DOT-sponsored workgroups with the aim of developing industry guidelines (e.g. IEEE & SAE) for and advising government rule-makers on EDR-related topics. Represented were the US and Canadian governments, EDR suppliers, universities, the insurance industry, and certain OEM’s, among them GM, Ford, DaimlerChrysler, VW, Honda and Toyota.
According to an August 2001 report from the workgroup, “The results of a NHTSA-sponsored engineering analysis show that EDR data can objectively report real-world crash data and therefore be a powerful investigative and research tool, by providing very useful information to crash reconstructionists and vehicle safety researchers. Due to significant limitations however, EDR data should always be used in conjunction with other data sources.”
The types of data that can be captured and stored are limited only by the available sensors, integration into a vehicle-communication protocol (i.e. CAN-BUS or Flex-Ray), software-design, computing power, and available memory. At the time of the NHTSA report (2001), GM’s EDRs were already capable of the following:
Capture: State of the driver’ belt, vehicle speed, engine RPM, “brake odoff,” and throttle position;
Transmit and Input: The driver seat belt switch signal is typically input into the SDM, while the remaining sensors are monitored by one or more other electronic modules that broadcast data according to a “send on change” based design (e.g. a change in engine speed of more than 32 RPM, broadcasts the new RPM value on the serial bus).
Store, archive, update and recover: In airbag deployment or a near-deployment crashes, the last 5-seconds of data are stored in an EEPROM (recoverable with appropriate PC-based equipment.) This means, every second, the SDM takes the most recent sensor data values and stores them in a recirculating buffer (RAM), one storage location for each parameter for a total of 5-seconds. When the airbag sensing system “enables” on impact, buffer refreshing is suspended;
Certain 1999 models had this capability, and almost all GM vehicles were expected to add that capability over the next few years.
Compare where GM was in 1999, with the claims found by the L.A. Times on the Toyota website. Toyota’s EDR’s are capable of recording data including, among other things, brake pedal application and degree of application of the accelerator pedal.
On the side of reading data out of EDR’s, in 2000, the Robert Bosch Corporation developed their CDR (Crash Data Retrieval) unit. Many models by GM (1994), Ford (2001), Chrysler (2005) and Nissan (2007) have the capability for crash-event data to be stored in their proprietary EDR’s, and to be freely retrieved by licensed 3rd parties via a Bosch CDR unit.
While the Bosch CDR units can be freely purchased and used, and training and support is widely available through Bosch, in North America, Toyota takes a totally opposite posture. Toyota appears to engage in practices intended to limit access to the data recorded by Toyota’s EDRs.
Contrast the situation surrounding the OEM’s above with Toyota’s own answers to questions from the L.A. Times (edited for brevity). Given Toyota’s apparent lack of confidence in the software or electronics in its prototype crash analysis tool, one can not help but wonder if this is really due to the tool, or the production systems it was designed to analyze:
“Toyota does not yet have a commercially available EDR readout tool and currently has only one prototype readout tool in the U.S. Toyota performs EDR readouts for law enforcement under certain circumstances. We are also occasionally ordered by various courts to perform EDR readouts. A readout for law enforcement is a community service that Toyota performs. Toyota does not have the capacity to perform readouts using its one prototype tool in all cases.”
“Toyota’s EDR is capable of recording only the previous several seconds of activity before and/or a fraction of a second after a crash or near-crash situation.”
“Given the fact that the readout tool is a prototype and has not been validated, it is Toyota’s policy not to use EDR data in its investigations. However, Toyota has used the readout tool under certain circumstances.”
“EDR data ownership varies state by state. The prototype software used by Toyota to perform EDR readouts is proprietary, as is the case with all auto manufacturers. Toyota does not contend that the EDR readout data is proprietary. When a data retrieval tool is commercially available, any data retrieved will then as now be subject to applicable state law.”
“Federal regulators require Toyota and all other OEMs w/EDR equipped vehicles to make a data retrieval tool commercially available by 9/1/12. Toyota will, of course, comply with this requirement.”
Given the mature nature of EDR technology and the degree to which its competitors have made their EDR data available for 3rd-party download; the limited circumstances (e.g. court order) under which Toyota makes its single “prototype” device available, the way in which Toyota characterizes the software within as “unvalidated” and unreliable, and Toyota’s persistence in these actions despite the obvious conflict of interest (as the sole party that can release EDR data), one has to wonder what Toyota is hiding behind their black box.