Ethical issues in engineering design - Technische Universiteit Delft

Download PDF
132 downloads 9729 Views 6MB Size Report
Comment
One ethical question that arises in relation to the design of the Herald of Free ...... website]. 4.3.1 Active safety. The DutchEVO design team used the definition ...
tot het bijwonen van de verdediging van mijn proefschrift:

Ethical issues in engineering design op maandag

14 november 2005 om 10.30 uur

Anke van Gorp

‘Wonder en is gheen wonder’

Uitnodiging

Ethical issues in engineering design

Engineers have to make decisions concerning ethical issues during technological design processes. In this thesis the kinds of ethical issues that engineers encounter are described, together with the way engineers deal with them, with a focus on ethical issues related to safety and sustainability. Four design processes were studied, the design process for an ultra light car, for piping and equipment for chemical installations, for a bridge and for a lightweight open truck trailer. A difference can be seen between normal and radical design. During the normal design processes for the bridge and piping and equipment for chemical installations engineers referred to regulative frameworks to account for decisions about safety and sustainability. These regulative frameworks give minimal requirements, (parts of) operationalisations, rules and guidelines for use in normal design. Engineers do not, or only partly use, the regulative frameworks in the radical design processes of an ultra light car and a lightweight open truck trailer instead they relied on internal design team norms for making decisions about ethical issues. Following the descriptive casestudy research, the author discusses some preliminary notions for conditions for warranted trust in engineers making normal and making radical designs.

Ethical issues in engineering design Safety and sustainability Anke van Gorp

in de senaatszaal van de aula van de Technische Universiteit Delft aan de Mekelweg 5

Voorafgaand aan de verdediging zal ik om 10.00 uur een korte toelichting geven. Na afloop bent u van harte welkom op de receptie.

Simon Stevin Series in the Philosophy of Technology

Anke van Gorp Simon Stevin Series in the Philosophy of Technology

Westeinde 21c 2512 GS Den Haag 070-3608712

Ethical issues in engineering design; Safety and sustainability Proefschrift ter verkrijging van de graad van doctor aan de Technische Universiteit Delft, op gezag van de Rector Magnificus prof. dr. ir. J.T. Fokkema voorzitter van het College voor Promoties, in het openbaar te verdedigen op maandag 14 november 2005 om 10:30 uur door Anke Christine van GORP materiaalkundig ingenieur geboren te Tilburg

Dit proefschrift is goedgekeurd door de promotoren: Prof. dr. ir. P.A. Kroes Prof. dr. M.J. van den Hoven Samenstelling promotiecommissie Rector Magnificus, voorzitter Prof. dr. ir. P.A. Kroes, Technische Universiteit Delft, Promotor Prof. dr. M.J. van den Hoven, Technische Universiteit Delft, Promotor Prof. dr. A. Grunwald, Forzungszentrum Karlsruhe GmbH Prof .dr. B.A.W. Musschenga, Vrije Universiteit Amsterdam Prof. dr. ir. P. Kruit, Technische Universiteit Delft Prof. ir. A. Beukers, Technische Universiteit Delft Dr. H. Zandvoort, Technische Universiteit Delft

Dr. ir. I.R. van de Poel heeft als begeleider in belangrijke mate aan de totstandkoming van het proefschrift bijgedragen.

ISBN-10: 90-9019907-1 ISBN-13: 9789090199078 ISSN: 1574-941X

Simon Stevin Series in the Philosophy of Technology Delft University of Technology & Eindhoven University of Technology Editors: Peter Kroes and Anthonie Meijers Volume 2

© Anke van Gorp, 2005 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without prior permission in writing of the publisher. e-mail: [email protected]

ISBN-10: 90-9019907-1 ISBN-13: 9789090199078 ISSN: 1574-941X

Contents 1

Introduction 1.1 Research question and objective 1.1.1 Ethical issues 1.1.2 Ethical issues in engineering design 1.2 Research approach

2

Engineering ethics and design processes 2.1 Engineering ethics 2.1.1 Ethics in design processes 2.2 Design 2.2.1 Design process 2.2.2 Design problems 2.2.3 The design process as a social process 2.2.4 Organisation of the design process 2.3 Characteristics of design processes in relation to ethical issues 2.3.1 Design type and design hierarchy 2.3.2 Normative frameworks 2.3.3 Moral responsibility and the trust relationship between engineers and society 2.4 Summary

3

Introduction to the case-studies 3.1 Working hypotheses 3.2 Selection of the case-studies 3.3 Acquisition of empirical data

4 DutchEVO, safe or sustainable? 4.1 A light family car 4.2 The design team 4.2.1 ‘If you have thought it through then it is ok’ 4.3 What does it mean for a car to be safe? 4.3.1 Active safety 4.3.2 Passive safety 4.3.3 Partner protection 4.3.4 Car security

9 13 14 15 17 21 21 23 25 25 27 29 30 32 32 36 37 42 43 43 44 46 49 50 53 56 59 60 61 63 64

Ethical issues in engineering design 4.3.5 Regulation 4.4 Light throw away after use? 4.5 Sustainable and / or safe 4.6 Summary of the case and the regulative framework 4.6.1 Ethical issues 4.6.2 Decision making on ethical issues 4.6.3 Regulative framework 4.7 Acknowledgements 5 Piping and Equipment 5.1 The design of a (petro)chemical plant 5.2 Regulation regarding pressure vessels and piping 5.2.1 Regulations 5.2.2 Codes regarding pressure vessels and piping 5.2.3 Standards regarding pressure vessels and pipes 5.3 Clear responsibilities and tasks 5.4 Ethical issues 5.5 Summary of the case and the regulative framework 5.5.1 Ethical issues 5.5.2 Decision making on ethical issues 5.5.2 Regulative framework 5.6 Acknowledgements 6 Designing a Bridge 6.1 The design problem 6.2 Trying to reconcile all requirements and stakeholders 6.3 Legislation and codes 6.3.1 Safety during construction 6.3.2 Safety in use 6.3.3 Sustainability 6.4 Responsibility and liability 6.5 Summary of the case and the regulative framework 6.5.1 Ethical issues 6.5.2 Decision making on ethical issues 6.5.3 Regulative frameworks 6.6 Acknowledgements 7 Design of a lightweight trailer 7.1 A lightweight truck trailer 7.2 “The customer is always right”

64 65 70 70 71 73 74 76 77 77 79 80 81 82 83 84 90 91 92 92 94 95 95 98 102 102 104 110 112 113 114 116 117 121 123 124 126

Contents 7.3 Safe in what sense? 7.3.1 Structural reliability 7.3.2 Misuse and overloading 7.4 Ascribing responsibilities 7.5 Summary of the case and the regulative framework 7.5.1 Ethical issues 7.5.2 Decision making on ethical issues 7.5.3 Regulative framework 7.6 Acknowledgements 8 Conclusions of the empirical study 8.1 Summary of the results 8.2 Ethical issues and design type and hierarchy 8.3 Approaches to resolve ethical issues and design type and hierarchy 8.3.1 Decision makers and design type and hierarchy 8.4 Regulative frameworks 8.5 Design problem formulation 8.6 Generalisation of the conclusions 9 Towards warranted trust in engineers 9.1 Normal design 9.1.1 Required competence of engineers in normal design 9.1.2 Grunwald’s requirements reconsidered 9.2 Radical design 9.2.1 Identifying what affected actors value 9.3 Further research 9.4 Recommendations for engineering education

131 133 141 143 147 147 150 150 151 153 154 159 160 162 165 167 169 175 175 176 177 181 182 186 187

Literature

191

Samenvatting

199

Appendix 1

211

Appendix 2

215

Dankwoord

219

Curriculum Vitae

221

1 Introduction On March the 6th, 1987, the roll-on/roll-off (ro/ro) passenger and freight ferry the Herald of Free Enterprise capsized just outside the Zeebrugge harbour.1 Water rapidly filled the ship, leading to the death of 150 passengers and 38 crewmembers. The main cause of the disaster was that the inner and outer bow doors were open when the ship left port. The assistant bosun should have closed the doors, but he had fallen asleep. The absence of warning lights made it impossible to see from the bridge whether the bow doors were closed. On at least two previous occasions, similar negligence with sister ships owned by the same company had led to the ships leaving port with the bow doors open. These incidents however passed without disastrous results [London Crown, 1987]. Pressure to depart quickly and poor communication had contributed to leaving port with the bow doors still open in the case of the Herald. As is often the case, it was human error that preceded the disaster, but it was the design of the ferry that made the occurrence of such a disaster possible in the first place. It was the inherent instability that ro/ro ferries encounter when water enters a deck that played an important role in the disaster. This is an aspect of ship design. It might be expected that while designing the Herald and her sister ships, the engineers were aware that if water were to flood on the decks the ship might quickly become unstable. Following the Herald disaster there was a similar disaster with another ro/ro ferry, the Estonia. Water filled one of the decks and the ship capsized killing nearly 800 people. This happened despite the fact that Estonia’s owners had complied with the proposed new regulation concerning ro/ro ferries formulated after the Herald disaster [Van Poortvliet, 1999]. In the following, more detailed description of the Herald disaster I will focus on decisions made in the design process that made the ship very vulnerable to water flooding the car decks. This example demonstrates the possible ethical impact of decisions made in the design process. One ethical question that arises in relation to the design of the Herald of Free Enterprise, and other ro/ro ferries, is whether it should have been designed to be more safe given the fact that it was known that water entering the deck might result in rapid capsizing. This is a moral problem because passengers, crew and —————————————————————————————————— 1

This description of the Herald of free enterprise disaster is based on “Ethical considerations in engineering design processes” [Van Gorp and Van de Poel, 2001]

9

Ethical issues in engineering design their families are harmed when a ship capsizes. There were, and are, simple technical solutions if one wants to prevent rapid capsizing when water enters a deck. Bulkheads created on the decks can easily prevent water from flowing freely over a deck and prevent rapid capsizing [www.safetyline.wa.gov, 2005]. Bulkheads on decks, however, give rise to longer loading / unloading times and take up space on the decks, hence this costs money. When we look at ethical problems in relation to the design of the Herald and comparable ships, ethical issues become relevant at different stages of the design process and during the use of the product. Ethical issues are relevant during the formulation of criteria and requirements for the design and in the acceptance of trade-offs between requirements. I will focus on the formulation of safety requirements for a ro/ro passenger or freight ferry, and on the trade-offs that exist between safety and economic requirements. This description will explain why ro/ro ferries were not designed in a way that would prevent rapid capsizing if water floods a deck. When it comes to formulating legal safety requirements, the International Maritime Organisation (IMO) has an important part to play. This international organisation is responsible for adopting legislation for ships. IMO’s safety legislation deals with the ship and passengers. The SOLAS (Safety of Life at Sea) convention is especially concerned with passenger safety and with lifesaving equipment on passenger ships. IMO officials knew as early as 1981 that if water entered the car decks of a ro/ro ferry, the ship could be lost in a rapid capsize [Van Poortvliet, 1999, 52]. Water entering the car deck will flow to the lowest point leading to a greater inclination, resulting, if the inclination exceeds a certain angle, in a rapid capsize. This fact has been regarded as common knowledge in the maritime world, at least since 1981. The IMO did not adjust its regulations to solve this problem, even though simple technical solutions, e.g. bulkheads, were available. Legislation adopted by the IMO needs to be implemented by governments, and only governments accepting the IMO convention will implement it. Thus when making a convention, it is important to make it acceptable for as many governments as possible, otherwise only a small percentage of all fleets will be obliged to abide by the convention. A shipping company can decide to sail under the flag of another country which has not ratified an IMO convention, if, in the opinion of company management, complying with the convention will cost a lot of money. So there is a certain amount of pressure on the IMO not to issue safety requirements that are considered by some governments to be too tight or too costly to implement.

10

Introduction Most IMO conventions affect new ships but do not apply retrospectively to ships already at sea. This is known as the grandfather clause. The grandfather clause protects the poorer states, because for them it would be too costly to adapt their older fleets to new legislation. IMO legislation may thus be said to be weak and ro/ro vessels complying with IMO legislation are still prone to rapid capsize. Apart from the IMO, insurance and classification companies also have a part to play in the formulation of safety requirements. To obtain hull insurance from insurance companies such as Lloyd’s of London, a ship needs to be classified. Classification organisations are private organisations that monitor compliance with legislation during construction and certify sea worthiness during a ship’s lifetime. Only the ship’s equipment and construction are taken into account by the classification organisations, they do not deal with passenger safety [Van Poortvliet, 1999]. There is little incentive for shipping companies to ask for, or for shipyards to design, ships that are safer than required by IMO conventions and hull insurance regulations. When disasters occur the investigation that follows usually concludes that it was a human error that led to the disaster. Little attention is given to the design of the ship as long as, on completion, the ship complied with the current regulations of the time. Six actors are important in the formulation of the safety requirements laid down for ro/ro ferries. These actors are: the IMO, governments, insurance companies, classification companies, shipyards and shipping companies. To understand why these six actors have not formulated tighter safety requirements, it is important to realize that when safety requirements are formulated a trade-off is made with economic requirements. Economic considerations are important for insurance and classification companies because they depend on shipyards and shipping companies. When the safety requirements they impose are more costly than those of competitors they will lose customers. Insurance companies will want the requirements to be tight enough to prevent them from having to pay out too frequently for hull loss and damages. However, they usually do not want to impose more or tighter requirements than their competitors as they are afraid of loosing their customers. Shipyards do not have loyal customers. To be competitive the price needs to be kept as low as possible or at least lower than that of the competitors. Safety measures are usually only built in when there is a legal obligation to do so. Shipyards may not be held liable if, at the time they were built, their ships complied with the relevant legislation. Shipping companies in Northwest Europe are in strong competition with trains and planes, therefore they do not want to face increasing costs or longer

11

Ethical issues in engineering design loading times. In the case of ro/ro ferries, shipping companies do not want to have bulkheads on the decks because it takes time to put them in place while loading the ferry. Moreover, fewer cars can be transported because the bulkheads have to be designed in such a way that larger and smaller cars can fit between them; this requires spacing between the bulkheads that is less efficient if large cars and freight-trucks are considered. So shipping companies also trade off safety against economic considerations. Finally, the IMO and governments of individual countries also trade off safety considerations against economic ones. As we saw earlier for IMO conventions to be effective as many countries as possible have to support them. For many countries, economic considerations will play an important part when it comes to deciding which safety requirements they consider acceptable. This is reinforced by the fact that shipping companies can choose which flag they sail under. Governments could forbid ships that do not meet their stricter national regulations from entering their harbours. There are economic reasons not to do this. A government’s national harbours, where stricter regulations are enforced, will have a competitive disadvantage compared to harbours in countries that do not impose stricter regulation than the IMO regulation. This, in turn, reinforces competition between countries when it comes to devising attractive rules for shipping companies. Such competition may well water down safety requirements. To summarise, some of the important ethical issues in the case of the Herald of Free Enterprise are the following: the ship’s design was inherently unstable once water entered the car deck. Is it ethically justifiable to design, produce and use ships that are in certain circumstances inherently unstable? What is the responsibility of engineers in this complex situation? There were no warning lights on the bridge, therefore it was not possible to establish from the bridge whether the bow doors were closed or not. Should engineers attempt to anticipate human errors during the design process? Is it the responsibility of the engineers to design in a way that prevents human errors as much as possible or even to design idiot proof ships? It is, for example, desirable to design ferries that cannot leave port unless the bow doors are fully closed and secured. As we have seen in setting the design requirements, trade-offs are made between safety and economics. There is economic pressure to water down safety requirements. Are trade-offs between economics and safety acceptable? Which of the choices regarding this trade-off can be justified? Does following the regulations lead to morally acceptable designs? Ethical issues that come up in design processes like the ones mentioned above will be central in this thesis.

12

Introduction 1.1 Research question and objective Technology has a profound influence on society. New possibilities and new risks arise as a consequence of the employment of new technologies and products. Decisions made during design processes shape the possibilities and risks of products. These decisions are ethically relevant. Some decisions, for example, can have a large influence on the safety of people using the product. Although there is extensive literature on design processes and on engineering ethics, specific attention for ethical issues in design processes is relatively new. A lot of the literature on engineering ethics has been developed from the study of disasters such as the Herald of Free Enterprise or cases of whistle-blowing but in these studies only little attention is given to the design process. In this research I will focus on daily practice in engineering design. It might seem strange to start this chapter with the description of a disaster given that I will look at daily engineering practice, the description of the Herald disaster is only intended to make it clear that engineers make choices regarding ethical issues during design processes. These decisions can, but need not, have detrimental consequences. With or without the actual occurrence of the Herald disaster, the design of this ro/ro ferry may be seen as an example of daily engineering practice. My research question is as follows: What kind of ethical issues come up and how do engineers deal with these ethical issues during design processes? This analysis of design practice will contribute to engineering ethics.2 It will provide detailed information on which ethical issues play a part in engineering design and how engineers decide about these issues. This information should enrich discussions on the moral responsibility of engineers in design processes. The objective of this research can be summarised as follows: To provide a contribution to discussions on the moral responsibilities of engineers in engineering design processes. The contribution will consist of detailed descriptions of engineering design practices and a normative analysis of these design practices. As can be seen in the Herald case there can be regulation pertaining to the design of the product. This research should provide information for answering, amongst others, the following question: do engineers behave in a morally responsible manner if they follow the existing regulations or should responsible engineers do more than just follow the regulations?

—————————————————————————————————— 2

People interested in design research and not engineering ethics might be interested in the case descriptions because actual design processes are described.

13

Ethical issues in engineering design

1.1.1 Ethical issues Until now I have assumed that the reader knows intuitively what ethical issues are. I will now explain in more detail the meaning of the term “ethical” as used here.3 I will call a problem an ethical or moral problem if moral values are at stake. In characterising moral values I will follow Thomas Nagel. According to Nagel, there are different sources of value, special allegiances, general rights, utility, perfectionist ends of self-development and individual projects, that cannot be reduced to each other or to more fundamental values. Values based on special allegiances are, according to Nagel a result of a subject’s relationships to others and consist of special obligations to other people or institutions. General rights are rights that everyone has as a human being. These rights constrain action; actions that violate these rights are morally not permitted. According to Nagel, ‘utility includes all aspects of benefit and harm to all people (or sentient beings)’ [Nagel, 1979, 129]. Perfectionist ends of self-development refer to the intrinsic value of certain achievements. Nagel provides examples of the intrinsic value of scientific discovery or artistic creation. The fifth type of value derives from individual projects. Nagel says that ‘this is value in addition to whatever reasons may have led to them in the first place’ [Nagel, 1979, 130]. An example Nagel gives is that if you have set out and started to climb to the top of Mount Everest then this project gains importance. Ethical theories usually focus on one of the sources of value. Kantianism focuses on universal rights. Utilitarianism only accounts for utility. Virtue ethics concentrates on perfectionist end of selfdevelopment. I do not want to limit myself to one source of value by choosing a definition of ethical issues that refers only to utility or virtues or universal rights. In this thesis, issues that are related to one of the sources of moral values identified by Nagel are called ethical issues and decisions concerning ethical issues are called “ethically relevant” decisions. For example, issues concerning safety are related to utility but also to universal rights, therefore safety is an ethical issue. The term “ethical issue” only indicates that the way engineers deal with an issue can be evaluated from an ethical point of view. This conception of ethical issues is used independently of what engineers themselves think are ethical issues. Engineers may or may not share this conception of ethical issues. Even in cases that engineers do not consider an issue to be ethical, if it is an ethical issue according to the above conception I will treat it as such in this research. There might also be issues that engineers call ethical but that are not ethical issues according to the above conception; these —————————————————————————————————— 3

Some philosophers indicate that morality describes a code of conduct of a society or another group [Gert, 2002]. Ethics or moral philosophy is then construed to be a critical reflection on morality. I will use the terms “ethical” and “moral” interchangeably.

14

Introduction issues will not be considered ethical issues in this thesis. An example of this is that some industrial designers conflate aesthetic and moral values. Some of the ethical issues are also legal issues, for example safety issues. There is a lot of legislation, standards and codes pertaining to safety and design. This makes decisions regarding safety no less ethically relevant, it only provides engineers with rules they should follow from a legal point of view when making decisions. In these cases the way engineers deal with these issues can be evaluated both from an ethical and a legal point of view. Decisions about the safety of a product might then be morally right or wrong and legal or illegal. A question that can be raised in such instances is whether a design that is safe enough according to legislation is also ethically acceptable and vice versa. Legislation, codes and standards regarding safety can also be evaluated ethically.

1.1.2 Ethical issues in engineering design To take into account all ethical issues connected in one way or another to a design process would be impossible. It is not that difficult to point out the ethical relevance of what seems to be a very trivial choice, like which tea to drink during meetings of a design team. Tea can be produced organically or with the use of herbicides and under good or bad working conditions. The choice of what tea to drink is therefore related to utility and universal rights. Lots of ethical issues might play a role in the design context, for example some parts might be produced in countries where child labour is usual and therefore it might be assumed that these parts are made by children. Although all these issues like child labour, exploitation of underdeveloped countries, use of herbicides and pesticides are indeed ethical issues, these issues will not form the main focus of interest in this research. I will concentrate on ethical issues that have a direct influence on the design of a product and the way it is used. In particular, I will focus on ethical issues concerning safety and sustainability. The reason for the focus on safety and sustainability is that these play a dominant role in many design processes. Given the conception of ethical issues it is clear that safety and sustainability may give rise to ethical issues. Decisions made about these issues are related to utility and general rights. Decisions regarding safety and sustainability are made in almost every design process, although the importance of these subjects may differ. In some cases, sustainability or safety will not be regarded or discussed by the engineers, but this does not mean that there are no choices made regarding sustainability or safety. In the following two examples I will show that the impact of decisions made during design processes concerning safety and sustainability may be far reaching. In everyday life choices about safety and sustainability with regard to the use of technological devices are often made, but the consequences of the choices made

15

Ethical issues in engineering design by an individual user about safety and sustainability are usually of a much smaller magnitude than those for decisions made during a design process. When designing a printer/copier, a choice needs to be made as to whether the printer/copier will be able to print two sided or not. Once a choice is made for two sided printing and copying, an additional choice needs to be made about the default properties. If two sided printing is the default option, users have to make an explicit choice to print one sided. Usually the prints and copies coming of the machine will be printed two sided. Only in exceptional cases, where the two sided copies and prints option is switched off by the user, will papers be printed one sided. This default option will probably save a lot of paper compared with a printer/copier that can only print one side. The environmental effects of saving paper are not that big if a single printer/copier is regarded but when the total number of printers/copiers in use is considered the amount of paper saved by printing two sided copies and prints is enormous. As paper is produced from wood, a reduction in paper use will also reduce the amount of wood used. The production of paper, the transportation of wood and the transportation of paper all require energy. The amount of energy used will also be reduced and the total reduction in the resources used will be significant on a global scale. This example shows that decisions made during a design phase of a product, and that seem trivial during that phase, can have large environmental effects. Another example of the ethical impact of design decisions is the following. A person may decide not to drive too fast as this is usually dangerous and not environment friendly. The government of a country might decide to regulate the speed of cars by imposing speed limits. If there are speed limits imposed drivers can still drive as fast as they wish, and is possible in their car, but they will run the risk of being fined when exceeding the speed limits. Car engineers might decide to design a car in which it is impossible to exceed the speed limits. Trucks for example in the Netherlands are equipped with a speed regulator that makes it impossible for the driver to drive faster than 90 km/h. This example illustrates the influence engineers may have; they can promote or prevent speeding. Independently of what regulation requires or what speed limits are legally enforced, engineers can design cars with lower top speeds.4 Cars with top speeds of 300 km/h make speeding possible and might perhaps invite drivers to test the top speed while installing a speed regulator or designing a car with a less powerful engine would make such speeding impossible. Designing cars with —————————————————————————————————— 4

In the Netherlands only trucks are legally required to be equipped with speed regulators. Engineers might, however, decide to equip cars with speed regulators even if this is not legally required. There is a gentlemen’s agreement between German car producers to limit the speed of a car to 250 km/h, examples are the Mercedes Benz CLK 55 AMG cabriolet, the BMW M5 (with speed limiter 250 km/h without 338 km/h), Audi A3 sportback 3.2 Quatro. Although MG is not a German car producer, the MG ZT/ZT-T260 is also limited to 250 km/h [Carros, 2004].

16

Introduction lower top speeds would also save a lot of fuel as the fuel consumption is higher at higher speeds. Lower fuel consumption also decreases CO2 production. Smaller speed differences, for example between trucks and cars may possibly decrease the number of accidents occurring on roads and thereby the number of people injured and killed on roads. So by choosing to design a car with lower top speeds, be it by actively limiting the top speed of the car or designing a less powerful engine, engineers can reduce fuel consumption, CO2 production and the amount and severity of accidents on highways.

1.2 Research approach Descriptions of design practices have to be obtained to answer the research question. This will be done through case-studies [Yin, 1984/1989]. In casestudies, different ways of obtaining data can be used. In my case-studies, I have interviewed engineers, observed design teams at work and read official and informal design documents. Observing of design meetings allowed me to collect information about the way the decisions are made by engineers. Observing design meetings is also a way to get information about what engineers perceived to be the difficulties and challenges of design processes. The meetings used for the case-studies were taped and the tapes transcribed. See appendix 1 for a list of the meetings that were observed. Design documents, especially the official ones meant for customers, give a kind of reconstruction of the decisions made in design meetings. The design documents can sometimes provide additional information, for example, in some design meetings arguments for or against certain choices were given but the actual decision was not taken during the meeting although the decision was documented in the design documents. The more informal design documents often gave information on specific aspects of the design process. This information can be used for later official design documents for customers. Sometimes the informal documents were more detailed than the official design documents. Interviews were used to get further information on what role specific engineers had in the design process and whether they encountered ethical issues. In the interviews engineers were asked what they considered to be the ethical issues in their design process. Most interviews were held at or near the end of the observation period, so it was possible to ask engineers about anything that was not yet clear to me after having read the design documents and observed the design meetings. All the interviews were transcribed and the transcriptions were approved by the interviewees, see appendix 1.

17

Ethical issues in engineering design After the interview and observation periods I gave a presentation of my results to each of the design teams. This presentation was followed by a discussion. Engineers could indicate whether I had made some incorrect factual statements about the design process and whether or not they recognised the results. The presentation was also a last opportunity for me to ask about some details that were not yet clear to me. The reason for giving a presentation at the end of the observation and interviewing period was that the engineers were curious about, and interested in, my research and results. If engineers asked me about the results, I told them that I would present my results, and give them the opportunity to react to these results, later on. This gave me the opportunity to postpone discussions on safety and sustainability until the presentation in order to influence the design process as little as possible. I have chosen to change the names of the participating engineers in the descriptions of the design processes The engineers did not ask me to do this but I have chosen to protect their privacy in the main text, see appendix 1 for more concrete information. The exact identity of the persons involved does not matter for the case descriptions, his or her arguments, decisions and formal position in the design team are relevant for this thesis. In doing the case-studies, I made the choice to present myself as an engineer among engineers. A large advantage of this choice was that the design team members knew that I could understand the “language” of engineers; and although my participation was kept to a minimum during the observation and interview period, the members of the design teams knew that I was a qualified engineer; this made communication easier. The design team members did not feel compelled to explain everything they were doing in a simplified way. In line with keeping my participation at a minimum, I did not contribute to the solution of the design problem. This choice was also made because participating in a design process would require a lot from me as I had no previous design experience. The design task would probably completely absorb my attention and time, making it difficult also to observe what was going on in the team. Therefore, I was involved but not as a member of the design team. I had some input in the design process at the end of the data gathering period when I presented my results. With regard to the validity of my results, I tried to minimise the influence of my presence. I did this by indicating that I was interested in ethical issues in design processes without a thorough explanation of what I meant by the term “ethical issues”. Roughly, engineers in the cases interpreted the term “ethical issues” in four different ways. First, some engineers thought that I wanted to look at human rights and wondered what I was doing in their company because they

18

Introduction could not imagine human rights issues in their company. Second, others thought that ethics was only concerned with what kind of life a person should live and wondered what designing had to do with that. Third, some people, Bachelor students especially, thought that I would study the etiquettes in their design team. Fourth, some engineers shared the interpretation of ethical issues used in this study and expected me to look at decisions concerning the safety of the design or the prevention of disasters. I deliberately did not correct the engineers who thought that I was interested in etiquette, the good life or human rights. My presence might have influenced the design team but as most of the engineers did not know exactly what I was looking at it is not likely that they placed more emphasis on decisions concerning safety and sustainability. I taped whole design meetings and made notes throughout design meetings and interviews, not only when safety or sustainability issues were under discussion. If engineers asked questions about my research results I usually referred to the presentation that I would give later on. As little is known about the way engineers deal with ethical issues in daily engineering design, this was an exploratory research project. Based on ideas taken from the literature on design processes, and to be presented in chapter 2, working hypotheses were formulated. These working hypotheses and the selected cases are introduced in chapter 3. The cases are described in chapters 4 to 7. Conclusions are drawn from the cases and an effort is made to generalise the results of the case-studies in chapter 8. The results from this research are used to make a start with defining conditions for warranted trust in designing engineers, in chapter 9. These conditions lead to a preliminary delineation of the moral responsibilities that engineers have during a design process.

19

2 Engineering ethics and design processes The research question and objective formulated in chapter 1 indicate that this thesis contributes to engineering ethics. This research should lead to descriptions of the ethical issues engineers encounter and how they deal with these issues in design processes. The focus on ethical issues in engineering design processes is relatively new. As yet in engineering ethics there has not been a lot of systematic attention for design processes, as will be indicated in section 2.1. An overview of the literature on the nature of design processes is presented in section 2.2. This overview is relevant because the ideas about the nature of design processes are used to guide the gathering of data in the casestudies. Ideas about design processes that are particularly relevant for this thesis, because these ideas explain and inform the formulations of working hypotheses presented in the next chapter are introduced in section 2.3.

2.1 Engineering ethics Research into ethics and design is part of the research field of engineering ethics. In this section I will not give a complete overview of engineering ethics literature. I will restrict myself to a description of the main issues that are focussed on in engineering ethics and how this research is positioned with regards to these issues. Engineering ethics is the field of study that focuses on the ethical aspects of the actions and decisions of engineers, both individually and collectively. A rather broad range of (ethical) issues are discussed in engineering ethics: professional codes of conduct, whistle-blowing, dealing with safety and risks, liability issues, conflicts of interests, multinational corporations, privacy etc (see for example [Harris et al., 1995] [Davis, 1998] and [Bird, 1998]). A substantial amount of literature on the teaching of engineering ethics to engineering students has been developed since the beginning of the 1980’s, (cf.[Baum, 1980] [Unger, 1982] [Martin and Schinzinger, 1989] [Harris et al., 1995], [Birsch and Fielder, 1994]). A salient feature of engineering ethics literature is that a lot of it has been developed based on studies of disasters like the Challenger disaster ([Vaughan, 1996] and [Davis, 1998]). Another feature of engineering ethics is that, especially in the United States, there are a lot of proponents who regard engineering ethics as a kind of professional ethics (cf [Schaub et al., 1983] [Davis, 2001] and [Harris, 2004). The idea is that the engineer as a professional has obligations not only to his or her employer but also to the general public, as for example doctors or

21

Ethical issues in engineering design lawyers also have obligations. Engineers should adhere to professional codes of conduct that state, for example that engineers shall hold the safety and welfare of the public paramount. Based on descriptions of the Challenger disaster, Davis emphasizes that there is a difference between engineers and managers. Engineers should adhere to their professional norms and hold safety paramount and managers do not do this [Davis, 1998]. This tendency to regard engineering ethics as a kind of professional ethics has led to a focus on the individual engineer and his or her responsibilities in his or her job and profession in most (American) engineering ethics textbooks. This can also explain the focus on whistle blowing that can be found in some of the engineering ethics literature. The individual engineer should in certain cases take his or her moral and professional responsibilities seriously and blow the whistle. According to Zandvoort et al. [Zandvoort et al., 2000] and Devon et al. [Devon, et al., 2001] engineering ethics should focus on more than the individual engineer. They argue that the ethical problems that engineers encounter are partly due to the context they work in. Some of the ethical problems cannot be solved by individual engineers or the profession. In contrast to most of the literature on engineering ethics, I will not focus on disasters and isolated individual engineers. In this research the focus will be on daily practice in engineering design. Fortunately, not every engineer has to deal with disasters or with a decision as to whether to blow-the-whistle or not. There is not much literature on ethical issues in daily practice, yet every engineer will be confronted with these ethical issues. Furthermore, no distinction will be made between engineers and managers in this research as is sometimes done in engineering ethics literature. I will regard every member of a design team as a designing engineer regardless of their job title or education. I have two reasons for this choice. One, in the Netherlands engineers are usually not regarded as professionals in a formal sense. It would be difficult to indicate who is a professional engineer in the Netherlands as engineers are not licensed or certified. Having taken a degree at a University of Technology in the Netherlands gives you the right to use the title “Ingenieur”. There are some professional organisations for engineers but not all engineers are members and some are members of more than one professional organisation. Moreover, some professional organisations are open to everyone doing a certain type of work regardless of whether that person is entitled to use the title “Ingenieur”.1 The second reason is that in design processes engineers, managers and marketing specialists cooperate to design a product. It would be artificial to exclude some —————————————————————————————————— 1

An example of such a Dutch professional society open to everyone doing a certain type of work is “Bouwen met Staal” (Construction with Steel).

22

Engineering ethics and design processes persons who clearly cooperate in the design process just because they have another job description or another educational background.

2.1.1 Ethics in design processes Engineering design is an interesting topic for research from the point of view of engineering ethics because design is one of the core activities of engineers. Moreover, technology has social and ethical implications because of the kinds of products produced, as the outcomes of design processes.2 Only recently has more attention been given to ethics and engineering design [Lloyd and Busby, 2003], [Devon et al., 2001], [Van de Poel, 2001]. Interesting developments in ethics and design can be found in the field of software design and computer ethics. Efforts to incorporate values into the design of software have been labelled “value sensitive design”. Lloyd and Busby use empirical data to describe how engineers deal with ethical issues in design [Lloyd and Busby, 2003]. They use three main ethical theories to see whether reasoning and argumentation during the design process fit within these theories. They refer to the three ethical theories as “consequentialism”, “deontology” and “virtue ethics”. They looked at all reasoning, not just at reasoning about issues that are clearly ethical like safety [Lloyd and Busby, 2003, 514]. They relate, for example, reasoning about making a better product to consequentialist reasoning. They conclude that, contrary to their expectations, consequentialist reasoning is not prevalent in engineering design. Engineers also use deontological reasoning and engineers identify what Lloyd and Busby call virtues of engineers like collectivity, consistency and emphasising evidence. Lloyd and Busby have considered normal day-to-day situations in which design decisions are made. According to Lloyd and Busby a great number of small design decisions that each seem to be ethically neutral, can add up to ethically relevant consequences: ‘Although it is simply a fact that not much of engineering designing is specifically about what one might normally consider to be ethical issues, the products of engineering design- and particularly the use of those products- undoubtedly are.’ [Lloyd and Busby, 2003, 514]

In many design processes, ethical problems are indeed difficult to recognise and less specific than some of the examples given in the literature on disasters. I agree with Lloyd and Busby that in every design process “smaller” ethically relevant decisions are made. I think however that it is problematic to regard all decisions as being possibly ethically relevant. Some values like, for example, efficiency are not moral values (see section 1.1.1). Efficiency is therefore not —————————————————————————————————— 2

Of course also the extent to and the way in which products are used is important.

