In early 2011, I wrote a couple of blog posts (here and here) as well as a later article (here) describing my initial thoughts on skimming NASA’s official report on its analysis of Toyota’s electronic throttle control system. Half a year later, I was contacted and retained by attorneys for numerous parties involved in suing Toyota for personal injuries and economic losses stemming from incidents of unintended acceleration. As a result, I got to look at Toyota’s engine source code directly and judge for myself.
From January 2012, I’ve led a team of seven experienced engineers, including three others from Barr Group, in reviewing Toyota’s electronic throttle and some other source code as well as related documents, in a secure room near my home in Maryland. This work proceeded in two rounds, with a first round of expert reports and depositions issued in Summer 2012 that led to a billion-dollar economic loss settlement as well as an undisclosed settlement of the first personal injury case set for trial in U.S. Federal Court. The second round began with an over 800 page formal written expert report by me in April 2013 and culminated this week in an Oklahoma jury’s decision that the multiple defects in Toyota’s engine software directly caused a September 2007 single vehicle crash that injured the driver and killed her passenger.
Don’t be misled by much of the mainstream coverage of the Oklahoma verdict. While it is true this was the first time Toyota has lost an unintended acceleration case in court, it is more significant that this was the first and only jury so far to hear any opinions about Toyota’s software defects. Each of the earlier cases either predated our source code access, applied a non-software theory, or was settled by Toyota for an undisclosed sum.
In our analysis of Toyota’s source code, we built upon the prior analysis by NASA. First, we looked more closely at more lines of the source code for more vehicles for more man months. And we also did a lot of things that NASA didn’t have time to do, including reviewing Toyota’s operating system’s internals, reviewing the source code for Toyota’s “monitor CPU” (which even Toyota hadn’t ever done before! (!)), performing an independent worst-case stack depth analysis, running portions of the main CPU software including the RTOS in a processor simulator, and demonstrating–in exemplar Toyota Camry vehicles–a link between loss of throttle control and the numerous defects we found in the software.
In a nutshell, the team led by Barr Group found what the NASA team sought but couldn’t find: “a systematic software malfunction in the Main CPU that opens the throttle without operator action and continues to properly control fuel injection and ignition” that is not reliably detected by any fail-safe. To be clear, NASA never concluded software wasn’t at least one of the causes of Toyota’s high complaint rate for unintended acceleration; they just said they weren’t able to find the specific software defect(s) that caused unintended acceleration. We did.
Now it’s your turn to judge for yourself. Though I don’t think you can find my 800 page expert report outside the Court system, here’s the trial transcript of my expert testimony to the Oklahoma jury as well as the powerpoint slides I shared with the jury in Bookout, et.al. v. Toyota.
Note that the jury in Oklahoma found that Toyota owed each victim $1.5 million in compensatory damages and, owing to the software defects and inadequate fail safes, also found Toyota acted with “reckless disregard”. The latter legal standard meant the jury was headed toward deliberations on additional punitive damages when Toyota finally called the plaintiffs to settle (for yet another undisclosed amount). I understand there are about 500 personal injury cases still working their way through various courts.
- Single Bit Flip that Killed (EETimes)
- Toyota’s Killer Firmware: Bad Design and Its Consequences (EDN)
- Vehicle Testing Confirms Fatal Flaws (EETimes)
- No Pedal Misapplication in Toyota Case (Design News)
- Inside Camry’s Engine Control Module (EETimes)
Last week, Toyota settled the case that was set for the next trial, in West Virginia in January, and announced an “intensive” settlement process to try to resolve approximately 300 of the remaining personal injury case, which are consolidated in U.S. and California courts.
Toyota continues to publicly deny there is a problem and seems to have no plans to address the unsafe design and inadequate fail safes in its drive-by-wire vehicles–the electronics and software design of which is similar in most of the Toyota and Lexus (and possibly Scion) vehicles manufactured over about the last ten model years. Meanwhile, incidents of unintended acceleration continue to be reported in these vehicles (see also the NHTSA complaint database) and these new incidents, when injuries are severe, continue to result in new personal injury lawsuits against Toyota.