The delivery drones are coming: so rules and safety standards will be needed – fast

DHL: drones have landed? Frankhöffner, CC BY-SA

Imagine a scenario where tens of thousands of drones are routinely flown across UK airspace. Some of these are very large, more than 100kg – and some are equipped with jet engines that can reach speeds beyond 100mph. If you think this seems unlikely then you’re quite wrong: there are already more than 36,000 remote control model aircraft hobbyists in the UK flying small aircraft at more than 800 sites.

But there are remarkably few accidents, despite their numbers. To start with there is a strong sense of self-regulation among hobbyists. More important is that the community of enthusiasts requires that its members have insurance for their flying activities. Insurance premiums are low because this group has collective buying power and there is an incentive to keep claims low by ensuring good practice among those flying these aircraft.

We are now moving into an era in which drones are increasingly used commercially – for law enforcement, surveying, or film and photographic duties. Amazon is in discussions with regulators in the UK and Canada for its plans for drone deliveries. Facebook intends to bring internet access to rural areas via solar-powered drones, currently being trialled in the UK.

There is a potentially huge market associated with drones – and unnecessarily strict government regulation could stifle its growth. On the other hand, weak regulation might lead to accidents and a counterproductive public backlash. There are lessons that regulators could learn from the many years experience with remote control aircraft hobbyists.

Financial persuasion

The key is insurance, which needs to be a requirement for commercial activities with a mandated level of cover. In order to satisfy insurers, the drone operator will have to adhere to certain standards and codes of practice. This is where self-regulation and collective bargaining comes in: the British Model Flying Association (BMFA) currently organises insurance for all its members and has a vested interest in making sure that accident levels, and therefore claims, are low.

The analogous commercial organisation to BMFA is the Association of Remotely Piloted Aircraft Systems, ARPAS-UK. Similarly this is a non-profit organisation run by its members, which include several hundred UK commercial drone operators. To be truly successful it needs to offer insurance, which would make it very attractive to commercial operators which would then have a strong incentive to join and comply with its standards in order to obtain the best insurance rates.

This will be more effective than control through the Civil Aviation Authority (CAA) or some other arm of government as it uses a financial incentive to minimise risks and accidents. As a small, focused organisation it will also offer a degree of agility and responsiveness that government bodies typically lack.

The CAA has been remarkably proactive in trying to regulate commercial operations with a “light touch”. A cynic might suggest this is a result of government pressure to cut down on government red-tape and cumbersome bureaucracy.

Safety first

There is no doubt that there should be a compulsory register of all commercial operators and a requirement for would-be operators to demonstrate sufficient competence to be licensed to fly. What’s less clear is whether there will be an enforced incident reporting requirement and (where necessary) incident investigation process. As is the case across the public sector, the CAA faces reduced budgets and it’s not clear how it will respond to the workload when commercial drones really take off in the future.

But, again, an organisation such as ARPAS-UK has a vested interest in responding swiftly to members and recording safety issues. If it coordinated an insurance offering it would be able to record all claims, and hence presumably all but a very few minor incidents that warranted no claim. For larger and more serious incidents the expertise of the CAA will be required.

Generic guidelines not helpful

The recent House of Lords report into the drone industry makes some well-intentioned but somewhat vague recommendations. For example it suggests there should be an “online database of drone operations” – would this be mandatory? Who would administer and pay for this, and to what end?

Another recommendation is a “shared manufacturing standard” for drones, such as the CE Mark, which demonstrates that a product conforms to relevant standards and laws. But anyone with any aviation experience will know that this is absurdly simplistic and probably unworkable. Certain aspects of drone engineering, for example electronics, must already comply with electrical safety, noise and Ofcom frequency interference regulations. It’s not possible to write a generic “airworthiness standard” for the enormous range of drone types, sizes and configurations available now or in the future – and attempting to do so would inevitably constrict innovation.

Ultimately, while it is in everyone’s interest that risks are minimised, they can never be completely eliminated. There will be accidents – and it’s important to bear that in mind. As we’ve seen just recently, even a highly-regulated industry like aviation experiences fatal accidents.