23

Ethical issues in engineering design necessarily an ethical issue. Decisions regarding efficiency can, however, be ethically relevant if they are related to, for example, sustainability. Making a more energy efficient product is ethically relevant because it is a part of designing a more sustainable product. The same holds for trying to design a product as simply as possible. Simplicity is a normative term but it need not be a moral term. Decisions concerning simplicity are only sometimes related to moral values. Simplicity might be an ethical issue if it is related to ease of operation. A simple product can probably prevent accidents related to unintended misuse. If operation of a machine requires a complex procedure, there is a chance that operators will make a mistake when carrying out the procedure. Another issue related to simplicity might be that a simple product can be used by everyone, unlike some video recorders or microwave ovens that people find too difficult to use. Simplicity can therefore sometimes be related to moral values but this need not be the case. In contrast to Lloyd and Busby, who studied the (ethical) reasoning that engineers use in design processes, Van de Poel distinguished five actions during the design process that may be ethically relevant. ‘1) The formulation of goals, design criteria and requirements and their operationalisation. 2) The choice of alternatives to be investigated during a design process and the selection among those alternatives at a later stage in the process. 3) The assessment of trade-offs between design criteria and decisions about the acceptability of particular trade-offs. 4) The assessment of risks and secondary effects and decisions about the acceptability of these. 5) The assessment of scripts and political and social visions that are (implicitly) inherent in a design and decisions about the desirability of these scripts.‘ [Van de Poel, 2000, 3]

Van de Poel’s approach would imply that, for example, the formulation of requirements is an action that can be expected to be done during design processes. Formulating requirements can be ethically relevant, for example, if safety requirements are formulated. These requirements need to be operationalised and this operationalisation is also ethically relevant. Different alternatives that score differently with respect to different requirements and different operationalisations of requirements may have to be assessed. Trade-offs between different requirements may have to be made. In accordance with Van de Poel’s approach these actions can all be ethically relevant if related to moral values, and therefore these are included in this research. The concept of value sensitive design has been developed within computer ethics and human computer interface design. According to Friedman and others:

24

Engineering ethics and design processes ‘Value Sensitive Design is a theoretically grounded approach to the design of technology that accounts for human values in a principled and comprehensive manner throughout the design process.’ [Friedman et al., 2003, 1]

This definition does not imply that value sensitive design is only applicable within software and computer design. Yet, the concept has until now been mainly used within these fields and not with regard to the design of other kinds of technology [www.nyu.edu/projects/valuesindesign/index.html]. In using a philosophical analysis of values and sociological research into the use and development of technology, value sensitive design is an attempt to make software designs that account for moral values like privacy and autonomy. The research under taken here may be considered research into the way engineers deal with moral values during engineering design processes and therefore research into value sensitive design. There is, however, a difference: whereas researchers into values sensitive design are trying to develop a method for dealing with moral values, I will concentrate on describing how engineers deal with ethical issues like safety and sustainability. Another difference is that some ethical issues that are very important in software design like, for example, privacy and identity are not that important for my case-studies of engineering design.

2.2 Design The features of design problems and design processes relevant to the topic of this thesis are presented in this section. At the end of this section I will present the conception of design processes used in this work.

2.2.1 Design process According to Cross, the design process can be seen as a process in which products or tools are created to suit human purposes [Cross, 2000, 3]. The starting point of a design process is usually some stated or perceived customer’s needs. A material structure that meets these functional requirements is designed.3 The design process is usually constrained by economic and time restrictions. A design should be finished by a certain date and the costs of the whole design process should not exceed a certain amount of money. In the literature on design methodology a lot of different models of design processes can be found ([Cross, 1989], [Roozenburg and Cross, 1991] and [Baxter, —————————————————————————————————— 3

One could also speak of the design of an organization in which an organizational structure is designed rather than a material structure. I will focus on the design of material artefacts.

25

Ethical issues in engineering design 1999]). Cross presents a model of the design process that consists of three phases: generation, evaluation and communication. A concept is generated in the first phase of the design process. A designer needs to understand the design problem and to find possible solutions for it; this usually happens simultaneously. Possible solutions help the designer to get a better understanding of the design problem. The concept is evaluated in the second phase. During the evaluation, a decision is made as to whether the possible solution meets the requirements. The concept is adapted in an iterative process. Often, more than one iterative step is necessary because adaptation of a part of the design can lead to problems in other parts of the design. The design is communicated to the people who are responsible for production in the third phase. Drawings, computer drawings and descriptions of the design are used in this communication [Cross, 1989]. Another more detailed model is proposed by French [cited in Cross, 1989, 21 –22]. French divides the design process into four activities: • analysis of the problem • conceptual design • embodiment of schemes • detailing. An analysis of the design problem should lead to a clear statement of the problem. The requirements and constraints are formulated in this phase. The designer searches for different possible solutions and makes schemes of them in the conceptual design phase. In the next phase, embodiment of schemes, a choice is made between the schemes. The scheme is further detailed in the detailing phase. Although there are different models that can be used to divide the design process into different phases and use different terms to name the phases, there are similarities between the models, (see also [Roozenburg and Cross, 1991] and VDI 2221: Systematic Approach to the Design of Technical Systems and Products cited in [Cross, 2000, 39]). The design process can grosso modo be described as follows. The goal, requirements and constraints are defined at the beginning of the design process. This is sometimes done by the customers or in co-operation between customer and engineers. After this a creative part follows in which concepts are generated and evaluated. In the next phase, one concept is chosen and that concept is further detailed. Finally, drawings and descriptions of the design are made for the production of the product. The design process is not a linear process; it is iterative. It may always be necessary to go back one or more steps and then move forward again.

26

Engineering ethics and design processes

2.2.2 Design problems If design problems are problems in which the requirements alone determine the solution then engineers can say that they are not responsible for ethical issues because the requirements determine everything and the customers define the requirements. Some authors maintain that engineers are not, and should not be, involved in the formulation of design requirements, criteria or goals [Florman, 1983]. According to Florman, the formulation of requirements and goals is ethically relevant, but this should not be done by engineers. Managers, politicians, customers etc should formulate the requirements. In this line of thinking, the task of engineers is to discover what is technologically the best solution given certain requirements. This task is seen as ethically neutral. Ethical questions may arise in the user phase when technologies are used for certain purposes and produce certain (social) effects. According to Florman these ethical questions concerning use are also outside the scope of the engineers and should be solved by the user (see figure 2.1). In this model, the sole responsibility of engineers is to carry out a task formulated by others in a competent way.

Figure 2.1: Division of labour with respect to engineering design if design problems were well-structured problems in which the requirements fully determine the solution, after [Van Gorp and Van de Poel, 2001]. Design problems are, however, usually not problems where a clear set of requirements is available that completely determines the solution. Design problems are more or less ill-structured problems ([Simon, 1973] and [Cross, 1989]). Simon states that in the ill-structured problem of designing a house: ‘There is initially no definite criterion to test a proposed solution, much less a mechanizeable process to apply the criterion. The problem space is not defined in any meaningful way,’ [Simon, 1973, 311]

27

Ethical issues in engineering design For Simon the main characteristics of an ill-structured problem are that the solution space is not well-defined and that there is no criterion to test different solutions and decide which is best. Cross gives the following characteristics of illstructured problems: ‘1. There is no definite formulation of the problem. 2. Any problem formulation may embody inconsistencies. 3. Formulations of the problem are solution-dependent. 4. Proposing solutions is a means to understanding the problem. 5. There is no definitive solution to the problem.’ [Cross, 1989, 11-12]

Some design methods require that engineers formulate the requirements and solutions separately and independently, but this is impossible if design problems are ill-structured. In a redesign of an existing design it might be possible to formulate most of the requirements at the start of the design process but this is not a definition of the requirements independent of the solution. The solution space is, in these cases, limited because a redesign is made; certain features of the product will remain the same. Other design problems aiming at designing a completely new product are very ill-structured and only some vague requirements can be formulated at the start of the design process. So design problems can be more or less ill-structured. An example of an ill-structured problem is the following. In the mid nineteen nineties substitutes were sought for replacing CFCs as coolants in refrigerators, because CFCs damage the ozone layer [Van de Poel, 1998 and 2001]. Two alternatives were considered: HFC 134a and hydrocarbons, both have their advantages and their disadvantages. Hydrocarbons are for example flammable and existing refrigerator design needed to be changed if hydrocarbons were used. HFC134a has a long atmospheric lifetime and if released would therefore still damage the environment, although to a lesser extent than CFCs. There were different operationalisations available for the environmental, health and safety criteria. Both proposed solutions scored differently under different operationalisations of the criteria. There was no solution that was best under all operationalisations. No definite criterion was available to say which solution was the better one. This example shows that even for the seemingly simple case of looking for a substitute coolant in existing refrigerator design, there are features of the problem that make it ill-structured. In cases where a design problem is an ill-structured problem, there may be more than one solution; each of these solutions can be valid. Engineers, in this case, have to make a choice: it is not the case that the requirements will lead to just one solution. At the start of a design process, there may not even be a clear and unambiguous set of requirements. During the design process it may be proved that there is no solution to the ill-structured problem. In some cases it

28

Engineering ethics and design processes might prove to be necessary to adjust or drop some requirements because no solution meeting all the requirements can be found. So a design problem can be under, or over, determined by the requirements. Either way, engineers need to make choices during the design process for example regarding which requirements can be dropped or which of the possible solutions to the design problem is the best.

2.2.3 The design process as a social process Most designs are made by a team of engineers. Designing is in these cases a social process. Choices are made in, and by groups of people. During the design process, communication, negotiation, argumentation, (mis)trust between engineers and power differences between engineers influence the design. This has consequences for design research as the design process should be conceptualised as a social process. There is some research into actual design processes with design teams [Bucciarelli, 1994], [Lloyd and Busby, 2001], [Lloyd, 2000] and [Baird et al., 2000]. Bucciarelli describes the design process as a social process in which negotiation is necessary: ‘Contemporary design is, in most instances, a complex affair in which participants with different responsibilities and interests…. must bring their stories in coherence’ [Bucciarelli, 1994, 83]

The different engineers, with their different educational backgrounds and experiences, will all conceive the design task differently. Take for example the cage construction and bodywork of a car. A mechanical engineer looks at stresses and strains within the cage construction and bodywork of a car. He or she tries to design them in such a way that stresses and strains remain low during normal use and absorb energy during a crash. An aerodynamics engineer might look at the same bodywork and sees a body that needs to have a low frontal area and a low drag coefficient. Although both the mechanical and the aerodynamics engineer look at the same parts they see something different and think of different requirements the parts should meet. All these different views have to be ‘brought in coherence’ [Bucciarelli, 1994], just like all the parts have to fit and function together. This ‘bringing into coherence’ is done as a process of communication and negotiation. Other authors also recognise the importance of social processes during the design process and stress the importance of communication. Lloyd stresses the importance of storytelling within the design process [Lloyd, 2000]. Engineers construct stories during the design process. These stories are used to come to a common understanding:

29

Ethical issues in engineering design ‘Engineering design as a social activity consists in the construction of social agreements. We have observed storytelling to be a mechanism that aids this construction.’ [Lloyd, 2000, 370]

The stories can be used within the entire company or within single departments. The whole company or design team might know the story of a previous design failure. Stories of specific difficult customers might only be known in the sales department. Knowing the stories is part of being part of the design team or department. Stories can therefore be inclusive or exclusive in their use [Lloyd, 2000]. Baird and others conducted an ethnographic study at Rolls-Royce Aerospace [Baird et al., 2000]. They conclude that personal interaction between engineers is crucial for information to be disseminated throughout an organisation. Engineers who know each other from other projects tend to ask each other for advice when working on new projects. At the beginning of the design process more experienced senior engineers are very important. They help younger engineers and point them ‘to the sequences and sources of expert opinion they should seek’ [Baird et al., 2000, 350]. According to Baird et al., this helps with structuring the design problem.

2.2.4 Organisation of the design process A division of labour exists in most design processes. For example, the design of a car can be divided into the design of the drive shaft, the engine, the seats, the electronic systems, the suspension and the styling of the car etc. The partitioning of a design team into smaller design groups responsible for a part of the design is, from an ethical point of view, noteworthy because it may lead to the problem of many hands [Bovens, 1998] and [Thompson, 1980]. This problem presents itself with regard to active and passive responsibility. Passive responsibility is responsibility after something has happened: being held accountable. Active responsibility refers to being or feeling responsible for something or some task [Bovens, 1998]. With regard to passive responsibility, the problem of many hands is the following. It might seem to be quite clear who is officially responsible for what as this depends on formal job descriptions in organisations, but in practice it is very difficult to point out the people responsible for acts of organisations that have caused damage. Organisations are often opaque to people outside of the organisation. It is not clear who is responsible for what and who was able to influence a certain decision. Above this, when an organisation is organised hierarchically, people lower in the hierarchy can indicate that those higher in the hierarchy are responsible while those higher in the hierarchy claim to have no knowledge of the situation.

30

Engineering ethics and design processes With regard to active responsibility, the problem of many hands can be seen when no one feels or thinks that he or she is responsible for certain issues. If issues are not specifically part of someone’s task description, everyone can avoid taking responsibility for them. These issues may then be neglected in the design process. In a paper on the relationship between how companies are organised and harm they cause other people, Darley studied a case of the design and testing of landing gear for a military aircraft that failed during landing after test flights [Darley, 1996]. People in the company knew that there were calculation errors and because of these errors there was a large chance the landing gear would fail. Certain social mechanisms made the people in the organisation actively conceal the calculation errors for their customers and tinker with data in certifying documents. In this case people felt either forced by their superiors or felt they were already too involved and caught up with the tinkering of the data to stop the concealing of calculation errors. Darley also points to the way a decision is framed. Stopping a production process or changing a design requires action, while going on is often seen as not requiring action. Action has to be defended to other people while in the case of doing or changing nothing, such defence is not required. Action is only taken when there is proof of harm. This frames the decision in an “innocent until proven guilty” way. This is different from using a precautionary frame for the decision, where no harm has to be proven. A suspicion of harm can be enough to warrant acting against it. Framing a similar decision differently can lead to different actions [Darley, 1996]. This might be relevant for design processes, especially when decisions have to be made to stop or go on with a design process. The aspects of design processes mentioned above are all relevant from an ethical point of view and therefore they were included in the conception of design processes used in this thesis. In view of the foregoing, I regard design processes as organised social processes which aim at solving more or less ill-structured design problems in this work. All of these aspects mentioned above were used to support data-collection in the case-studies. For example, in the case-studies attention was paid to the organisation of the design team and the social processes within the design team because this helped me to determine who was involved in what decisions when dealing with ethical issues.

31

Ethical issues in engineering design 2.3 Characteristics of design processes in relation to ethical issues4 So far, some very general characteristics of design processes have been discussed. When studying ethical issues in engineering design it may be useful to make further distinctions between different kinds of design processes. It might be expected for instance that during the design process for a bolt for a car wheel, different ethical decisions have to be made than those that have to be made during the design process for a completely new personal transportation device. Ideas drawn from the literature are used to characterise the different kinds of design processes. Working hypotheses are formulated in the next chapter based on these ideas. I conclude this chapter with a discussion of some preliminary ideas regarding what this research, and its results, might contribute to discussions about the moral responsibility of engineers during design processes. These ideas will be further elaborated in the last chapter of this thesis.

2.3.1 Design type and design hierarchy Let us go back to the example of a design for a wheel bolt on a car as opposed to the design of a new personal transportation device. The bolt design has to comply with dimensional constraints, safety norms, standards, financial constraints etc. It is a small part of a known product. Moreover, most designs of bolts are redesigns of existing bolts. Norms, standards or dimensional constraints are absent for a new personal transportation device, or it is questionable whether existing norms, standards or dimensional constraints can or should be used. The design problem for a new personal transportation device is more ill-structured than that of designing a bolt. The reason why the design problem for the bolt is better structured than that for the new transportation device is that there are more external constraints pertaining to the design of the bolt.5 I use the term “external constraints” here for all constraints that are taken for granted during a design process. Some of these constraints may be set by the engineers at the start of the design process, for example by the engineers deciding to redesign an existing bolt instead of designing a new one. Other constraints are set by other stakeholders and not the engineers, such as the customer’s requirements, governmental regulations or codes and standards. These external constraints are usually already operationalised into specific and clear requirements. In a redesign it is also usually obvious how these requirements can be implemented. —————————————————————————————————— 4

The ideas in section 2.3.1 and section 2.3.2 are based on the paper ‘The need for ethical reflection in engineering design; the relevance of type of design and design hierarchy’ [Van de Poel and Van Gorp, 2006]. 5 I am not arguing that more constraints always lead to better structured problems, because too many constraints can also lead to over determined problems.

32

Engineering ethics and design processes As the example of the bolt and the new transportation device suggests, engineers are confronted with different degrees of external constraint in different design processes. According to Vincenti [Vincenti, 1992], this degree of external constraint depends mainly on two dimensions: the level of design hierarchy and the type of design (normal versus radical).6 Design hierarchy Most modern products consist of several parts, subassemblies and subsystems.7 In many cases these subsystems and parts are more or less independently designed. Depending on how the design process is organised, different teams and engineers work on different parts of the product. There is communication and co-operation between the teams or at least there usually is. These design teams can be from the same or from different companies. The parts, subassemblies and subsystems are ordered hierarchically. The complete product is designed at the highest levels of the design hierarchy; subsystems and parts are designed at lower levels. Vincenti divides the design hierarchy of the design process of an airplane in the following levels. ‘1. Project definition: translation of some usually ill-defined military or commercial requirement into a concrete technical problem for level 2. 2. Overall design: layout of arrangement and proportions of the airplane to meet the project definition. 3. Major-component design: division of project into wing design, fuselage design, landing-gear design, electrical-system design etc. 4. Subdivision of areas of component design from level 3 according to engineering discipline required (e.g., aerodynamic wing design, structural wing design, mechanical wing design). 5. Further division of categories in level 4 into highly specific problems e.g. aerodynamic wing design into problems of platform, airfoil section and high-lift devices).’ [Vincenti, 1990, 9].

There are similarities between Vincenti’s ideas of design hierarchy and the design hierarchy levels defined by Disco et al. [Disco et al., 1992]. Disco et al. distinguish the following levels of hierarchy: • systems, like a plant, electricity or cable networks • functional artefacts, like cars, etc • devices like pumps, motors etc • components, like materials, nuts, condensers etc —————————————————————————————————— 6

Vincenti uses the term “technical constraints” instead of external constraint, but this is a misleading term in my view since some of the constraints mentioned by Vincenti are not technical but rather social in nature. Vincenti seems to use the term technical constraints for all constraints that the engineer s of a design team cannot change [Vincenti, 1992]. 7 Walton, for example, estimates that there are about 30.000 parts in the Ford Taurus [Walton, 1997].

33

Ethical issues in engineering design Vincenti’s divisions of the design hierarchy are more fine grained at the lower levels. Component design is not the lowest level but middle level. Disco et al. add the systems level at the highest level. According to Vincenti, the degree of external constraint is larger if the design process is lower in the design hierarchy. The higher levels of the design process pose external constraints for the lower levels. Examples of these constraints are, amongst others, dimensional constraints, a part needs to fit in the whole product, but also constraints concerning the function of the part. The ideas of Vincenti and Disco et al. about design hierarchy seem to resemble the phases in the design process presented in section 2.2.1, but there is a difference. The difference between design hierarchy and the phase of the design process is that a design process is done for every product, subassembly or part. This means that at every level of the hierarchy all phases of the design process are gone through. One could think for example of the generation of concepts design phase of a part of a product. This would be the generation of concepts design phase of a middle level design. The relative importance of design phases can differ in the design hierarchy, for example in high level design the phase of the design process in which detailed drawings are made can be relatively unimportant compared with the generation of concepts. Type of design Besides the notion of design hierarchy Vincenti also introduced the notion of design type ranging from normal to radical design. Vincenti uses the terms “operational principle” and “normal configuration” to indicate what normal design as opposed to radical design is [Vincenti, 1990]. “Operational principle” is a term introduced by Polanyi [Polanyi, 1962]. It refers to how a device works. The normal configuration is described by Vincenti as: ‘….. the general shape and arrangement that are commonly agreed to best embody the operational principle.’ [Vincenti, 1990, 209]

Examples of different working principles of car engines are a combustion engine and a fuel cell electrical engine. Both engines power cars but they have different working principles. In a combustion engine fuel and air are let into a cylinder and ignited. The expanding volume of the ignited gases is used to get a rotational movement. In fuel cell cars an electrochemical reaction between hydrogen and oxygen produces electricity. This electricity is used to drive the car. So although both engines power the car they do so in a different way. In normal design, both operational principle and normal configuration are kept the same as in previous designs. In radical design, the operational principle and/or normal configuration are unknown or it is decided that the conventional operational principle and normal configuration will not be used in the design.

34

Engineering ethics and design processes Vincenti’s description of radical design focuses on the structure and physical aspects of the design. For my purpose, it is useful to introduce a somewhat broader definition of radical design. In design, function and structure are joined in an artefact (cf. [Kroes, 2002] and [www.dualnature.tudelft.nl]). This means that a design can also be radical with regard to its function or design criteria. An explicit choice can be made at the beginning of the design process to change the usual idea of a good product of this product type. This means setting different criteria or changing the relative importance of criteria. For example, speed is often accorded some importance but it is usually not the most important criterion in the design of a car. The standard idea of a good car is a safe, reliable and perhaps fast car. If the aim of a design process is to design a car that can break the sound barrier, this is a radical design process. Radical designing in this functional way can make reconsideration of the operational principle and the normal configuration necessary. Reconsidering may, but does not have to, lead to changes in the operational principle or normal configuration. Thus a radical design process with regard to the function may lead to a radical design of the physical structure, but this is not necessarily so. It is also possible that a new operational principle leads to new criteria. Regulative framework Vincenti claims that there are more external constraints in normal as opposed to radical design [Vincenti, 1992]. Normal design is a form of standard design practice guided by existing formal and informal rules. A system of regulations and formal rules concerning a product exists in normal design. I will refer to this system as a regulative framework. A regulative framework for a certain product consists of all relevant regulation, national and international legislation, technical codes and standards and rules for controlling and certifying products. A regulative framework is socially sanctioned, for example by a national or the European parliament or by organisations that approve technical codes. Besides the technical codes and legislation, interpretation of legislation and technical codes are part of the regulative framework. Interpretations of codes and legislation can be provided by the controlling and certifying organizations and also by engineering societies for example in the courses they organise for engineers on state of the art design practices. Engineering societies can also formulate a code of ethics. This code is also part of the regulative framework. Note that the regulative framework does not include company specific norms and standards. If company specific norms and standards were to be included then the regulative framework would differ in different companies. Companies are restricted in formulating company specific norms and standards, because these norms and standards have to meet the rules and regulations of the

35

Ethical issues in engineering design regulative framework. Company specific norms and standards can therefore only impose stricter requirements than the regulative framework. The notion of a regulative framework differs from notions like technological regime or technological paradigm in that the regulative framework includes only formal norms, rules and their interpretations that pertain to the design, certification and construction of a product. Technological regimes are defined by Rip and Kemp as: ‘the rule-set or grammar embedded in a complex of engineering practices, production process technologies, product characteristics, skills and procedures, ways of handling relevant artefacts and persons, ways of defining problems- all of them imbedded in institutions and infrastructures.’ [Rip and Kemp, 1998, 338]

A technological regime defined in this way includes much more than the regulative framework as it also includes skills and ways of handling artefacts and persons. Other authors have used other definitions of technological regimes. Van de Poel for example focuses on defining technological regimes for design processes. Although Van de Poel restricts his definition of technological regimes to technical regimes for design processes, he includes more in a technical regime for the design of a product than is included in a regulative framework, such as promises and expectations of a product [Van de Poel, 1998 and 2000a].

2.3.2 Normative frameworks The idea of normal design can be related to Grunwald’s idea that in ‘business-asusual’ technology development there is no need for engineers to reflect ethically [Grunwald, 2001]. Grunwald suggests that there are situations in which an engineer should ethically reflect on the development of technology and that there are situations which he classifies as business-as-usual in which there is no such need for ethical reflection ([Grunwald, 2000] and [Grunwald, 2001]). Grunwald indicates that in “business-as-usual” a normative framework exists that governs all ethically relevant decisions that are made during a design process. He thinks that a lot, if not most, decisions in technology development are covered by normative frameworks. According to Grunwald engineers have to apply the rules from the normative framework without further ethical reflection if this normative framework meets the following requirements:8 —————————————————————————————————— 8

Grunwald does not explicitly state that engineers have an obligation to use the normative framework but the requirement “observed” seems to imply this. In an article from 2005, Grunwald has changed the requirement of observed to ‘compliance: the normative framework also has to be complied with in the field concerned.’ [Grunwald, 2005, 189].

36

Engineering ethics and design processes ‘Pragmatically complete: the normative framework has to comprehend adequately the decision to be made, and should leave out no essential aspects from consideration. Locally consistent: there has to be a “sufficient” degree of freedom from contradiction among the various elements of the normative framework. Unambiguous: beyond the normative framework, there has to be a sufficient common understanding among the actors in the context of the decision under discussion. Accepted: the normative framework has to be accepted as the basis for the decision by those concerned. Observed: the normative framework has to be in fact observed; lip service, for instance, in environmental concerns, is not enough’ [Grunwald, 2001, 419].

With regard to the acceptance of the normative framework Grunwald states that acceptance needs not be universal, but neither should it be restricted to the very narrow sphere of engineering. Instead it ‘must include further groups or individuals such as the assumed users, but also people possibly affected by the side-effects or other impacts’ [Grunwald, 2001, 419-420]. Grunwald considers the normative framework to be a “morale provisoire”: it is relative to ‘the actual state of the relation between culture, society and technology, relative to the moral convictions of society and to the knowledge about consequences and impact of technology.’ [Grunwald, 2000, 191]. The normative framework is therefore dynamic. According to Grunwald, a normative framework consists of all obligations given by political regulation and all obligations resulting from other societal regulation like technical codes and standards, and codes of ethics [Grunwald, 2000]. The normative framework that Grunwald has formulated comprises therefore the same elements as the regulative framework. In my analyses of the different design processes the question whether regulative frameworks exist and fulfil the above requirements plays an important role.

2.3.3 Moral responsibility and the trust relationship between engineers and society Engineers have specific knowledge and experience and play an important part in the design of products. Engineers are given power to decide in design processes. This power is limited by the regulative framework. In this thesis, I will assume that a trust relation exists between society and engineers designing products. Engineers are given “a licence to operate” based on this trust relationship. Being trusted by society brings with it responsibilities for the engineers. Engineers have responsibilities towards their customers and to society as a whole. The

37

Ethical issues in engineering design codes of ethics formulated by engineering societies all state that engineers should display integrity and honesty in their work, if they are to be trusted by customers and society. The Institution of Engineers, Australia states the following in the second of their tenets in their code of ethics [www.ieaust.au]. ‘Members shall act with honour, integrity and dignity in order to merit the trust of the community and the profession; [www.ieaust.au, 2]’

It is this trust relation and its ethical relevance that I will further analyse here. Much more can be said about trust than I can do in this section and the last chapter. I will use a specific notion of trust based on ideas from Annette Baier and Bart Nooteboom as a basis for claims about the moral responsibility of engineers.9 In her paper ‘Trust and Antitrust’, Annette Baier uses the examples of plumbers and surgeons to illustrate that we trust them to do what is necessary to fix what is wrong. We trust them and we do not prescribe what they should do exactly to fix, for example a leak [Baier, 1986, p. 250]. Baier claims that it is not possible to prescribe precisely what plumbers and surgeons must do because we do not have that knowledge. If we would be able to prescribe precisely step by step what the plumber has to do and what he should not do then we could probably repair the leak ourselves. My claim is that in a similar vein we trust engineers to design safe products without prescribing precisely what they should do and refrain from doing. Baier claims that trust is a special sort of reliance: in trust we rely on the goodwill of someone else. Trust can be seen as ‘a three- place predicate (A trusts B with valued thing C)’ [Baier, 1986, 236]. Discretionary power is given to the trusted person. This means that the trusted person is allowed some discretion but not allowed to do everything he or she thinks is a way to take care of the valued thing. There are limits as to what the entrusted person should be or is allowed to do. Baier uses the example of a babysitter: ‘a babysitter who decides that the nursery would be improved if painted purple and sets to work to transform it, will have acted, as a babysitter in an untrustworthy way, however good his good will.’ [Baier, 1996, 236]

In most everyday situations the limits of this discretionary power are not negotiated or expressed explicitly. People are expected to know the limits of the discretionary power they get if they are trusted. If I ask my neighbour to take care of my plants and mail while I am away on holiday, we both know that I do —————————————————————————————————— 9

Annette Baier has written an influential paper on trust within ethics. Bart Nooteboom has written a book on trust that includes insights from economics, rational decision making, behavioural sciences and ethics and focuses on trust in and between organizations.

38

Engineering ethics and design processes not expect or want her to read my mail, pay my bills or reply to my mail. I trust her to water my plants and place my mail on the table without reading or answering it. Therefore, trust gives power and responsibility but within limits. According to Baier trust can be morally decent or not. Having trust in someone who is cleverly concealing his or her untrustworthiness might be morally wrong according to Baier, especially if that untrustworthy person is using his or her discretionary power to gain more power over the person who trusts him or her. In cases of sects, leaders are often trusted and abuse this trust to gain power over their followers and harm them. This is of course quite a far fetched example but it shows that not all trust leads to the protection of what people value, and that trust can be morally wrong. Trust in engineers might be misplaced and even morally wrong if engineers are trying to harm people with their work. An interest has also been shown in trust between people and trust in institutions within economics and management theory [Nooteboom, 2002]. According to Nooteboom trust is a four-place predicate: ‘Someone (1) trusts someone (or something) (2) in some respect (3), depending on conditions such as context of action (4).’ [Nooteboom, 2002, 38].

For example, if I am ill then I trust my doctor to take care of me and cure me. If however, I have a terminal disease then the doctor has not behaved in an untrustworthy manner because he has not cured me. A doctor may behave in an untrustworthy manner in other respects but the fact that he cannot cure my terminal disease does not make him untrustworthy. Nooteboom’s notion of trust differs from the one Baier proposes in that the context of action is made explicit in his notion. You trust someone to do things to the degree to which he or she can influence the situation and has the power to change certain situations for the good. Another difference is that Nooteboom includes the possibility of trusting an organisation. ‘Of course an organization itself does not have an intention, but it has interests and can try to regulate the intentions of its workers to serve those interests.’ [Nooteboom, 2002, 75].

Nooteboom insists that trust should be subjected to development and learning. In Nooteboom’s terms blind trust, as in unconditional trust that is not withdrawn even if there is evidence that the trustee is behaving untrustworthy, is unwise. Trustworthiness is not assessed continuously; there are tolerance limits for trustworthiness. Within these limits trust can be the default. If trustees trespass these limits then trust should be reconsidered. This differs from Baier’s notion that trust can be morally indecent for example if directed at a morally bad

39

Ethical issues in engineering design end. Unwise is a qualification that can be interpreted as instrumental; something is unwise given certain goals. Morally indecent is an ethical qualification. In the following I will use a combination of Baier’s and Nooteboom’s notions and apply it to engineering design practice. The implicit limitations to the power given to a trustee and moral (in)decency of trust that Baier emphasizes seem to be important where analysing trust in engineers designing products and technology. Nooteboom’s inclusion of the context of action and the possibility to trust organisations are also relevant, when both notions are combined you get the following: engineers, when making a design, have some discretionary or limited power and they have a responsibility to take care of things people value. Engineers make designs in a context of action and within certain constraints; they are part of a design team and part of an organization. Moreover, the products they design are subjected to the laws of physics. Expecting an engineer to design a perpetuum mobile and reconsidering trust in that engineer if he or she does not do this, does not take into account the context of action by which the engineer is bound. The power engineers have been given is sometimes explicitly limited because certain things are not allowed by law. Some decisions can be deemed too important and far-reaching to be decided by engineers. The development of very new or controversial technologies like genetically modified food or animals is questioned by different actors in society. In these instances, a government has to define some explicit limits, for example whether human embryonic cells may be cloned to be used in developing biotechnology or not. So some limits to the development of technology are explicitly stated in legislation. A tentative analysis of the influence of design type, hierarchy and in particular the availability of a regulative framework on the trust relationship between engineers and society will be given in chapter 9. A regulative framework can be seen as a way to provide engineers with explicit limits within which they are trusted to do their work. Regulative frameworks can be part of the limits in which trust in engineers is the default. Besides making limits explicit, a regulative framework can also be used to help to build and maintain trust, in particular in what is called institutions-based trust. Trust can be characteristics-based, institutions-based and process-based ([Nooteboom, 2002, 86] and [Zucker, 1986]). Characteristics-based trust derives from membership of a community. You can for example trust someone because you have worked previously with his sister and she behaved in a trustworthy manner. Institutions-based trust derives from rules, codes of ethics but also from the professional standards used in that institution. For example, trust in a company that is going to produce something for you can be based on the fact

40

Engineering ethics and design processes that the company is ISO 9001 certified. Process-based trust derives from the developing relationship between people.10 A regulative framework can produce institutions-based trust. The public will tend to trust engineers to make good designs because the engineers adhere to the rules and standards of the regulative frameworks and act in a trustworthy manner. The trustworthiness of engineers should not just refer to not acting on bad intentions towards the person(s) trusting you. Trustworthiness also includes being competent (cf [Jones, 1996, 7]). Engineers designing products have to have the competence to make good designs if they are to be trusted as engineers. Trustworthy engineers know what their competence is and when to ask someone else for help or advice to produce a safe design. Trust in engineers that mean well but do not have a clue as to what they are doing is misplaced. The public expects engineers to design products that will, in normal circumstances and use, not lead to disasters. If disasters do happen then trust may have to be reconsidered. Perhaps the design engineers behaved in an untrustworthy manner or maybe some unanticipated and unforeseeable circumstances materialized. A regulative framework has to incorporate these circumstances if the public is to trust engineers making designs using the same regulative framework again. It can be said that the boundaries within which trust in engineers is the default are drawn anew in cases in which regulative frameworks are changed following undesirable effects. Trust in engineers might be misplaced if the regulative framework is not adequate. I assume that an adequate regulative framework provides a basis for warranted trust. Grunwald’s requirements may be construed as requirements for an adequate regulative framework. If trustworthy and experienced engineers are given regulations that they should follow and do indeed follow, these regulations should lead to the protection of what people value. This might be achieved by requiring that the framework is accepted. The requirements that a regulative framework should be complete, unambiguous and consistent can be regarded as requirements that make sure that the rules of a regulative framework can be used in design processes. Based on the above I formulate the hypothesis that trust in engineers making designs is warranted if engineers (1) have good intentions (2) are competent and work according to a regulative framework and (3) the regulative framework is adequate, e.g. it complies with Grunwald’s requirements. I will analyse this hypothesis in more detail in chapter 9.

