The late Lu Zuckerman, a systems design engineer, had some iconoclastic views on measuring air safety. Here is one such diatribe:

“ ‘You would have to catch a commercial airliner every day for 26,000 years to guarantee being involved in a fatal accident. Flying a commercial airliner is nine times safer than driving a car.’

“These types of statements are based on the party line put out by all the airlines and are based on seat miles traveled. Here is an example: airline A has 30 aircraft that are each capable of carrying 200 people. Each of these aircraft flies full from Los Angeles to New York and return, a distance of 6,000 miles.

“Each aircraft makes one round trip a day. Each trip takes a total of 9 hours round trip. In one day they accumulate 72 million passenger seat miles. In one month they accumulate 2,160 million passenger seat miles. In one year they accumulate 788,400,000,000 passenger seat miles. On the last day of the year, they lose one aircraft and 200 passengers plus crew due to the failure of a single part. In their advertisement, they state proudly that they have had only one major accident and having flown 788,400,000,000 passenger seat miles.

“However, they have accumulated only 98,550 flight hours on the 30 aircraft. The FAA states that the loss of an aircraft or death to a single passenger caused by a single point failure can occur no more frequently than 1 x 109 flight hours [1 in a billion] for the fleet.

“There are many single point failure that have downed aircraft and they have occurred long before the respective fleets had accumulated 1,000,000,000 hours of operation.

“Here is another way the FAA obfuscates the truth about the calculated safety of an airliner.  Hopefully, you have some knowledge of a Fault Tree Hazard Analysis. It consists of ‘and’ gates and ‘or’ gates that represent different elements of a given system. They place these gates in a logical order so that it can be shown how the elements of the system are related to each other when the system/systems are operational. In every case the top gate in every system is an ‘and’ gate, which means that several things have to occur at the same time for the system to fail.

“Using Boolean Algebra it can be ‘proven’ that the system has a predicted rate of failure of 1 x 1012 or up to 1 x 1017. The problem is that if any one of these systems fails you lose the aircraft so, to truly represent the operational safety of the aircraft as a total entity each system must migrate to an ‘or’ gate.

“Using the same Boolean Algebra it can be shown that the aircraft as total entity has a failure of less than 1 x 109. The FAA regulations do not require the last step, as to do so would indicate that they aircraft is not as safe as they state in the regulations.”

A good illustration of this problem may be found in the B737, which suffered from a spate of uncommanded rudder reversals, one of which led to the deaths of all aboard US Air flight 427. At the time of the accident, the B737 fleet had accumulated somewhere around 100 million flight hours, but well less than the vaunted one in a billion flight hours by which such catastrophic events are calculated for certification purposes.

Want to improve air safety? Apply a standard ten times more stringent that the one-in-a-billion, and use 100 million flight hours to at least get in the ball park of reality. Then use an “or” instead of an “and” gate to more effectively evaluate each system that supports aviation safety (e.g., instead of hydraulic failure and electrical failure, use hydraulic failure or electrical failure).