It is interesting that most of these stem from human error, such as the Germanwings flight 4U9525 crash in France, or human error on top of technical faults, such as the Transasia flight GE235 air crash in Taipei where the pilot shut down the remaining functional engine, rather than technical failure alone. By taking humans out of the loop, increasingly commercial drone flights will deliver steadily higher levels of safety for everyone.

Genome editing poses ethical problems that we cannot ignore

In the future, our DNA could be different by design. DNA by Seamartini Graphics/www.shutterstock.com

The ability to precisely and accurately change almost any part of any genome, even in complex species such as humans, may soon become a reality through genome editing. But with great power comes great responsibility – and few subjects elicit such heated debates about moral rights and wrongs.

Although genetic engineering techniques have been around for some time, genome editing can achieve this with lower error rates, more simply and cheaply than ever – although the technology is certainly not yet perfect.

Genome editing offers a greater degree of control and precision in how specific DNA sequences are changed. It could be used in basic science, for human health, or improvements to crops. There are a variety of techniques but clustered regularly inter-spaced short palindromic repeats, or CRISPR, is perhaps the foremost.

CRISPR has prompted recent calls for a genome editing moratorium from a group of concerned US academics. Because it is the easiest technique to set up and so could be quickly and widely adopted, the fear is that it may be put into use far too soon – outstripping our understanding of its safety implications and preventing any opportunity to think about how such powerful tools should be controlled.

The ethics of genetics, revisited

Ethical concerns over genetic modification are not new, particularly when it comes to humans. While we don’t think genome editing gives rise to any completely new ethical concerns, there is more to gene editing than just genetic modification.

First, there is no clear consensus as to whether genome editing is just an incremental step forward, or whether it represents a disruptive technology capable of overthrowing the current orthodoxy. If this is the case – and it’s a very real prospect – then we will need to carefully consider genome editing’s ethical implications, including whether current regulation is adequate.

Second, there are significant ethical concerns over the potential scope and scale of genome editing modifications. As more researchers use CRISPR to achieve more genome changes, the implications shift. Our consideration of a technology that is rarely used and then only in specific cases will differ from one that is widely used and put to all sorts of uses.

Should we reach this tipping point, we will have to revisit the conclusions of the first few decades of the genetic modification debate. Currently modifying plants, some animals, and non-inheritable cells in humans is allowed under strict controls. But modifications that alter the human germ-line are not allowed, with the exception of the recent decision in the UK to allow mitochondrial replacement.

While this may mean weighing up potential benefits, risks and harms, as the potential applications of genome editing are so broad even this sort of assessment isn’t straightforward.

What patterns can genetic surgeons weave? too human by lonely/www.shutterstock.com

Use for good and for ill

Genome editing techniques have so far been used to change genomes in individual cells and in entire (non-human) organisms. Benefits have included better targeted gene therapy in animal models of some diseases, such as Duchenne Muscular Dystrophy. It’s also hoped that it will lead to a better understanding of the structure, function and regulation of genes. Genetic modification through genome editing of plants has already created herbicide- and infection-resistant crops.

But more contentious is how genome editing might be used to change traits in humans. While this has been the basis for many works of fiction, in real life our capacity to provide the sort of genetic engineering seen in films and books such as Gattaca and Brave New World has been substantially limited.

Genome editing potentially changes this, presenting us with the very real possibility that any aspect of the human genome could be manipulated as we desire. This could mean eliminating harmful genetic conditions, or enhancing traits deemed advantageous, such as resistance to diseases. But this ability may also open the door to eugenics, where those with access to the technology could select for future generations based on traits considered merely desirable: eye, skin or hair colour, or height.

Permanent edits

The concern prompting the US academics' call for a moratorium is the potential for altering the human germ-line, making gene alterations inheritable by our children. Gene therapies that produce non-inheritable changes in a person’s genome are ethically accepted, in part because there is no risk for the next generation if things go wrong. However to date only one disease – severe combined immunodeficiency – has been cured by this therapy.

Germ-line alternations pose much greater ethical concerns. A mistake could harm future individuals by placing that mistake in every cell. Of course the flip-side is that, if carried out safely and as intended, germ-line alterations could also provide potentially permanent solutions to genetic diseases. No research is yet considering this in humans, however.