—————————————————————————————————— 10

An example of process-based trust is that if loyalty has been shown then trust will be strengthened.

41

Ethical issues in engineering design 2.4 Summary The idea that design processes are processes in which an organised group of people tries to solve more or less ill-structured technical design problems underpinned the data-collection in the case-studies. Information about the organization of the design team, the design problem, social processes within the design team and the phase of the design process that was studied, was obtained during the case-studies It can be expected that different kinds of ethical questions will come up during different kinds of design processes. Vincenti’s ideas about design type and design hierarchy are used to characterize design processes. According to Vincenti, the design type has two extremes, radical design and normal design. The design hierarchy refers to whether a complete product or part of a product is designed. What Vincenti calls normal design may be the same as what Grunwald calls business-as-usual technology development. The availability of a pragmatically complete, locally consistent, unambiguous, accepted and observed normative framework in business-as-usual technology development would, according to Grunwald, mean that there is no need for ethical reflection by engineers. Engineers should just follow the normative framework. Finally, engineers are trusted by the public to design products and technologies. If a normative framework exists then this may pose the limits within which trust in engineers making normal designs is the default and not misplaced. Regulative frameworks can help to maintain and develop institutionsbased trust. Trust in engineers designing products would then be warranted if engineers (1) have good intentions (2) are competent and work according to the regulative framework and (3) the regulative framework is adequate, e.g. it complies with Grunwald’s requirements.

42

3 Introduction to the case-studies 3.1 Working hypotheses Vincenti’s design hierarchy and design type were introduced as dimensions that can be used to characterise design processes in section 2.3. According to Vincenti there are more external constraints in normal, as opposed to radical design, and in low, as opposed to high level, design. As said in section 2.3.1, the solution space is limited in normal design processes because normal configuration and operational principle are used. Moreover, the requirements pertaining to the normal configuration and working principle have probably already been operationalised. In radical design the solution space is less limited, and there are fewer given requirements that are operationalised to test possible solutions. This may mean that engineers have to face other kinds of ethical issues in radical, as opposed to normal, design and in low, as opposed to high level, design. Based on this idea the working hypotheses 1a and 1b were formulated as follows: 1a) The kinds of ethical issues faced by engineers depend on design type and design hierarchy. 1b) The ways in which engineers deal with these ethical issues depend on design type and design hierarchy. I introduced the idea of a regulative framework and Grunwald’s idea of a normative framework in section 2.3.1 and 2.3.2. If a normative framework, that meets certain requirements, exists then all ethical problems are and should be solved by using the normative framework, according to Grunwald. Assuming that Grunwald’s business-as-usual technology development and normal design refer to similar engineering practices, the following questions arise. Do engineers make use of regulative frameworks to solve ethical problems? Do the regulative frameworks pertaining to a normal design meet the requirements Grunwald has introduced for normative frameworks? If the regulative framework meets these requirements then it can be considered a normative framework and this would, according to Grunwald, free engineers from ethical reflection. Engineers should, in normal design processes, use the normative framework to make decisions on ethical issues. Based on this the following working hypotheses can be formulated:

43

Ethical issues in engineering design 2a) In normal design processes a regulative framework is used by engineers to account for the decisions made on ethical issues. 2b) This regulative framework fulfils all Grunwald’s requirements and is therefore a normative framework.

3.2 Selection of the case-studies The cases were selected using Vincenti’s characterisation of design processes in terms of design type and design hierarchy. As I have indicated in section 2.3.1, the design hierarchy can be characterized by several levels, i.e. aspects of components, components, devices, functional artefacts, systems. In this research, I will exclude the level of sociotechnical systems as the design of these systems introduces additional questions. A sociotechnical system consists of different artefacts, organizations, institutions and individuals working together. In such cases it is not just the hardware that needs to be designed it is also the organizations and the institutions involved and the relationships between them. Take for instance a high-speed train system. In order to make high-speed train transportation possible, it is not sufficient to have a railway track and a train; things like time schedules, stations where trains stop, traffic control, ways to sell tickets, connections to existing infrastructure, driver education for the specific technical requirements of a high-speed train, insurance etc all need to be developed.1 The cases were selected to represent cases varying in design hierarchy and design type. It was difficult to find design processes illustrating the extremes of design type. Design processes with the goal of designing a completely new product or even product type seem to be rare. The radical design processes that were selected were radical although some parts of the normal configuration and working principle were used. Extremely normal design can amount to choosing an off-the-shelf solution without requiring any further activities that are usually understood as being part of the design process, i.e. formulation and operationalisation of requirements, generation of concepts, assessments of concepts and detailing. This kind of design processes is not very interesting for this research because only one decision is made, namely what solution to choose. Some design processes especially of large objects, take several years or are divided into several phases with waiting periods in between phases during which the customers have to decide whether to go on with the design process. In this research, the design processes used for the case-studies were observed over —————————————————————————————————— 1

For more information on large (sociotechnical) systems see for example [Hughes, 1987], [Hughes, 1983], [Ottens et al., 2004] and [Kroes et al., 2004].

44

Introduction to the case-studies several months but, due to time considerations it was not possible to observe a complete design process from problem definition to production and use. The following four cases were selected: One, a design of a lightweight sustainable car at Delft University of Technology for the DutchEVO project. The conceptual design to produce a car of 400 kg mass that can carry four persons and their luggage is radical high-level design. Normal car design leads to an average mass for the car of 1200 kg. The mass requirement in the DutchEVO project made reconsidering the normal configuration and the working principle of a car necessary. Two, a design for piping and equipment for the petro(chemical) industry. In this case-study the design process for pipes and pressure vessels was studied. The working principle and normal configuration of pressure vessels and pipelines were used in this case. This was normal design and because it consisted of component design, it was low level design. Three, a design for a bridge over the Amsterdam-Rijnkanaal. In this casestudy the preliminary design phase for a bridge over a canal was studied at the engineering company owned by the city of Amsterdam. The bridge was designed to have the normal configuration and working principle of arched bridges. It was high level design because the design process concerned the whole bridge. Four, a lightweight open trailer design for loads such as sand. In this casestudy the preliminary design and feasibility study design phase for a light trailer was studied within an engineering company. The trailer had to be able to be used in combination with a truck, thus it was part of a combination and therefore a middle or low level design. The trailer should have no roof, be made in composites and able to include a new unloading system. The normal configuration for an open trailer was not used because of the new unloading system and the use of composites; giving a radical design. The selected case-studies are listed with regard to their design type and hierarchy in table 3.1. Table 3.1: the selected case-studies radical High-level design

DutchEVO, light weight

normal Bridge

sustainable car Low-level design

A light open trailer for bulk

Piping and equipment

loads

design for (petro) chemical industry

45

Ethical issues in engineering design All the case-studies were performed in the Netherlands. There seem to be large differences in the importance of hierarchy and the way people interact and communicate with each other between countries. Although the different business cultures of different countries have been studied and have been given scores on scales for several dimensions, making well-informed hypotheses about the influence of different cultures on the way engineers deal with ethical issues is very difficult (cf. for differences in (company) cultures [Luegenbiehl, 2004], [Hampden-Turner & Trompenaars,1993], [Hofstede, 1991] and [Van der Vaart, 2003]). Large differences in company cultures were observed even between North-European countries (see [Trompenaars & Hampden-Turner 1999] and [Hofstede, 1991]). Besides the difficulty of making hypotheses on the influence of different cultures on the way engineers deal with ethical issues, it is necessary to limit the number of variable parameters as the number of necessary case-studies increases with the number of variable parameters at play in the case-studies [Yin, 1989]. I therefore chose to perform all my case-studies in the Netherlands.

3.3 Acquisition of empirical data The DutchEVO design team was followed for over a year (from June 2000 to July 2001). Extensive observations were made during meetings (see appendix 1). This case-study was used as a pilot study to develop ideas for the research presented here. The case-study piping and equipment consisted of interviews with engineers working at an engineering company, an interview with an engineer who had worked in the petrochemical industry, an interview with an inspector from Lloyd’s register Stoomwezen, an interview with an advising engineer, coupled with reading of background information regarding codes and legislation etc. The interviews were held between February and May 2002 (see appendix 1). It was not possible to observe a design team at work because the customers of the engineering company would not allow someone form outside to observe a design process for a (petro)chemical installation. The bridge case-study lasted from January 2004 to April 2004, the design meetings were observed and the engineers and the architect involved were interviewed (see appendix 1). The trailer design process was also observed; the observation period lasted roughly from March 2003 to August 2003. The engineering company designed the trailer for a customer, and design meetings and meetings with the customer were observed. The engineers in the design team and the customer were also interviewed.

46

Introduction to the case-studies Empirical data on the following features of the cases were obtained using the working hypotheses and taking into account the features of design processes discussed in section 2.2. • design problem • design type • design hierarchy • the regulative framework: legislation, regulation, technical codes and standards, interpretations of these codes and regulation given by professional organisations or certifying organisations • phase of the design process • organization of design team (formal and informal) • social processes within design team In this research, no distinction is made between managers, engineers or technicians; whoever is part of the design team is regarded as a designer or engineer whatever their educational background might be. I looked at the formal and informal organisation of the design team. Persons that were regularly present at design meetings were regarded as being part of the informal design team. The format of the formal design team can be reconstructed using formal reports and information on the organisation. All the chapters on the case-studies (chapters 4-7) are structured similarly.2 First a description of the design problem, the type of design and the design hierarchy is given. This section is followed by a section about the organisation of the design process and the context. The context of the design process includes a description of the relevant codes, standards and regulations that may constitute the regulative framework. The way the engineers dealt with safety and sustainability during the design process is described in some detail. The empirical findings are summarised and discussed in the last section in which any regulative frameworks used during the design process are discussed in terms of a confrontation with Grunwald’s requirements.

—————————————————————————————————— 2

If wished the reader need only read the final section of the case-study chapters, followed by chapters 8 and 9.

47

4 DutchEVO, safe or sustainable? Ryan: ‘We are not going to use airbags.’ Several members: ‘No, get rid of them.’ Dave: ‘But airbags are going to be required, you can’t leave them out.’ Ryan: ‘Then we will say that we think they are useless.’ Thomas: ‘We just want to bring it up for discussion.’ Pete: ‘Can I ask how heavy such an airbag is?’ Dave: ‘I don’t want to discuss that now. We have to look at how it works and if they have an effect. If it doesn’t work then we are going to bring it up for discussion.’ Ryan: ‘Besides with airbags and ABS you need pumps and computer systems, this will rapidly increase the total mass of the car.’ The above example reproduces argumentation against including airbags in a lightweight car, lightweight because the car is intended to be sustainable. Although one of the engineers does not want to talk about the mass, it is still an important issue because including all kinds of passive and active safety systems makes cars heavy. The example shows the types of trade-offs between safety and sustainability that were discussed and made in the DutchEVO project. A description of the design process of a light-weight sustainable car will be given in the following sections. I have already indicated in chapter 2 and 3 what information is necessary to answer the question how engineers deal with ethical issues in design processes. In this chapter and the following chapters on other cases this information will be presented. The goal of the design process, the type of design process and the context are described in section 4.1. The design team and how it is organised is described in section 4.2, this section includes a description of the way decisions were taken in this project. I focus on the ethical issues surrounding the design of a car with respect to safety and sustainability in the sections 4.3 to 4.5. In the Netherlands alone about 1000 persons a year die in traffic accidents [statline, 2003]. About half of them are passengers or drivers of cars. It is not only people in cars that get killed. Cars constitute a danger for pedestrians, cyclists and children playing in the street. Sustainability of cars is ethically relevant because, given the total number of cars in use and the amount of kilometres driven by car users. Reducing the energy used per kilometre can have a large effect on global CO2 emissions and the use of non-renewable energy sources. In this design process it is difficult to combine safety and sustainability.

49

Ethical issues in engineering design Most measures that will make the car safer will make it also less sustainable. The results from the case are summarised in section 4.6.

4.1 A light family car The Delftse Interfacultaire Onderzoeks Centra (DIOC’s Delft Interfacultary Research Centres) were founded in 1996, with the mission statement to carry out: ‘applied multi-disciplinary research aimed at solving urgent societal problems.’ [www.smartproductsystems.tudelft.nl].

Taking ten multi-disciplinary technology themes a number of studies were carried out. The theme of DIOC 16 was ‘Model based optimisation of complex industrial processes’. DIOC 16 was initiated in February 1998 under the name ‘Smart Product Systems’. The subject of this research was life cycle efficiency: the production of goods with minimal waste and maximum recycling of raw materials, and reuse of components in electronic and other industries. The DutchEVO project was started as part of DIOC 16 in November 1998. The participating groups were Applied Earth Sciences, Industrial Design Engineering, Electrical Engineering, Aerospace Engineering, the Delft Institute of Microelectronics and Submicron Technology and Mechanical Engineering. The goal of the DutchEVO project was to develop a knowledge base that could be used to make sustainable product development possible. Using the idea of producing a lightweight sustainable car as the basis for developing such technology, this car was called DutchEVO [www.smartproductsystems.tudelft.nl]. Other goals identified within the project were the promotion of Delft University of Technology (DUT) by demonstrating that DUT could design a car that is both technically sustainable and “emotioneel duurzaam”(emotionally sustainable, see section 4.4), and the need to start a debate within society and the car industry regarding sustainable cars. The project participants wanted to show car industry that it is possible to design a sustainable, very light (< 400 kg), car with affordable mass production costs. For some of the team members the development of a physical prototype car seemed to be the goal while for others the project was seen as a way to deliver scientific papers and providing a physical prototype was incidental to that. The context of this case was very specific, the design process was a university project. One of the goals was the publication of scientific papers; another goal was the promotion of DUT with a third being the need to generate ideas for a more sustainable technology. The DutchEVO design team and the university did not have the goal to develop a car, produce it and sell it. The engineers, therefore,

50

DutchEVO, safe or sustainable? had a certain freedom to change requirements as the project proceeded. If the car was designed to be used on European roads in the near future the constraints on the design would become more stringent. Such constraints include pricing, existing legislation, image, marketing and brand portfolio arguments, all of which play a large part in commercial car design. In the DutchEVO case, these arguments did not have a role. I started following the DutchEVO project in May 2000, one year after the start up. I therefore had to rely on existing documents and interviews to obtain information about the start of the project.

Design requirements In what follows, the design requirements, as formulated in the design document ‘DutchEVO the development of an ultralight sustainable conceptcar’, are quoted [Knoppert and Porcelijn, 1999]. This design document was written after the design work had started. The initial aims of the project were: -‘To design a sustainable compact family car for use in and around Western European cities after the year 2009, -to show that it is possible to create a sustainable and affordable car for mass production, - to design a means of transportation unrestricted by existing design, image, structure and production philosophies, - to create an integrated design and giving priority to weight, safety, cost, volume and comfort in this order. {Knoppert en Porcelijn, 1999]’

A list of design requirements for the DutchEVO is given in table 4.1 below. Table 4.1: requirements of the DutchEVO [Knoppert and Porcelijn, 1999] Occupants

4 plus luggage

Product lifespan

200.000 km or 15 years

Engine

Front 20 kW Otto 4-stroke turbo engine 1

Front suspension

MacPherson

Rear suspension

trailing arm suspension

Doors

3

Legislation and standards

European

Mass

400 kg

Full payload

352 kg

—————————————————————————————————— 1

Later on in the design process it was decided that this engine should be combined with a light hybrid system that recovers braking energy.

51

Ethical issues in engineering design Units a year

100 000

Consumer price

12 000 euro

Maximum speed with full payload

130 km/h

Maximum acceleration (0-100 km/h)

25 sec

Fuel consumption

2,5 l/ 100 km

Range

400 (+100) km

Interior height

1150 mm

Exterior length

3300 mm

Exterior width

1550 mm

Exterior height

1570 mm

Ground clearance

400 mm

Wheel-base

2500 mm

Wheel-span

1415 mm

Wheels

R15/80/135

Wheels arches

R325

Turning radius

10 000 mm

Aerodynamic drag coefficient

0,25 Cd

Frontal Area

1,8 m2

CdA

0,45 m2

Based on the design requirements given in table 4.1 the design process can be classified as high level and radical. The reasons for this classification are discussed below. At this moment European family cars usually weigh about 1200 kg, even the two seats Smart has an empty mass of 720 kg. The design requirement to produce a sustainable car with an empty mass of less than 400 kg is what makes the design radical. This is radical in a functional way. Structurally, it was not certain whether the normal configuration could be used or not, whether some parts of the normal configuration could be used was something that had to be decided on during the design process. A concept or prototype of a complete product is, automatically, a high level design process. At the lower levels, especially on component level, some parts can be (adapted) existing parts; other parts will need to be specially designed. For example, during the design process the decision was taken to use an existing engine (car or motorbike engine) because developing a new engine would be too time and money consuming. This engine could, according to the DutchEVO design team, then be combined with a light hybrid system to recover braking energy. A sketch of the DutchEVO, made during the design process, is shown in figure 4.1.

52

DutchEVO, safe or sustainable?

Figure 4.1: Sketch of DutchEVO [picture courtesy of the DutchEVO design team]

4.2 The design team The design team in this case-study was a large and volatile group. Students participated for a year or less, coming and going throughout the project and causing the group to change continuously. In total 17 people had actively participated during the time I observed the design team. Most of the people involved in the design when I observed the group are listed in appendix 2, which include an overview of their educational background and for how long and when they participated in the DutchEVO project. A lot of different university groups participated in the design process. Officially there were three subgroups within the project dealing with: 1, the prototype study of the DutchEVO, 2, exploring applications of modern materials for automobile applications, and 3, the impact and safety of an advanced lightweight car structure [www.smartproductsystems.tudelft.nl]. The first subgroup was concerned with what the team called the philosophy and the packaging, the second with the development of biodegradable plastics. The third group included understructure and safety. This division was based on the different departments officially participating within the project. A group from Aerospace Engineering was responsible for the safety and construction. The

53

Ethical issues in engineering design packaging and philosophy subgroup and the biodegradable plastics subgroup were located in the Industrial Design department. Any department officially participating was obliged to invest man-hours in the project. The official organisational structure can be found in documents and on the internet site, but the informal organisation as observed looked somewhat different [www.smartproductsystems.tudelft.nl]. The informal organisation is shown in figure 4.2. This diagram is based on observation. The indication is that the groups were stable in composition, but this was not the case. Students joined for their master’s or bachelor’s thesis and left after finishing. The groups were stable regarding subject. There were always some people working on the subject and they used the results of their predecessors to move forward with the project. In this picture I have differentiated between team members and advisors. Team members were actually involved in the design process and they attended design meetings. These design meetings dealt with the design and were held every two weeks from July 2000 to November 2001. After this period design meetings were held whenever Thomas, the project leader, thought that it was necessary. Team members regularly came to the project room to talk to some of the other team members. Project meetings were attended by team members, advisors and DUT staff. In these meetings, design activities were planned, finances were discussed and there was usually a presentation on a part of the design. Project meetings were organised about 10 times a year. Thomas, Dave and Pete are central to the project. Dave and Pete defined most of the project and worked on it from the start. Thomas joined later (May 2000) to act as the project leader and coordinate the design process. Thomas, Dave and Pete supervised most of the students. Dave supervised the students working on Safety & Construction. Pete did a lot of work for Packaging & Philosophy. In this Packaging & Philosophy group some engineers worked for a few months on the project (Scot and some students working on a project on ergonomics). Driveline & suspension was mostly done by students from the HTS Autotechniek, a bachelor’s degree in automotive engineering. These students always worked in couples, and only for three months for the DutchEVO project. Hence the subgroup driveline and suspension changed very quickly and continuously throughout the project.

54

DutchEVO, safe or sustainable?

Figure 4.2: DutchEVO design team as observed. Thomas, Pete and Dave are at the centre because they coordinated and used information from people in the other groups. There was also some direct contact between members of different groups but most of the time this contact was organised via Thomas, Pete or Dave. Most PhD students were advisors. Katinka, Alexander, Susan and Ann did not really participate in the design.2 They regarded DuchtEVO as a case-study for their scientific research. They gave input in project meetings, for example on recyclability. Katinka and Alexander should really have participated in the design process according to the official organisation but in reality they acted as advisors and not as team members. When interviewed, the responsibilities that team members indicated they felt responsible for, coincided with their task description. Those in advising roles felt responsible for giving good advice. Students felt they had clear descriptions of their tasks, they were confident that they knew what they had to do and what they could expect other team members to do. Students were usually given the task to design a part of the car, for example the suspension or the understructure. These task descriptions were made by the supervisors in co—————————————————————————————————— 2

Dave was a PhD student when the project started. He became a lecturer during the project. Ed was a PhD student that participated in the design project.

55

Ethical issues in engineering design operation with the students at the start of their master’s or bachelor’s thesis project. The task descriptions consisted of information about the goals the student was expected to achieve, a time schedule and the names of the supervisors. The partitioning of the design process into a lot of small projects assigned to different persons seemed to diffuse the responsibility that people felt for the project and its completion. Students only felt responsible for the part they were designing. Dave, Ed, Pete and Thomas in contrast to advisors and students, had vague task descriptions, as a result it was not obvious to the other team members what their task was: they seemed to feel responsible for the whole project. Thomas, Pete and Charlie stated in interviews that they felt responsible for communication between all the team members. It was very important that the different team members communicated with each other. Decisions made concerning one part of the car influenced how other parts of the car should be designed and because of the rapid changes in the composition of the team, it was difficult to keep track of who was involved in designing what part. In the time that Charlie was doing his master’s thesis project the team communicated more often. Team members knew what the others were doing; there were discussions on a lot of subjects. This was not completely due to Charlie but he played a large part in facilitating this communication. Around the time that Charlie finished his master’s thesis some staff members decided that all the meetings were costing too much time and the team meetings ceased to be organised regularly. Without regular meetings only Thomas and Dave had an overview of what was going on in the project.

4.2.1 ‘If you have thought it through then it is ok’ There was no formal decision-making structure. Team members could decide informally on details themselves. These details were presented to the other team members in presentations and design team members could comment on them. Larger issues were discussed with the team. William: ‘As far as I know, I calculate or design something and discuss that with Dave and Ed. If they do not have problems with it then it is decided.’ Charlie: ‘We decided on some rough ideas together. I have made choices in consultation with the other team members.’ To be part of the decision making process it was necessary to be informed about which decisions were going to be made based on what information. How well team members were informed, and informed their colleagues, about what

56

DutchEVO, safe or sustainable? they were doing seemed to depend on commitment. It took effort to obtain the information relevant for a specific design task and this had to be done continuously as the design team and the design itself changed continuously. Some team members quit without finishing a report on what they had done. This made it nearly impossible for other team members to use their results. If members were not committed to the team, and did not share the same goal, there was a risk that they did not know what the rest was doing and only showed up at some project meetings, thus failing to gain insight into who was doing what, when, and which decisions had been made or would be made within a few weeks. To participate in the decision making, members of the team needed to invest time in communicating with other team members. Katinka and Alexander were officially team members but they only attended some project meetings and did not often communicate with project members apart from during these project meetings. As a result of this limited communication Katinka and Alexander did not really participate in the overall design project. They were not aware of how decisions were made and when they were made. Katinka and Alexander’s main goals were writing scientific papers about biodegradable plastics and designing for recyclability, the DutchEVO was just a case-study for them. Decision making was not ordered hierarchically. There were relations between different team members that could be regarded as hierarchical because some team members acted as supervisors for other team members. Although there was a hierarchical relation between the students and their supervisors this was not really observable. It seemed that every one had an equal voice in the decision-making process. The project leader, Thomas, was responsible for guiding the decision making process of the team members and he felt responsible for checking that team members included all relevant aspects in their decisions. The role of the project leader in the decision making process was clearly observable. He asked questions about the process and the arguments, especially with regards to the DutchEVO ideas on sustainability. He sometimes closed a discussion by saying ‘if you have thought about it and think this is possible then we will do it this way’. Although Thomas did not decide in technological choices, he had a central position as the project leader. He had an overview of the project and knew what team members were working on. Thomas knew that certain decisions had been made while other team members did not always know what their colleagues were doing. Thomas also knew the financial status of the project, he knew whether certain ideas were possible, given the budget they had been allotted. This gave the project leader a special position as he had access to critical information.

57

Ethical issues in engineering design

Above I have described the decision making process; I will now focus on the argumentation used during the DutchEVO design process. During the design process the initial requirements, decided on at the beginning of the process, seemed to gain authority over time. It seemed requirements like lightweight and fun-tot-drive were taken to be self-evident. According to the team, fun-to-drive meant that a ride in the car should feel bumpy and exciting without leading to bodily discomfort. Pete: ‘I want a good contact with the car but without bruised buts or headaches. A Spartan ride but no broken kidneys.’ If an option was considered to be fun-to-drive or just fun then that was an argument to use that option in the design. It was not enough that an option was fun, as can be seen in the following quote about the sunroof but it was regarded as a strong argument for an option. Dave: ‘Why should the car have a sun roof?’ Pete: ‘It is fun, the sun can come in.’ Michael: ‘To be able to transport a ..’ Thomas: ‘Fun is not enough.’ Another example of the importance given to designing a car that is fun-to-drive is that the type of suspension chosen for the car was based on that used in the old Mini Cooper, again because this was considered to be a fun-to-drive car. Even in the choice of materials, fun was regarded a strong argument for using a material. Dave: ‘You can do much nicer things with composites; with glass fibre you can do fun things.’ New team members accepted criteria like fun-to-drive and lightweight without a lot of questions or critique. If new team members criticised these ideas they were easily convinced by old team members to accept these ideas. As an example of the authority that requirements gained over time, take the following. By the time that I started following the project, about a year after the official start, it was no longer possible to question the criteria lightweight and emotional sustainability as measures of sustainability (for an explanation of emotional sustainability see section 4.4). Even though there are contradictions between sustainability as it is usually understood and what is meant by emotional sustainability. Some project meetings were attended by people from outside the project team. The question whether an electrical or hydrogen car would be more sustainable was raised on some occasions. The answer was usually that

58

DutchEVO, safe or sustainable? hydrogen cars were not feasible and electrical cars were too heavy and used too many resources and too much energy considering the introduction date. A lightweight car was feasible and more sustainable according to the design team. Most people, some team members as well as people from outside, found the term “emotional sustainability” vague and did not know what it meant and this kept them from starting a discussion.3 The personal experiences of engineers played a large part in arguments used and decisions made during the design process. The ideas on car safety were based on the experiences of the engineers (see section 4.3). George and Jill designed the suspension concept, they both had experience with old Mini Coopers and they thought that the suspension of these cars made them fun-todrive, simple, light and elegant. George and Jill performed a multi-criteria analysis because they feared that they might be prejudiced in choosing to base the suspension on that used in the Mini Cooper. The result being that the suspension based on that of the Mini Cooper was still the suspension of choice for a fun drive and a lightweight car. Another example of personal experience providing arguments for design choices is the following. Thomas was the only one of the design team who had children. The DutchEVO was designed for 2 adults with 2 kids in the backseats. Thomas regularly emphasised the fact that there should be allowance made for children on the backseat. For example in a discussion on the use of fabric for the doors: Thomas: ‘Will there be a draught, there might be small children on the backseat.’ Thomas also indicated a few times that the car should not feel too vulnerable because he as a parent, would not want to put his children in a car that did not feel safe. A fabric door that would move in response to wind would be unacceptable to him as a parent. None of the other team members ever mentioned that kids would be seated on the backseats.

4.3 What does it mean for a car to be safe? As indicated in the introduction I regard safety as an ethically relevant issue. In this case-study safety is a very important issue. Within the car industry car safety is usually defined as complying with the relevant legislation and performing well in certain crash tests. Today a safe car is a car that protects the occupants from critical injuries and death if it is crashed into a wall at 64 km/h (see figure 4.3). —————————————————————————————————— 3

In interviews some students said that they did not understand what was meant by emotional sustainability,( see section 4.4).

59

Ethical issues in engineering design This is accomplished by designing safety cages and using airbags. The “safest” cars at this moment as tested by EuroNCAP, a cooperative of different European consumer and governmental organisations, incorporate the following safety devices: twin front airbags (dualchamber), thoracic side airbags, head protection airbags (curtain), load limiters for all belts, double pre-tensioner for driver belt, buckle pre-tensioner for front passenger belt, retractor pre-tensioners for rear outer belts, three-point centre belt, and ABS.4 As I observed during the DutchEVO project, safety can refer to five different aspects of the design and situations.

Figure 4.3: Picture from EuroNCAP of a frontal impact test [picture taken from the crash test pictures for downloading at the media centre of the EuroNCAP website]

4.3.1 Active safety The DutchEVO design team used the definition that active safety is preventing accidents from happening. Nowadays this prevention is done by including all kinds of active safety systems like an anti-lock braking system (ABS), nightvision etc. The team thought that these systems are not really effective when it comes to preventing accidents. According to the design team, drivers may overestimate their ability and will try to keep the perceived risk constant. In the team’s ideas, including active safety measures would therefore lead to more speeding and not to fewer accidents. Moreover systems like ABS are heavy because they need —————————————————————————————————— 4

Information from www.euroncap.com accessed 22 May 2002 [www.eurncap.com, 2002]. The “safest” car and the systems in it will off course change when new models have been tested. The trend however is that more systems and airbags are included to perform even better in the tests. The list of airbags and systems will therefore only become longer.

60

DutchEVO, safe or sustainable? pumps etc. Therefore, it would be difficult to include ABS and still have a prototype of less than 400 kg. Another way, to prevent accidents, and the way preferred by the design team, is to change the behaviour of drivers. The responsibility for safe driving stays with the driver. The team wanted the driver to feel a bit vulnerable. In their discussions they talked about not including safety devices and about making the driver responsible.5 They did not have a lot of argumentation or proof to underpin their opinion that not including safety systems makes a driver drive more carefully. Dave was developing the safety ideas for the DutchEVO. He had done some literature research but the idea of making a driver drive more safely because she feels vulnerable seemed to be based mainly on personal experience and gut feeling. A master’s student did the main part of the literature survey, but came up with literature that only indirectly supported the statement that if a driver feels vulnerable he or she will drive more safely. The master’s student who did the literature survey was not part of the design team. She was not introduced to the team and there was no contact between her and the design team. Her literature survey was supposed to be done independently without knowledge of the ideas held within the DutchEVO design team. The literature survey could then be used as a check on the ideas prevalent within the DutchEVO project. Dave was, however, the master’s student’s supervisor and it is questionable whether the literature survey was done completely without knowledge of the teams ideas on safety for the DutchEVO. During the time that I observed the design team the ideas about car safety were not discussed within the team. The ideas about safety no longer seemed to be open to discussion. Students and other people joining the team accepted, without any notable criticism, the idea that making a driver feel vulnerable would be beneficial for traffic safety. All discussions about safety that were observed concerned practical issues like the inclusion or not of airbags.

4.3.2 Passive safety The design team used the definition that passive safety is minimising damage when accidents occur. Two sorts of reasons were given by members of the design team for reducing damage in the case of accidents. One reason given for trying to make the car passively safe has its roots in economics. The costs of damage and injuries due to accidents would be too high if passive safety was not considered in car design. The second reason given for achieving good passive safety is related to the engineers’ responsibility for designing a safe car. Some of —————————————————————————————————— 5

In this they seem to forget that there are other drivers. If a driver is driving responsibly, he / she can still be hit by another less prudent or drunk driver.

61

Ethical issues in engineering design the design team felt the engineer was responsible for designing a car that protected passengers and driver in the event of a crash. These different reasons can lead to differences of opinions when it comes to deciding whether to include passive safety systems in a car design. If the reason to include passive safety systems is an economic one, a cost-benefit analysis can be used to determine whether a system must be included. This requires, however that monetary value is placed on the lost lives of car crash victims and assigned for the types of injuries likely to be caused in a car crash. These monetary values are always arbitrary to some extent, the costs of hospitalisation can be estimated but the price for suffering is much more difficult to estimate. If you think that an engineer is responsible for designing a car that protects the people inside the car, the use of cost-benefit analysis can be problematic. There was one discussion during a project meeting in which an assistant professor specialising in reliability did not agree with the use of cost-benefit analyses regarding safety issues. It was not right to put money on a person’s life in his opinion. He thought it was not possible to decide about including passive safety systems based on a comparison of the costs of these safety systems and the costs of the human lives that would be saved. Associate professor: ‘But how many millions is it worth to save one person? You can’t express the life of one human being in terms of the costs of a change.’ Thomas : ‘In principle I agree but that’s how it works.’ Dave: ‘In aerospace we calculate it that way.’ With this the discussion ended and was never started again. The arguments put forward by Thomas and Dave seem to imply a naturalistic fallacy: it is usually done this way therefore it should be done this way. In other presentations where ‘the costs of unsustainabilities , i.e. deaths, injuries, lost labour hours, oil spills, of car accidents’ were presented no one objected to putting a monetary value on a human life and comparing this with the costs of removing oil from the road.6 The fact that the project team was designing a very light car decreases passive safety as the lighter car will always have the highest acceleration in a crash with a heavier car. This is a law of nature and cannot be prevented. It is however possible to change the design of cars in such a way that crashes cause less damage to the drivers and passengers in cars. One way to prevent injuries is to use airbags. Another way is called crash compatibility. A heavy car crashing into a smaller lighter car already has the advantage of the lower acceleration. —————————————————————————————————— 6

Note that in this presentation deaths are regarded as part of the “unsustainabilities” of traffic. This use of the term unsustainabilities including deaths and injured people was observed sometimes in presentations.

62

DutchEVO, safe or sustainable? Often the heavy car is also very stiff and will deform less than the small lighter car. The heavy car uses the deformation zone of the lighter smaller car. This damages the lighter car even more and increases the chances of injury and death in the lighter car. If the heavier car is an MPV (Multiple Purpose vehicle) or SUV (Sports Utility Vehicle) then most of the times it also has a large ground clearance. The stiff load bearing structure is higher above the ground than the load bearing structure of the smaller car. Therefore the heavy car will crash above the load bearing structure of the smaller car, for example it will crash into the door instead of into the floor in a side impact. This further diminishes the chance of the occupants of surviving the crash in the smaller, lighter car. A way to make such a light car safer in crashes is to change the design in such a way that heavy cars will crash into the load-bearing structure. This is called crash compatibility. In view of the foregoing it was decided that the floor of the DutchEVO will be higher, so that, in event of a crash, incoming cars will crash into the load-bearing floor. Including more and more passive safety systems (belts, airbags) would according to the design team, also enhance the feeling of safety and would therefore lead to an overestimation of the driver’s and car’s capabilities. Therefore the team wanted to evaluate critically all existing passive safety systems and did not want to include all of them. In the design team there was a difference of opinion about what to include and what not, especially regarding airbags. Inclusion of airbags adds mass. One of the discussions on airbags can be found in the introduction of this chapter. In this quote it can be seen that for some team members the lightweight criterion was more important. So in a trade-off between safety and lightweight, the mass of a system was decisive for them. Dave, in contrast, did not want to make a decision about the inclusion of passive safety system based on the mass of the system. He wanted to make that decision based on the efficacy of the system for preventing deaths and injuries.

