Today is the first day of the Product Safety Engineering Society’s (PSES) 3-day IEEE Symposium on Product Compliance Engineering in Boston, Massachusetts. In attendance is Rick Cooper, MET Laboratories’ Director of Laboratory Operations, Safety Laboratory. Following are his summaries of the day’s two presentations.
The keynote address was “Check, Double Check, and Don’t Forget the Obvious” by Dean Woodard, Director of Defect Investigations for the U.S. Consumer Product Safety Commission (CPSC). Here are his key points:
The CPSC currently has a full compliment of five commissioners. The CPSC focuses on four product safety concerns and it utilizes Internet surveillance to check that recalled products are not being sold, with a focus on Internet auctions
What is a recall? It requires a repair, replacement or refund. 2008 was the peak year for voluntary recalls.
Implementation steps of a product safety recall:
- Stop production
- Stop distribution
- Stop sales
- Consumer notification
There are 9 common reasons for recalls:
- Component substitution
- NEC violations
- Manufacturing process not in control
- Poor design – e.g. strangulation hazards
- Metal fatigue
- Plastic reclaim exceeds design levels
- Electrical shock/improper insulation
- Small parts that break off – mostly toys
- Lead contamination: >330ppm for content; >100ppm for surface coatings
One attendee showed an uncertified battery charger bought off the internet. He asked if CPSC was monitoring electronic commerce other than auctions sites for recalled products. Yes, speaker mentioned a circuit breaker situation and covered the training of their inspectors and what to look for in the way of counterfeiting.
What is the scariest story? Dangerous religious items – an electric Jesus that was an electrical shock hazard.
What if someone sells a recalled item at a yard sale? CPSC cannot check on this. From a legal perspective, if the intent is to sell a recalled item, then you might be held liable.
Risk assessment is used in product design. What type of RA system does CPSC use to determine if a manufacturer has a duty to report or a duty to recall? Statute is clear on this: Report if there is injury or death. Report if potential of risk too, as unreported situations can increase sanctions.
The featured talk was “Automobile Sudden Acceleration: Controlling the Functional Safety Risks Caused by EMI” by Keith Armstrong of Cherry Clough Consultants. Here are his key points:
Automotive EMI has been considered a generic problem since the early ’80s, starting with electronic cruise control and the automatic transmission.
An electronically-controlled throttle on a given model has resulted in a 400% increase in incidences.
There is evidence that EMI can cause a car engine to race without causing a vehicle fault code.
Automakers/NHTSA have said no one is able to prove that sudden acceleration is caused by electronics, which has led to the absence of proof = proof of absence fallacy.
There are many other possible causes, but the evidence suggests mostly electronic causes.
Causes can include:
- Sensors (gas pedal, throttle position)
- Software glitches
- Malfunctioning components
- Unwanted electronic noise
Redundant systems are claimed by automakers to prevent dangerous malfunctions from occurring. Such redundant systems use the same parts, so each circuit is subject to the same cause; therefore these are not really redundant. The industry has known since the early ’90s that diverse technology is needed in redundant systems, like that used in aircraft systems.
Software bugs can exist even in high quality systems like the Space Shuttle, which is thought to have 1 latent bug in every 10,000 lines of code. A modern car can have a million lines of code controlling a variety of functions. You can never completely test for all possible bugs.
Automakers/NHSTA claim that fault codes and event data recorders prove that electronics are performing properly. The problem is that these systems may not even know how to report a fault that it has not been programmed to look for. Currently only the manufacturer can read the data from an event data recorder and this leads to questionable data; there is no public standard for these devices.
EMI is inherent, inevitable and unavoidable in all electronics. EMI testing at increased levels is not proven to increase safety margins. EMI testing is not done in conjunction with foreseeable physical or environmental conditions.
Anechoic chambers do not represent the variabilities of a real life environment. Products cannot be “totally shielded” from EMI. Proper design, endless testing, and diverse redundancy are all necessary parts of the process to prove reliability of these electronics systems.