Nevertheless, even if changes to the germ-line turn out to be safe, the underlying ethical concerns of scope and scale that genome editing brings will remain. If a technique can be used widely and efficiently, without careful oversight governing its use, it can readily become a new norm or an expectation. Those unable to access the desired genetic alterations, be they humans with diseases, humans without enhanced genetic characteristics, or farmers without genetically modified animals or crops, may all find themselves gravely and unfairly disadvantaged.

Banks undermine chip and PIN security because they see profits rise faster than fraud

Who pays, and who gains? Card by LDprod/www.shutterstock.com

The Chip and PIN card payment system has been mandatory in the UK since 2006, but only now is it being slowly introduced in the US. In western Europe more than 96% of card transactions in the last quarter of 2014 used chipped credit or debit cards, compared to just 0.03% in the US.

Yet at the same time, in the UK and elsewhere a new generation of Chip and PIN cards have arrived that allow contactless payments – transactions that don’t require a PIN code. Why would card issuers offer a means to circumvent the security Chip and PIN offers?

Chip and Problems

Chip and PIN is supposed to reduce two main types of fraud. Counterfeit fraud, where a fake card is manufactured based on stolen card data, cost the UK £47.8m in 2014 according to figures just released by Financial Fraud Action. The cryptographic key embedded in chip cards tackles counterfeit fraud by allowing the card to prove its identity. Extracting this key should be very difficult, while copying the details embedded in a card’s magnetic stripe from one card to another is simple.

The second type of fraud is where a genuine card is used, but by the wrong person. Chip and PIN makes this more difficult by requiring users to enter a PIN code, one (hopefully) not known to the criminal who took the card. Financial Fraud Action separates this into those cards stolen before reaching their owner (at a cost of £10.1m in 2014) and after (£59.7m).

Unfortunately Chip and PIN doesn’t work as well as was hoped. My research has shown how it’s possible to trick cards into accepting the wrong PIN and produce cloned cards that terminals won’t detect as being fake. Nevertheless, the widespread introduction of Chip and PIN has succeeded in forcing criminals to change tactics – £331.5m of UK card fraud (69% of the total) in 2014 is now through telephone, internet and mail order purchases (known as “cardholder not present” fraud) that don’t involve the chip at all. That’s why there’s some surprise over the introduction of less secure contactless cards.

Not only do contactless cards allow some transactions without a PIN, but the data can be stolen from the card and, by extension, potentially money from any account linked to it, just by brushing past someone near enough to trigger the contactless chip into transmitting.

Figures for UK card fraud reveal the effect Chip and PIN has had of forcing criminals to change tactics. Financial Fraud Action UK

Fear of fraud versus potential for profit

So why are some banks issuing chip cards which don’t support PIN verification at all, leaving customers to sign for transactions instead? Why has the US been so slow to roll out Chip and PIN and why have UK banks actually decreased security for contactless cards? All three decisions are driven by, perhaps unsurprisingly, profit.

The share of transactions that card issuers take (the interchange fee) depends on the country and type of transaction. In the US, a lower fee is charged for PIN transactions than for those verified by signature. Since the fee is paid by merchants to the card companies and banks, that explains why merchants upgraded their terminals to support Chip and PIN long before the US banks started issuing chip cards. Encouraging banks to start issuing cards is being handled the same way: as of October 2015 if the merchant’s terminal which accepts a fraudulent payment supports Chip and PIN but the card doesn’t, the card issuer pays for the cost of the fraud. If the merchant’s terminal doesn’t support Chip and PIN but the card does, the merchant pays.

Contactless cards are being promoted because it appears they cause customers to spend more. Some of this could be accounted for by a shift from cash to contactless, but some could also stem from a greater temptation to spend more due to the absence of tangible cash in a wallet as a means of budgeting.

Greater convenience leads to increased spending, which means more fees for the card issuers and more profit for the merchant – this is the real reason why the PIN check was dropped from contactless cards. The risk of fraud is mitigated to some degree by limiting transactions in the UK to £20 (rising to £30 in September), but it’s been demonstrated that even these limits can be bypassed.