4.3.3 Partner protection Protection of other people on the roads is often called partner protection. The protection of other road users has recently begun to gain more attention from governmental organisations and the car industry. Recently EuroNCAP started testing new car models in pedestrian impact situations. Most cars do not score well in these tests; they score 1 or 2 stars where 4 is the maximum number of stars that can be scored. There are at this moment only few car models that score 3 stars for the new pedestrian impact tests.7 Some roadsters and large off-road —————————————————————————————————— 7

Information from EuroNCAP accessed 15 Jan 2004 [www.euroncap.com, 2004]. The tests for pedestrian impact were changed 1 Jan 2002. The scores for the old test are according to EuroNCAP incomparable to scores for the new tests.

63

Ethical issues in engineering design cars perform especially poorly in pedestrian impact. New European regulation regarding partner protection and pedestrian impact will come into force in 2010. There seemed to be a consensus within the team that trying to prevent injuries and deaths among pedestrians and cyclists is primarily the responsibility of the driver. Although they considered the driver to be responsible for driving safely the design team thought that they had to keep in mind the more vulnerable road users as cyclists and pedestrians. Thomas had previous experience with the regulation that will come into force in 2010 as he has worked on a project for an engineering company to design a prototype car that complies with the proposed regulation. It was mentioned a few times that the influence of the high floor during impact with a pedestrian needed to be investigated using computer simulations. As far as I know, this had not been done. Thomas: ‘..but there can be constructive parts where there should not be, especially regarding pedestrian impact. You could simulate that.’ Pete: ‘Yeah simulate that.’ Dave: ‘… [At this moment] there is no reason to change the geometry, pedestrian impact still needs to be simulated.’

4.3.4 Car security Car theft, theft of things stored in the car or armed carjacking are daily events in most European countries. This aspect was overlooked by the design team for some time. After a presentation that Thomas gave to some people from Renault he received some questions on this issue. This might be a special problem because the design team proposed using fabrics in the non-load-bearing parts of the car doors. Breaking into the DutchEVO would then be easy.

4.3.5 Regulation During observation of design meetings, it became clear that the way this design team dealt with safety regulations was ambivalent. The quotes given below are loose fragments of discussions on regulations and the DutchEVO. Charlie: ‘In general you should follow that regulation. You need very strong arguments to not comply with the regulations.’ Dave: ‘If the regulations say this, I sometimes think the hell with those regulations.’

64

DutchEVO, safe or sustainable? Thomas: ‘You have to challenge regulations; regulations do tend to lag behind.’ Some regulations were used to guide the design process and were seen by the team members as something that smart people had worked on for a long time, so they should strive to comply with the regulations. For example the regulations on lighting and view angles should be met according to the design team. The design team also thought that for a concept car to be realistic most regulations should be taken into account. Dave: ‘regulations give guidelines for the design process…… They give guidelines and we want a realistic car so you take them [regulations] as a guideline, you could take something else but you want to be realistic and this is easy and well documented.’ However, some regulations were regarded as silly or not effective and the team felt that regulations should be challenged. This was the case with crash safety regulations. The team thought that the obligatory crash tests were inefficient. Most actual crashes do not resemble the prescribed crash tests. A lot of fatalities are due to speeding on roads and crashing at a speed of about 80 km/h or more into a tree or lamp post or other solid object. The standard crash test at 64 km/h into a wall is very different from a crash into a tree. According to the design team challenging crash safety regulations can only be done using very good argumentation.

4.4 Light throw away after use? The definition used by the design team for sustainability is that of the World Commission on Environment and Development, the Brundtland-commission [WCED, 1987]. This commission defined sustainable development as a development that meets the needs of the present generation without compromising the ability of future generations to meet their own needs. Two things are important in this definition. 1. The concept of ‘needs’, refers in particular to the essential needs of the world’s poor, to which overriding priority should be given. 2. The idea of limitations imposed by the state of technology and social organisation on the environment’s ability to meet present and future needs. The choice for a certain definition of sustainability is not ethically neutral because such a choice implies a choice to include some things as part of a

65

Ethical issues in engineering design community with moral rights. In using the Brundtland definition a choice was made for an anthropocentric view on the conservation of nature and resources. In an anthropocentric vision on nature, only humans have intrinsic value and moral rights. Nature only has instrumental value for humans. It can help humans to survive and flourish. In anthropocentric visions, the conservation of nature is aimed at securing that future human generations can live in comparable or better conditions than humans do today. Before I started following the project, discussions had taken place regarding whether personal transportation can be sustainable. The fact remains that considering the Brundtland definition it is difficult to justify designing a city car. In cities there are usually enough other forms of transportation available, such as bicycles or public transportation that use fewer resources than driving a car. The DutchEVO team decided that people should be enticed to behave more sustainable without denying them personal mobility. So a more sustainable car would lead to a more sustainable world and this can be done using today’s technology. The design team thought that trying to convince people to use other modes of transportation was not effective because the number of kilometres driven in cars is still growing in the Netherlands. Dave wrote most of the documents on sustainability used within the design team. He indicated that he only knew of the Brundtland definition of sustainability and was not aware that there are also non-anthropocentric views on sustainability. The definition was compatible with the ideas of the team members. In the interviews it became clear that all the team members embraced an anthropocentric view on the conservation of nature and included the needs of future generations. Thomas: ‘Well you assume the continuity of humanity.’ Dave: ‘.. base is just the definition from the Brundtland report, to take care that we can offer future generations the same chances that we have now.’ One important feature of the Brundtland definition is that a sustainable development should lead to better conditions in underdeveloped countries and regions. In designing a family car for Europe this was much more difficult to implement. This feature of the Brundtland definition was not recognised by all the team members, perhaps for this reason. Operationalisation of the definition was done in two ways. The team distinguished technological sustainability and emotional sustainability. For team

66

DutchEVO, safe or sustainable? members it was important to make the technological part of sustainability measurable. The team wanted to express technological sustainability in one measurable quantity, because this makes comparison between alternative options possible. Therefore they used the idea of an energy balance as a unit of measurement. To obtain an energy balance for a product all energy used during production, use and discarding of a product is added. Other balances like the ecological balance require that things like emissions and noise hindrance are also included. Weight factors need to be decided on and the diverse effects need to be added to get one measure for sustainability. Dave regarded such things as subjective and preferred not to have to decide on questions such as: What is worse, emissions or noise hindrance? Besides he claimed that emissions are related to energy use. So minimising energy use incorporates minimising emissions in his view. Therefore technological sustainability was expressed in terms of energy consumption. In the summer and fall of 2000 more emphasis was placed on the mass of the car. Mass of a car and energy consumption are strongly correlated because the mass of a car has a large influence on energy consumption in the use phase. It is however not the only factor that influences energy consumption during use. Aerodynamic shape, engine technology and rolling resistance also play a part in energy consumption. The design team sometimes neglected these other factors. Charlie: ‘Sustainability of the car is especially in the mass, the use of fuel.’ Later on in the design project the emphasis shifted somewhat, back from only mass of the car to energy consumption. Factors influencing energy use like aerodynamics and the possibility of recycling parts were also sometimes taken in account. Recycling had, however, a low priority: the team was primarily aiming for a light car. European laws have been prepared that will make car manufacturers build recyclable cars. In the future 95% of the materials used in cars will need to be recyclable [2000/53/EC].8 The DutchEVO team did not aim to comply with this percentage; they chose for a very light “throw-away after use car” rather than a heavy iron car that could be recycled. They hoped that their research would show that such a light but hard to recycle car is much better for the environment. Of course there was some attention for recycling as Ann and Susan —————————————————————————————————— 8

That is, 95% of the total mass of the car. A very heavy steel car will easily comply with this legislation. When the interior, electrical wiring, battery and dangerous chemicals are removed, the steel structure and bodywork can be melted and reused. To comply with this legislation when designing a very light car is much harder because the hard to recycle interior, electrical wiring, battery etc will make up much more than 5% of the mass of the car. The relative mass of the easy-to-recycle body panels and cage construction is much lower than in the heavy car [De Kanter and Van Gorp, 2002].

67

Ethical issues in engineering design were both advisors for the project and were working on PhD-projects concerning recycling of cars. However, a choice for an easy to recycle option was only made in cases where this option was not significantly heavier than a lighter more difficult to recycle option. A part where recycling was deemed important by the design team was the understructure. The understructure was made of aluminium and aluminium foam. It is usually understood in engineering that aluminium is easy to recycle if two guidelines are used. The first guideline is that wrought and cast aluminium should not be used together. If wrought aluminium (more pure, less alloying elements and contamination) is recycled together with cast aluminium (less pure, more alloying elements and contamination) then you will get cast aluminium. The second guideline is that welded aluminium is easier to recycle than bonded aluminium, the adhesive will contaminate the secondary aluminium if it is not removed before smelting. The design team acknowledged these guidelines and tried to use them in the design. Pete and Dave introduced the term “emotional sustainability” in the sense that more satisfaction than only that of arriving at B having set out from A should be gained from driving with the car. The car should give more pleasure and satisfaction while driving and while standing still than other cars. Emotional sustainability included, according to the design team, the car being fun-to-drive and the driver having “an ageing, caring and exploring relationship” with the car. Pete: ‘…that we create a sustainable use without the user realising this because they are forced to handle the car sustainably. Light-heartedly, being able to have fun driving.’ Drivers should get more value and satisfaction from using the car than only getting from one place to another. According to the design team the extra value should not only be experienced in the driving. More value can be gained from multiple use for the car, e.g. using the car when standing still i.e. as playground for children (see figure 4.4).

Figure 4.4: Make use of the car when standing still [picture courtesy of the DutchEVO design team].

68

DutchEVO, safe or sustainable?

Emotional sustainability should lead to a strong bond between car and driver. It should be possible to personalise the car and the car should age beautifully. One phrase that was often repeated is that it should be a pleasure to age with the car. People should like the car so much that they will not discard it before it brakes down. According to some design team members this would mean that less new cars are sold and that would be more sustainable because less scarce raw materials would be used to produce the cars. Supervisor of a student: ‘What do you mean by sustainability?’ Dave: ‘That it does not conflict with the interests of future generations. So that can be energy use or wastes.’ Thomas: ‘It can also be that if you ride two years longer with your car before you buy a new one that is also a contribution to sustainability.’ Dave: ‘This is not valid for 10 years.’ With his remark Dave pointed to the fact that as engines age they become more polluting and also engine technology will improve. Driving a car that is old can therefore at one point become more polluting and energy consuming than recycling that old car and producing a new one. Students designing parts of the DutchEVO tried to use the ideas on technological and emotional sustainability in their designs. With regard to technological sustainability this was relatively easy because this was operationalised as lightweight. Yet, it must be said that for some students, especially two students from HTS Autotechniek, technological as well as emotional, sustainability were difficult concepts. They were seen as typical DutchEVO words but what they referred to, the students did not know exactly. The Dutch word for sustainability is often interpreted as durability, this causes confusion. Jill: ‘Oh that word sustainable that is really a disaster. It is a disaster word…..[explanation of what she thinks sustainable means] ….But it is really a DutchEVO buzz word, I must say.’ So some students in the design team, who sometimes used the term sustainability, did not really understand what was meant by it.

69

Ethical issues in engineering design 4.5 Sustainable and / or safe Safety and sustainability are values that are difficult to combine in a car. Depending on the operationalisation of both safety and sustainability it can even be impossible to design a car that is both optimally safe and sustainable. In the DutchEVO project the lightweight criterion was regarded as the most important part of the operationalisation of sustainability. This had a negative influence on the safety of the people inside the car. A light car will always experience the larger acceleration in a crash with a heavier car. In a car with a mass of 400 kg it is also very difficult to include all kinds of active safety systems. Active safety systems like ABS and Electronic Stability Program (ESP) require a lot of electrical devices and hydraulical pumps, and above the mass added by including these active safety systems these safety systems consume energy in use. In discussions within the design team on including safety systems, the argument that the systems would increase the mass was deemed very important. The trade-offs that needed to be made between safety and sustainability (mass) triggered a change in the operationalisation of safety. Some of the design team members thought that mass should be a decisive argument. In most instances of trade-offs between safety and sustainability, sustainability or at least mass got the highest priority. During the design process it became apparent that it was not possible to include all kinds of safety systems and still design a car of 400 kg. First the criterion for safety was complying with relevant legislation and performing well in crash tests (see for example the requirements in section 4.1). Later in the design process safety became something like: as safe as the car can be weighing no more than 400 kg combined with making the driver feel a bit vulnerable. Instead of including all kinds of systems and devices the team wanted to make the driver feel a bit vulnerable and responsible, thereby promoting safe driving. A goal of the project became to challenge the existing way of designing safe cars in which more systems and heavier cars are deemed safer. Because it was not possible to use the operationalisation of car safety that car industry uses nowadays and still design a car of 400 kg, the DutchEVO design team was forced to think about the operationalisation of car safety. If the DutchEVO design team had not set the requirement of a maximum mass of 400 kg they probably would not have had to think about and discuss about car safety. They could just have included all systems that the price of the car would allow.

4.6 Summary of the case and the regulative framework Although cars have existed for over a century, it can be concluded that DutchEVO was a radical design process. It was radical in the functional way (see

70

DutchEVO, safe or sustainable? section 2.3.1). The priority order of the requirements usually posed for cars were especially different in this case. Mass was the most important requirement. This made reconsidering the working principle and normal configuration necessary. Some parts of existing cars were used, like for instance the engine. Other parts were newly designed and very different from those used in normally designed cars, for example the doors and the understructure. The ethically relevant questions that could be discerned in the design process were related to it being a radical design process. The operationalisation of safety and sustainability was ethically relevant and was very important in this radical design process. The engineers were confronted with ethically relevant questions concerning the operationalisations because they did not want to use the regulative framework. If the team had chosen to make a normal design these questions would not have been posed. The regulative framework gives an operationalisation of safety and sustainability that is used in normal design processes.

4.6.1 Ethical issues Ethical issues concerning the operationalisation of car safety, the operationalisation of sustainability and trade-offs between safety and sustainability played a part in this case-study The ethical issue concerning the operationalisation of car safety was the following. The DutchEVO design team wanted people to feel a bit vulnerable in the DutchEVO because the design team thought that people would drive more carefully in a light car with less safety systems because they would feel a little vulnerable. The design team based this idea on personal experience. The design team recognised the ethical relevance of sustainability. The motives of the design team to design a lightweight sustainable car were to a certain extent moral. They thought that designing such a car could make the world a bit better.9 In this case five ethical issues in the operationalisation of sustainability can be identified. Parts of the operationalisation used in the DutchEVO design could even contradict each other. First, considering the Brundtland definition of sustainability it is doubtful whether personal transportation can be considered sustainable. It is not clear whether personal transportation is a basic need that should be met. Second, the design team operationalised the Brundtland definition of sustainability as minimising energy use during the life cycle of a car because they thought that this was reasonably easy to work with. Different options only needed to be compared on one dimension, energy consumption in the life cycle —————————————————————————————————— 9

In the interviews most team members referred to their moral motives for joining the DutchEVO team. Another motive that they mentioned was that the DutchEVO project was a nice technical project with interesting technical challenges.

71

Ethical issues in engineering design and no weighting factors were necessary to compare different negative environmental effects of cars like CO2 emissions, smell and noise pollution. This operationalisation could lead to inconsistencies in cases like the use of catalytic converters. Catalytic converters increase the amount of energy used by the car but decrease emissions of NOx. So although emissions are often related to energy use, a slightly higher energy use caused by a catalytic converter can lead to a decrease in noxious emissions. Third, a further operationalisation of minimising energy use during the lifecycle was to minimise the mass of the car. According to the DutchEVO design team, energy consumption for cars is largest in the use phase (about 85%). Energy consumption in the use phase is mass dependent. Therefore decreasing the mass of a car decreases energy consumption, hence the main operationalisation of sustainability was the requirement that the car should have a mass of 400 kg or less. So the criterion of sustainability was operationalised as minimising energy consumption and that was operationalised mainly as a need to design a lightweight car. Fourth, in co-operation with another project of the DIOC focused on recyclability (Susan and Ann were both part of this DIOC project), friction can exist between sustainability as closing the materials cycle and sustainability as minimising energy consumption during the whole life cycle. A problem with a lot of lightweight materials is their bad recycling properties. Starting in autumn 2000, more attention was given to recycling. Mass remained, however, the most important selection criterion for options. Only if little mass was added to make a part better recyclable, was recycling considered. Joining could be an issue with regard to this; using adhesives is light but makes recycling difficult, using bolts makes the car heavier but eases dismantling. One of the team’s arguments not to build a car that could be dismantled is that dismantling is not economically feasible and would therefore not be done. This argument disregards possible future legislation or subsidies that might make dismantling feasible or dumping material on landfills very expensive. In this subject the importance of lightweight was visible again. The combination of lightweight and recycling was very difficult to attain and recycling was given a low priority. Fifth, another part of the operationalisation of sustainability focussed on what the design team called “emotional sustainability”. Emotional sustainability meant that a good relationship between driver and the DutchEVO should develop and that the DutchEVO would be fun-to-drive. Frictions can occur between emotional sustainability and energy consumption. Designing a city car that is fun-to-drive can lead to behaviour that will increase energy consumption although the car itself is energy efficient. It is possible that users will use the car more frequently because it is fun-to-drive. In cities a lot of alternative ways of

72

DutchEVO, safe or sustainable? transportation are available, like buses, trams, walking and bicycling. Some of these ways of transportation are definitely more energy efficient than driving a lightweight car. Moreover, if the “good relationship” between user and car leads to prolonged possession and use of the car, it is less clear to see what the effect on energy consumption is, on the one hand the prolonged use might lead to less use of raw materials, the production of raw materials usually consumes energy.10 The recycling of materials consumes substantially less energy. On the other hand engine technology advances and older engines are more polluting than engines using new technology. Above this, engines become more polluting as they age. It might be possible to only renew the engine after a period of time. However, this shows that it is not obvious that emotional sustainability leads to lower energy consumption. Finally, two ethical problems concerning the trade-off between safety and sustainability were encountered by the design team. The engineers wanted to challenge existing ideas on car safety, which have led to increasingly heavier cars with lots of passive and active safety systems. The engineers wanted a lightweight car. This meant first of all that passive safety systems were only going to be used if the engineers thought that they were effective and not too heavy. There were discussions about including airbags and minimising the amount of safety systems used because these systems make a car heavy. The trade-off between safety and sustainability led to the second ethical problem that a light car will always come off worst in a crash with a heavier car so people in the light car will always be at a disadvantage. Trade-offs between safety and sustainability were made in which the mass of the car was usually given priority.

4.6.2 Decision making on ethical issues The decision making processes in the DutchEVO case can be characterised as non-hierarchical; decisions on ethical issues were based on personal experience and some criteria which became self-evident during the design process. The organisation of the design process was non-hierarchical. Students made decisions themselves, or together with their supervisor, about the part they were designing. They discussed this choice in design meetings. All participants in the design team were confronted with ethical issues. For some students the ethical issues were related mostly to the operationalisation of sustainability, for others the ethical issues were related to the trade-off between safety and sustainability. It was not the case that some people made the decisions concerning for example the operationalisation of safety and others were required to work with this —————————————————————————————————— 10

This is only the case when large parts of the car are discarded after use, not when every part or the complete car are sold or recycled rather then discarded.

73

Ethical issues in engineering design operationalisation. The first efforts to operationalise sustainability were made by Dave at the beginning of the project. The operationalisation continued to evolve during the design process. In design meetings design team members discussed ethical issues that might not be so relevant to the part that they designed but that were relevant for other members of the team. In making decisions on ethical issues the personal experience of design team members played a large part. The idea that people will drive more carefully if they feel vulnerable and that therefore the car should make people feel vulnerable was based on the personal experience of the design team members. They could have found theories to support their ideas in the literature. There is, for example a theory called target risk theory within traffic psychology that states that a driver will keep the perceived risk in line with his or her target risk [Wilde, 1994]. This theory implies that if a car feels safer, a driver will drive more dangerously or that if roads are illuminated at night, drivers will drive faster. This target risk theory has been heavily debated within traffic psychology. There is empirical evidence that supports the hypothesis and empirical evidence that seems to falsify it [Rothengatter, 2002]. In the DutchEVO case the engineers did not really know what the effect will be of the driver feeling vulnerable. They could have known more about this issue if they had done some research into the literature on traffic psychology, but this literature is not conclusive. So it is very difficult to say what the effect will be of people feeling vulnerable in their car instead of feeling protected by their car on, for example, the amount of traffic deaths. Yet based on personal experience the design team decided that a safe car is a car in which the driver feels a bit vulnerable. During the design process ideas, especially those concerning a sustainable car being a lightweight car, seemed to become self-evident for the design team and to increase in importance. After a while the lightweight criterion as a measure for sustainability ceased to be discussed. This self-evidence prevented discussions on some possible contradictions in the team’s ideas of sustainability. The design team started with the idea of a sustainable product, yet questions can be raised as to whether a fun city car can be really sustainable.

4.6.3 Regulative framework The complete system of legislation, regulations, technical codes and crash tests constitute a regulative framework. With regard to car safety the tests performed by EuroNCAP are an important element of the regulative framework. The regulative framework was only partly used in the DutchEVO design because the mass of the car was given high priority. The operationalisation of car safety that was available in the existing regulative framework leads to heavy and stiff cars. The DucthEVO design team could not, and did not want to, use this

74

DutchEVO, safe or sustainable? operationalisation and rejected this large part of the regulative framework. Most of the ethical issues can be related to the rejection of the regulative framework. The regulative framework gives minimal requirements concerning safety and sustainability that exclude certain choices that the DutchEVO team had to consider. It is for example not a question whether or not to include airbags in a normal design; the existing regulative framework requires that all new cars have at least an airbag for the driver. Trade-offs that have to be made in a normal design process for a car are usually trade-offs between costs and safety. In an expensive car more active safety systems can be included. The existing regulative framework includes ideas about what a good and safe car is. The trade-offs are guided by these ideas. No car manufacturer wants to make a car that performs really badly in EuroNCAP tests. Performing less than other cars in EuroNCAP tests is bad for business so it is economically seen good to make cars that perform well in these tests. The DutchEVO design team rejected these ideas, and especially the EuroNCAP crash tests, because they lead to heavy cars and only address passive safety. An interesting question is whether the regulative framework meets the requirements that Gunwald has defined for a normative framework (see section 2.3.2).11 Pragmatically complete: It is questionable whether the regulative framework is pragmatically complete although it is extensive. There are rules and guidelines for dimensions, head lights, hoods, bumpers etc. Most parts of a car are subjected to regulation. Questions can be raised as to whether the regulative framework is pragmatically complete when it comes to issues about protecting all traffic participants. There is an emphasis on protecting people inside a car. This emphasis on people inside a car might lead to a more dangerous car for people outside the car. An example of this is that pedestrian impact tests are not required by legislation as yet. Another situation in which protective measures for people inside the car are dangerous for people outside the car is when an accident has happened and people need to be rescued from a car wreck. Airbags that have not gone off during impact can do so during the rescue process thereby injuring fire-fighters or other people involved in rescuing victims from car crashes. A pragmatically complete framework would have to include rules and measure to protect others than the drivers and passengers of cars. Accepted: The main problem concerning the framework is acceptability. The framework is accepted by most actors in the car industry and by people buying new cars. It is questionable whether traffic participants, other than drivers of cars, accept the framework. This framework imposes large risks on other traffic participants. It is even questionable whether people driving older cars accept the —————————————————————————————————— 11

Interestingly, Grunwald uses an example of designing parts for automobile industry as an example of business-as-usual technology development [Grunwald, 2000, 188].

75

Ethical issues in engineering design framework, because people in old cars, often lighter and less stiff than newer cars, have a disadvantage in crashes with newer cars that perform well in the crash tests. Within the government there are some doubts about current developments in car safety. The government has asked SWOV (Stichting Wetenschappelijk Onderzoek Verkeersveiligheid, an institute for research into traffic safety) to conduct research to see whether SUVs are indeed dangerous for other cars and traffic participants. So although the framework is still accepted by car industry and probably most people buying new cars, other actors like environmentalists and pedestrians object to the regulative framework. It might even be the case that the framework leads to a kind of coordination problem. If someone is buying a car he or she might want the safest car for him- or herself and his or her family because most other car buyers also do this. Driving a light car gives people a disadvantage in traffic accidents. So even if people agree that it would be better if everyone drove in a lighter car then they still might not want to be the first in a lighter car. So even though people do not accept the regulative framework, they might feel forced to buy a heavy and stiff car that seems to indicate that they, as consumers, accept the regulative framework. Observed: The regulative framework is observed, partly because it is legally enforced. Cars have to meet certain regulations before they are allowed to be on the road in Europe. The EuroNCAP test results are available to potential buyers of cars. Although barely meeting the requirements is legally seen as enough, this is usually not enough from a marketing point of view. It is very important from a marketing point of view to perform really well in the EuroNCAP crash tests, so there are other than legal reasons to observe the regulative framework. I cannot judge whether the regulative framework for cars is locally consistent and unambiguous but because it is not accepted by all affected actors it is not a normative framework anyway. The DutchEVO engineers thus did not reject a normative framework.

4.7 Acknowledgements I would like to thank the DutchEVO design team and DIOC 16 for their cooperation. I would specially like to thank Elmer and Jens for their co-operation and support.

76

5 Piping and Equipment Stress engineer: ‘It can be that you do not completely agree with the codes or that something is not completely clear in the code, for example loads caused by winds. In such cases you design according to your own insights and experience. The Stoomwezen has to approve it. Norms and codes are developed over time and engineers and the Stoomwezen have learnt from previous failures, near misses and problems. You do not lightly deviate from norms and codes. Having said this there are some issues that are not really covered by norms and codes, if you notice such a case you discuss it with the Stoomwezen and ask them how the codes should be interpreted. These instances are, however, exceptions.’ Ethical issues concerning safety and sustainability are not that difficult to imagine in the area of chemical installations. I will not make an extensive list of possible and actual accidents in (petro) chemical installations as I think that it is quite obvious that safety is an important issue in piping and equipment design. There have been large scale accidents such as in Bhopal and Seveso. Less disastrous accidents also happen such as small leeks of toxic substances from chemical installations, small scale explosions and other accidents involving injuries to one or two people or the death of workers. Not all these accidents are caused by design flaws, there are many different causes. Some may be due to flaws in the starting process for an installation or to flaws in operation, however, some accidents are at least partially caused by design problems. The design process for piping and pressure equipment for (petro) chemical installations is introduced in this chapter. The design process is described in the first section. All legislation, regulation and codes pertaining to the design of pipes and pressure vessels are introduced in the second section. This system of rules and requirements will be considered a regulative framework (see section 2.3.1). The division of responsibilities and tasks is described in the third section and this is based on interviews with engineers (see section 3.3). The ethical issues are described in section 5.4. The case-study is summarised, and the regulative framework is evaluated using Grunwald’s requirements, in section 5.5.

5.1 The design of a (petro)chemical plant The product that is going to be produced at an installation is developed by a (petro)chemical company before the piping and equipment is designed. The site

77

Ethical issues in engineering design where the (petro)chemical installation will be built has also usually been selected by the (petro) chemical company before the design of the piping and equipment is started [De Haan et al., 1998]. Engineering firms are often contracted to design the piping and equipment for a (petro)chemical plant. According to the interviewees, (petro)chemical companies used to have their own engineering departments but most of them have outsourced these departments and now hire an engineering company to design piping and equipment for new plants. The actual construction of the installation is done by a construction company. There are different kinds of contracts between customers and engineering companies. In reimbursable contracts the engineering company is paid per man hour. The customer pays for the costs of materials and the costs of construction. The customer is then free to choose to use cheaper or more expensive material as long as it complies with regulations. Another type of contract is a turn-key contract, with this type of contract the engineering company is responsible for design and construction. If the customer wants a more expensive material or take more safety measures then it is necessary to check if these measures were incorporated in the original contract. At the company where I interviewed engineers the specification of the design used in contract negotiations, was called the scope of a project. Specialists from an engineering company must first work with a customer to define precisely the scope of a project and thus determine all the customer’s requirements. These turn-key contracts can lead to discussions about whether certain features or materials are specified in the scope and who has to pay for extra costs relating to using specific material and safety systems. In the (petro)chemical industry the design problem is predominantly delineated in the earlier stages by the (petro)chemical company. From the moment an engineering company is contracted to produce a plant design there is communication and co-operation between the engineering company and the (petro)chemical company. At the engineering company the piping and equipment design process starts with the making of a flow chart. This chart is used to specify the amount and rates of the different liquid and/or gas flows, and will be based on information provided by the customer. After the chemical flows have been established, pipe diameters, vessel sizes and other dimensions are calculated. When the necessary types of apparatus and pipelines are known, the positions of the various vessels in the plant and pipelines, lay-out, are decided. Things like access for inspection and cleaning are taken into account during this process. The stresses in the material are calculated, and decisions are made as to what specific pipe materials etc to use. There is feedback between those making the calculations of stresses and those determining the positions of pipes and vessels in the plant. These processes are followed by filling out the details of the design and the bearing understructure. The “Manager of Engineering” of the

78

Piping and equipment engineering company estimated that about 75% of the design process time at this company was consumed by the process of detailing the design. Designing piping and equipment can be considered middle to low level, normal design (see section 2.3.1). Higher levels of the design process deal with the specification of the product and the chemical reactions in the chemical installation under construction. The overall design of the installation, including flows of chemical substances and the pressure in different parts of the installations, is a given constraint for the design process of the parts of the installation. It is a normal design process because the equipment that will be used and possible pipes are well known and have been used before. The operational principle, layout and functional requirements are known at the start of the design process. Standards and codes exist that prescribe the design or at least provide the design process with guidelines. A problem that can arise is that all these standards, codes, regulations, the customer’s requirements, practical restrictions of the plant site, economic restrictions etc clash. For example, stairs are required in installations that have a hydrogen sulphide flow. It is dangerous to inhale the toxic hydrogen sulphide and therefore the total installation needs to be accessible for people with tanks of compressed air on their back during an accident. However, it is sometimes not possible to use stairs throughout the whole installation due to a lack of space. In such a case a choice might be made to have both stairs and a ladder, a ladder on one side of the installation and stairs on the other side. The installation is accessible in emergency situations but space has been saved. So, in piping and equipment design, the design problem is sometimes over determined by external constraints.1 Such over determination might force engineers to change requirements or not to fulfil all of a customer’s requirements. Criteria to evaluate options are available in this case so the problem is reasonably well-structured. However, possible over determination prevents a piping and equipment design problem being really well-structured in all cases. Requirements may have to be adapted to arrive at a solution to the design problem.

5.2 Regulation regarding pressure vessels and piping Different regulations play an important part in the design and use of (petro) chemical installations. The regulations, codes and standards that play a part during the design process of piping and equipment in the (petro)chemical —————————————————————————————————— 1

I use over determination here in the sense that there are requirements that cannot possibly be complied with simultaneously. Certain options comply with certain requirements and it is not possible to find an option that complies with all requirements.

79

Ethical issues in engineering design installation are listed in table 5.1. Note, I have included company standards and specs in this table, however, these do not form part of the regulative framework. Table 5.1: regulation, codes and standards regulations codes Before 29-05-2002 Steam act (Stoomwet), Steam

Regels (NL),

standards ISO, NEN, DIN,

Decree (Stoombesluit), Decree on

company

dangerous tools (wet op

standards

gevaarlijke werktuigen), Nuisance Act (Hinderwet) After 29-05-2002

EU Pressure Equipment

ASME (US),

ISO-EN-NEN,

Directive, NL: Nuisance Act

Regels (NL)

EN-NEN, NEN,

(Hinderwet), Law on goods

NEN-EN 13445

company

(Warenwet), Pressure vessel

and 13480,

standards

decree (Drukvatenbesluit),

Merkblätter

Pressure systems decree

(GE), Codap

(Drukapparatuurbesluit)

(FR), British Standards (UK)

5.2.1 Regulations Pressure vessels have to meet sever specifications, under Dutch legislation, regarding hazard prevention to protect the health and safety of persons, domestic animals and property, before they can be used in the Netherlands. This law is a performance based law: a certain goal should be attained although the means to this goal are not specified. In the law there is little reference to specific hardware that should be used. However, if codes are approved by the minister, then products designed using those codes are assumed to comply with the Dutch law. The codes do make reference to specific hardware. At the time this research took place, a transition was taking place, moving from national regulation to European regulation. The Pressure Equipment Directive (PED) came into force 29 May 2002 [European directive 97/23/EC]. The PED substituted national legislation in European Union countries regarding the production and use of pressure equipment. If pressure equipment is designed to comply to European harmonised codes and standards it is assumed to comply to the PED requirements. However, because most of the codes and the standards had not been harmonised at the time of the transition, the use of national codes and standards was permitted during design processes. Additionally the engineering companies had to show that designs made according to the national codes also complied to the safety levels required by the PED. Certification bodies, called Notified Bodies, were appointed in EU countries

80

Piping and equipment to check whether new designs and refurbishments comply with PED regulations. Approved designs obtain a CE mark. In the Netherlands Lloyd’s Register Stoomwezen is one of the Notified Bodies. If no harmonised EU codes exists for a product or these are not used in the design then a Competent Body has to check the design and help the producer prove compliance with EU directives.2 Under the PED the producer of an installation has certain responsibilities, for example the request for CE certification has to be made by the producer. It is sometimes very difficult to indicate who the producer is. Is it the contractor who welds something on a pipe? Is it the engineering company that has made the design or perhaps the chemical company that uses the pipeline? The issues around who to regard as the producer still had to be resolved at the time the PED was introduced. According to the Stoomwezen the engineering company is the producer. Other regulations relevant to the design of (petro)chemical installations, are those encompassing environmental regulations and regulations regarding noise and smell. Such regulations are commonly used to regulate the outcome of the design process. The installation should perform within in the limits of allowed noise levels and emissions.

5.2.2 Codes regarding pressure vessels and piping Legislation and regulation often make references to codes. The organisations that formulate the codes differ in different countries. Codes can be formulated by professional organisations (the American Society of Mechanical Engineers (ASME)), industry (Regels in the Netherlands) or by governmental institutions (British Standards). Codes are usually written rules of good design practice that, if used correctly, should protect the health and safety of persons and the environment. In some countries, the application of a certain code is required by law. In many states of the United States, the application of the ASME codes for pressure vessels and piping is required by law. Codes are often prescriptive; they prescribe certain hardware and calculations. In the Netherlands the Regels were guidelines and it was therefore not required by law to use them. However, a design made using the Regels was assumed to comply with current legislation. At this moment there are some harmonised EU codes, for example NEN-EN 13445 and 13480 but not all national codes have been substituted by European codes as yet. Under the PED it is possible to use the codes of another EU country instead of always using the national code. In the Netherlands a choice can be made to design according to the German Merkblätter for example. —————————————————————————————————— 2

A Notified Body can also be a Competent body but this need not be the case. Until the PED came into force in May 2002, the Stoomwezen was the only certifying organization in the Netherlands. Under the PED other organizations can also become Notified Bodies.

81

Ethical issues in engineering design The contents of the codes differ. The American ASME codes are low-stress codes. The stresses permitted in the materials are low. This means that American constructions are heavier. The ASME codes require little testing and few inspections once the system is in use. The ASME code is extensive, and the rules are very detailed. The European codes (BS, Merkblätter, Regels) are high stress codes. They allow higher stresses in the materials. A construction will probably be lighter using European codes, but regular inspections and tests during use are required on an ongoing basis.

