The too-much Crash
The crash of Air India 171 on June 12, 2025, was caused by the improbable simultaneous shutdown of both engines during takeoff, due to the computer that manages the propulsion. The name of the latter announces its unrivalled power: Full Authority Digital Engine Control (FADEC). Replacing the engineer, it can interpret, filter, modify, and cancel the pilots’ orders. The only direct command the pilots have is that of the fire extinguisher. All other commands are filtered by the software.
When an air disaster occurs, investigators publish a preliminary report within a month. It is this report that will influence journalists and public opinion. This is why, under pressure from manufacturers and authorities, it most often focuses on the pilots’ stated or implied guilt. The final report is only published after a year or two, when the incident is no longer front-page news. In the case of Air India 171, the preliminary report surpassed the kind’s best-in-class performance. [1]
Its writing came after a mysterious round trip of the recorders to Washington before being returned to the Indian authorities. Unusually, it is unsigned. Its author(s) remain anonymous. It does not publish the transcript of the cockpit voice recording, as is generally done. But it does provide a brief account, according to which one of the pilots asked the other if he had shut down the engines, to which the other replied, “I didn’t.” We know nothing more.
The media outlets traditionally committed to the official truth immediately gave the appropriate interpretation: one of the pilots intentionally turned off the kerosene power switches to the engines. Such crude propaganda is explained by the scale of the issue. This time, it is no longer just the failings and weaknesses of a manufacturer, a company, or an official department that are at stake. The problem has moved to the pan-ideological level: the defense of the principle of replacing a human brain with software.
The preliminary report, however, contains information that allows us to reconstruct a more plausible sequence of events. Ahmadabad airport surveillance cameras show that the emergency turbine in case of power loss was already extended two seconds after the wheels left the ground, two seconds before the pilots activated the power switches to the engines. The failure is a primary one; it was not the pilots who caused it. On the contrary, they demonstrated professionalism up to the death.
The turbine in question is a propeller that automatically extends under the fuselage, particularly in the event of a failure of both engines (and therefore the alternators that usually supply the aircraft’s electricity). Driven by the relative wind, it replaces essential electrical and hydraulic power requirements, thus allowing one of the engines to be restarted. To do this, the pilots must first turn off the power switches to reset the start-up sequence. This is what the captain did two seconds after noticing the engines slowing down. Then, they had to wait for the backup turbine to provide the necessary voltage. When it did, the first switch was reopened, and the computer began restarting the affected engine. After that, they had to wait for the alternator to replace the emergency turbine. All of these operations were completed by the crew in a time span of seconds. Both engines revved up, but the plane was still too low (less than 60 meters) to provide the thrust needed to regain altitude in time.
The reason why the software shut down the engines remains to be determined. Some suggest an electrical short circuit following a water leak into the electronics bay from a lavatory. This hypothesis is based on such a leak previously observed on a Dreamliner, which was the subject of a Boeing communication to users. A short circuit would have ensued, stopping the operation of the booster pumps, which, within the tanks, maintain the flow of kerosene. However, it isn’t easy to conceive an exactly equal elasticity of fuel flows, at the same time, from two separate tanks. In addition, the booster pumps add to the gravity supply, which remains, whatever happens, the tanks being located above the engines. It is the high-pressure pumps that feed the combustion chambers. Their operation is not electrical; it is driven by the engine compressor. The valve that admits fuel into the high-pressure pump is electric. It is controlled by the instrument panel switches, but through the FADEC computer.
It was this computer that cut power to both engines. It has the power to override the pilots’ authority. The control scheme, taken from the Boeing 787-8 operating manual, shows that everything passes through the engine control software (EEC)[2]. This is the root cause. It shows “progressive” engineers their creature’s inability to contextualize: the FADEC cannot know whether it is in flight or parked.
This diagram shows that the pilots’ orders, via the thrust levers and fuel switches, except for the fire extinguisher control, pass through the software (EEC), before reaching the engine supply valve.
There is a precedent. On January 17, 2019, an All Nippon Airlines (ANA) Boeing 787 experienced a shutdown of both engines during a landing in Osaka. The order was given by the ECE (FADEC) software, based on the supposed observation of a huge thrust gap between the engines when they were put into reverse for braking. This asymmetry, real or imagined (I have not had access to the crew report), cannot occur during takeoff, but one does not know what events can be interpreted in the same way by the onboard computer. Software has reached such a level of complexity that it can surprise even its authors.
The responsibility of the philosophical-technological orientation is obvious. It is not only the replacement of a human brain by a computer, but, moreover, the delegation of authority to the latter. If the FADEC had simply warned the pilots of the observed failure (real or supposed), they could have accomplished a return and emergency landing. But such an orientation would have put an end to the dream of replacing the pilots. I call this catastrophe an ideologically planned murder. Aircraft manufacturers will only change the hierarchy between pilots and systems if this catastrophe provokes a sufficiently powerful movement of opinion to force them to do so.
Romain Kroës
Former captain instructor,
economist,
Analyst of embedded systems and of the human/machine relationship
____________________________________________________________________
[1] https://aaib.gov.in/What’s%20New%20As…
[2] Https://randomflightdatabase.fr/Documents/Manuel%20Aviation/787/787-TBC_OM_TBC_C_100215_V1V2_B2P-C.pdf