Doing the maths

Card fraud involves a very large amount of money – £479m in 2014 in the UK – and affects many millions of people. In a EU-wide survey, 17% of UK internet users said they had been the victim of credit card or online banking fraud – the worst in the EU. Some of the costs of fraud are borne by the merchants. Others are passed to the victim because the Payment Services Directive allows banks to refuse to refund customers if they can’t identify a more likely cause for the fraud than customer negligence.

However, even if all the costs of fraud were paid for by the card companies, the cost they would bear would only make up 0.075% of the value of card transactions. This sum they could comfortably pay for from the interchange fees they charge on these transactions, currently set at 0.7% of the transaction value – nearly ten times larger than the costs of fraud.

Earlier this month the European Parliament voted to cap interchange fees to 0.2% of transaction value for debit cards and 0.3% for credit cards, but even so there is a healthy profit margin between card fraud losses and interchange fee income. As for contactless, no-PIN transactions, they are a gamble that has paid off: fraud rates for contactless cards are even lower, at a mere 0.007% of total transaction value.

While fraud statistics in the US are not as systematically collected as in the UK and Europe, fraud there is estimated at around US$10 billion a year (about half the worldwide total). As a proportion of transaction volume, fraud rose 0.05% in 2007 to 0.1% in 2014. Still, Chip and PIN in the UK only temporarily disrupted the rising trend of card fraud until criminals focused on softer targets such as using UK cards in the US. Once this option is unavailable through the introduction of Chip and PIN to the US, the long-term effects are hard to predict.

Germanwings crash: the ins and outs of the two-person rule

Two hands on the wheel is twice as safe. keys by dextroza/www.shutterstock.com

As evidence mounts that Germanwings flight 4U9525 was crashed deliberately by its co-pilot who locked the flight’s captain out of the cockpit, there have been renewed calls to enforce a “two-person rule”, where two members of the flight crew are on the flight deck at all times.

Within hours of the crash, steps were taken to enact this: the Canadian government made it a mandatory requirement, and the UK Civil Aviation Authority urged UK airlines to review their rules, although some airlines including budget airlines Ryanair and Flybe already enforced the rule.

The idea dates back to the days of the Cold War, where two operators were required, typically with two separate keys, for drastic action such as launching nuclear weapons. The procedure is still in force today, to offer protection against the actions of rogue individuals. But the concept of the “buddy system”, that tells us not to be alone during critical or risky moments, is widely in place – from divers heading underwater, firefighters entering burning buildings or bankers making large withdrawals, and to school-aged children wandering out of sight of adults.

When it comes to nuclear war, it makes sense not to leave it within the ability of a single person. Scott Wagers/US DoD

In essence, the safety and integrity of actions and environments is improved by requiring the co-operation of two at a time. This way no single individual will be caught without help should they need it, and no one will be in a situation where the actions of a single person in a key role go unmonitored.

Flight rules

While co-pilot Andreas Lubitz may have considered his actions, it’s likely that he moved on the spur of the moment – on quite a short flight there was no way of knowing whether the captain, Patrick Sonderheimer, would have needed to visit the toilet, leaving him alone in the cockpit.

But it’s clear that being alone in the cockpit was all that was required for Lubitz to take himself and 149 others to their deaths on the slopes of the French Alps. Had the captain or any other member of the crew been there, they could have reversed any efforts to override the autopilot, or summoned other crew or passengers to help subdue Lubitz if necessary.

As it’s impossible to require that neither of the pilots leave the cockpit during flights, adopting the two-person rule seems to be a good move in order to increase the safety of flights from the potential for actions such as this, or in the event that the remaining pilot is incapacitated, perhaps by a heart attack. Current measures protect from actions outwith the cockpit, but provide little defence from those coming from within.

A human deterrent

Had Sonderheimer been replaced by a member of the cabin crew that morning, would Lubitz have believed that he had an opportunity to do what he did? The two-person rule, more than only enforcing, also dissuades and serves as a deterrent. Undeterred, a pilot set on crashing their aircraft could still override the autopilot, but – except in situations where they were able to overpower their fellow in the cockpit quickly – it would only be a matter of time before it was detected, reversed, or the absent pilot was able to return to the flight deck.

