What we can learn from the Aviation Safety Information Analysis and Sharing System
Thoroughly testing a self-driving car in the real world would take billions of driving hours in order to properly build confidence and establish trust. During this time you couldn’t technically change anything – no sensor upgrades or code patches – otherwise you invalidate the study and have to start over.
The validation gap  is a daunting problem that has safety experts, the automotive industry, and policy makers scratching their heads. Few solutions have been proposed. Thankfully, an industry exists with a stellar safety record and an expertly crafted safety improvement mechanism that could be the key to ensuring that our roadways remain safe – and continue to get safer.
Aviation is a testament to humankind’s ingenuity in developing technologies for ensuring safety. With the emergence of commercial air travel, it wasn't immediately obvious what safety mitigations were necessary. Over the years, a series of accidents led to a radical transformation. A collision over the Grand Canyon in 1956 prompted the formation of the FAA, another in 1978 over San Diego spurred the development of the TCAS collision avoidance system, and a collision in Cerritos, California led to TCAS’s mandate in the United States and ultimately worldwide.
Aircraft safety was improved by advances in technology, such as more reliable engines and better materials, but one primary force for improvement came from a safety feedback loop. The premise was simple - any problems, be they big or small, were recorded, identified, and then fixed. Furthermore, the data (and solutions) were shared among aviation partners. Pooling resources allows everyone to increase safety, leading to global improvement.
It turns out that it isn’t quite that easy. Airlines didn’t want to just give up their information for free. Their competitors might use it against them, and perceived shortcomings could lead to painful rivalries. Participants would be inadvertently discouraged from contributing, and the system as a whole, lacking incentives, would fail.
ASIAS, the FAA Aviation Safety Information Analysis and Sharing System, was established, but it was ingeniously structured to provide the requisite safety and the incentive to ensure that partners share their data. It works as follows:
• Participants report any accidents, near-misses, and safety hazards to ASIAS
• ASIAS anonymizes the data, so that no-one knows who provided it
• The aggregated data is shared so improvements can be made
Some additional features of note:
• Pilots can report safety hazards, even if they are at fault, and if reported they are immune to prosecution
• Integration of a wide range of public and private data sources 
• Establishment of metrics to quickly evaluate the effectiveness of proposed safety enhancements
Even with these systems in place, the ASIAS program does not readily share its data beyond a small group of industry insiders. Access to ASIAS data is extremely restrictive, typically lying out of reach of even well-established researchers. Data protection is of vital importance – were the ASIAS data more widely released it is quite possible that those providing the data would cease to share.
ASIAS is a driving force behind the stellar aviation safety record. According to the Wall Street Journal, there is about one accident per 700,000 flight hours for domestic carriers, reflecting a doubling in safety since the late 1990s .
ASIAS has 45 air carriers, 20 corporate operators, two manufacturers, and two maintenance organizations as members. Approximately 99% of U.S. air carrier commercial operations are represented . This unprecedented collaboration made the current level of safety possible.
Some extensions of ASIAS are obvious, others are less so. For starters, some predict that as cars move from manual to autonomous and we go from being at the helm to being passengers, our tolerance for risk will decrease dramatically. Today, deaths due to driving accidents are tolerated because of human agency. A human was at fault; the driver chose to drink and drive, failed to check their mirrors, or ran the red light. They were in control and abused it, but were nevertheless in control. With autonomous cars, as with airliners, we passengers are completely out-of-the-loop, and thus have an extremely low tolerance for risk.
Perhaps the biggest hurdle for an Automotive ASIAS is the fierce competition in the automotive industry. Driving is undergoing a radical evolution as the pace of technology increases and startups break into an industry that has traditionally required vast resources to enter. Autonomous driving is giving rise to an entirely new driving economical ecosystem. Furthermore, each company has brands to protect and intellectual property to hide. Excessive regulation would stifle innovation.
On the flip side, information technology companies such as Google, Apple, Tesla, and Faraday want to connect our vehicles to an intelligent transportation system. This has the potential to unleash a treasure trove of data. Google has already collected over 1.5 million self-driving miles  with a relatively small feet of cars. Imagine what we could do with detailed information from all incidents and accidents across the United States, or across the world?
With an Automotive ASIAS we have the opportunity to set up a program that can share data beyond a very small group of industry insiders. We must tread carefully to avoid privacy concerns for all involved while providing incentives for those with data to share. Pooling anonymous data – hiding both the manufacturer and the owner – is a necessity. Companies that contribute should benefit, and users of ride-sharing services should be able to report accidents, mechanics should be able to report premature part failures and unusual wear, and our increasingly connected roadway infrastructure should make data collection safe and easy.
Today, autonomous vehicle manufacturers are required to file disengagement reports. An automotive ASIAS would be much more.
The data collected would
• Let us develop better models of the impact of autonomous vehicles and establish metrics. The DoT and DoE don’t know to what extent autonomous vehicles will have an impact on transportation – or even whether they will improve or reduce traffic.
• Let us develop better models of human drivers, roadways, rare events, and driving conditions. This then lets us apply model-based design strategies to make vehicles as safe as possible before mass deployment.
• Get a quick, efficient feedback loop helping us improve where we need to most.
• Will help standardize concepts. Today there are seven different names for systems that provide automatic cruise control functionality. Many have complained that the Tesla “autopilot” is not true to its name – but is rather a highway assist function. We need to standardize our indicators and icons, and make sure that consumers understand what they are getting.
• Will help at the parts level too, letting us know when things wear out, what sensors fail when, and alert users when parts are recalled or need replacement or software patches.
Most importantly, an automotive ASIAS will encourage a culture of safety, which in turn will lead to a tangible improvement in efficiency and lives saved and facilitate adoption of this next generation of technology.
1 – Prof. Hermann Winner, “How to Address the Approval Trap for Autonomous Vehicles -
A survey of the challenge on safety validation and releasing the autonomous vehicle,” ITSC 2015 Keynote