Autopilot: The Safe Evolution of Driving

As we move from driving cars ourselves to full automation how do we keep the driving task safe? I asked Roger Rivett, who has spent over 40 years dealing with the issues.

Feb 10, 2022

Roger Rivett spent forty years as a technical expert on automotive safety. Starting as a software engineer he soon evolved into a focus on functional safety and was a key technical expert throughout the evolution of cars from mechanical devices to programmable electronic ones. He therefore has a unique and expert insight into the safe evolution of road driving: And that perspective is not necessarily what you might expect…

Driver assist

The current drive towards full automation of road transport represents a fundamental challenge for safety engineers like Roger. As he says:

The original concept of ‘functional safety’ was based on the idea that you had a driver. The understanding of the environment and the decision making was done by them and not the system’s responsibility. Your design challenge was to ensure that the vehicle doesn’t let the driver down.

As the systems on the vehicle evolved from mechanical and electrical technology to electronics and software the challenge for the safety community was therefore to make these systems a dependable adjunct to human behaviour. The focal point was the automotive standard ISO 26262. From Roger’s perspective, and in an indication of the pace of modern technological change, by the time they had resolved these issues the challenge had moved fundamentally. Full automation emerged as the default endpoint of technological evolution without any in depth consultation with the safety engineers delivering it. A path was set out to transtion through the six levels of automation from no automation to fully autonomous cars.

You felt you were sort of getting to grips with [automotive functional safety] and then the the push for automation came along. It just came like a wave and put us back to square one. [The companies] were rushing to say: “All this can be done: we're going to do it.’ But in the safety community we were saying: ‘Erm, no. We don't know how yet.’

Staying in the loop

The critical point in the path to automation is the transition from level 2 - where the driver is still in full control of the vehicle - to level 3 where the vehicle performs most tasks but the human driver can override them. Experience in other sectors, like aviation, is that if you take a driver or pilot out of the control loop, it is very hard for them to take over control dependably when needed to.

The human factors people were looking at at us wide eyed and saying, “No, no we know that doesn't work. We've known for 20 years that doesn't work. How can you be thinking this is a good idea?”

To illustrate the challenge Roger drew my attention to the tragic story of the first pedestrain killed by a self driving car in Tempe Arizona in 2018. The accident occurred despite the fact that the car had a trained safety driver whose only responsibility was to react to keep the car safe.

You can have ‘adaptive cruise control’ so you haven't got to worry about maintaining your space, but you’re still steering so you're in the loop. Or you could have ‘lane keep assist’ that would keep you in the right lane but you're responsible for the forward motion: accelerating and braking. But when you put them together and you’ve got neither to do?…the driver needing to take over like this just seems to be an unreasonable thing to do.

Making the transition

Roger’s view is that the sector will have to move quickly from level 2 to level 4 (‘high automation’) for marketing reasons as much as for the practicalities of safety.

Level 3 is not much of a selling point is it? You have to put in all the mental effort without the satisfaction of actually driving.

He thinks that it will still take some considerable time before fully autonomous cars are on the road.

If you went back and looked at all the headlines from 2017-2018, they said we would have fully autonomous cars on the road by now. Now nobody is saying that we will next year or the year after.

Ultimately Roger is clear in his mind about where this journey will end: when fully autonomous vehicles do eventually arrive, they will only be used in a dedicated environment, where operation can be standardised and unexpected events minimsed:

I think there's a big distinction between that and having autonomous cars operating in a mixed environment where you already have cars driven by humans and pedestrians and cyclists and the sort of free for all that we have at the moment.

The next issue

Please do feed back your thoughts in the comments, on linkedin or on Twitter. Posts are biweekly for 2022; the second year of ‘Tech Safe Transport’. To make sure you don’t miss any of them please subscribe below:

I’m very keen to build the network to engage on these important topics, so if you know anyone who is interested in the safety of modern technology please do share a link with them. If you’re already a regular subscriber, and enjoy the posts, I’d be very grateful if you could try and think of someone new each time you read one:

Thanks for reading

All views are my own and I reserve the right to change my opinion (particularly when readers inform me of things of which I was unaware!).

Roger and I recently supported the publication of the new 30 year compendium of the work of the Safety Critical System’s Club: the Club has put a lot of work into the production of this book and I would highly recommend it to you, particularly if you’re a safety professional.

If you’re interested in any advice, guidance or collaboration on any of the topics raised please feel free to drop me an e-mail on george.bearfield@ntlworld.com: My particular area of professional and research interest is practical risk and assurance of new technology. I’m always keen to engage on interesting projects in this area.

The image used on social media is "Google prototype self-driving car" by Marc van der Chijs is licensed under creative commons.

Tech Safe Transport