So it’s perhaps surprising that the two-person rule is not mandatory in the aviation industry worldwide but is left up to individual authorities. In the US, the Federal Aviation Administration made two in the cockpit a requirement a year after the 9/11 attacks in 2001 – along with the flight deck door reinforcement that contributed to the crash of flight 4U9525.

The experience of those airlines that have adopted the rule is that it requires minimal effort or organisational change. All that is required is that a cabin crew member takes the absent pilot’s place in the cockpit, and may leave only after they return. It is an easy fix with the potential to prevent cases such as this – a similar Egyptian Airlines incident in 1999 left 229 dead, and there have been at least eight other “pilot suicides” in the last 40 years – as well as other situations that could arise.

It’s clear that this has been rapidly taken up by airlines outside the US in the last 24 hours: EasyJet, Virgin, Air Transat, Emirates, Norwegian Air Shuttle, Air Canada, Air New Zealand and Lufthansa, the parent of Germanwings, have all announced they would implement the two-person rule. But ideally this would be adopted as a mandatory procedure worldwide – and sooner rather than later – as it can be done almost without cost, and with the potential to prevent the repeat of such tragedies.

Personality may be down to where you come from – but this doesn't mean we can't change

Is there hope for change? from www.shutterstock.com

How exactly do we become the people we are? A study published earlier this week found that there are vast regional differences in personality within the UK.

Londoners are more extroverted, for example, while people in north England and areas of east Scotland are quieter and more introverted. Scots have highly agreeable personalities, while those in London and areas of east England have low levels of agreeableness, described in the study as “uncooperative, quarrelsome, and irritable.”

What’s more, the study found that these differences relate meaningfully to regional socio-economic outcomes, including voting tendencies, health behaviours, education level, and social tolerance.

The research was reported by the BBC with the suggestion that people with specific personality traits might be better suited to certain locations around the country. But implicit within this suggestion is the notion that personality is fixed – and this is by no means the case.

The science of personality

After decades of research psychologists have a fairly good understanding of the psychological component that remains with us from one situation to another – otherwise known as our personality.

At the very broadest level who we are is made up of five personality dimensions – our tendency to be agreeable, conscientious, extroverted, emotionally stable, and open to experience. But how personality develops through our lives is still poorly understood – and we are only just beginning to discover that there could be big socio-economic implications.

Heat maps of personalities in the U.K. Blue is comparatively low, red is comparatively high. Rentfrow et. al/PLOS ONE

The idea that personality is more or less fixed over the course of our lives has been a popular belief in personality psychology for years. Changes due to biological factors were thought to occur until about the age of 30, at which point it was assumed that personality becomes set in stone. This is a belief that has permeated throughout society, which may have understandably led many to believe (rather dishearteningly) that it is impossible to change.

Change is possible

However, while personality is on the whole stable from one situation to the next, this does not mean it cannot and does not change over time. Personality researchers have traditionally paid little attention to aspects of long-term change, but there is now substantial evidence which shows that our personalities continue to change throughout our lives.

Given the recent work linking regional personality with regional socio-economic outcomes it is dangerous to imply personality is fixed. It may lead to the erroneous claim that people somehow deserve the situations in which they find themselves.

Recently we published a study showing that unemployment, a major life event that could happen to any of us, can reprogramme us fundamentally by changing our core personality – we become less agreeable, less conscientious and less open to the world around us. Thus the regional personality differences found in the research reported by the BBC may in fact be the result of the socio-economic conditions themselves.

A key to happiness

In recent years there has been a movement for promoting well-being in our societies. It has long been known that once basic material needs are met, income growth is no longer the key to greater well-being. More important factors are social relationships, mental health, and of course our personality.

Personality is one of the strongest and most consistent predictors of higher well-being. Being agreeable, conscientious, extroverted, emotionally stable and open to experience are all linked to higher well-being. Our personalities can also help us deal with difficult and traumatic life circumstances, something almost everybody will have to deal with at some point in their life.

How we deal with challenging events such as becoming disabled or unemployed depends heavily on our personality. For example, being agreeable, perhaps itself due to better quality relationships, appears to help individuals when they become disabled.

Personality development

Our research has also shown that personalities are just as likely to change as many socio-economic factors, including how much we earn. In fact, personality may contribute substantially more to changes in many indicators of well-being. For example, it has been found that counselling, and even powerful entheogens such as psychedelic mushrooms, may promote large positive personality change. Perhaps we would find ourselves on a faster route to greater well-being if we placed more attention on who we are, rather than on what we have.