5.2.3 Standards regarding pressure vessels and pipes Standards are designed to achieve compatibility and interchangeability [Hunter, 1995]. Most reasons to standardise measures, products and systems have economic origins. In most countries there is a national standardisation organisation, for example the American National Standards Institute (AINSI) and NEN (Netherlands Standardization Institute).3 A European normalisation institute (CEN) exists for the European community. Worldwide the International Standards Organisation (ISO) is preparing worldwide standards. Standards are conventions that make trade between different companies and countries and the application of spare parts possible. Standards are prescriptive and describe in detail the hardware and conventions required for any item. Dimensions of certain parts are exactly and unambiguously established in a standard as are conventions on the technical drawing of an object. Standardisation ensures that a bolt produced by a certain company will fit a screw produced by another company provided that both companies use the same standard. Standards are usually not enforced by legislation. Legislation can however, refer to standards. Codes also often refer to standards. Larger companies will have company standards, these company standards are like national standards, conventions. These conventions can be about issues such as what kind of pipe is used for which temperature and medium. Some companies also have company standards that are conventions on good design practice or conventions to design installations that are safe. Company standards often refer to (international) standards and codes. As said before these company standards are not part of the regulative framework. The regulative framework only comprises the rules and guidelines that hold for all products of a product type in a country or within Europe. The regulation sets the minimum required safety level. Company standards can therefore only comply to, or be stricter than, —————————————————————————————————— 3

The NEN formulates both codes and standards. The standards are primarily meant to lead to interchangeability. The codes are used to guarantee levels of safety and quality, see also section 6.3.

82

Piping and equipment regulation. Companies are free to impose stricter requirements on the products they make or purchase.

5.3 Clear responsibilities and tasks The organisation of the engineering company was as follows. The company had a matrix organisation; this meant that there was line organisation in disciplines and horizontal organisation in project teams. Every project team consisted of people who were also part of a line organisation. A project manager would, at the start of a design process, consult line managers about the people he or she wanted in the project team. If the project was large, the project team members were relocated to work in the same space. There was a clear division of labour and function descriptions were clear. Job engineer: The job engineer is usually an experienced engineer. He or she is responsible for the plant lay-out. The job engineer has to deal with constraints related to regulation and constraints related to economy. Environmental, safety and nuisance regulation are important in the plant lay out. For example, he or she has to take care that safety distances between tanks and stoves and between tanks containing certain chemicals and the outer fence of the company are taken into account. Apparatus that produces too much noise needs to be shielded to reduce noise levels inside and outside the installation. Stress engineer: The stress engineer calculates the stresses in the pipes, the stresses in the connections between pipes and vessels and the stresses the pipes exert on the supporting structures. These calculations are made once there is a plant lay-out. If the calculations show that stresses are too high, some changes in the plant lay-out may have to be made. The calculations are made according to codes. The codes used at the engineering company of the case-study are the ASME code and the Dutch Stoomwezen Regels. Materials engineer: The materials engineer chooses which materials are used in an installation. Criteria used to choose materials are strength and chemical resistance. He or she uses the ASME and American Society for Testing and Materials (ASTM) codes and the Dutch Stoomwezen Regels. Piping designer: The piping designer makes a three dimensional computer model of the installation. The many elements of the computer model are preprogrammed. The piping designer chooses between existing elements to build the model. Once the three dimensional model is ready, simulations of people

83

Ethical issues in engineering design walking through the installation or parts being taken apart are made. If the piping designer notices problems, he or she confers with the stress engineer, the job engineer and / or the materials engineer. At this stage of the design accessibility and the ergonomics of the installation are important subjects.

5.4 Ethical issues An important ethical issue in piping and equipment design is safety. The question ‘What is safe enough for piping and equipment in a (petro)chemical installation?’ is in practice usually answered by referring to codes and regulations. The design team does not try to answer this question itself. In fact, the design team designs an installation that is safe enough according to existing codes and regulations. Although legislation, regulation, codes and standards play a large part in the design of (petro) chemical installations, there are still some choices on safety that engineers have to make. First, a decision on which codes to follow is made. The customer usually makes this choice. The customer is sometimes legally bound to follow certain codes, for example in some American States the ASME codes are legally prescribed. When a code has been chosen then there are still some choices regarding safety that are not regulated by the codes. A lot of the decisions regarding safety are already specified in codes, for example, safety factors, formulas, material properties and maximum allowed stress or strains. The design team has no freedom in the calculations. However, the team has to decided what load scenarios to calculate. It has to decide whether to take wind and earthquake loading into account. Decisions have to be made about the combination of certain events in load scenario’s for example snow and extreme wind loading combined. These decisions are usually made by the stress engineer, sometimes in co-operation with the job engineer, customer and Notified Body. The decision regarding which load scenarios to use is ethically relevant because it sets the limits for the installation. The installation should be stiff and strong enough to withstand the loads of the load scenarios but loads that exceed these scenarios are allowed to damage the installation. If certain loads that will occur are not taken into account then the installation can fail at the moment these loads occur. Sudden failure of the installation due to overloading could lead to a chemical spill thereby polluting large areas or, even worse, a gas leak of dangerous and toxic gases, which may kill employees and people living near the installation. In the European Pressure Equipment Directive (PED), a risk analysis is required but the accident scenarios that should be taken into account are not specified. The design team, notably the stress engineer, therefore also has to

84

Piping and equipment decide what the possible and probable accident scenarios are and to what load levels these scenarios will lead. This is related to the point made above about load scenarios. However, accident scenarios are not limited to mechanical loads, they also include human failure. An operator might, for example, forget to close a valve. The accident scenario “forget to close a valve” should predict what happens in such a case. In some cases an accident scenario can lead to a specific load scenario. For example, if it is possible that a small scale explosion occurs in a pressure vessel then the explosion inside the vessel should also be a load scenario for the vessel. The decision as to what accident scenarios to include is ethically relevant because an accident or incident not considered during the design process can lead to a disaster. For example, a failure to close a valve could lead to an explosion which could lead to the complete destruction of an installation. Some accident scenarios are easy to decide to use because they are specified in the codes. This, however, is not the case for all accident scenarios. An example of an accident scenario that is not included in regulation is the water hammer scenario. Accumulation of water in a steam line can lead to a build up of pressure released as a sudden small explosion. This can cause a line to come loose from its supporting structure if the attachment to the supporting structure is too weak for such loads. Accidents due to a water hammer can lead to employees being stuck under collapsed construction parts or employees being burned by hot steam or water. Within the codes and regulations there are no explicit rules about how to deal with water hammer hazard. The design team, especially the stress engineer, has to decide whether or not to take it into account. The calculations and load scenarios are checked by the Notified Body, but the Notified Body is not allowed to check the risk analysis made by the engineering design company under official PED rules. The Stoomwezen, however, checks risk analyses and advises engineering companies on them. The codes prescribe a lot of small details in the design process. If it is not possible to follow the detailed rules of the codes then the codes give alternative and less detailed ways of designing a pipe or pressure vessel. If the formulas cannot be used in a specific case, then the use of finite element methods is prescribed by the code. If the method of finite element calculation is also not possible, the vessel can be designed and put through a pressure test. This last alternative only prescribes the pressure test to which the vessel must be subjected. Following codes should lead to the minimum level of safety required by law. In the European Union, the decision whether the design is indeed safe enough from a legal point of view is made by Notified Bodies. There are possibilities to deviate from codes if this is approved by the Notified Body and the customer. Deviation from the codes and regulation could lead to unsafe installations. Such

85

Ethical issues in engineering design decisions to not adhere to regulation or codes are therefore not taken lightly. An example of not following the codes would be when a certain plastic can be used at a maximum temperature of 280 °C. The codes also specify that if this plastic is welded, the maximum allowable temperature is only 250 °C. It is forbidden by the codes to use the welded plastic in an environment at 280 °C. In co-operation with the Notified Body and the customer, the materials engineer can decide to use the welded plastic in an installation that very rarely reaches 280 °C. In such a case, the Notified Body will require that a prediction is made regarding how often the temperature might exceed 250 °C, and for how long. Additional ageing of the material due to a high temperature has to be taken into account in the calculation of the lifetime of an installation. Plastic, as it ages, can become brittle, this can lead to the rapid failure of plastic components making the use of particular types of plastics, or welded plastics, less suitable in certain environments such as that described above. There is a difference in safety between a design that barely complies with a code and a design made following the code in combination with the designer’s experience and skill. All codes will contain specified margins. Designs that comply with the lower boundary of the margins cannot be refused by the Notified Bodies, but these designs are less safe than designs that fall well within the limits. For example, a designer might insist on a greater than legally required distance between a chlorine storage tank and the boundary fence of an installation.4 A leak in such a tank could cause a cloud of chlorine gas to escape and reach to publicly accessible roads; therefore there are legally binding minimal safety distances between tanks containing chlorine and public places that must be observed when designing a storage tank. In the case of chlorine storage it can be said that the greater the distance between a storage tank and places to which the public has access the safer it is. This means that although there is a minimum safety distance, greater distances are usually better. Thus, though the distance from a chlorine tank to a boundary beyond which the public have access might be adequate from a legal point of view, the distance may not be enough from a moral point of view. There can be inconsistencies between customer requirements, codes, standards, regulation, legislation and practical restrictions. The most inconsistencies can be found between customer requirements and legislation or codes. The customer usually wants a safe but cheap installation. In some situations it can be impossible to follow codes because of practical constraints. When an existing installation is expanded it may be impossible to —————————————————————————————————— 4

I take chlorine gas as an example but this point can be made for all chemicals that lead to highly toxic fumes or gases in case of a leak in a pipe or vessel.

86

Piping and equipment place a new vessel within the installation without compromising minimum safety distances. Safety distances are not only defined for vessels containing certain dangerous chemicals and the boundaries of the chemical plant, safety distances are also specified for distances between pipes and vessels and between different vessels. A vessel under pressure might explode, if such an event occurs it should not lead to additional problems. Other vessels should be placed at such a distance that they are not affected by such an explosion. Inconsistencies between codes and legislation are less prone to arise than inconsistencies between customer requirements and codes and regulation. Legislation and regulation are mostly goal based and codes usually apply to hardware providing calculation rules that should lead to the performance levels required by legislation and regulation. Therefore inconsistencies are not really an issue. It can however, occur that new processes or materials have yet to be codified and are therefore not automatically legal. In such cases it is sometimes allowed to use those new processes or materials provided that a Notified Body has explicitly allowed their use. A new material or process might be safer than those specified in existing codes in certain instances. From a moral point of view it is good to use new materials or processes if this enhances the safety of an installation and has no other downsides e.g. with regard to sustainability.5 From a legal point of view special permission has to be obtained to be allowed to use new materials or processes. Duplex steel was, for example, not included in the Dutch code (Regels), the Stoomwezen however allowed the use of duplex steel in certain installations. The interviewed engineers have indicated that the codes for (chemical) installations are based on years of experience in the design of pipes etc, and that they do not put these codes aside easily. If there are situations in which the code is difficult to apply, an engineer will contact the Notified Body about what to do. In the end, the decision as to whether a design is indeed safe enough is made by a Notified Body such as the Stoomwezen. If a design is approved the product will have the CE mark. Another important issue in the final stages of the design process is the question of whether an installation, as drawn with a computer can be actually built. It is sometimes easier to leave the difficult details out of the drawings. These details then have to be decided on site, during the actual construction of the installation, where a piping designer from the engineering company must be present. A question about responsibility can be discerned here. Are the engineers —————————————————————————————————— 5

Whether or not it is morally required to use new materials or processes if this enhances safety depends also on other issues like amongst other things the costs and the environmental impact of the new process or material.

87

Ethical issues in engineering design responsible for designing an installation that is complete in details and which is producible in practice? If an engineer specifies a certain way of construction that is difficult and labour intensive, the constructor might use an easier way to produce something that he or she judges to be similar or good enough. However, such changes may not be as good as those prescribed and may not achieve what the designing engineers expected, this can lead to problems later. There are several cases in which details that were changed or further designed during construction, have led to disasters, for example, the Hyatt Regency walkway collapse (see also [Gillum, 2000] and [Pfatteicher, 2000]). Some of the alterations that might be made are predictable for the engineers. Should the engineer design in a way that is easy to construct and anticipate the sometimes difficult working conditions of, for example, welders? Or should an engineer design the best construction and then give his or her drawings to the contractor? An engineer can argue that he or she does not have all the relevant information to decide what is easy to construct and what not. The engineer does not always know what production techniques the specific contractor has available and has experience with. Not including some details in the drawings and letting the construction company decide on some details might tempt engineers to leave the difficult details out (see figure 5.1).

Figure 5.1:…..and this pipe should be connected to that pressure vessel according to the drawings? [picture courtesy of S. Roeser]

88

Piping and equipment In a turn-key contract the engineering company is also responsible for the construction. So it is in its own interest to make a design that is easy to construct economically, efficiently and within the codes. Under a reimbursable contract the engineering company is only responsible for the design, not for construction; therefore problems are more likely to occur with a reimbursable contract. Although there are opportunities to include sustainability concerns in the design of (petro) chemical installations sustainability is assigned little attention and importance in piping and equipment design. An installation is designed to have a certain lifespan and what is done after that has expired is not the concern of the engineers. The engineers do not know if some of the materials of an installation will be recycled or whether the installation will be demolished and no material recycled. In the interviews engineers indicated that they considered recycling unimportant. According to the engineers, Notified Bodies and customers also regarded sustainability to be of no interest. Some systems for predicting the costs of installations have a built in bias for cheap, not very durable and sustainable, materials. A former engineering specialist told me that in a company she had worked for, the costs for maintenance were taken to be a percentage of the cost for building. Stainless steel is more expensive but needs less maintenance than other steels. However, making the choice to use stainless steel cannot be economically justified if the maintenance costs are taken to be a percentage of the building costs. Only very small diameter pipelines that are very costly to paint are made of stainless steel. In this company specific guideline, an inherent bias towards short life-time and maintenance intensive materials can be distinguished. If such types of guidelines exist it is very difficult to introduce new, more expensive, materials even if these would be more durable and/or sustainable. Another ethical issue that was brought up by some of the interviewees is that companies have less knowledge nowadays. Large chemical producing companies no longer have engineering departments such departments have been outsourced and/or closed. Engineering consultancy companies hire young engineers without experience, experienced engineers are too expensive and they (have to) leave the consultancy companies. Some organisations, to save money, for example the Stoomwezen, have had a vacancy stop, no new people had been hired during six years. The older engineers are retiring while the young engineers have not gained a lot of experience. Moreover, internal education has been neglected. An experienced engineer makes more money for a company when he or she is working for a customer then when he or she is educating his or her younger colleagues. This means that the knowledge and experience required to design

89

Ethical issues in engineering design safely is declining, not only in the engineering companies, but also in the Stoomwezen. The Stoomwezen does not have specialists in every field. They used to rely on the knowledge and experience of the engineering departments of (petro)chemical companies for some issues. In the past engineers from the (petro)chemical companies had experience in working with, and designing for, specific chemicals and the problems involved with handling such chemicals. Approval by the Stoomwezen was partly based on it having positive experiences with (petro)chemical companies and trusting the engineers of those companies to make a safe and reliable design. Nowadays (petro)chemical companies do not have an engineering department, this coupled with the retirement of experienced engineers means that the knowledge and experience is no longer available in engineering companies and at the Stoomwezen. This may cause problems in the future when inexperienced engineers from an engineering company design an installation for a (petro)chemical company that no longer retains knowledge and experience with designing such installations. This may lead to unsafe designs. Of course these designs have to be approved by the Notified Body but the Stoomwezen has the same problem. Inspectors do not have knowledge of, and experience with, the possible problems of all specific installations. So it is questionable whether the Stoomwezen is always able to check whether a design is safe enough, and if it is not safe enough, to provide advice to the engineering company with respect to making it safer. If there is too little knowledge in engineering design companies and in the organisation that has to certify the designs, then unsafe chemical installation may be constructed, and this lack of knowledge becomes an ethical issue.

5.5 Summary of the case and the regulative framework The design process for piping and equipment in a (petro) chemical installation is usually middle to low level normal design. The working principle and normal configuration are already known. Pipes to transport fluids and gases have been designed for some decades. In most design processes the functional requirements are comparable to the functional requirements for previous designs. In some design processes a more radical design might be needed if the pipes have to transport a chemical that has not been used previously, research into the effects of the chemical on the possible materials for pipes becomes necessary. In the higher levels of the design hierarchy, the product to be produced in the installation is designed, the flow of chemicals established and the site selected. The design process is organised hierarchically people have different functions and clear task descriptions and responsibilities.

90

Piping and equipment

5.5.1 Ethical issues Any design process for piping and equipment gives rice to ethical issues, particularly those pertaining to safety. These ethical issues are discussed in more detail in section 5.4, I will review them here shortly. Engineers believe that designing according to legislation and codes leads to safe installations. Legislation and codes prescribe a lot, but do not cover all choices regarding safety. At the start of the design process, a choice has to be made between using the different codes that the pertinent legislation permits. Some choices regarding safety are not specified in a code and have to be made by the engineers and / or customer. For example, accident and load scenarios are not defined in European codes and legislation. Under the PED engineering companies are obliged to make a risk analysis of their design but what accident and load scenarios should be used are not specified. According to the engineers there is a difference between merely following a code and following that code well within its limits. The Notified Body cannot reject designs that comply with legislation and codes but there is a difference in safety between a design on the lower limits of a code or a design well within its limits. There are also ethical issues related to the division of responsibility especially if the design is to be constructed by another company. Some details are not specified in a design because a constructing company needs some freedom to decide what method to use for construction. This may tempt engineers not to specify any of the difficult details because the construction company will do this. The designing company might make a design that cannot be produced, or one that is only possible if employees at the building site run large risks. Another ethical issue that was raised by the engineers at the engineering company and the engineer from a Notified Body was that the level of knowledge regarding designing safe installations within chemical companies, engineering companies and the Notified Body was decreasing. Chemical companies have outsourced most of their engineering work where once they had some experienced engineers working within engineering departments. Engineering companies fired some of their very experienced senior engineers when the demand for engineering work was low during the nineteen nineties. The Stoomwezen has not been allowed to hire new engineers for some years and now its experienced senior engineers are retiring without the junior engineers having gained enough experience and knowledge to carry out their certifying tasks at the same level as that of the engineers who have retired.

91

Ethical issues in engineering design

5.5.2 Decision making on ethical issues In this case, decision making on ethical issues can be described as individual, hierarchical and based on a regulative framework. Compared with the foregoing DutchEVO case, decisions regarding ethical issues were made more by individuals than by a complete design team. Ethical issues were dealt with by the engineer that encountered the ethical issues for the part he or she designed. Different engineers have different tasks and have to deal with different ethical issues. The job engineer will be confronted with ethically relevant questions concerning safety distances. Minimum safety distances are defined in the framework but in some cases these safety distances cannot be met, for example, if an older installation is changed. In other instances the job engineer might want to keep greater than required safety distances. The stress engineer has to make the decisions regarding load and accident scenarios. The materials engineer has to choose between different materials. Not all engineers will be confronted with all ethical issues. Some ethical issues will come up in the work of the stress engineer others in the work of the job engineer. If engineers encounter large problems in their design tasks, they are required to discuss these problems with their superiors and the project manager. The project manager will decide together with the engineer whether the problem can be solved by the design team or not. In important decisions the customer is involved in the decision making. Sometimes the Notified Body is informed of the problem and asked for advice. Legislation and codes give rules and guidelines for a lot of decisions concerning ethical issues. In addition to the rules and guidelines, there are Notified Bodies that should check the design before it is certified. The Notified Bodies can provide engineers with advice.

5.5.2 Regulative framework There was a regulative framework available for this case. The most important part of the regulative framework was the PED (European Pressure Equipment Directive). This PED is implemented in Dutch law. The legislation specifies a minimum required level of safety. The PED is on most points very general and goal oriented. If a harmonised European code is used in the design, an assumption is made that the design complies with the legislation. At this moment some national codes are still being used. The regulative framework mandates that all new designs are checked by organisations licensed to check whether a design complies with current legislation, i.e. Lloyd’s Register Stoomwezen. Can this regulative framework be considered to be a normative framework as defined by Grunwald? To answer this question, I will follow

92

Piping and equipment Grunwald’s requirements for a normative framework and indicate whether the regulative framework meets them. Pragmatically complete: The framework is not complete. Some relevant decisions regarding load and accident scenarios are not included. The Notified Body will check the design. If some obvious load scenarios are not included they can require changes in the design. However, the Notified Body does not check the risk analysis and accident scenarios made by the engineering company. When I conducted the interviews for the case-study (February to May 2002) there were no established ideas on good design practice within the profession regarding what load and accidents scenarios to consider. The transition to the PED in May 2002 led to a lot of questions among engineers, and at the Notified Body Lloyd’s Register Stoomwezen, for example, it was not clear who should apply for the CE mark. Locally consistent: The framework is reasonably consistent as long as one code is selected for the design. It is difficult, and not allowed, to combine different codes in a design because this would lead to a lot of inconsistencies. Contradictions are regularly encountered between customers’ wishes and requirements and the regulative framework. Unambiguous: At the time of the transition to the PED the framework was definitely ambiguous. A lot of rules needed interpretations that were not yet available or had not be decided. This will probably get better when experience has been gained with the PED. Accepted: According to Grunwald a normative framework should be accepted by engineers and by all the people affected by it. Yet, with regard to chemical and petrochemical installations, we regularly see that people living in the neighbourhood of such an installation do not accept the regulative framework. For example, in the south of the Netherlands an installation using hydrocyanic acid borders an estate. According to the company owning the installation, the installation is safe because it complies with codes and legislation. The local government of the village, neighbours and environmentalists doubt whether the installation is safe enough even if it indeed meets all codes and legislation [Trouw, 17 June 2002]. Observed: The framework is observed. It is legally enforced and designs are checked by Notified Bodies. Moreover, as can be seen in the quote at the beginning of this chapter engineers adhere to the framework. Engineers see it as a good guideline to design a safe installation. From the above it can be seen that there is an extensive regulative framework but that it is not a normative framework. The ambiguity of the regulative framework

93

Ethical issues in engineering design is due to the change from national to European legislation and this may be resolved within a few years time. Other problems arise as a result of a lack of experience with and interpretation of, the PED. For example, the problem of who should apply for the CE mark requires legal interpretation. These problems will be resolved within some time. Other problems are more difficult. Notified Bodies are not allowed to check the risk analysis provided by engineering companies. This means that engineers can decide on accident scenarios without guidelines or control on these decisions. This does not mean that engineers will immediately try to set very low standards but they may be pushed by customers only to consider some accident scenarios. From a moral point of view, the main problem with the regulative framework would probably be that it is not accepted and this is something that is not easily resolved. I will come back on this point in chapter 9.

5.6 Acknowledgements I would like to thank the engineers at Jacobs Engineering, Lloyd’s Register Stoomwezen, Ger Küpers and Nancy Kuipers for the information provided by them.

94

6 Designing a Bridge Ethical issues with regard to the design of a bridge might not be that obvious. Yet, safety plays an important part in the design process of a large bridge. Not just safety for the people and drivers of the vehicles using the bridge but also for workers working on the bridge during its construction and for ships passing underneath a bridge. Accidents that happen on a bridge might lead to cars or trucks hitting some structural part of the bridge. People might want to dive from the bridge into the water, etc. A case-study about the design of a bridge is presented in this chapter. The design problem is introduced in the first section. The stakeholders and their wishes and requirements are introduced in the second section. The main difficulty in this design process was trying to reconcile all the requirements and wishes of all the stakeholders. The legislation and codes pertaining to safety and sustainability for bridges form the focus of the third section. These codes and legislation constitute the regulative framework for bridge design. This section is followed by a section on the division of responsibilities and the organisation of the design process for bridges. The results are summarised and the regulative frameworks evaluated in section 6.5. How far the regulative framework complies with Grunwald’s requirements and can therefore be considered a normative framework is established.

6.1 The design problem Ingenieursbureau Amsterdam (IBA) is the municipal engineering company of the city of Amsterdam which designed the bridge in this case-study. The IBA is responsible for the engineering design of bridges, tunnels and other infrastructure projects in Amsterdam. The IBA is a part of the municipality of Amsterdam and has a lot of experience with designing and building of bridges in Amsterdam. Under European law Amsterdam has to tender their assignments. Hence the IBA does not get an assignment automatically, it has to compete with other engineering companies. This case deals with a phase of a design process for a bridge over a large canal. The bridge will provide the eastern access for a new estate called IJburg in Amsterdam. IJburg is located in a region with a lot of waterways. The different parts of IJburg will be connected by bridges. The bridge

95

Ethical issues in engineering design of the case-study is a large bridge connecting IJburg to local highways.1 The bridge will span the Amsterdam-Rijnkanaal, which at this point is about 130 m wide. The span of the bridge will be 150 m and on one side (Reliant Energy side) of the bridge 33 m of road leading to the bridge is included in the project; on the other side (Diemen) 66 m is included. Large ships must be able to pass under the bridge, therefore the bridge needs to be at least 9,30 m above water level. The design process and construction of this large bridge will take years. Therefore only one of the phases of the design process was studied. The phase of the design process that I studied was the preliminary design phase. The IBA used a standard contract made by a Dutch professional association for engineers that is used mostly by engineering companies working within civil engineering in the Netherlands. In this contract the design process is divided into the following eight phases [KIvI, 2003]. The engineering company can be hired for one or more of the phases of the design process. Research: Research into the feasibility, environmental effects, societal acceptation etc for making a go, no go decision for the project. This research is also used to decide on design requirements. Preliminary design: Based on the design requirements a sketch design and descriptions on how the object will function are made and used to inform the customer about the costs and the time necessary to build the design. The customer has to approve the preliminary design before the next phase is started. Definite design: The dimensions are fixed and the costs of materials and apparatus indicated for use in the preliminary design are calculated (using codes if necessary), drawn and specified. At the end of this phase there should be a clear idea about what the costs to build and operate the object will be and the time needed to build it. Tender specification and construction documents: The location, the amount and quality of materials and processes used to construct the object are described in the tender specifications. The tender specifications also include administrative and legal requirements. The tender specifications are necessary for tendering and they will be used as part of the contract with the building contractor. Price and contract: Building contractors bid to obtain the contract. Detailing: The design is further detailed by the building contractor in cooperation with the engineering company to ensure that it can be built according to the tendering specifications. Building: The engineering design company ensures that the design is built according to the specifications in the tendering specifications. —————————————————————————————————— 1

For people who are familiar in the area, the bridge will connect IJburg with the A1 and A9 highway near exit Diemen.

96

Design of a bridge Completion: The engineering design company controls whether the building contractor has built an object that satisfies the requirements. Advice is given on payments. The preliminary design phase started in January 2004 and was finished by the end of April 2004. The phase resulted in a preliminary design report for the customer. During the preliminary design phase I attended the technical meetings and I interviewed five engineers and the architect working on the project. I will explain more about the context of the design process in the next section, there the stakeholders and the customer will be described. The bridge should be constructed and be ready for use in 2007. A document with the design requirements had already been written during the research phase before the preliminary design phase. The IBA had participated in the research phase and the writing of the requirements. Other stakeholders involved in the research phase were the architect and the DRO, the municipal organisation for planning and urbanism. The preliminary design of this bridge is high to middle level design, it is somewhat lower in design hierarchy than the conceptual design of the bridge but it is the first effort to make a design of the construction of the bridge based on the architect’s drawings of the desired shape of the bridge. Designing this bridge is a normal design process. In this regard the bridge is just another arched bridge although it is a rather large one. The working principle, how arched bridges work, and normal configuration, what they look like, are well known. The architect tried to make the working principle of the arched bridge visible in its shape. In an arched bridge there are either strong and heavy arches to support the mass or there are two strong beams at either side of the bridge deck that carry most of the loads. In this case the architect had chosen to use heavy arches. In short the design problem is: build a beautiful arched bridge that is not too expensive and that does not hinder ships during construction or while in use. Take all legislation into account and take care that no one gets injured or killed during construction. The difficulty in this design process is not in designing a new working principle or a new configuration; it is in combining and meeting all requirements, in the coordination of all the different tasks and in maintaining the communication between all the stakeholders. A lot of stakeholders are involved: among others two municipalities, a power station, an architect, the municipal service for urban development, and the Rijkswaterstaat.2 All these stakeholders —————————————————————————————————— 2

The design process is at the time not finished. After the preliminary design phase the design process was temporarily stopped. There were some financial problems concerning IJburg and the customer needed to deal with them. The customer probably also needs to get the permission of the Amsterdam city council to expand the budget for the bridge.

97

Ethical issues in engineering design have their wishes, requirements and demands that need to be incorporated in the design. Some stakeholders need to give their permission because they own part of the land on which the bridge will be build. Different permits from local and national authority are necessary before the actual building can start. As the rest of this chapter will show, the design process is also governed by a lot of legislation and codes pertaining to the design and the building of bridges.

6.2 Trying to reconcile all requirements and stakeholders As indicated above a lot of stakeholders were involved in the design process. In the following I will first list all the stakeholders that have participated, or will participate, in the design process or that have to give permission before the bridge can be built. A number of different municipal services of the city of Amsterdam were involved in the design of the bridge, these are listed below. The DRO (Dienst Ruimtelijke Ordening): this is a municipal organisation that is responsible for planning and urbanism in Amsterdam. The DRO decided that a bridge over the Amsterdam-Rijnkanaal is necessary and together with the IBA, formulated the requirements for the bridge. The DRO decided how the bridge should be placed in the landscape and what it should look like and gave the architect of the bridge guidelines. The OGA (Ontwikkelingsbedrijf Gemeente Amsterdam): This is a municipal agency for urban development. The OGA controlled the budgets and acted as customer for the IBA. The DRO initiated the project for the bridge and handed it over to the OGA. The DIVV (Dienst Infrastructuur, Verkeer en Vervoer): This municipal service for infrastructure, traffic and transport, will be responsible for the control and maintenance of the bridge once it is build. The DIVV was officially not included in the design process. The DMB (Dienst Milieu en Bouw toezicht): This municipal service for environmental and building inspections, issues permissions to build. An inspection is made to determine whether the design complies with the relevant legislation and codes. This takes place at the end of the design process when a design is filed for building permission. The DWR (Dienst Waterbeheer en Riolering): The DWR is the municipal service for management of water and sewage. The DWR manages the dike on one side of the Amsterdam-Rijnkanaal.

98

Design of a bridge Other stakeholders: The Rijkswaterstaat: The Rijkswaterstaat is a government organisation responsible for the Dutch waterways, dikes, dams and canals. The Rijkswaterstaat imposes rules for minimising the radar disturbance caused by a bridge. Once a bridge is built there should still be enough vision and radar vision downstream. The Rijkswaterstaat also imposes limits on the amount of disturbance to shipping during the construction of a bridge. One side of the bridge in the case will stand on a important dam controlled by the Rijkswaterstaat. Another part of the Rijkswaterstaat, the Civil Engineering Division (Rijkswaterstaat Bouwdienst), checks the calculations for the bridge. The IBA has hired the Rijkswaterstaat Civil Engineering Division as advisor. The Reliant Energy: This company has a power station near the bridge site. Road embankments are necessary between the bridge and the connecting roads because of the height of the bridge. One of the road embankments will be on Reliant Energy’s land, so permission is required to build on this land. The Reliant Energy also has a dock that the contractor might want to use to transport materials to the building site, thus the construction company needs to obtain permission from the Reliant Energy to use the dock. The TENET: There are high voltage transmission lines above part of the bridge and part of the terrain needed to build the bridge. Building underneath high voltage lines imposes specific hazards on people working on such a site. It will also make building the bridge upstream and shipping it to the site difficult. It will not be possible to load the already constructed bridge onto a ship and transport it into position because it is not possible for a ship with the bridge on it to pass under the power lines. The TENET might be willing to cut the power through the lines if the power demand is low during certain hours of the day or for some months. Whether or not this is possible has to be discussed with the TENET. The Municipality Diemen: Part of the bridge will be on land owned by the municipality Diemen, so their permission to build is needed. The Architect: The customer has hired an architect for the architectural design of the bridge. The architect had already performed a study for the DRO concerning bridges in IJburg. The Groengebied: On one side of the Amsterdam-Rijnkanaal, (the Diemer side) there is a nature reserve. The Groengebied manages this area. The Groengebied has to give permission before the building can start. The Groengebied will amongst other things, need to check whether animals can still get from one side of the earth embankment to the other. The Provincie North Holland: The Netherlands are divided in 12 provinces. A province has its own council and is responsible for spatial planning, for part of

99

Ethical issues in engineering design the Dutch infrastructure and Dutch water management, therefore the Provincie North Holland also has to approve the building of the bridge. All the above organisations, the municipal services and companies, had their own wishes, demands and requirements. Some of these requirements were incorporated in the design requirements. In other instances there was only an indication that permission needed to be obtained from an organisation to do something or that an organisation should be contacted. Some of these organisations may have demands that will cause serious problems later. For example, the customer and the IBA did not contact the Reliant Energy in the preliminary design phase, yet an engineer from the IBA had heard that the Reliant Energy had indicated some time ago that they would not allow an earth embankment of several metres high to be built over their cables. According to the engineer, this information had been obtained in an earlier phase of planning for the IJburg estate. If the Reliant Energy refuses to give permission for the road embankment then the bridge design will need to be changed. The design team was waiting for another project, the road leading to the bridge, to be started before they would talk to the Reliant Energy. This road project was to be carried out by another design team within IBA. This division of projects into the bridge and the roads on the Diemer and IJburger side was apparently due to separated budgets for the whole project at the OGA. Another problem may arise with the DIVV. Facilities for maintenance and inspection of bridges are necessary, such as stairs, rails or perhaps a cart that can be moved along the bottom of the bridge to inspect or paint it. In most design processes that the IBA had participated in, in the past, the DIVV was involved. During the bridge design process the DIVV was officially not involved, yet after the bridge has been built, it will be handed over to the DIVV. The engineers of the design team were experienced and they knew most of the facilities required for maintenance. However, to prevent problems later on in the design process the engineers from IBA asked the DIVV for advice on facilities necessary for maintenance. A facility can be easily included in earlier phases of the design process, at the end of the design process it is more difficult to include a facility for maintenance. It might then be necessary to change the design and to perform further calculations. Tension can arise between the architect and the engineering design company. Both the engineers and architect thought that this tension was necessary to come to a good design. According to the engineers and the architect, the architect should try to push the engineers to the limit as to what is possible for

100

Design of a bridge engineering work.3 The regulative framework poses some of the limits of what is possible in the engineering work. The architect defended his ideas about what the bridge should look like and he did not like compromises. The architect is well-known in the Netherlands and he has experience with designing bridges.. The architectural design specified the way the bridge should look and it dealt with the shape and form of the bridge. The engineering design dealt with the bridge’s construction. The engineers tried to make an engineering design that fitted the architectural design In this phase of the design process the architect led, with the engineers staying as close as possible to the architectural design. The customer had asked the design team, during the preliminary design phase, to look for options to lower the costs of the bridge without compromising the architectural design. The architect and customer judged whether the proposals made by the design team were within the scope of the architectural design or would change the architectural design intolerably. Within the IBA a number of engineers drawn from different disciplines worked on the engineering design, two engineers worked on the steel arches and two engineers worked on the concrete foundations and pillars. Furthermore, three engineers were involved with the preparation of the building site and methods that would be used during construction. One of the engineers working on preparation of the building site was also delegated to make a health and safety document for the bridge project. A design leader and a project leader had been appointed. The project leader communicated with the other stakeholders, especially the customer. One of the engineers designing the steel parts was also the design leader. The design leader was responsible for the exchange of information between the different engineers and the architect. The design and project leader were jointly responsible for the integration of the preliminary design and the preliminary design report. Every two weeks there was a design meeting for the purpose of exchanging information. The design leader had made a decision document for the next design phase. Every engineer had to fill in the form when they made a decision. The decision, the reasons for the decision and additionally the engineers from other disciplines whose work will be influenced by the decision had to be noted on the form. These decision forms were then sent to the design leader and the other relevant groups.

