About That Missing Submersible

 The headlines have been cluttered the last few days with the frantic search for the missing submersible "Titan" owned and operated by OceanGate.  

In the midst of it all, have been some very interesting, and hugely problematic revelations about the design and build of this craft.  As someone with experience in control systems design, there are aspects of this which are as egregious as Boeing's failures with the 737Max "MCAS" system.

First up is the navigational control system - which is anchored by a Bluetooth connected game controller. First, let me state that using a game controller type device for directional control of the vessel isn't entirely a bad thing. The controllers are common, well understood, and generally work quite well. There are numerous systems out there that use them, and I'm not going to slam that entirely. 

I am going to slam the use of a battery powered Bluetooth controller, though. Those things eat through AA batteries like they're candy - in this situation, you better have a box of spare batteries at hand - because you're going to need them.  Controllers can act pretty strangely when the battery gets low - including having problems with the Bluetooth connection. 

My first thought was "where's the hardwired controller?" - nothing wrong with using a wireless device here if you have a backup device that's physically connected.  A Bluetooth device has a myriad of failure modes that need to be considered - the chip inside the controller can fail, the chip on the control computer can fail, both can get confused at critical moments and have to renegotiate connection, and so on. The importance of having a physical connection cannot be understated.

Then we come to some of the other question marks this raises.  Clearly this craft is computer controlled.  Are those computers redundant, and what is the behaviour if there's a hardware fault in the computer? This isn't a case like your car where if the ECU goes awry, it either goes into a "limp home" mode, or you can at least pull off the road and call for assistance. This is a vessel going into the deep ocean. There's a distinct lack of tow trucks at 4 km below the surface if you get into trouble. 

Which brings me to the second point about the navigational controls - are there direct overrides that would allow the operator to bypass a failed computer controller and directly operate the motors? The few pictures I have seen of the interior do not look like that's the case.  Again, this is a form of redundancy that is appropriate in this context, because frankly even a little bit of salt water is apt to be very fatal to the electronics. 

There are a bunch of design questions around the power and control systems that would require access to the engineering designs to comment on, but just what can be observed from public media is quite alarming. 

Then there's the discussion in the New Republic article, which implies that the viewing portals are not rated for the depths that the submersible operates at. That doesn't mean it will fail immediately at those depths - but it does mean that we don't really know when, or how, it might fail.  It might be fine for some number of dives, and then develop a leak around a seal that has a minor flaw. 

The point here is that OceanGate appears to have made an economic decision in the build, and decided not to bother spending the dollars needed to certify for 4 km below the surface - where the water pressure is going to be over 5850 lbs / square inch ( 1 atmosphere at sea level is 14.73 lbs ).  While this is not necessarily the failure case here, it's very concerning. 

Then there is the use of carbon fibre to make the hull. This is a materials science question for me - and something I don't have a lot of insight into.  Carbon fibre is relatively new in the world, and one does have to wonder just how it's going to react to repeated compression / decompression cycles as the vessel racks up hours of operation at depth, and then returning to the surface. 5 inches of carbon fibre sounds like a lot, but in a hostile environment like the deep ocean, it may not be, or the stresses may cause the material to begin to fail.  I don't think we know enough to be certain here. 

Circling back to this, there are a whole lot of question marks around the design and implementation of this craft. Once the search and rescue (or recovery) mission is over, we absolutely should be looking at the vessel more closely and assessing whether or not it was in fact fit for the purpose it was being put to.