Software bugs found to be cause of Toyota acceleration death

Over the past several years I’ve written about Toyota’s unintended acceleration (UA) incidents, and from the beginning, expressed doubt that they were caused by misplaced floor mats, sticky gas pedals or driver error.

It’s not that I had any inside knowledge, but as a product design engineer I understand the complexity in today’s automotive designs and found it incredulous that Toyota could rule out electrical or software faults so quickly.

In a column this past March, I described the Toyota internal emails that I pored over, disclosed by a whistle-blower, Betsy Benjaminson, who worked as a translator for one of Toyota’s law firms. The emails contradicted Toyota’s testimony; several were written by engineers discussing UA and possible electronic causes. There was even one email describing electrical problems and UA in the Japanese emperor’s own Toyota.

Toyota has done a masterful job in its public relations campaign to cover up its vehicles’ design defects that have cost many lives by blaming its customers.

But a significant event occurred last week in an Oklahoma courtroom that may be a turning point. In the case of Bookout v. Toyota, Toyota was found guilty of a UA death, based on testimony from software experts who had earlier been provided access to Toyota’s software code used to control the electronic throttle.

The lead expert, Michael Barr, CTO of the Barr Group, testified and delivered an 800-page report that said the source code was defective and contained bugs that caused unintended acceleration (view slides).

Barr is a highly respected expert in embedded software with experience as a professor, editor of a technical journal on software design, consultant and author. His expertise includes embedded software that is used to control complex electrical and mechanical devices, such as automobiles.

The accident in question occurred in a 2005 Camry in September 2007, which killed one person and injured another. Among the evidence was skid marks, showing the driver had applied her brakes, but the braking was insufficient to keep the car from accelerating.

Toyota quickly reached a settlement after the $3 million verdict to avoid punitive damages.

I reviewed the 81-page decision that provides additional details leading up to the verdict. Here is a summary.

Barr and his experts were given access to a secure room in Maryland where they were able to review Toyota's source code for the engines of several Toyota vehicles, including the 2005 Camry, Lexus ES and the Tacoma. It included model years from 2002, when Toyota first introduced the electronic throttle control, to 2010.

The room was the size of a small hotel room with a guard who subjected the engineers to stringent screenings each time they entered and left. They were not allowed cellphones, belts or watches, and could not take notes or paper when leaving the room.

The engineers worked on this investigation for 18 months as part of an earlier class action lawsuit in which their secret testimony led to a billion-dollar settlement by Toyota in December. The settlement in that lawsuit prohibited Barr’s analysis from being made public until this trial in Oklahoma.

Barr concluded in his Oklahoma testimony that a software malfunction controlling Toyota’s electronic throttle control system is a cause of unintended acceleration.

He testified that he has been able to demonstrate how a single bit flip can cause the driver to lose control of the engine speed in real cars due to this software malfunction that is not reliably detected by any fail-safe backup system. He noted that even Toyota’s black box in these cars fail to record the application of brakes when they were used.

He went on to describe how proper practices in developing software built to control potentially life-threatening devices needs to have redundancies built in and be designed to endure the extreme conditions that an automobile is subjected to. His investigation found that none of this had been done.

Toyota’s position is that it was exonerated when the National Highway Traffic Safety Administration closed its probe in February 2011, when NASA, whom it tasked with the investigation, could not find an electronic cause. But a NASA engineer told me that they were pulled off the project by former Transportation Secretary Ray LaHood before they could complete their work. And their conclusion did not rule out the possibility of software being a cause.

"We did a few things that NASA apparently did not have time to do," Barr said. For one thing, by looking within the real-time operating system, the experts identified "unprotected critical variables and a lack of failsafe mechanisms to prevent the throttle from exceeding safe operating values.”

In spite of this evidence, Toyota is unlikely to admit fault and continue to fight further lawsuits while blaming drivers. As I noted in an earlier column, the truth will come out someday. The good news is someday was last week.



Michael Barr’s Testimony Transcript (pdf file)
An Update on Toyota and Unintended Acceleration
After losing verdict, Toyota settles in sudden acceleration case
Toyota Case: Vehicle Testing Confirms Fatal Flaws
Toyota Case: Inside Camry’s Electronic Control Module
Toyota Trial: Transcript Reveals 'Task X' Clues
Toyota's killer firmware: Bad design and its consequences
Why Toyota’s Oklahoma Case Is Different
Toyota Case: Single Bit Flip That Killed
Acceleration Case: Jury Finds Toyota Liable
Oklahoma Jury to Deliberate Toyota Acceleration Case

Baker is the author of "From Concept to Consumer," published by Financial Times Press. Send comments to Comments may be published online or as Letters to the Editor.

View all 3 comments
User Response
3 UserComments
Parris Boyd 7:45am March 27, 2014

Phil, I commend you and San Diego Source for publishing the facts about the Oklahoma case and putting the matter in proper perspective. Insofar as most other media is concerned, there's been a news blackout of Mr. Barr's findings, but word is leaking out thanks to folks like you, whistleblowers, bloggers, and Mr. Barr's peers publishing his findings - along with their support - in trade journals. I'm sure you're aware that Mr. Barr will be the featured guest at the upcoming EE Times conference, March 31st - April 3rd. I've been blogging about the Recall King for quite some time. Search "Beware of Toyota. Their next victim may be YOU..."

Phil 4:54pm November 5, 2013

Daniel, I think Toyota certainly knew there was a defect. Also, check this out: Phil

Daniel Coffey 9:23pm November 4, 2013

Excellent piece! Strict product liability for a deign defect is applicable to these cases. That it was likely known is an interesting question.