—————————————————————————————————— 3

This remains normal design because “pushing to the limits” in this case means within the normal configuration and working principle. The architect and engineers seem to refer to, for example, thinner arches or less bulky looking road segments.

101

Ethical issues in engineering design 6.3 Legislation and codes A bridge should be safe and comply to all relevant bridge legislation. The safety of the design for a bridge should be demonstrated before permission for construction is given. Engineers can indicate that the design is safe by demonstrating that they have followed the relevant codes and complied to legislation. Safety consists of different aspects with regards to a bridge. The different aspects were identified by looking at the relevant legislation and codes and interviewing the project manager before the observation period started. One, it is desirable that the bridge can be built without any workers being injured or any fatalities. Accidents happen regularly during construction work. People fall down from heights, they get stuck under heavy construction parts, they can be hit by falling parts. These kinds of accidents should be prevented if possible for example by limiting the amount of work that needs to be done at a height and ensuring that safety features are built into the design. Two, the bridge should be strong enough to withstand all normal loading during the whole of its lifetime and all exceptional loading that might occur during accidents. Three, the IJburg bridge is quite high above the water level and the arches are also high. People on the bridge might throw things down onto ships or climb onto the arches. All kinds of misuse can be imagined. Four, to prevent collisions between ships on the canal, the line of sight from ships and radar scanning should not be hindered by the bridge. In the following sub-sections I will come back to all these points and indicate how the engineers dealt with all these aspects of bridge safety. I will divide the aspects into safety during use and safety during construction, because different legislation and codes hold for use and construction.

6.3.1 Safety during construction European Directive 89/391/EC gives general requirements for working conditions and directive 92/57/EC defines the minimal requirements for health and safety on construction sites. The European directives are incorporated in Dutch legislation in the “Arbeidsomstandighedenbesluit” (working conditions decree) [Arbeidsomstandighedenbesluit version Feb 2004]. This working conditions decree requires that a health and safety plan is made for the construction of the bridge. Engineers, contractors and customers are held responsible in this legislation for different parts of the health and safety plan. During the design phase, a design health and safety coordinator has to list and evaluate all risks. This legislation is procedural; it requires that risks are listed. There are some substantial rules in the working conditions decree to restrict

102

Design of a bridge physical loads or to protect pregnant or young employees. There are for example rules about lifting loads and the mass that bricks are allowed to have. The design team did not know these rules and therefore did not use them in the design. They considered that compliance with these substantial rules was part of the responsibilities of the contractor, because the contractor is the employer at the building site. This is also regarded as the responsibility of the employer in the working conditions decree. Until recently engineering design companies included a very general list of risks as a health and safety plan with the tendering specifications. Things like the possibility of workers falling from heights or the obligation to use personal protection like safety shoes or a safety helmet were mentioned. Design decisions cannot be changed once this tendering phase is reached. Some risks might be preventable if another choice is made in an earlier design process phase. The idea behind the obligation to make a health and safety plan during the design is that health and safety considerations should play a part during the whole of the design process and not just during construction when most of the decisions have already been made. Nowadays more attention is given to the formulation of the health and safety plan within the IBA; it is no longer a standard list. Whereas the health and safety plan used to be made at the end of the design process it is now started in the preliminary design phase and it is updated throughout the design process. This bridge project was the first time that engineers from the IBA worked on a health and safety plan in the preliminary design phase. Risks were listed and possible measures to prevent or mitigate such risks were mentioned together with whether the measures had already been taken or had to be taken later in the design phase. All risks and measures were listed in the health and safety plan of the bridge with an indication that something should be done about it in a later phase. It can be concluded that making a health and safety plan during the preliminary design phase has not led to changes in the preliminary design. A health and safety plan is also necessary for maintenance and refurbishment. This means that a new plan needs to be made when maintenance work is done. The IBA engineers do not make this health and safety plan, the contractor for maintenance is responsible for this, however, the IBA engineers were aware that their construction should not only be build but also inspected and maintained. This meant that perhaps stairs, rails, provisions to secure a safety line when working on heights, manholes and elevators needed to be included. In this case the IBA engineers asked the DIVV for advice as to what inspection and maintenance provisions were needed.

103

Ethical issues in engineering design

6.3.2 Safety in use The “Bouwbesluit” (building decree) imposes minimal requirements with regards to safety, user friendliness, health and environment in use for bridges and other constructions [Bouwbesluit version 2002]. The requirements range from structural reliability requirements to emergency evacuation requirements in case of a fire in a building. The building decree points to NEN (Netherlands Standardization Institute) codes or NEN-EN codes (Dutch codes made in accordance with European regulation, and harmonised with other European countries’ codes) that can be used in engineering design for the structural reliability (see section 7.3.1 for a further elaboration on what is meant by structural reliability). If NEN or EN-NEN codes are used in the design then it is taken as given that the design complies with the legislation. It is assumed that using the codes in a design will lead to meeting the minimal requirements that the building decree imposes. It is not compulsory to follow codes in a design, but if the codes are not used the burden of proof is shifted to the engineering company. The engineering company must provide evidence that the minimal requirements of the building decree are met. This means that if it is possible to use codes, many engineering companies will use them. The Dutch codes are formulated by committees under the supervision of the NEN. The committee members are usually experienced engineers drawn from different organizations and companies or scientists from universities. There are different points in the development of a code when comments on versions of the code are solicited from engineers outside the committee, for example on the green version. The IBA engineers all indicated that they knew to whom they could turn if they thought that there were flaws or omissions in the codes they used. The codes are formulated and maintained by engineers in the committee. The interpretation of the codes and the decision when to use certain codes is made by individual engineers or small groups of engineers working on certain parts of a design. At the IBA, all interpretations of codes and calculations are checked by a colleague. After a design is finished a civil servant from the local building inspection will check the design and control whether the design complies with the building decree. Most of the times, this check will include a check of the use and interpretation of codes and a check of the calculations. There are courses for young engineers to teach them how to design according to

104

Design of a bridge certain codes. If new codes are developed professional associations of engineers organise courses for engineers to learn about these new codes.4 There are special codes for the loads on concrete bridges and steel bridges [NEN 6723, 1995] and [NEN 6788, 1995], respectively. The problem is that these codes are still based on codes formulated in 1963. The predictions of traffic flows over bridges in these codes are not realistic. Axle loads and frequencies are predicted based on these traffic predictions, and as a result, the predicted axleloads and frequencies are too low, leading to heavier actual fatigue loads than those used to calculate the bridge. The use of the traffic predictions of these old codes to design new bridges has led to the need to completely renew large parts of a bridge because fatigue damage made this necessary, the Van Brienenoordbrug. This bridge was opened in 1990 and steel parts of the bridge supporting the road had to be renewed after large fatigue cracks were found in 1997 [Barsten in de brug, 1997]. Some of the fatigue cracks needed to be repaired immediately. The situation was dangerous because a heavy truck might have caused a local failure of the bridge and for example have gotten a wheel stuck in a hole in the bridge deck. Within a few years there will be a European code for bridges. This code will be incorporated into the Dutch code system as NEN-EN 6706. This European code was developed in the nineties and the fatigue loads are more realistic and have been determined statistically. This European code is now available in a not yet definite version. At the time of the case-study there was a “preliminary green version”. This meant that comments were being solicited on this version. After incorporation of the comments it will become a “green version”. The green version of the European code can be used and compliance with the building decree is assumed, however, the old NEN codes can also be used. Engineers and companies are also asked to comment on the green version. After a given period of time the green version will be changed taking into account the comments, at this point it becomes the definite version. The definite version of the European code will replace the NEN codes in use at present. During the design for the IJburg bridge a choice had to be made to use either the NEN or the European code. The European code has realistic fatigue loads. This might lead to more material being required to be used in the bridge. If fatigue is important then more attention needs to be paid to detailing: sharp edges and corners are not recommended under fatigue loads. The safety factors are a bit lower in the European code than those in the NEN codes, because the loads are determined with less uncertainty. Lower safety factors may decrease —————————————————————————————————— 4

There are several professional associations for the different disciplines in construction. There is, for example, an association for engineers who work with steel (Bouwen met Staal), there is also a research centre for civil engineering in the Netherlands called the CUR.

105

Ethical issues in engineering design the amount of material required to build the bridge. The preliminary design was calculated using NEN 6723 and NEN 6788, because the calculations were preliminary and only general, no details were known at the time, it was not necessary to continue to use the NEN 6723 and 6788 codes in further design phases. The Rijkswaterstaat Civil Engineering Division, which was asked by the IBA to check its calculations, had a strong preference for the European code. The IBA engineers were undecided as to which code they wanted to use. They knew the NEN 6723 and 6788 very well and had a lot of experience in using them. Using the European code would require them getting to know that code and might cost more calculation time. The engineers did not decide which code to use in the definite design phase; the customer, the OGA, had to decide this. Because the engineers did not know what the consequences of using the European code were they made a quick analysis, which was incorporated in the preliminary design report. The customer could choose based on this analysis. In the analysis the following arguments were given for and against using the green version of the European code [Aalstein, 2004]. ‘-The prediction of the fatigue loads are more accurate in the European code. -Using the European code the non-permanent loads are higher.5 The total loads, the combination of non-permanent and permanent loads, however, is lower due to lower safety factors -Using the European code the dynamic fatigue loads are higher and can be decisive for minimal thicknesses. The stresses calculated in the preliminary design phase are low enough to assume that the preliminary design will also suffice according to the European code. -The financial consequences of using the European code will be limited. In total the use of the European code can even lead to the use of less material.’ [Aalstein, 2004]

Considering all these arguments the IBA advised OGA to choose the European code. Besides having to choose between NEN codes or the European code, a choice needed to be made between different types of codes for some parts of the bridge. For example, the design involved making a wall on either side of the canal to act as a support for the bridge and keep soil from sliding into the canal. What is the primary function of such a wall? If the primary function is to support the road then the calculations should be made using construction codes. If the primary function of the wall is to keep the soil from sliding into the canal then —————————————————————————————————— 5

Non-permanent loads are loads caused by traffic on the bridge, loads caused by snow or temperature differences and other non-permanent conditions. Permanent loads are loads caused by such things as the weight of the bridge, creep and uneven settlement.

106

Design of a bridge geotechnical codes could be used. These codes differ and can lead to different required material thicknesses and qualities. In the construction codes the principal loads are vertical and come from the road onto the wall. Using a geotechnical code the principal loads will be horizontal, and due to the force exerted by the soil which will push against the wall. According to the engineers interviewed it is uncommon for a choice to have to be made between different types of codes but it does occur as it did in the bridge case. The engineers indicated that what code is chosen for the calculations is based on experience with similar situations. People and drivers on the bridge participate in traffic, thus, all traffic safety legislation is relevant for a road bridge. All the requirements pertaining to traffic safety, such as the width of the bridge, protecting of cyclists and pedestrians from cars and illuminating the roads, must be included in the design process. The IBA did not design the road deck on the bridge, this was the responsibility of the DRO. The IBA only made the engineering design for the bridge. Because exact division of the bridge into road, pavement, cycle path etc was not done by the IBA and was not that important with regard to the construction of the bridge I will not get into the details of regulation and codes pertaining to road. It was, however, important for this engineering design to take into account the fact that traffic accidents can happen on a bridge. A car or truck might crash into the guard rail on one of the sides of the bridge or crash into a load bearing structure of a bridge. A bridge should not collapse in such exceptional circumstances. The codes include rules for calculations that should be made to simulate cars or trucks crashing into the load bearing structures of the bridge and for trucks standing very near to the sides of a bridge. The IJburg bridge will be partly on publicly accessible terrain, so it is possible for people to access all parts of the bridge. People will be walking or cycling on the bridge. The bridge will be about 9 meters above water level and the arches will be about 22 meters above the bridge deck. The building decree requires that preventive measures should be in place to prevent people being blown of the bridge in high winds. To protect cyclists and pedestrians on the bridge a rail will be installed on the bridge, using building decree guidelines. In the preliminary design phase no measures to prevent people from climbing on the arches were taken into account. One of the engineers said in an interview that he thought that something should be done to prevent people from climbing onto the arches because the arches were not steep, the inclination is such that it might be possible to walk on the arch. The arches of some arched bridges are so steep that it is impossible to climb on them. In this case, the engineer thought that a gate to prevent people from walking onto the arch might

107

Ethical issues in engineering design be needed. There are no rules or codes that specify that arches should be inaccessible. After my presentation of the results of the case-study there was a discussion on this issue of misuse. In that discussion, an engineer said that walking on the arch to the top (about 30 m above water level) was a stupid thing to do. He thought that they should try to keep people off the arches, but not at any cost. In the engineers’ opinion people themselves have a responsibility to be prudent and realise that climbing on the unprotected arches of a bridge is a dangerous thing to do. The engineers agreed that in postponing the discussion on this point, they risked that later on in the design process they would need to make large changes to the arches to prevent people from walking on them. In the case of a bridge in the Dutch city Maastricht the arch of a bridge for pedestrians and cyclists is not very steep (see figure 6.1). Since the opening of the bridge in 2003, there have been at least five known attempts to walk over the arch. The city council is considering installing CCTV cameras and claiming any would be daredevils the costs of any resulting rescue operations [www.frontpage.fok.nl] and [Algemeen Dagblad, 30 March 2005].

108

Design of a bridge

Figure 6.1a and b: Bridge for pedestrians and cyclists in Maastricht. People climb on the arch and sometimes try to walk to the other side using the arch [photos A. van Gorp]. Other possibly dangerous activities connected to bridges are diving from a bridge, committing suicide and throwing things down onto ships passing under a bridge. No attention was paid to preventing this in the preliminary design phase. There is no legislation that requires bridge designers to install measures to prevent people from throwing things down or from diving of a bridge. In the Netherlands it is forbidden to dive from bridges but no measures have to be put in place to prevent people from doing this. The engineers indicated in the discussion after my presentation that they did take care to design in such a way that things such as a crucial bolt, which might be unscrewed, and if undone would then influence a bridge’s stability, was not accessible. This was not mentioned explicitly in the design process. The engineers wondered what other misuse should be prevented and whose responsibility it was to take such prevention into account. There are no norms or codes for this. The issue of misuse was not discussed in the preliminary design phase. The design leader said that they had decided that some measures to prevent access to certain parts of the bridge would be taken in the definite design phase. The design leader also indicated that he expected feedback from the Rijkswaterstaat on this issue when they sent the design to the Rijkswaterstaat for a check of the design. According to the design leader the Rijkswaterstaat Civil Engineering Division had a lot of experience with designing large bridges and they probably had ideas about what types of misuse to prevent and how to prevent it. The

109

Ethical issues in engineering design design leader thought / hoped that the Rijkswaterstaat would give them comments and advice on misuse. The question remains whether the architect would accept a gate or some other measure to keep people off the arch. This might become a problem later on in the design process. Large ships and containerships use the Amsterdam-Rijnkanaal to go southeast to Tiel and further on to Germany. Large ships need a lot of time to turn corners, to stop and avoid a collision with another ship. It is therefore important that captains have a good enough line of sight to see other ships further up or down a river or canal. At the location for the bridge the canal is not completely straight; there is a small curve. Locating the columns of the bridge directly on the bank of the canal will obscure a ship’s captain’s line of sight. The Rijkswaterstaat would not allow this. The columns will therefore be located 10 meters inland. This positioning of the columns had another advantage, if the columns are placed 10 m inland there is no requirement to design the bridge in such a way that it can withstand a collision of a ship into one of its columns. Lighting for the road on the bridge should be done in such a way that it does not blind captains on the bridges of ships passing underneath. To aid ship navigation radar is also used. A bridge will disturb the radar profile. There are rules for radar disturbance. The Rijkswaterstaat will check whether or not the design causes too much radar disturbance. The Rijkswaterstaat recommends that surfaces perpendicular to the canal have an inclination of more than 5 to 10° to avoid radar disturbance. The arches incline 15° to the inside so this recommendation is met for the IJburg bridge arches. The beams under the sides of the road deck also have an inclination of 15°. The beam that is located under the middle of the road deck is straight and should, according to the Rijkswaterstaat be finished with bevelled edges. The engineers considered all the mentioned aspects to be important but during the case-study design process when using the term “safety” they usually referred only to safety in use. Safety during construction is called health and safety.

6.3.3 Sustainability Some of the engineers mentioned in their interviews that the estate and the bridge would be built in a former nature park. They thought that the environment and especially building in a nature park was an ethically relevant issue. The decision to develop an estate in a nature park was taken by the Amsterdam city council. This was an important ethical issue but not one that the engineers could really influence. The Amsterdam city council held a referendum in 1997 to ask the Amsterdam community whether or not they agreed with the

110

Design of a bridge plans to build IJburg. If the percentage of people that participated in the referendum was high enough then the city council would abide by the result of the referendum. The majority of the people that voted in the referendum was against the estate IJburg but the turnout was too low and did not reach the required percentage of all possible voters. Because of the low turnout in the referendum the result of the referendum was not considered in the decision making process. Yet concern for the ecological value of the place where the bridge would be situated has steered the requirements on ecology. A separate section on ecology was included in the design requirements. Local flora should have a chance to grow undisturbed on the sides of the road embankment. Therefore the road embankment should be steep to prevent people from climbing onto it. There was also a requirement that the engineers should pay attention to needs of nesting swallows in the design [DRO and IBA, 2003 p 17]. The engineers did not know what this requirement about nesting swallows was supposed to mean, or what they should do, so in the preliminary design report they stated that they would not include measures for nesting swallows [Aalstein, 2004, p 4]. The requirements for the bridge contained some guidelines concerning sustainability. The workings conditions decree forbids the use of certain materials and substances because they can harm the health of workers [Arbeidsomstandighedenwet, 2004]. These materials and substances are sometimes also harmful for the environment such as, for example, lead. Recently, requirements have been included on the use of energy in the building decree but this concerns proper insulation of buildings and has little to do with bridges or tunnels. There are also requirements concerning the use of materials [DRO and IBA, 2003 p.18]. For example, any wood used should be FSC certified. The FSC certificate guarantees that the wood is sourced from sustainable forestry.6 With respect to the selection of materials, materials that are recyclable were preferred. The engineers intended to use a document from the Rijkswaterstaat that gives guidelines for materials and sustainable building. This document was not used in the preliminary design phase; though the engineers expected to use it in the definite design phase and for formulating the tendering specifications. So, although the available legislation and the design requirements paid attention to sustainability, sustainability was given little attention in the preliminary design phase. This was partly due to the fact that the choice of —————————————————————————————————— 6

The Forest Stewardship Council is an international, non-profit organization that offers forest certification. FSC has developed some principles and criteria that should be met. The principles and criteria take into account the environmental impacts of forest management and social issues like labor conditions and indigenous peoples’ rights [www.fsc.org].

111

Ethical issues in engineering design materials was not made in the preliminary design phase. In a discussion held during the preliminary design phase where sustainability might have been relevant, the engineer said that new legislation was anticipated. This legislation will limit the amount of volatile substances allowed in paints and it will be in force when the bridge is built. The discussion on paints took place when the means for conserving and maintaining of the steel arches was discussed. A conservation system consisting of a metallic coating, for example zinc, and paint is required in the requirements. This form of conservation system is very expensive and the OGA wanted a cheaper conservation system. According to the engineers from the IBA the conservation system using a metal layer and paint was perhaps too expensive and over engineered. They agreed with the OGA that it might suffice to have another, cheaper system. The IBA engineers, however, wanted to look at more than the costs of paints and their application, they also wanted to reduce maintenance requirements. They decided to look for an organic paint system that conserves the steel arches of the bridge as well as the systems used to conserve similar large bridges. One of the engineers contacted different paint producers to determine what kinds of organic paints would be suitable for the bridge, he also mentioned in a design meeting that when the bridge was painted in 2007 there would be new legislation covering a reduction of volatile substances in paints. The organic paint system that he advised using complies with the upcoming legislation.

6.4 Responsibility and liability The IBA is NEN-EN-ISO 9001:2000 certified. This quality system requires that every calculation and drawing is checked. Every official document must have the signatures of the engineer that has written it and the engineer that has checked appended. The responsibility for calculations is thus divided between two engineers; the one that has performed the calculations and one that has checked them. After the document has been checked the project leader has to append his signature for release to the customer or other external instances. This system should make all decisions traceable. The NEN-EN–ISO certificate is a quality system that focuses mainly on procedures. In the interviews I asked the engineers whether the checking and signing of documents were related to liability issues. The engineers did not know if this was the case and started asking me whether they could be held liable in cases where they had signed some calculation or other documents. There is very little information on engineers being held liable if people are injured or killed due to a design flaw. There have been very few cases in which an engineer has been sued and convicted. Most cases have been settled or the engineers were acquitted. For

112

Design of a bridge example, in a court case involving three engineers that had worked, in different organisations, on the wheels of the ICE train that crashed into a bridge at Eschede in Germany severe guild could not be proven and the case was settled [Oberlandesgerichtcelle, 2003]. After a new hall at the Charles-de-Gaulle airport near Paris in France had collapsed on the 23rd of May 2004, the district attorney announced that an investigation into involuntary manslaughter would be made [Doden na instorten vertrekhal Parijs, 2004]. It is not yet clear whether some companies, engineers or the architect will be held liable. In general there are three criteria used to decide whether persons can be held liable. A norm has to be transgressed, there should be a causal connection between this transgression and the failure and a person should be blameworthy [Bovens, 1998, 28-31].7 Because there are not a lot of cases in which engineers are convicted for design flaws causing death or injuries to third parties, it is not clear how these criteria are interpreted. Liability for design omissions is regulated in the contract between the customer and the IBA, [KIvI, 2003]. A design omission is defined as something that a good, prudent engineering company, that has the relevant knowledge and means, should have avoided. The customer has to point out the design omission to the engineering company and give the company time to amend it. The engineering company is liable for the cost of amending the design omission and any damage directly related to the design omission. The maximum amount to be paid by the engineering company is the amount that the engineering company will be paid for the assignment with a maximum of 1 million euros. Thus liability is limited to 1 million euros and only direct damage is covered. In this contract the engineering company is not liable if people are killed or injured as a result of the finished object collapsing or otherwise seriously malfunctioning.

6.5 Summary of the case and the regulative framework The arched design of the IJburg bridge was clearly a normal design. The working principle and normal configuration for an arched bridge are well known. Functionally, the design was also normal, the requirements formulated for this bridge were not exceptional compared to other arched bridges. I studied the —————————————————————————————————— 7

Following the codes is usually a way to show that the design complies with the law. It is however not this straightforward, if a design complies with the codes it does not necessarily mean that no norm has been transgressed, because the use of codes is not required by law. An object should meet the requirements of the Dutch building decree. Usually following the codes will lead to compliance but an obviously unsafe object transgresses the law even if it is designed using the codes.

113

Ethical issues in engineering design preliminary design phase for a bridge that would form part of a larger system of roads to link IJburg to the rest of Amsterdam. The task was high to middle level in the design hierarchy. It was not really a conceptual design because the architectural image of the bridge and the requirements for the bridge had been previously decided. At the stage I observed it was not a detailed design, details would be added in the definitive design phase, in the tendering specifications phase and probably also by the contractor after tendering.

6.5.1 Ethical issues The engineers indicated that sustainability played a part in the design process but that most choices related to sustainability would be made in later stages of the design process when the materials for building the bridge would be chosen. The engineers expected to use a document from the Rijkswaterstaat on materials and sustainable building as a guideline. There were some discussions in the observed preliminary phase of the design process regarding the conservation of the steel arches of the bridge that can be seen as a discussion about sustainability. Some paints contain more volatile substances that can be harmful to humans and nature, these will not be allowed to be used by 2007 when the bridge will be painted. The ethical issues that played a part in the preliminary phase of the design process were related to safety. A choice needed to be made as to which codes to use. It is not legally required that engineers work with the European code, but the fatigue loads in the European code are much more realistic. Is it justifiable to still work with the NEN codes while it is commonly known that these codes underestimate parts of the loads? This question was not raised by the engineers. They did advise their customer to use the European code in the definitive design phase provided that a green version was available at that time. The IBA engineers advised this because they expected that applying these codes would not make the bridge more expensive. I have described the reasons that the engineers gave in their preliminary design report in section 6.3.2. During technical meetings an additional reason against using the European code was given. Some engineers were against its use because they said that the European code was very different and that it would cost a lot of extra time for calculating the dimensions of the bridge. Although this argument against using the European code was mentioned in technical meetings and interviews it was not mentioned in the report. Another argument that the engineers could have given in the report was that using a new code might increase the uncertainty in the design. Until a green version is available, a new code can only be used if engineering companies provide evidence that the legal requirements concerning safety are met. Providing this evidence costs time and money, therefore

114

Design of a bridge engineering companies prefer to work according to codes that are assumed to be in accordance with the current legislation. At the present engineers have limited experience with the new European code compared to their experience with the older NEN 6723 and 6788 codes. There was another choice related to types of codes used. During the design process for some of the concrete parts of the bridge a choice had to be made between using different types of codes. If geotechnical codes are chosen over construction codes or vice versa the chosen code has consequences for the required material thicknesses of such concrete parts. According to the engineers, having to make a choice between two types of codes is the exception, most of the time it is obvious which type of code should be used. The engineers working on the problematic concrete parts made their choice based on their design experience. There were ethically relevant issues concerning working conditions. The legislation concerning working conditions seemed to be purely procedural. The requirement to make a health and safety plan only requires that a plan is made, what it should include is not mandated. It was therefore possible to act in accordance with the responsibility assigned to the IBA and make a health and safety plan in which every possible risk was indicated but no risk was reduced. It was difficult to reduce risk in the preliminary design phase. Most of the information needed to make a good risk assessment and to propose measures to reduce the risk was not available. Later on in the design process, more information would be available for example on the high voltage transmission lines, however, extra information did not mean that the IBA would have to change the design to reduce risks. The IBA could always indicate that it was the building contractor’s responsibility to reduce the risks. A health and safety plan could just be a list of risks that the contractor must include in his health and safety plan while not reducing any of the identified risks or taking any precautionary measures. This shifts the responsibility to the contractors and the individuals working at the building site. According to the working conditions decree this is where most of the responsibility and liability lies. If an accident happens at a building site a contractor can be held liable. However, decisions could be made in the preliminary design phase that deeply influence the possibilities for building safely in the design process. Even though primarily the responsibility lies with the contractor and the employees working on the building site, the designing engineers could take on some responsibility for working conditions during construction. Yet, because the requirements set out in law are purely procedural, no safeguard is provided to make designing engineers take on this responsibility. Whether or not designing engineers should take on such responsibility for health and safety is an ethical question.

115

Ethical issues in engineering design What misuse should be accounted for in the design was not made clear in the preliminary design phase.8 It is quite possible for aesthetics and safety concerns to clash on this point: because the arches were not very steep, people would be able to walk on them once the bridge is built. If this is to be prevented, a gate should be built or some other measure taken to keep people from climbing on the arch. Such a gate may disturb the architectural image of the bridge. The IBA engineers did not include any preventive measures regarding arch climbing in the preliminary design. The engineers did indicate that they were responsible for a design with rails so that people could not be blown from the bridge in high winds. The building decree gives some rules for this. There are, however, no rules or guidelines for preventing people from climbing on potentially dangerous structures, from throwing things onto ships or from diving from the bridge into the water. The IJburg bridge would form part of a public space. This is probably one of the reasons why there was no real tension between costs and safety. The engineers indicated that the customer and every other stakeholder were sensitive to safety concerns regarding the bridge. If the engineers gave clear argumentation as to why a certain idea or option was not safe enough, then the idea or option was not used. Every stakeholder wanted the bridge to be safe. The aim was that the bridge should be safe, yet built as cheaply as possible within the architectural design.

6.5.2 Decision making on ethical issues The design process was organised according to different disciplines. Within the IBA there are engineers that are specialised in concrete, in steel and in the preparation of a building site and construction. During the design process, two engineers worked on the steel arches, two engineers worked on the concrete parts of the bridge and three engineers worked on the building site and construction preparation, there was also a project leader. One of the engineers working on the steel arches was also the design leader and one of the engineers working on building site and construction preparation was also responsible for making the health and safety plan. A lot of effort was needed to get the information to everyone that needed the information in this design process. Some of the decisions made by the engineers designing the concrete parts would possibly have a large influence on the design of steel arches or on the building —————————————————————————————————— 8

Note that movable bridges are subjected to the European Machinery Directive [98/37/EC]. A Dutch code for movable bridges, NEN 6787, includes some rules on possible misuse of movable bridges and access to movable parts [NEN 6787, 2004].

116

Design of a bridge site or vice versa. So although the engineers worked in one field they needed to be informed about what the other engineers had decided and designed. Because of the division of labour different engineers dealt with different ethical issues. For example, the engineers working on the concrete parts had to deal with issues like which type of codes to choose for some of the concrete parts. Although every engineer was expected to take working conditions into account and make a list of risks, the primary responsibility for health and safety during construction was placed on the engineer making the health and safety plan. The engineers working on the steel arches will be confronted with issues of misuse and have to decide on what misuse to prevent in later phases of the design process. Ethical issues were primarily dealt with by one or two engineers working on a subject. If ethical issues were problematic or any choices the engineers made were expected to influence other parts of the bridge then choices were discussed with the other design team members. The choice between using European codes and NEN codes had to be taken by the customer supported by argumentation provided by the design team. The Rijkswaterstaat Civil Engineering Division was asked to check the construction design of the bridge. The IBA was not required to have the Rijkswaterstaat check the construction design, however, the engineers wanted this because the Rijkswaterstaat has a lot of experience with designing large bridges. When deciding about ethical (and other) issues reference was made to elements of what I have called regulative frameworks. The regulative frameworks provided operationalisations, calculation rules, minimal requirements etc that were used by the engineers in the design process.

6.5.3 Regulative frameworks Detailed and extensive regulative frameworks were used in the design process, these consisted of legislation, codes and ideas as to how these codes should be interpreted. The relevant legislation is, at some points, very detailed, while at other points it refers to codes. The legislation defines a minimum required level of safety and sustainability. When building large infrastructural objects there are at least three regulative frameworks that can be distinguished. One is the regulative framework pertaining to safety of workers on building and maintenance sites. Another regulative framework is the one pertaining to the safety of the bridge as a construction.9 The third regulative framework is the one pertaining to road design. It might even be possible to distinguish another —————————————————————————————————— 9

There are of course overlaps between the two frameworks especially with regards to safety during maintenance. The building decree also sets out requirements for accessibility for maintenance.

117

Ethical issues in engineering design regulative framework, one that deals with the level of hindrance that a bridge is allowed to cause ships in a canal, river or harbour. I will start with a discussion of some aspects of the regulative framework concerning safety during construction. Dutch legislation on working conditions is an implementation of European directives 89/391/EC (health and safety at work in general) and 92/57/EC (health and safety on construction sites). The law on working conditions is very general and only states goals, for example that an employee should not be put at risk. However, the law is supplemented with several policy rules, rules on fines for breaches of safety regulation, rules for inspection of working conditions etc. All these rules are much more detailed and are supplemented by ideas on how to interpret the rules, law etc [Wilders, 2004]. The complete Dutch working conditions regulation system constitutes a regulative framework. The IBA engineers only used part of this regulative framework, they only made the required health and safety plan. The rest of the regulative framework, such as the more detailed rules, was not considered by the engineers. The IBA engineers only carried out the requirement to make a health and safety plan because they considered the rest outside the scope of engineering design. The law also assigns only this specific responsibility to the designing engineers. The complete regulative framework is relevant for contractors not for designing engineers according to the IBA engineers. I will not go into the question of whether or not the regulative framework concerning working conditions is a normative framework. I conclude that the regulative framework was not used by engineers in this case. Engineers have a task assigned to them by the regulative framework but because the task is limited and procedural they can perform this task without using the rest of the framework. If a health and safety plan made by design engineers does not contribute to better working conditions on a building site then it might be a good idea to assign more substantial responsibilities to the design engineers concerning working conditions. This would force the engineers to use the regulative framework concerning working conditions. There is also a regulative framework for road design. This regulative framework requires, amongst other things, minimum widths of roads. The requirements from the road design framework are decisive for the width of a bridge. So although the engineers did not work within the road design regulative framework their work was influenced by some of its rules. With regard to the possible regulative framework concerning hindrance of ships on canals, rivers and in harbours, the same holds. The IBA engineers only knew some of the rules and just sent their design to the Rijkswaterstaat to be controlled. The IBA engineers therefore did not use all of the rules or legislation concerning the

118

Design of a bridge hindrance of ships to make decisions in the design process. So even if there is a regulative framework that covers the hindrance of ships on a waterway, this was not a regulative framework used by the design engineers at the IBA, instead it was used by the engineers at the Rijkswaterstaat. Therefore I will not consider this framework in what follows. Safety in use; a normative framework? I will use Gurnwald’s requirements for normative frameworks to establish to what extent the regulative framework concerning safety in use can be considered a normative framework. First I will describe the elements of the regulative framework and some relations between the elements in the framework. Then I will return to Grunwald’s requirements and evaluate whether the regulative framework meets them. The main part of this regulative framework consists of the Dutch building decree. It is common that this kind of Dutch legislation is an implementation of European law. In this instance there is indeed a European directive (89/106/EC) but this directive deals with construction products and not with actual constructions. The European directive requires that construction products are CE marked and should lead to buildings that are safe, that cause no hazard to health, that can be evacuated in case of a fire and that are energy efficient [89/106/EC]. Very general requirements for constructions can be found in annex 1 of the European directive for construction products, as I will illustrate using the requirement for mechanical resistance and stability. ‘The construction works must be designed and built in such a way that the loadings that are liable to act on it during its constructions and use will not lead to any of the following: (a) collapse of the whole or part of the work, (b) major deformations to an intolerable degree, (c) damage to other parts of the works or to fittings or installed equipment as a result of major deformation of the load-bearing construction, (d) damage by an event to an extent disproportionate to the original cause.’ [89/106/EC]

The directive that gives detailed requirements for construction products should lead to constructions that fulfil these general requirements. The Dutch building decree mentions the European directive on construction products, but its focus is on constructions as a whole. Some parts of the building decree requirements are very detailed; others refer to codes for details. The codes referred to are Dutch NEN codes or already European harmonized EN-NEN codes. Most national codes should in the end be harmonized within the European Union to ensure a free European market.