By better understanding personality change, we may be led to a society where personality development is recognised as a valuable endeavour. We could try to limit the deep psychological damage from difficult life events such as unemployment and support psychological growth more generally.

It seems that we can change, and under the right circumstances such change may be positive and meaningful. By understanding and considering our personality more widely, we may uncover significant benefits to the quality of our lives.

What if our children are the screen-obsessed couch potatoes of the future?

I can't take my eyes off you. Screen obsessed by lassedesignen/www.shutterstock.com

The idea of “digital addiction” has returned to the fore with UCL researchers suggesting physical activity should displace the compulsive watching of television, internet surfing and video gaming. Often it’s suggested that at least gaming is more active and engaged than merely passively watching television, but the UCL study’s authors regard gaming as “just a different way of sitting down and relaxing”.

The problem with the topic of digital addiction is that there are no definitive scientific studies that have established it as a genuine condition. As far back as 2006 the American Journal of Psychiatry recommended digital addiction be more formally recognised, but studies are still largely piecemeal and no authoritative view exists.

A rising new addiction

Yet each year more studies are published that support the journal’s view that “internet addiction is resistant to treatment, entails significant risks, and has high relapse rates.”

Recently a few more accounts from around the world have emerged supporting the view that digital addiction is growing, and may be storing up problems for the future. A survey in New Zealand highlights the withdrawal symptoms people feel when not connected. The “fear of missing out” is another phenomenon that forms part of the dimension of digital addiction, as recently described in a survey in Japan. Here addiction is linked to the need to use specific apps, rather than a more general need to “connect” online.

The Net Children Go Mobile report in Ireland based on surveys conducted by researchers at the Dublin Institute of Technology highlights how many children are online a lot after 9pm. It shares concerns around the potential toxic combination of being “always-on” and exposed to potentially distressing content. As with drug use, addiction itself is one problem, while the “substance” or content of that addiction causes different kinds of harm.

How to measure the problem

Research that attempts to physically measure the impact of digital addiction is also expanding. A study from the University of Missouri reports that measurable increases in stress can be recorded when people have their smart phones taken away.

There has even been a rise in clinics serving digital addicts, an increasing amount of personal testimony from self-described addicts, as well as more firmly established evidence for repetitive strain injuries arising from overuse of technology.

It all points to an urgent need for far more comprehensive research – research that can really inform how the government approaches the problem with policy, as well as something to guide parents and managers in the workplace.

A slave to our screens, we’re locking ourselves to them. enslaved by Marcos Mesa Sam Wordley/www.shutterstock.com

A lack of digital denial

Interestingly, research attempting to deny digital addiction is almost impossible to find. Even as researchers claim that cell phone addiction can harm the parent-child bond, or that phone addicts may be more prone to mood swings, academic voices against are few and far between. Why is this?

It could be because the current research hasn’t made any significant impact on existing corporations and commercial models. When studies were published claiming definitive proof of dangerous mobile phone radiation the brain, particularly in children, those speaking out against the claims were were vocal and many in number. That battle is raging to this day, with the potential harm of wearables now coming under scrutiny.

I believe this battle is so energetic because the consequences, as with the tobacco industry, are directly and profoundly commercial. At present, digital addiction is an opportunity for innovation, both social and technological.

Putting digital in its place

We might better manage our digital devices by learning to place them more mindfully and skilfully – to learn to “handle our digital drink”. There are always apps to help us manage our addictions. Digital addiction has innovations in online child safety, the ways parents ration access to devices, better education – and even apps that prevent users constantly connecting. It might be that the impact of digital addiction and the way it manifests itself will have to be ever further revealed before serious research begins.

Added to this is the fact that many argue that profound freedom is a core principle in the digital space – any regulation or top-down governance, such as in the realms of alcohol, smoking, or gambling, will be strongly resisted. If the internet is in any way equivalent to a drug, then, according to the web’s founding father, Tim Berners-Lee, that drug is a “human right”). So the corporations working with digital devices and content wait and watch. While the evidence for digital addiction grow, it isn’t harming iPhone sales, and is unlikely to dent the success of smartwatches.