119

Ethical issues in engineering design In short, there is a regulative framework consisting of European and Dutch legislation, codes, certification, ideas of interpretations, teaching materials and courses. Does this regulative framework meet Grunwald’s requirements for normative frameworks? The requirements were outlined in section 2.3.2. A normative framework should be pragmatically complete, locally consisted, unambiguous, accepted and observed [Grunwald, 2000] and [Grunwald, 2001]. Pragmatically complete: The framework is reasonably complete. According to the engineers, most of the decisions that have to be made are encompassed by the framework. There is one subject that is not dealt with explicitly in the framework: misuse. Locally consistent: Most elements of the framework are linked and there is little contradiction because the building decree is the decisive document. The construction should, in the end, comply to the Dutch building decree. Possible contradictions arise if parts of the construction can be designed using one of two types of codes for example a geotechnical or a construction code but this is the exception. Different codes pose different requirements, so the same part will look different when designed according to different codes. This problem arises only for certain parts of certain constructions in which the type of code that should be used is not fixed and can be debated. So, strictly speaking the framework is not locally consistent, because it allows, in some cases, the use of different types of codes. Unambiguous: At this moment the framework is unambiguous, but the new European code will cause temporarily problems. In the near future the European code for loads on bridges will become available in a green version. At that moment both the old NEN codes and the new European code can be used. Until the European code is available in a definite version this situation will continue. Engineers can, during this time period, choose between the codes. Some engineers may choose immediately to use the new European code because the fatigue load predictions are better, other engineers may choose to continue using the old NEN codes because they have experience with these old codes. Accepted: The framework is accepted by the IBA engineers and according to them the framework is widely accepted in the engineering profession. There is little evidence that the public or policy makers or engineers do not accept the framework. With regard to the design process for a bridge there are no signs that the framework is contested. The public seems to accept the bridges that are built. There have not been any recent disasters with bridges in the Netherlands, so there is little reason for the public to doubt the framework. The Van Brienenoordbrug case is an example of problems caused by using the NEN

120

Design of a bridge codes but the fatigue cracks were found and repaired before an accident happened (see section 6.3.2). Observed: The framework is observed this observation is partly due to the fact that designs are checked before building permits are issued. The fact that observation of the building decree is legally required does not seem to be the only reason for engineers to observe the framework. The IBA engineers wanted to design a safe bridge, they feel responsible for this and were convinced that observing the framework is a good way to design a safe bridge. The regulative framework meets most of the requirements, at least partly, but not completely. So this regulative framework approaches a normative framework, but, sensus strictus, it is not a normative framework. This framework is contrary to the regulative framework pertaining to cars and the regulative framework pertaining to piping and equipment design, at least with regard to bridge design widely accepted. There will be some problems because the framework will be ambiguous once a green version of the European code is available, but this will only be temporary. The framework will not be pragmatically complete until some guidelines on misuse of structures are included.

6.6 Acknowledgements I would like to thank the architect Wim Quist and the engineers at IBA for their co-operation during the case-study.

121

7 Design of a lightweight trailer Engineer: I can’t really think of any ethical issues related to trucks and trailers, they are not murder weapons. I know cyclists get killed by trucks but….yeah well that has nothing to do with ethics. The engineer above relates ethics to murdering people. According to him ethical issues are involved when designing products that (are intended to) kill people. He acknowledges that some people die in traffic because of accidents involving trucks but, as he indicates, a truck is not a murder weapon and thus there are no ethical issues involved in truck and trailer design. In the Netherlands each year more people are killed in accidents involving a truck than are murdered by someone using a firearm (numbers from Dutch Statistical Database (CBS) [statline, 2003] and SWOV (Dutch Society for Scientific Research on Traffic safety) [www.swov.nl] and [Van Kampen, 2003]). The difference is that truck drivers usually do not intend to kill other road users but the construction and mass of a truck give other road users little chance of surviving an accident involving a collision with a truck. So even if ethics is limited to designs, that due to design features, can kill someone then the designing of trucks includes ethical issues. The design process that is the focus of this chapter is a preliminary design process for a trailer. The design problem will be introduced in the first section. The way in which decisions are made is described in the second section. In this case the design process was performed for a customer. The focus of the third section is on the safety of the trailer. This section is quite elaborate because a lot of information is necessary to understand how the engineers define safety and why they define it in such a way. The engineers do not feel responsible for traffic safety. In this case a clear ascription of responsibilities by engineers can be seen, as will be shown in section 7.4. The government, the driver or the customer should be responsible for traffic safety according to the engineers. A summary of the results is given in section 7.5. In contrast to the other chapters, this chapter will not include a separate section on sustainability. In my opinion such a section would not add anything new to what has been said in other cases. Sustainability is again not deemed important (see chapter 5 and 6). So although they designed a lightweight truck the engineers and customer thought this had little to do with sustainability. The problems concerning sustainability and lightweight technologies, such as the difficulties encountered when recycling lightweight materials are discussed more thoroughly in chapter 4.

123

Ethical issues in engineering design 7.1 A lightweight truck trailer A customer owning a small company, called Ruflo, that focuses on innovations within trailer design asked an engineering design team from another company to make a feasibility study and a preliminary design for a lightweight trailer for bulk transports of sand. The customer used to own a larger successful company that produces trailers. He sold that company and started the small company focusing on innovation and development. The customer had a lot of practical experience with producing aluminium trailers but he had little knowledge of composites and design methods or calculating methods like finite element modelling. The customer had always used trial and error in the past to design trailers. The engineering design team given the assignment was part of the Centre for Lightweight Structures (CLC) TUD-TNO. The CLC is a co-operative between TNO and Delft University of Technology. The TNO (Nederlandse Organisatie voor Toegepast Natuurwetenschappelijk Onderzoek, the Netherlands Organisation for Applied Scientific Research) is a research agency that supports companies, government bodies and public organizations. The TNO helps companies to innovate by translating scientific knowledge into practice [www.tno.nl]. The TNO is an intermediary between universities and companies or government bodies and public organizations. It is a commercial company but at least some of the projects are financed by the Dutch government through subsidies for innovation. CLC is part of TNO’s Industrial Technology division. CLC is housed in the same building as the department of Aerospace Engineering at Delft University of Technology, the Netherlands. About half of the engineers working for CLC have a masters’ degree in Aerospace Engineering. Within CLC there is considerable experience with the design of lightweight cooling trailers. As said before, the customer asked for a feasibility study and a preliminary design. He gave this assignment to two engineering companies. The customer would decide, when both studies and preliminary designs were ready, whether to go on with one of the proposals. The most important objective was to design a trailer that had significantly less mass without being a lot more expensive than a conventional trailer. Regulations specify maximum masses for loaded trailers. Lightweight trailers can therefore transport more load. Every tonne of mass saved in the structure of the trailer can be used to transported extra freight. The customer thought that a not too expensive, lightweight trailer, was possible if designed using glass fibre reinforced plastic i.e. composites. The preliminary design was ready when estimates about the mass and the costs of producing the trailer in different materials were made. The design process was stopped at this stage. One of the objectives of the process was to establish whether a lightweight trailer made of composite material could be

124

Design of a lightweight trailer produced. The term “produced” had different meanings for the customer and the engineers. The engineers specified a way in which the trailer could be produced and calculated the material costs to estimate the costs. The customer expected that CLC would contact companies about producing, for example, the side panels and the floor. For him a trailer is producible once he knows that companies will produce the parts he needs for a reasonable price. These differences regarding the meaning of “producible” may have contributed to the customer’s decision to stop the design process after the preliminary design phase. Transport in Europe is a highly competitive business; profit margins are small. Every tonne of freight that can be transported extra increases a company’s profit margins. The motivation to have a lightweight trailer is mostly economic. Lighter trailers use less fuel if driven empty and can transport more load before exceeding loading regulations. The total mass bearing on the axles of a truck and trailer is limited to 9 tonnes and the total mass of a truck, trailer and load combination is also regulated by national laws. The mass of the total combination is not allowed to exceed 44 tonnes in the Netherlands, in Germany it is 40 tonnes.1 In a few years these national laws will be substituted by a European law. The maximum mass permitted for truck, trailer and load will be around 40 tonnes. A mass reduction of 1000 kg for the physical trailer means that an additional 1000 kg of freight can be transported. The motivation for lightweight design is therefore not to obtain a more sustainable trailer but to transport more load. The lightweight trailer had to be designed for use behind conventional European trucks. The truck-trailer configuration would stay more or less the same. The trailer had to comply with existing regulations for traffic, and it was expected to include a new unloading system leading to some changes in the normal configuration of the trailer. The materials that the engineers proposed have not yet been widely used in trailer production. The CLC has designed a cooling trailer using composites. However, a cooling trailer has a roof, whereas trailers for bulk load such as sand and agricultural products do not have a roof. Having a roof closes the perimeter and provides for a torsionally stiff box, so having no roof is very important for stiffness calculations. The normal configuration of a bulk transport trailer was changed to include a new unloading —————————————————————————————————— 1

The maximum total loads of truck and trailer combinations and axles loading are based on information obtained from the engineers and the customer. In a version of the Dutch “voertuigreglement”, I found a maximum of 10 tonnes on axles [voertuigreglement, 2005]. This difference is probably due to harmonization in the European Union. The maximum load on axles and the maximum total load of truck trailer combinations will eventually become the same throughout Europe. The engineers and customer possibly anticipate the lower, harmonized, masses that will eventually be enforced.

125

Ethical issues in engineering design system and “new” materials were used to built it. Therefore I considered this design process to be radical. The design hierarchy is somewhere middle level. As said before, the trailer should be part of a conventional truck and trailer couple. The preliminary design of the trailer was therefore a middle level design, it is a product in its own right but it has to be used with another existing product, the truck. The design methods used by CLC are not widely used in trailer design. There are trailer producing companies that use these techniques but most small trailer producers build trailers using experience. If an aluminium panel of 5 mm suffices then perhaps next time a trailer producer will try a 4.5 mm thick panel.

7.2 “The customer is always right” The customer has an important role in the decision making process. The customer’s role will be outlined in this section. This will be followed by a description of the decision making process that took place between the engineers when the customer was absent. The customer had decided that he wanted a lightweight, preferably composite trailer for his new unloading floor system. The customer had developed a new loading/unloading system. This system makes it possible to load pallets or bulk material in the same trailer. Flexibility in what load to transport reduces the number of kilometres driven with an empty trailer. To get an idea of the loading/unloading system that had to be incorporated in the trailer see figures 7.1a and 7.1b).2 It can be argued that it is more economical and perhaps even more sustainable, if trailers are always driven with a load on board instead of driving from A to B with a load and back to A empty.

—————————————————————————————————— 2

Both figures are only meant to show the loading system, the trailer itself was not designed when these drawings were made. The eventual trailer might look quite different from these drawings but the loading/unloading system showed here will be part of the trailer. The pictures are taken from a promotional booklet and are reprinted here with the customer’s consent.

126

Design of a lightweight trailer

Figure 7.1 a and b: Loading and unloading a bulk load. Goods on pallets are loaded from the door at the back. The floor slides to the front with the pallets on it [pictures courtesy of Ruflo]. The requirements for the trailer were established in the first meeting. This was done in co-operation between customer and engineering company, where the customer decided what to incorporate in the design requirements. The engineers introduced ideas and arguments about what requirements to include. The customer decided to follow the engineers’ ideas if he was convinced they were workable. According to the engineers the customer had to decide what the requirements would be because the customer would pay for the project. However, this view is a bit simplistic: the customer came to the engineering company for

127

Ethical issues in engineering design advice and he had to pay for that, hence, the customer expected input from the engineers. The requirements were listed in a table. Most of the requirements were specific and measurable, for example the maximum mass of the trailer was to be 5000 kg, the inside volume of the trailer should be 2.47*2.75*13.67 m3, the trailer lifetime was specified etc. Some of the requirements related to the environment in which the trailer would be used. For example, pebbles or branches can scratch or dent a trailer and this should be prevented. One of the requirements concerned price and another requirement concerned sustainability, the trailer was required to be aerodynamic if possible. This aerodynamic requirement was given no attention during the preliminary design process. The requirements also included some regulations about the maximum heights of truck and trailer combinations, the installation of safety guardrails and the structure of the rear bumper [voertuigreglement, 2005]. The maximum height of trucks and trailers is regulated to prevent damage to tunnels and bridges. A truck and trailer combination that is too high might get stuck in a tunnel or under a bridge causing damage to the tunnel or bridge. The safety guardrails on the side of a trailer between the wheels and kingpin are intended to prevent cyclists from going under the wheels of a trailer. According to current regulation, two small beams are deemed sufficient for safety purposes. The customer indicated that transportation companies and trailer producers do not always live by the rules. Sometimes trailers are loaded too high, exceeding the maximum allowable mass. There are weighing bridges to control the total mass of the truck, trailer and load combinations and in some roads systems are incorporated to weigh the mass of passing truck and trailer combinations. Drivers driving too heavy trucks can be fined. Trailer producing companies sometimes make trailers that are officially too high, for example the trailer is 4,15 m while only 4 m is allowed [voertuigreglement, 2005]. This is due to the fact that containers for aircraft use are 3 m high so the trailer’s inside height should be just over 3 m to transport these containers. The kingpin, the point where the trailer is combined with the truck is at 1,15 m so the total height of a truck and trailer combination can be 4,15 m. Before trucks and trailers are allowed on the road they have to be certified by the Rijksdienstwegverkeer (governmental road traffic agency). The height is checked but there are tricks that can be used like lowering tire pressure to make the trailer slightly lower. So it seems it is possible to get certification for a truck that will be too high when used on the road. In some countries, for example Switzerland, regulation is very strict and controls are

128

Design of a lightweight trailer set in place so drivers will not use trailers that are too high because they face high fines and it is very likely that they will get caught.3 After the requirements had been established the engineers started to generate concepts. Most of the work was done by two engineers. One engineer acted as the project leader, she had a master’s degree in Aerospace Engineering and about 5 years of experience with designing lightweight structures. Another engineer did the finite element modelling. He also had a master’s degree in Aerospace Engineering followed by a two year designing course and about 7 years of experience with designing lightweight structures. His speciality was finite element modelling.4 CLC is a flat organization; an employee can be the project leader for one project while participating in other projects. There is one person who coordinates the employees and another whose main task is the acquisition of projects, although every employee should try to obtain projects. The main design team for the trailer consisted only of the two engineers previously described but they consulted with other engineers when they needed their expertise. Two engineers were regularly involved, one an expert on structural design with fibre reinforced plastics, working in the same room as the project finite element specialist, gave advice during the design process; and one engineer who had a lot of experience with trailer design was regularly asked for his opinion. The atmosphere at the department in the engineering company was open. Liz was as project leader responsible for the planning of the project and the communication with the customer. Hans was responsible for the finite element models and calculations. In the beginning Hans was rather passive and wanted to be directed. However, further on in the design process this became less the case. Hans’ passivity at the beginning of the project was probably due to the fact that he had other projects for which he had to do a lot of work. The division of responsibilities and tasks was not static. What should be done and who should do it was discussed during the process. When certain data should be gathered or certain calculations made there was always some active assigning of tasks. This was done almost casually as the quotes, taken from several discussions, indicate. Hans talking to Liz about preparing the customer for the limited applicability of the finite element model: ‘You have to prepare the —————————————————————————————————— 3

Switzerland has a lot of long tunnels which add additional danger if a truck trailer combination gets stuck in one, and of course it will cause serious delays while the truck and trailer combination is extracted from the tunnel. 4 From this point on I will use the name “Liz” for the project leader and the name “Hans” for the Finite Element Modeling engineer, “Theo” is used for the roommate who is an expert on structural design with fibre reinforced plastics.

129

Ethical issues in engineering design customer, so that he understands that we will only make a sketchy model. If he wants us to calculate the dimensions more precisely, he will need a new more refined model.’ Hans asks Liz what he is responsible for: ‘You are responsible for the strength calculations, I only calculate the stiffnesses?’ Liz: ‘I think that this is really a part of reporting to the customer.' When the engineers were working together and trying to decide what to do and what option would “work” a number of different ways were used to reach a decision. Liz and Hans and the other engineers that were sometimes involved tried to convince each other. They tried to reach a kind of consensus, although they did not always do this explicitly. Sometimes there was no separate step of convincing the other(s) because the scenario was sketched as a team. This occurred, for example when Liz and Hans were looking at the finite element model and were thinking about changing the thickness of some materials and what the influence would be on the total deformation of the trailer under a certain load. There were also situations in which one of the engineers had already made a scenario or had an idea about what to do. Usually this engineer tried to convince the other(s) that his or her idea was sound. The other engineers could be convinced or they could disagree. If agreement was reached discussion on the topic was only started again when new information made this necessary. If there was still disagreement then the one responsible for the decision decided what was to be done, in this case Liz. The other engineer(s) could then close the discussion with words like “We will see what happens”. The discussion on the topic was not closed if disagreement remained even though a decision had been made. The discussion could be started again at any time. In another project performed simultaneously with this trailer design process at the engineering company, I observed that there was another way of making decisions if tasks were divided in a way that every engineer was responsible for certain parts of the design. The one who was responsible for designing a part decided. This could make discussion on the contents of decisions superfluous, but was not necessarily so. The engineers liked to test their ideas against colleagues, so an engineer might start a discussion on a topic he or she was responsible for. When there was a meeting between the engineering company and the customer, they chose to sit on opposite sites of the table, engineers from the engineering company on one side and the customer and his advising engineer on the other side. In such meetings the CLC engineers all seemed to defend one idea, there seemed to be no disagreement among the CLC engineers. During

130

Design of a lightweight trailer such a meeting, an engineer proposed including a hatch somewhere in the trailer so spare parts could be put away behind the hatch. That same engineer had indicated, in a discussion between the CLC engineers, that he did not like hatches in structural parts bearing loads and above that “a hatch might be used by illegal immigrants to cross borders unseen”. There were about four meetings between the engineering company and the customer. Liz made the presentations for those meetings. The options for certain parts were sketched in those presentations. For example, in the first meeting after the requirements meeting, the presentation featured three different options to get the design stiff enough. In a normal trailer design aluminium or steel beams are used under the trailer floor to provide stiffness. This structure of steel or aluminium beams under the floor of a trailer is usually called the chassis. In this case this had to be solved in another way, using different materials and designs. There were three options, one making a kind of beam from composites and two involving “torsionboxes” underneath the floor. These options were sketched, then the advantages and disadvantages were listed and the customer could decide between them. Liz preferred one of the torsionbox options. That was the option the customer chose. Later on in the design process the customer indicated that the “torsionbox chassis” might be too exotic. He said that transportation companies might not be interested in a design that was completely different from that which they are familiar with. The customer thought that transportation companies and truck drivers were generally quite conservative. In later presentations different materials for the side panels and the floor were proposed with subsequent estimated costs and masses and strains in the material during the calculated load scenarios. The format was similar in all meetings. Liz or Hans presented some options or some finite element calculations followed by a discussion. The customer indicated what his preferences were during these meetings. Some of his preferences seemed biased. For example, including wood and steel were not an option because he claimed that ‘wood is an old fashion material and steel will always rust’. According to the engineers, using steel could make the trailer lightweight. Although this could indeed cause problems with corrosion, corrosion can be prevented with a coating. The decisions that were taken during the meetings were recapitulated at the end so everyone knew what was to be done next.

7.3 Safe in what sense? Traffic safety was not often mentioned by the engineers in discussions. In one discussion on the different designs of the chassis, it was mentioned that safety

131

Ethical issues in engineering design guardrails to protect cyclists could be integrated in one option. In the finite element models and load scenarios safety factors were mentioned but these were related only to structural reliability. However, safety aspects concerning trailers are much broader than those concerning structural reliability. Accidents in traffic are common, and in the Netherlands about 13 % of them involve trucks. Nowadays the concept of crash compatibility is becoming increasingly important. In crashes between different vehicles the masses, stiffness and height of vehicles may be different leading to severe injury to occupants in one of the vehicles and little or no injuries to occupants of the other. For example, a truck is very heavy, this cannot easily be changed. A truck is, however, usually constructed in such a way that when crashing against a car the truck will not deform. A car can go under the truck thereby decapitating or seriously injuring the driver and passengers (see figure 7.2). Note that the ground clearance of a trailer is about 1,15 m, therefore most of the bonnet and a large part of the safety cage of a car can skid underneath a trailer. The possibility of a car skidding under a truck or trailer during a crash can be reduced by changing truck and trailer design.

Figure 7.2: Truck and trailer. This is a trailer without cyclists safety guardrails to illustrate the point that cars and cyclists can get under a trailer. Legislation requires that between the three wheels at the back and the one in front there are two beams to prevent cyclists and pedestrians from getting under the trailer [picture courtesy of Piet Knapen]. Cyclists can go under the wheels of trailers when a truck turns, especially in city traffic truck drivers sometimes overlook a cyclist when turning. The government requires trucks to have blind spot mirrors and safety guardrails installed. This should prevent such accidents but the blind spot mirrors are not always correctly installed and the safety guardrails do not shield bicyclists and pedestrians completely from the wheels. Guardrails and blind spot mirror are added to a trailer when it is finished. It is possible to prevent cars going under

132

Design of a lightweight trailer trucks or trailers in crashes. These prevention measures can be added to the trailer structure but they can also be incorporated in the design of trailer structure. Regulation on precautions to prevent cars from going under trucks is being prepared in the European Union and will come into force in the next few years. It is, however, possible to incorporate some precautions in present day designs. In one of the meetings the engineer/salesperson from the engineering company mentioned a trailer (called Safeliner) built by Krone that is constructed in a way such that cars cannot go under the trailer in a crash. In the same Krone design the sides of the trucks are completely covered to prevent cyclists and pedestrians from being drawn under the wheels during an accident. In the Safeliner design, traffic safety features are incorporated in the structure and not added at the end of the design [www.krone.de]. The customer thought that a Safeliner would be very expensive. The engineers in this case equated a safe trailer with a structurally reliable trailer without paying any attention to traffic safety. This was partly due to the customer. The customer said in an interview that he thought that traffic safety was very relevant and that it was part of the image of the trailer. His idea was to completely cover the sides, but this cover was not something he considered to be part of the structure. Therefore he had not incorporated this need into the requirements for the structure. For the customer the side covering and underrun protection were part of the image of the trailer and something you add to the structural design of the trailer after it has been designed. In the Safeliner the side covering is part of the structure.

7.3.1 Structural reliability According to Liz and Hans, a safe trailer was a structurally reliable trailer that manoeuvres well. There are different aspects to structural reliability. The strength of the trailer is important to prevent sudden failure of the trailer in the case of an extreme loading. In some parts of a trailer fatigue can be a problem. The stiffness of the floor and side panels should prevent extreme bending and deflection. The resistance against rotation called torsional stiffness influences driving and manoeuvre possibilities (cf. [Gere and Timoshenko, 1995, 162]). The stiffness of the floor of the trailer was important because it should be level for the unloading system to work and should not feel unstable when a heavy driver walks through the empty trailer. A trailer will also not look reliable if the floor or side panels are too flexible. The engineers called this requirement for stability an optical requirement, the trailer should look reliable. This optical requirement was given a value by stating in the design requirements that the

133

Ethical issues in engineering design floor should not deflect more than 20 mm. This specification is commonly used for trailer designs within the engineering company. Torsional stiffness is a subjective requirement according to Liz. Some drivers like a very stiff trailer because they prefer the manoeuvrability of a stiff trailer, other drivers prefer a less stiff trailer also because they like its manoeuvrability. There was some discussion as to whether the design problem would be stiffness or strength dominated. By this the engineers meant that one of the features would in the end determine thicknesses of the materials used for the trailer. With some design problems the strength requirements are so strict that the strength requirements will determine the thickness dimensions. In other design problems the stiffness requirements are so strict that these dominate the design and material thicknesses. Based on their engineering judgement, the engineers decided that the trailer should probably be stiffness dominated. Connected to this issue is the fact that local strength has to be calculated once all the design details are known. Sharp corners and connections can have a large influence on the local strength because such points can lead to stress concentrations. A structure that is strong and stiff enough overall may still need some reinforcement of places with stress concentrations. These reinforcements have to be designed in the detail design. In the feasibility study and preliminary design only the overall strength of the trailer was taken into account. Places for which detailed strength calculations would have to be made were identified in the preliminary design. Load scenarios and allowable stresses or strains (stresses in metal components and strains in composite components) were used to calculate the material thicknesses for a stiff and strong enough design.5 Calculating allowable strains and load scenarios both involve engineers having to make choices. If an engineer overestimates the allowable strains or underestimates the load scenarios then a trailer may fail during normal use. Allowable strains There are different kinds of allowable strains or stresses, some are meant to give a maximum for permanent loads, others for certain peak loads. Maximum strains are used for composites, these strains included a safety factor of 1.5 because composites are non-homogeneous materials. During the production of —————————————————————————————————— 5

In homogenous materials like metals allowable stresses are used because stresses are continuous through a section. In non-homogenous materials like composites the stresses differ in the different layers. In these cases allowable strains are used because the strains are continuous through a section. Note that stress is defined as the intensity of force that is the force per unit area and that strain is defined as the elongation per unit length [Gere and Timoshenko 1995, 4-5].

134

Design of a lightweight trailer composites, especially in the steps in which the fibres are woven and combined with the resins, flaws may be introduced that will weaken the composite. With composites, moisture and temperature can sometimes degrade the mechanical properties of the material over time; therefore these influences need to be accounted for in a conversion factor. Different organisations have formulated different allowable strains for composites using different conversion factors. Hans had considerable experience with projects for yacht designs and there the maximum allowable strains defined by Lloyd’s Register are used. Liz had just finished a project in which she had used maximum strains defined by the CLC together with the Rijkswaterstaat and a Research centre for civil engineering in the Netherlands (CUR). In this project they used values taken from the literature and from tests designed to define the lower boundaries of mechanical properties of composites produced using different production methods. A choice had to be made between the different available maximum strains, i.e. whether to choose those detailed by the Lloyd’s Register or those provided by the CLC, Rijkswaterstaat and CUR. Hans: ‘Lloyd’s indicates that you can allow 0,25% strain.’ Liz: ‘0.25%? Theo said that you could allow 1,2% strain but then you need some safety factors.’ Hans: ‘You can allow 1% strain under compression and tension. Well, in fact you can allow a bit more under tension than under compression but when you take the same strength for compression then you can allow 1,0 % with a safety factor of 4 so that makes 0,25% maximum strain.’ Liz: ‘That’s conservative because Theo got to 1,2 % with a safety factor of 3.’ Liz had no previous experience with the Lloyd’s data. She did not know what was accounted for in these allowable strains and what was not. She therefore preferred to use the allowable strains from the CLC, Rijkswaterstaat and CUR. In one of the presentations for the customer the maximum allowable strain indicated on the slide was 0,35%. Load scenarios Load scenarios are necessary to help engineers calculate minimum material thickness. Load scenarios are descriptions of what might happen, including the forces that will be exerted on the trailer, when it is used. If the load scenarios lead to strains higher than the allowable strains then the material thickness should be increased or another material must be chosen. Usually there are scenarios for normal use, for example a trailer making a turn while carrying a load of sand.

135

Ethical issues in engineering design There are also load scenarios for strength calculations for the more extreme situations that might occur, such as a fully loaded trailer driving too fast over a pothole. In this design process the load scenarios were not known. Liz had experience with designing trailers but this was her first assignment to design a trailer without a roof that could be loaded with sand. The engineers did not know how the sand would behave when the trailer turned a corner. The sand might, for example, shift and push, with its total mass behind it against the side panels. The engineers could refer to previous projects for some load scenarios, but at the start of the design project Liz and Hans tried to reason out what the loads would be using educated guesses and an aerospace engineering method. An example of an educated guess is that Liz thought that the torsional stiffness of the trailer should be somewhat higher than that of an existing aluminium trailer. At the time of the design period there were problems with aluminium trailers, with the welds used to connect the side panels to the front panel. Fractures in these structures were probably being caused by movement and displacement of the side panels causing extreme stresses in the welds. A more torsional stiff trailer or a more flexible connection between the front and side panels would solve this problem. The aerospace engineering method included the following ideas: calculations were done using limit and ultimate load. In aerospace engineering limit load is a load that the structure will experience with a certain chance during its lifetime. A limit load may lead to some elastic deformation but never to permanent damage. An ultimate load scenario was used for strength calculations. An ultimate load is a load that may damage a plane and lead to permanent (plastic) deformation but will still allow the plane to land in reasonable safety. As a design rule the ultimate load is 1.5 times the limit load. This 1.5 is called the safety factor. This aerospace engineering method was combined with a dynamic factor common in automotive engineering. This dynamic factor was used to account for extra forces on the trailer, when for example, a pothole is encountered. This dynamic factor was 2.6 The ultimate load was then 3g (1,5*2g) times the mass of the cargo in which g is the gravitational constant. According to Liz, trailer producers use a total factor of 3, as established for a previous trailer project. All calculations were done using a maximum mass of 32 tonnes of sand and a maximum mass of 9 tonnes on the axles. This maximum load for the sand was calculated taking into account the allowed maximum total mass of 44 tonnes for a truck, trailer and load combination. The trailer will have a mass of about 5.5 —————————————————————————————————— 6

It is indeed mentioned in a handbook that a dynamic factor to account for rough roads should be included but there a factor of 3 is proposed [Fenton, 1996 , 44].

136

Design of a lightweight trailer tonnes and the truck 6.5 tonnes, this leaves 44 - 5.5 -6.5 = 32 tonnes for the load to be transported. The load scenarios changed during the design process, and the trailer and the load scenarios appeared to be designed simultaneously. The load scenarios that were assumed in the first finite element calculations were the following. Load on the floor: 32 tonnes, dynamic factor 2 and safety factor 1,5 makes 32 tonnes x 3g Load on the floor and pressure on the side panels: floor 32 tonnes x 3g plus a hydrostatic pressure on the side panels of “density of the sand” x “the height” xg Turning a corner: as a trailer takes a corner the pile of sand is subjected to a gravitational field of 32 tonnes x 3g on floor and 32 tonnes x 3g on the side panel Using these load scenarios, calculations were made using the finite element model. These calculations led to surprising results: the pressure on the side panels would lead to a 40 cm of displacement if carrying sand! Turning a corner would lead to a displacement of 5 m in the side panels. Liz and Hans concluded that the load scenarios were not realistic and too severe. Hans: ‘The design problem will succeed or fail with these load scenarios. Could we not use the same load scenarios as the customer used when designing an aluminium trailer?’ Liz: ‘That’s the problem. They are not able to deliver load scenarios. We will use the ones we have used in other projects.’ Hans: ‘There have been load scenarios made for other projects, but we have to know what the customer does with his aluminium trailer. If you want to be smart you have to change the load scenarios, otherwise we will not get the 10% mass reduction.’ Liz: ‘But the customer cannot give me any load scenarios, not even for the aluminium trailer they produce now.’ Hans: ‘The risk is that the customer built the aluminium trailer based on experience. He has learnt that he can reduce the material thickness because it doesn’t fail. This also happened in a yacht building project. The load scenarios that we have used for our calculations are much too severe, this will lead to extra mass in the design. We can say that the material is necessary because we have calculated that there is a need, but probably having used too severe load scenarios.’ Liz: ‘We could find out what our concept does in comparison with the strength and stiffness of the existing aluminium trailer.’

137

Ethical issues in engineering design Hans: ‘Then you should do both calculations. Make the calculations for their aluminium trailer and for our concept and compare them.’ The displacement of the floor was 34,5 mm, which was too much according to the engineers’ self imposed requirement for a maximum of 20 mm. A discussion was started as to whether this should be local bending of the floor or the total displacement of the floor with regard to the initial unloaded situation. At the end of this discussion it was decided that the safety factor of 1,5 should not be included. The safety factor was used to get from limit to ultimate load and the engineers seemed to change their minds about what load to use in the load scenarios. At first the engineers calculated the displacement of the floor using ultimate load and then they decided to use limit load. They argued that the displacement is one of the stiffness requirements and these should always be calculated using limit load. According to Liz and Hans a structure is allowed to fail to a certain extent at ultimate load, so ultimate load is way too severe for a stiffness requirement. The use of limit instead of ultimate load reduced the displacement of the floor to 34,5 : 1,5= 23 mm (calculations were linear elastic), which was much closer to the required maximum of 20 mm. The safety factor, 1,5, was also removed from the load scenario for turning a corner, but the displacement of the side panels remained more than 1 m. Subsequently, the dynamic factor (2) was also removed from the scenario but the displacement remained at about a meter. Liz and Hans started to doubt whether it was realistic to assume that the complete load of sand will push against the side panel. After the discussions the load scenarios were changed to the following. Load on the floor: 32 tonnes, dynamic factor 2 makes 32 tonnes x 2g Load on the floor and pressure on the side panels: floor 32 tonnes x 2g and hydrostatic pressure on the side panels “density of the sand” x “the height” x g Turning a corner: during turning a corner the pile of sand is within a gravitational field, 32 tonnes x 1g on the floor and on the side panel Torsion: a torsion moment of 1 Nmm will be used As can be seen in the previous quote Liz and Hans also decided to make a finite element model of the existing aluminium trailer for comparison. These above load scenarios were used to calculate the displacements in the finite element models of the existing aluminium trailer and for the concept composite trailer. The load scenario turning a corner still led to extreme displacements of the side panels, 290 mm in the aluminium trailer and 770 mm in the concept trailer. The engineers started thinking about whether the trailer would roll over when the

138

Design of a lightweight trailer load pushed completely against one side of a trailer. The scenario load on the floor and pressure on the side panels led to 60 mm displacement of the side panels in the aluminium trailer. This displacement would probably be visible when a trailer was being loaded. A trailer might look unstable when being loaded and turning corners because of the visible displacement of the side panels. Looking at the results Liz and Hans concluded that the stresses in the side panels were low enough so there was no strength problem only a stiffness problem. To check whether the load scenarios were realistic Liz asked the customer whether he had ever seen any displacement in the side panels of an aluminium trailer when the trailer was fully loaded. The customer said that he saw no displacement in the side panels of the aluminium trailer. Liz thought that this might be due to the fact that there was no hydrostatic pressure from the sand on the side panels. The internal friction of the sand might prevent the pile of sand from completely sliding to the side panel. Because both Liz and Hans had no experience with calculations concerning internal friction in a pile of sand, and the time they had for this preliminary design was limited, the decision was made that the side panels should have the same stiffness as the side panels of the existing aluminium trailer. So they decided to skip the load on the floor and pressure on the side panels scenario completely. Instead of this they calculated the stiffness of the side panels of the existing aluminium trailer and designed the composite trailer side panels to have similar stiffness. The customer indicated that he had seen no displacement of the side panels in an aluminium trailer as it turned corners. The calculation using the load scenario given above led to 290 mm displacement in the side panels in an aluminium trailer. If this really happened then it would be visible. Liz and Hans decided that a load scenario where the complete load of sand pushed against the side panel in a corner was too severe. They decided to use a load scenario used in a previous project for turning a corner. This load scenario was used for hand calculations. Only two loading scenarios remained for the finite element modelling calculations: Load on the floor: 32 tonne, dynamic factor 2 makes 32 tonne x 2g Torsion: a torsion moment of 1 Nmm will be used Turning a corner: this will not be calculated using FEM but “by hand” Braking: this will not be calculated using FEM but “by hand” As described above the other scenarios were not realistic according to the engineers. One of the scenarios was discarded as irrelevant, i.e. load on the floor and pressure on the side panels. One of the scenarios was calculated differently,

139

Ethical issues in engineering design i.e. turning a corner. One scenario had been changed, i.e. load on the floor. One scenario, torsion, was not changed, but this is not really a load scenario. A load scenario is meant to be used to describe what loads can be expected. To determine torsional stiffness one unit torsion is placed on a model. When the two scenarios, mentioned before, were introduced in the finite element model, the maximum displacement of the floor was 33 mm.7 Liz and Hans reasoned that this displacement was calculated using 2g so the displacement would only be 16,5 mm if the trailer is at rest. This was actually within the requirement of maximum 20 mm but Liz preferred a larger margin. Hans: ‘In fact, let’s look at the relative displacements. Because I think that that is what is important, and it is probably a lot less. This is really the bending of the floor. You see the yellow part is not 0.’ Liz: ‘Yellow is 6.’ Hans: ‘It is 7, the displacement ranges from 7 to 33 mm so the bending 33-7=26 divided by 2. The bending is 13 mm by 1g.’ From this quote it can be seen that Liz and Hans decided the bending over the largest span should be less than 20 mm not the total overall displacement. The bending over the largest span was 13 mm. The bending was therefore well within the requirement. The stresses and strains within the materials were lower than the allowable stresses and strains and therefore the concept composite trailer was stiff and strong enough. Liz and Hans had also calculated very quickly whether a heavy driver walking through the trailer would cause the trailer to bend too much. To calculate this they considered a mass of 200 kg on a surface of 20 cm2, this should simulate a heavy weight driver standing on one foot. The strains in the floor were found to be below allowable strains and the driver would not have the feeling that the floor was saggy. The load scenarios turning a corner and braking were calculated by hand, not using finite element modelling.8 Load scenarios were still needed to make the braking and turning corners calculations. Estimations of the mass and acceleration during braking and turning a corner were necessary. The engineers —————————————————————————————————— 7

Notice that this is different from the 23 mm that the engineers attained before but the material thicknesses had also changed. As I indicated before, material thicknesses and properties were changed simultaneously with the load scenarios. 8 These calculations are called “hand calculations” but for most calculations a computer program (Mathlab) is used to solve the equations. This computer program is widely used throughout the engineering world for analytical and numerical calculations. The difference with the finite element program is that finite element calculations are always numerical solutions, and that, to perform such calculations a model of the product or part needs to be made. It is not necessary to make a model when using Mathlab.