From India to America, from China to England, concerns that our children are turning into couch potatoes grows. But until a tipping point is reached, parents and teachers, managers and gamers will carry on checking into clinics, reading the top ten tips, possibly to become a generation with prematurely arthritic fingers, backache, and a whole host of yet to be named psychological disorders.

Germanwings flight 4U9525: a victim of the deadlock between safety and security demands

Two up front for safety? Jason Calston/Airbus

It seems incredible that a pilot of a passenger airline could be locked out of the cockpit. But analysis from the cockpit voice recorder recovered from Germanwings flight 4U9525 after it ploughed into the Southern Alps in France has revealed that this is what happened and that one of the two pilots had been trying to get into the cockpit before the crash.

An initial explanation that the pilot at the controls was incapacitated, perhaps from a heart attack or stroke, has since given way to an alternative given by French investigators: that the pilot in the cockpit – named in reports as Andreas Lubitz – deliberately prevented his co-pilot from entering in order to destroy the aircraft.

Following the September 11 attacks in New York in 2001, passenger aircraft cockpit doors have been reinforced in order to be made secure, and even bulletproof.

Access to the cockpit must be locked during flight, preventing passengers from forcing entry onto the flight deck so that pilots can safely fly the aircraft and manage any situation without worrying about potential hijackers. For the safety of the pilots the cockpit door must open at the pilot’s command from the flight deck, for example when there is no apparent risk of malicious attack. The outside of the cockpit door is secured by a keypad, to which the crew have the codes. But the request from the keypad to open the door must be confirmed by the co-pilot who remains inside.

It has become apparent that these two aspects – safety and security – are not always achievable at the same time. In the event of an incident like this, they even work against each other.

A trade-off between safety and security

People often confuse “security” and “safety”. In Chinese the two words are exactly the same. However, conceptually they are different.

Security offers protection from intentional attacks, while safety is to prevent from natural accidents. While some security incidents can be accidental, or made to look accidental, some element of usually malicious intent is involved.

The trade-off in both security and safety risks in this context is hard because the probability of accidents can be modelled while human intention cannot. One could try to estimate the probability of someone having bad intentions, especially pilots, but in the end it’s not possible to square one with the other – it is to compare apples with oranges.

With the ultimate goal of protecting the lives of those on board, the processes by which the cockpit door is open and closed is crucial. Closing the door is not always right, even though the flight may be threatened by potential terrorists. That a pilot on the flight deck must open the door to his fellow officer outside the door is not beneficial if the crew remaining on the deck inside are incapacitated or unwilling to do so.

Timing and context is key

Feature interaction manifests itself in the way hardware and software interacts, such as in the design of lifts, vehicles or even smart homes. In order to avoid problematic interactions priority needs to be assigned to those features that are paramount – on aircraft, this is protecting the lives of passengers. The key to this is context and timing.

How can the electronic, robotic controller of the cockpit doors collaborate with the human crew member desperately looking for ways to gain entry to the flight deck? Knocking, or even smashing down the door is not enough – because potential terrorists may do the same, and so these eventualities will have been catered for in the initial design.

In this case, an adaptive user interface mechanism, which has been used to simplify complicated software systems, could enhance the usability of an otherwise complex security system. Mobile payment systems, such as Apple Pay, have demonstrated it’s possible to simplify the interface to otherwise complex security systems. For example, users do not need to carry credit cards yet can still properly certify their transactions. Such time-saving elements to verify security could be, in such a contingency as this, a life-saving feature.

Control of the cockpit door must be adaptive to context of the situation, providing a means to bypass the risk of a situation where flight crew are locked out of the cockpit. Had the robotic door controller understood there was a reason the pilot at the controls could not confirm the entrance of the pilot outside – by registering a malfunctioning ejection seat, for example, or reading dying vital signs from a heart monitor – it could override the security requirements and allow the pilot to reenter the cockpit.

We need to reassess the risks and arguments around safety and security in the context of aviation, and find ways of bringing together hardware, software, and the flight crew themselves – perhaps through health monitoring devices – in order to ensure that both these demands work together, and do not become a threat in themselves.