140

Design of a lightweight trailer used results from a previous project to estimate the mass and the acceleration. Hans had a lot of trouble reconstructing what had been done in the previous project. There were some typing flaws in numbers of the report. This made the reconstruction of what loads were added to which other loads very difficult, for example the loads exerted by driving straight always seemed to be added to the other loads such as those for braking or turning a corner. In the finite element calculations the complete trailer was modelled and the load they used for calculating was the load of the sand. The by hand calculations begin with the axle loads which was 9 tonnes as defined by regulations. Acceleration figures were taken from a report of a previous project. The engineers tried to compare the geometry of the trailer near the axles with standard geometries used to calculate stresses and strains. For example, the moment of inertia of a certain configuration was calculated by using standard geometries from a handbook. In these calculations the engineers tried to decide what the material thickness and the orientation of the fibres in the composites should be to get the strains below the allowable strains for composites and the stresses below allowable stresses for the aluminium parts. The engineers discussed how far the strains should be under the allowable strains because holes need to be drilled in some of the load bearing structures to connect them with other parts. Such holes lead to stress or strain concentrations that are difficult to predict in composites. The strains were required to be well below the allowable strains to allow for the strain concentrations round the holes.

7.3.2 Misuse and overloading The customer told some stories about misuse of the trailers in the meetings. During transportation it is not uncommon for some trailers to be overloaded, thus a load for the composite trailer might be much more than 32 tonnes allowed in the design. As said before a truck and trailer combinations can be subjected to spot checks and weighed but this does not always happen and drivers can deliberately or unintentionally load a trailer with more than 32 tonnes. The customer said that his former company had had a verdict from court in which it was stated that a trailer producer should know that trailers are commonly overloaded in use and that they should account for this in the design of a trailer. It was not clear how much extra load should be included in the design. The engineers had calculated a 32 tonnes load, but the customer indicated that the load could sometimes be as high as 40 tonnes. Neither the customer nor the engineers changed the requirements or suggested making calculations for a trailer carrying more than 32 tonnes. In my interview with her, Liz said that it was not obvious to her that she should account for overloading of the trailer in the design. She had not noticed the remarks on overloading. Further, the

141

Ethical issues in engineering design requirements stated that 32 tonnes of sand would be carried, an allowance for overloading was not required. Liz and Hans said that if a trailer was consequently overloaded and a driver drove too fast such actions would take out a part of the safety margins designed into the trailer. Therefore, overloading would reduce the safety margin. Hans wondered in his interview whose responsibility it was to decide to include overloading. Hans drew the conclusion that the customer should do this and change his requirements. Hans and Liz indicated that the customer knew more about use and misuse of trailers than they did and therefore the customer should include this in his requirements if necessary. Liz also indicated that overloading would not really cause problems as the design was stiffness dominated. Hence, the strength of the trailer was sufficient to withstand the overloading, the floor will displace more than with a load of 32 tonnes but this will not cause failure of the trailer. Another possible problem might be that misuse with regard to the use of the rods in the trailer might occur. As said before the trailer had no roof. The absence of a roof can make a trailer unstable when loaded. The load pushes against the side panels which are only fixed on the floor. The side panels can deflect outwards as sketched in figure 7.3.

Figure 7.3: sketch of trailer loaded with sand and rods open To prevent this, three rods were inserted at the upper side between the side panels. These rods will stay in place most of the time during use but need to be removed before loading a trailer with long materials, once loaded the trailer rods need to be reinserted.9 While discussing misuse of trailers, Hans asked the customer whether the rods are always inserted. Failing to insert the rods will compromise the stiffness of the total trailer. The side panels can move independently. The customer answered that he had not often seen rods left out —————————————————————————————————— 9

The trailer was designed to be loaded from above and the rods are in the way when loading long materials.

142

Design of a lightweight trailer after loading, although he knew that some drivers transporting sugar beets sometimes load too much and cannot reinsert the rods. According to the customer you can see the side panels move when this happens. He also said that his customers are informed not to use his trailers in this way. The extreme scenario of a trailer loaded with more than 40 tonnes of sugar beets without closed rods turning a corner while driving fast may cause the strains in the material to exceed those that are allowed and calculated in the safety margins.

7.4 Ascribing responsibilities During the interviews and the discussion after my presentation some implicit ideas about the responsibilities of the different involved stakeholders were made explicit (see section 1.2 and 3.3). The contract terms from the TNO waive all legal liability for the use of results from TNO research to the customer(s). Only in cases of fraud or severe negligence can the TNO be held liable for problems caused by the application of their research results. So persons affected by products designed using results from the TNO cannot easily turn to the TNO for liability claims [TNO, 2003]. In accordance with this, the customer is ascribed the major part of the responsibility for the design process. The customer indicated in his interview that he felt responsible for providing all the relevant information to the engineers. This could be information about what he wanted but also about what problems he had encountered in previous designs. The engineers should then come up with a design according to what he wanted. The customer said that setting and adapting requirements was his responsibility. With regard to overloading he indicated that while testing the prototypes he would deliberately overload the trailer to test whether accidental and intentional overloading would cause problems. He thought of using a load of 39 tonnes and was considering testing the trailer to failure point. He also said that a 32 tonnes load is reasonably high for some European countries, for example in Switzerland or Germany 32 tonnes of sand will exceed the total mass allowed in these countries. Basically, the engineers thought that the customer had to decide what they should design. If the customer defined a very narrow design problem then the engineers had to stick to this narrow description of the problem. If the description of the design problem was widened to include more aspects, then they would include more aspects in the design process. The engineers came up with examples of design problems where they had looked at broader safety concerns than only structural reliability, for example when designing composite yachts. There a collision with another boat might cause a leak. Usually collisions did not lead to leaks but if thinner laminates are used this might happen. For the

143

Ethical issues in engineering design yachting case they could not research the problem or solve it within the budget of the project. They did, however, inform the customer about this possible problem. In the trailer case, the customer only wanted a lightweight trailer that would not be too expensive. Since, the customer was focused on the structure, this is what the engineers focused on. If the customer wanted a trailer that was safe in traffic then he should have indicated this in his requirements. In this case, traffic safety was not included in the requirements except for a short statement that the trailer should meet legal requirements. When asked in the interviews, the engineers told me that they would design a trailer that was too high according to the regulations if that is what the customer wanted. They said that as long as they thought that a design would be safe, safe here most of the time interpreted as structurally reliable, they would do what a customer asked them. Liz told me that she had had some doubts in another project where they had to design a trailer that was too high according to regulation. She was not the project manager for that project. She asked a representative from an organisation of transport businesses in the Netherlands whether it was common practice to design trailers higher than permitted by the regulations. The representative told her that that was indeed done regularly. Liz: ‘When you hear that they do that [produce trailers too high] all the time and that it is in one way or another possible to drive with these trailers,… well yes we designed a trailer that was 4,15 m high. But I did not completely agree with this.’ Hans said that they usually design according to regulations. If the customer wants a trailer that is too high, the customer has to specify this. Hans indicated that he would go against the regulations if asked to do so by a customer as long as he had the idea that the design was safe or structurally reliable. He also said that whether or not to go against the regulations depended on the product being designed. According to Hans this would not happen in airplane design because there the plane has to fulfil FAA criteria, otherwise it cannot be flown. A reason given by the engineers as to why the engineering company should not be responsible for including certain issues in the requirements in addition to what the customer wants is that they do not know what kind of problems there are with a product. An engineering company does projects for very different industries and products. They do not, and cannot, have in-depth knowledge of the problems encountered with such a variety of products during, production or in use. The customer has the experience and should know what can go wrong. Transportation companies come to the customer when something has gone wrong with a trailer. The customer knows how his customers (transportation companies and drivers) used or misused his products. According to the

144

Design of a lightweight trailer engineers, they should always ask whether a customer knows about problems with the production or use of their products. Sometimes the CLC engineers will have more experience with a product because of having made previous designs for similar products. In these cases the engineers mention problems encountered in earlier design projects. However, the customer is responsible for the requirements and should indicate what problems might arise in use and misuse situations. In this case-study, the customer had indicated that overloading might occur but he never changed the requirements. The engineers thought that changing the requirements to include overloading was the customer’s responsibility. The engineers did not know whether overloading caused problems for the customer. So although overloading was mentioned on occasions, the requirements were not changed because the engineers expected the customer to change the requirements if necessary. The customer did not change the requirements to include overloading because he preferred to test a prototype to breaking point. The engineers would only incorporate the legal requirements on traffic safety in a further phase of the design process. The customer thought that the sides needed to be covered and that underrun protection needed to be installed. The reasons he gave were that he thought that this would look good and that traffic safety was a good marketing tool. Because the customer considered the side covers to be part of the image of the trailer and not part of the structure he did not include this in the list of requirements, nor was it part of his negotiations with the engineers. He asked the engineers to make a reliable structure and considered that the image of the trailer was quite another issue that he would deal with after a structural design had been obtained.10 The engineers did not think that they were responsible for traffic safety, they deemed themselves only responsible for designing a manoeuvrable, and in normal use, structurally reliable trailer. They thought that the customer was responsible for providing the relevant information on experiences from practice. According to the engineers, the government is responsible for traffic safety and should provide adequate regulation for traffic safety. The driver of a truck and trailer combinations has the responsibility to drive with care. Although the customer thought that traffic safety was important he did not require the engineers to consider it because he saw it as something completely separate

—————————————————————————————————— 10

Note that a lightweight trailer was intended and that adding covers onto a structurally reliable trailer adds material and mass that is not used to support loads. Usually in lightweight design engineers try to prevent the use of extra materials in places where they do not bear loads or where there is already enough material to support the loads.

145

Ethical issues in engineering design from the structure of the trailer. The engineers were therefore not asked to revise their vision on who was responsible for traffic safety. During the discussion after my presentation at the engineering company, some nuances were made in the idea that the customer is responsible for the requirements and therefore for deciding what to include and what not. An engineer said that the TNO, and therefore also the CLC, has the obligation to inform the government and public when a product is dangerous. In the contract terms there is a clause regarding breaching secrecy if TNO engineers expect a product design to be dangerous. TNO can, preferably after contacting the customer, warn the affected stakeholders or authorities [TNO, 2003]. One engineer told a story about an instance in which an engineer form a different department of the TNO went to the EU authorities in Brussels because of possible problems with certain food packaging materials. Although the engineers were really convinced that the customer should set the requirements, they felt responsible for helping the customer in this. Liz said that she had a list of subjects with regard to requirements for trailer design. She followed this list to make sure she and the customer did not forget an important issue when setting the requirements. The CLC salesperson and Liz agreed that perhaps, in a future trailer project, they could propose that the customer included traffic safety in the requirements. Another department of the TNO located in the same city as the CLC specialises in traffic safety. The salesperson said that in any future trailer project they could offer the customer the chance to include an expert on traffic safety from the traffic safety department of TNO. The customer has to decide whether to include such an expert but the engineers can always propose a safety expert be included. There was also an agreement between the engineers working on trailer projects that traffic safety and especially the Krone Safeliner might be a good topic for a presentation at the Focwa, the Dutch organisation for companies in car and trailer body work production. They thought it was a good idea to invite the German engineer who designed and developed the Safeliner to give a presentation. Organisations like Focwa are sometimes involved in projects financed by the government to implement new ideas on traffic safety or sustainability [www.focwa.nl]. These projects can amount to new regulations. The engineers said that these organisations should provide trailer engineers and producers with information. One of the CLC engineers indicated that they probably have more responsibility in radical design processes than in normal design processes.11 —————————————————————————————————— 11

I used and explained the terms radical and normal design in my presentation and this engineer immediately started to use these terms.

146

Design of a lightweight trailer According to this engineer in normal design processes everything that could go wrong with a product had already gone wrong. A lot of regulation will have been made to prevent accidents and damage. In this case the CLC should just follow the regulations. This engineer said that the CLC was responsible for thinking about what could go wrong when regulation is absent. Perhaps they should even contact the appropriate authorities to get them to change regulations or make new regulations for a product.

7.5 Summary of the case and the regulative framework I studied the preliminary design and feasibility study design phase for a lightweight composite trailer using a new unloading system. This preliminary design was made by an engineering company for a customer. The trailer had to be used in combination with a conventional truck, therefore it was middle level design. The trailer would be made of composites and include a new unloading system. Hence the normal configuration was changed and the design was to a certain extent radical.

7.5.1 Ethical issues The ethical issues that came up in this design process were mainly related to the operationalisation of safety and ascriptions of responsibility. As indicated, sustainability did not play a big part. Of course it is an ethical question whether sustainability issues should have played a part. The engineers and customer only formulated one requirement with respect to sustainability. The aerodynamic shape was included in the requirements but it was very vague and not operationalised. The flexible loading and unloading system should lead to fewer kilometres driven empty. This could make the trailer more sustainable. However, in this design process, this flexibility was seen as an economic advantage and it was not clear whether it was indeed more sustainable. It can be argued that if a regulative framework was used this framework might have included less vague requirements on sustainability. In a regulative framework concerning traffic, for example, a maximum amount of certain emissions will be specified. It can be argued that this is not relevant for the design of a trailer but only for the design of the engine of a truck. This argument disregards the effects of the aerodynamic shape of a trailer on fuel consumption and emissions. So a regulative framework for traffic could have included requirements or operationalisations concerning sustainability that might have been relevant for the design process. I will not discuss further the ethical question of whether sustainability criteria should have been included.

147

Ethical issues in engineering design

In the operationalisation of safety, the engineers equated a safe trailer with a structurally reliable trailer. Within the CLC there are ideas on good design practice concerning structural reliability. These ideas are based on a shared educational background and previous design experience within the CLC. It can be concluded that there are norms about good design practice and that the engineers used these norms in the trailer design. These norms were internal CLC norms. These internal norms were not imposed by legislation or professional or technical codes. The engineers reflected and thought about how these norms should be used in the case design project. Discussions on whether or not to use ultimate load in calculations could be regarded as discussions about the application of the norms in this specific case. These discussions were also ethically relevant because structural reliability poses limits for safe use. If a trailer collapses during use because of metal fatigue or overloading this can cause injuries or fatalities. Torsional stiffness has an important influence on how easily the trailer might roll over. Trailers rolling over on highways cause a lot of traffic jams and accidents. So choices covering structural reliability are ethically relevant. During the operationalisation of a structurally reliable trailer, choices have to be made between different available material properties. The engineers could, for example, use material properties established by Lloyd’s register or properties established by the CLC in co-operation with the CUR and the Rijkswaterstaat. Material properties like allowable strain give upper limits for strain in a material. This allowable strain should not be exceeded during normal use because this may cause failure of the trailer. Besides deciding on material properties choices had to be made on load scenarios. The load scenarios are used to simulate the loads that a trailer will be subjected to during use. If the strains remain below the allowable strain under all load scenarios then the design suffices. If the allowable strain is exceeded then other fibres should be used or more material should be added. Using finite element modelling, the strains in the material of the trailer were calculated under the load scenarios, one problem was that the load scenarios were not known for this case. The engineers did not know what the loads on the trailer would be when the trailer turned a corner or was braking when fully loaded with sand. The load scenarios were not known and the proposed load scenarios were adapted during the finite element modelling. So when it became obvious that the allowable strain was exceeded drastically under a load scenario, the load scenario was reduced and more fibres were added. In short, there was a lot of uncertainty concerning the loads that the trailer would be subjected to during use. Underestimating the load scenarios could lead to trailers that are not strong or stiff enough in actual use and this can cause failure of a loaded trailer during

148

Design of a lightweight trailer use. The engineers indicated that they used the finite element calculations to check the preliminary design but, because the load scenarios were not known, checking the design was problematic. Trying to check a design without having proper load scenarios raises ethical questions such as: how far can engineers go in adapting load scenarios? In the end the trailer was designed to be at least as stiff as the existing aluminium trailer. This choice implied that the stiffness of the existing trailer was good enough, but the engineers were not sure about this. The question remains: What can be concluded from finite element calculations if the load scenarios are not known? The engineers did not really seem to have a problem with this. They would have preferred to have the load scenarios but, because these were not available, they used educated guesses. The engineers and the customer did not include traffic safety in the requirements. The customer thought that traffic safety measures should be added once the structure of the trailer was already designed. The customer considered side-covers to be part of the image and not the structure. The engineers did not seem to have realised that when designing a structure they influenced traffic safety. The engineers decided where structural parts should be located and how stiff and strong they should be. Cars crashing into a trailer can be prevented from sliding under a trailer if the stiff and strong structural parts are located in a low position, preferably at the same height as a car safety cage. This is also related to crash compatibility (see chapter 4). In the Netherlands, pedestrians and cyclists die every year because they go under the wheels of trailers, especially if a trailer driver turns right and overlooks a cyclists standing next to them. The structure of the trailer can be designed to protect pedestrians and cyclists from going under the wheels if the structure parts cover the sides. The engineers considered that the government was responsible for ensuring traffic safety. This disregarding of traffic safety is ethically relevant. Legally it is not a problem that traffic safety was not an issue in the preliminary design process because in the end the trailer can be adjusted to comply with current legislation. Engineers ascribe responsibilities to themselves, the customer, the truck driver and the government. This ascription of responsibilities is ethically relevant. The engineers only wanted to take responsibility for performing the customer’s assignment well. The customer was responsible for formulating the assignment and the requirements. Governments should formulate regulations concerning trucks and trailers and traffic safety. A truck driver should drive carefully. This ascription of responsibilities resembles Florman’s model presented in section 2.2.2. One of the reasons that traffic safety was overlooked by the engineers was that they saw their responsibility as making a design that meets the customer’s requirements.

149

Ethical issues in engineering design

7.5.2 Decision making on ethical issues There was much discussion and communication between the engineers. Ethical questions formed part of the responsibilities of the engineers working on the trailer. The customer also had to make a lot of choices and is therefore also confronted with ethical issues. Decision making on ethical issues was done using internal CLC norms and ideas on good design practice, such as the operationalisation of safety in the form of a structurally reliable trailer. These internal norms include ideas, rules, guidelines and handbooks about how to design and calculate a structurally reliable structure. Examples of internal norms and ideas on good design practice include the safety factors that should be used, the limit and ultimate load, materials properties and what environmental influences should be accounted for in the trailer design process. These ideas and norms were used in the case study design process. The internal norms and ideas on good design practice could be traced to the design experience of the engineers and their education. A lot of the engineers working in the CLC have the same educational background and parts of the internal norms can be traced back directly to this background. Other parts of these norms can be traced to shared experience in designing with composites. The engineers used these internal norms without reflection as to whether or not these norms were complete.

7.5.3 Regulative framework In this case only a few elements of a regulative framework were used. There is an extensive regulative framework for trucks and trailers. Trucks and trailers have to be certified and checked before they are allowed on the roads. In the Netherlands, the “Rijksdienstwegverkeer”, the Dutch governmental organisation for traffic, has to certify trucks and trailers. Several European directives, amongst others 96/53/EC, 97/27/EC and 2002/7/EC, which specify mass, dimensions, turning circle and manoeuvrability, pertain to transport with trailers in Europe. The rules for maximum dimensions of trailers and loads on axles were taken into account in the design process. For example, axles should be able to support a load of 9 tonnes. The 9 tonnes load is, according to the engineers, based on Dutch legislation. At one point in the requirements a reference was made to European regulation; the pneumatic springs of the trailer should comply with European regulation. So given the complete regulative framework pertaining to trucks and trailers, the engineers only abstracted some rules about maximum dimensions, axle loads and European rules regarding pneumatic springs.

150

Design of a lightweight trailer The engineers do not seem to know more about the regulative framework than these rules although the framework has more elements. This is comparable to the case of the engineers designing the bridge, described in chapter 6, using some rules from a working conditions framework without using the complete framework. Again it is an ethical question as to whether the engineers should have considered the regulative framework concerning trucks and trailers. Probably the regulative framework is not completely applicable in this (radical) design of a composite trailer, but in completely disregarding the regulative framework the requirements or operationalisations from the framework that could have been used, are also disregarded. The engineers did not try to figure out whether the regulative framework for trucks and trailers might have given them additional useful information for this design process.

7.6 Acknowledgements I would like to thank Ruflo and the engineers at the CLC for their co-operation.

151

8 Conclusions of the empirical study In this chapter conclusions are drawn based on the four case-studies with regard to the working hypotheses that were formulated in chapter 3 in this chapter. These working hypotheses were: 1a) The kinds of ethical issues faced by engineers depend on design type and design hierarchy. 1b) The ways in which engineers deal with these ethical issues depend on design type and design hierarchy. 2a) In normal design processes a regulative framework is used by engineers to account for the decisions made on ethical issues. 2b) This regulative framework fulfils all Grunwald’s requirements and is therefore a normative framework. The results from the cases are first summarized in section 8.1. Subsequently the empirical data with regard to working hypothesis 1a are discussed in section 8.2. It is argued that the empirical data only partly support this working hypothesis. Contrary to what was expected the design hierarchy does not seem to influence the kinds of ethical issues. These issues only depend on design type. It will be shown that the empirical data only support a part of hypothesis 1b in section 8.3. The way engineers deal with ethical issues depends on design type and again no influence of design hierarchy was seen. It will also be argued that the empirical data are in accord with working hypothesis 2a. Engineers use a regulative framework to deal with ethical issues in normal design. They do not use regulative frameworks in radical design. The regulative frameworks encountered in this thesis do not fulfil Grunwald’s requirements. So working hypothesis 2b is not confirmed by the empirical data. This will be argued in section 8.4. Until now, I have considered the design problem formulation to be given fact in design processes. I discuss this assumption in section 8.5 and indicate that the design problem formulation is not completely fixed and engineers have ways to influence the design problem formulation. This is highly relevant from an ethical point of view because the problem definition determines the design type. Finally, an attempt is made to generalise the results from the cases in section 8.6, this generalisation is done on empirical and conceptual grounds.

153

Ethical issues in engineering design 8.1 Summary of the results The results from the cases are summarised in tables 8.1 to 8.4. Short descriptions of the ethical issues are given in the first column. The ethical issues mentioned here were sometimes spontaneously mentioned by engineers, like safety in the DutchEVO case. Other ethical issues like traffic safety in the trailer case were not spontaneously mentioned but were recognised to be ethical issues when this was pointed out to the engineers in the presentations I gave. I have categorized the ethically relevant issues in the second column. The categories were not defined before the empirical studies were done but came out during the studies. Three of them can be related to actions in design processes that can be ethically relevant, i.e. following Van de Poel: the formulation and operationalisation of requirements and the assessment of trade-offs between design requirements (see section 2.1). Most ethical issues were related to the operationalisation of requirements and the making of trade-offs. In addition to this, some problems concerning the division or ascription of responsibilities were identified. The ethical issues could be divided into five categories. There were two kinds of operationalisations made. Some operationalisations only involved a choice between given options, for example the choice to work with the regulative framework or a choice between different codes. In other cases of operationalisations, these options were not given and a complete operationalisation had to be made. The latter form of operationalisation is more ill-structured. In the following, I refer to the operationalisation of requirements by choosing between given options as “operationalisation I”; the ill-structured kind of operationalisation is referred to as “operationalisation II”. There is a category of ethical issues related to the making of trade-offs, plus a category of ethical issues related to the division and ascription of responsibilities. There is also a category of ethical issues related to the formulation of requirements. To summarise, these five categories will be referred to as: operationalisation I, operationalisation II, making trade-offs, division or ascription of responsibilities and the formulation of requirements. The approaches used to obtain arguments and make a decision concerning the ethical issue are described in the third column. The persons involved in the solution and decision approaches for the ethical issues are listed in the last column.

154

Conclusions of the empirical study Table 8.1: Summary of the DutchEVO case-study. Radical, high level design Ethical issues

Kind of issues

questions and

Solution and

Decision

decision approaches

makers Engineers

problems Driver should feel

Operationalisation II of

Rejection of existing

vulnerable, design

safety

regulative framework

team chooses not

based on personal

to include all kinds

experience. This

of safety systems.

became an internal design team norm.

A light car always

Trade-offs between safety Some limited

has a disadvantage and sustainability

Engineers

literature research.

in a collision with a heavier car but it is more sustainable. It is not possible to Trade-offs between safety Personal and design include all existing and sustainability

Engineers

experience.

passive and active safety systems in a light car. A sustainable car

Operationalisation II of

Discussions,

is a very light car.

sustainability

developing of internal

Engineers

design team norm. A sustainable car

Operationalisation II of

Literature research,

is a lightweight car sustainability

discussions, ideas on

even if it is

recycling from PhD

difficult to recycle

students on recycling,

Engineers

developing of internal design team norm. The DutchEVO

Operationalisation II of

Emotional

should be

sustainability, friction

sustainability is based

emotionally

with other parts of

on literature about

sustainable.

operationalisation of

design and personal

sustainability.

experience. Fun-to-

Engineers

drive became an internal design team norm.

155

Ethical issues in engineering design Table 8.2: Summary of the piping and equipment case-study. Normal, middle to low level design Ethical issues,

Kind of issues

Solution and

Decision makers

questions and

decision

involved

problems

approaches

Assumption:

Operationalisation

Approval by

Organisations

designing following

I of requirements

Notified Body.

formulating the

legislation and codes

regulative

leads to safe and good

framework, e.g.

installations.

Notified Body, European Union, governments, standardisation institutes

Which code will be

Operationalisation

Choosing between

Customer or

used in this design

I of requirements

allowable codes

customer and

process to make a

from regulative

engineering

good and safe design?

framework.

company

What load and

Operationalisation

Experience,

Stress engineer,

accident scenarios

II of safety

internal company

engineering

need to be accounted

rules, customer

company,

for?

rules, seek advice

(customer, Notified

from Notified Body

Body)

Deviation from code

Operationalisation

Use alternative

Job engineer, stress

allowed?

I of requirements

ways specified in

engineer and

regulative

materials engineer,

framework and/or

customer, Notified

confer with

Body

Notified Body. Inconsistencies

Making trade-offs

Discuss with

Customer,

between customer

customer about his

engineering

requirements, codes

requirements and/

company, Notified

and standards.

or ask Notified

Body

Body what tradeoffs they accept.

156

Conclusions of the empirical study Table 8.2 continued Summary of the piping and equipment case-study. Ethical issues,

Kind of issues

questions and problems

Solution and

Decision makers

decision

involved

approaches

Can the details on the

Division or

Discussion on

Piping designer,

drawing be produced

ascription of

assigned

engineering company,

without too much

responsibility

responsibilities of

contractor, customer

difficulty or danger for

between

customer,

people on the

engineering

engineering

construction site?

company and

company and

contractor.

contractor.

Related to type of contract, less likely in turn-key contract.

Table 8.3: Summary of the bridge case-study. Normal, high to middle level design Ethical issues

Kind of issues

questions and

Solution and decision

Decision makers

approaches

problems Assumption:

Operationalisation Approval for building

Organisations

designing by

I of requirements

permission, no disasters

formulating the

legislation and

have occurred with

regulative framework,

codes leads to

bridges built according to

permission issuing

safe bridges.

codes.

organisations, European Union, Governments, Standardisation Institutes

Choice between

Operationalisation Fatigue loads better

Customer will make

European code

I of requirements

predicted in European

choice based on advice

code. Bridge probably not

from IBA

and NEN code

more expensive using European code. Less experience with European code, calculations will take more time.

157

Ethical issues in engineering design Table 8.3 continued Summary of the bridge case-study. Ethical issues

Kind of issues

questions and

Solution and decision

Decision makers

approaches

problems A choice

Operationalisation If available interpretations Concrete engineers will

between types of I of structural

of the regulative

make choice. The

codes for certain requirements.

framework addressing

building inspection can

specific parts of

this choice provided by

check this choice before

the bridge.

engineering societies and

building permit is

governmental

issued.

organisations issuing building permits. Experience and internal ideas within IBA. What should the Operationalisation IBA engineers do not

Health and safety

health and safety II of the

discuss this or make an

coordinator design,

plan look like,

requirement to

explicit choice; they

engineers

should the

make a health and comply with legal

engineers

safety plan.

requirement by listing

change the

risks in a health and safety

design to prevent

plan.

risks during construction? What misuse

Operationalisation Experience with other

should be

II of safety.

prevented, how?

All engineers especially

bridges and comments

those designing the

from Rijkswaterstaat

steel arches.

given in this and other

Rijkswaterstaat Civil

projects.

Engineering Division

Table 8.4: Summary of the trailer case-study. Radical, middle level design Ethical issues

Kind of issues

questions and

Solution and

Decision makers

decision approaches

problems Neglect of traffic

Formulation of

Internal design team

Engineers and

safety during design

requirements .

norms and customer

customer

process.

norms do not include traffic safety.

158

Conclusions of the empirical study Table 8.4: continued Summary of the trailer case-study. Ethical issues

Kind of issues

questions and

Solution and

Decision makers

decision approaches

problems A safe trailer is

Operationalisation II of Internal design team

Engineers and

structurally reliable.

safety.

customer

What load scenarios,

Operationalisation II of Internal design team

and material

structural reliability,

properties should be

and thereby further

used?

operationalisation II of

norms and customer norms.

Engineers

norms.

safety. Simultaneously

Operationalisation II of Internal design team

changing load

structural reliability,

scenarios and design

and thereby further

in finite element

operationalisation II of

calculations.

safety.

Ascription of

Division or ascription

Internal design team

Engineers and

responsibilities

of responsibilities.

norms include an

customer

Engineers

norms.

especially to the

assessment of

customer and

responsibilities in

government.

contract.

8.2 Ethical issues and design type and hierarchy The working hypothesis 1a about whether the kinds of ethical issues depend on the design type and hierarchy will be assessed in this section. The ethical issues in the four cases are summarised in tables 8.1 to 8.4. Based on these tables it can be concluded that in both normal and radical design most ethical issues are of the operationalisation I and II kind. Operationalisation I kind of ethical issues were encountered more often than operationalisation II kind of ethical issues in the normal design processes. From tables 8.2 and 8.3, it can be seen that in the normal design cases, piping and equipment and the bridge, more than half of the ethical issues were of the operationalisation I kind. Operationalisation I kind of ethical issues were not encountered in the radical designs, lightweight car and light open trailer. So, although ethical issues concerning the operationalisation of requirements can be found in all design processes, there is a difference in the nature of the operationalisation problems between normal and radical design processes.

159

Ethical issues in engineering design A clear relation between the kind of ethical issues and the design hierarchy cannot be seen in these cases. Problems related to the division of responsibilities seem to occur near the boundaries between companies, i.e. customer, engineering and construction companies. This is more related to the design phase of the design process than to the design hierarchy. If a design is made for a customer then responsibilities have to be divided between the customer and the design team in the first phase of the design process. The first phase of the design process is the formulation of the design problem and the requirements. In the trailer case, for example, the engineers of the design team ascribed certain responsibilities to the customer. The customer was, according to the engineers, responsible for including the relevant requirements and the customer accepted this responsibility. Problems with the division of responsibilities can be discerned in the last phase of the design process, the detailing or tender specification phase, especially if another company has to construct the design. Engineers mentioned in the piping and equipment case that there were sometimes problems with the division of responsibilities for details of the design. Some details were not specified enough or were specified in such a way that they could not be made. Problems related to the division of responsibility were not visible, in the bridge case but the engineers expected some problems concerning the division of responsibilities to arise when they prepared tendering specifications and during construction. The overall conclusion is that the empirical evidence strongly supports part of working hypothesis 1a. The kinds of ethical issues encountered in design processes indeed depend on the design type. There was no relationship found between the kind of ethical issues and the design hierarchy.

8.3 Approaches to resolve ethical issues and design type and hierarchy There is a visible relationship between the design type and the solution and decision approaches used to decide the ethical issues in the cases. In normal design most operationalisations and trade-offs were made using a regulative framework. A regulative framework was used to structure the operationalisation of requirements, such a framework provides some of the operationalisations and lays down minimal requirements. Other operationalisations were not completely specified by a regulative framework but these operationalisations were limited to a choice between given options. A regulative framework was also used to provide a strategy for asking advice from certifying organisations. It can be seen from tables 8.1 to 8.4 that the approach used to deal with ethical issues in normal design was in more than half of the issues, to refer to a regulative framework, or

160

Conclusions of the empirical study to ask advice from a certifying organisation. Thus in normal designs there were fewer operationalisations made from scratch. The availability of a regulative framework did not mean that all of the ethical issues could be decided on using such a framework. Some subjects were not covered by the regulative framework. For example, in the bridge case the prevention of misuse of the bridge was not part of the regulative framework, while in the piping and equipment case the regulative framework did not provide rules for establishing load and accident scenarios. The Notified Body could give advice on load and accident scenarios but it was not allowed to check accident scenarios. When a regulative framework did not give guidance and rules on a subject the engineers fell back to relying on company rules, their own design experience or seeking advice from an organization that had a lot of experience with the subject. So in the presented cases the regulative framework was complemented with complying to company rules, using design experience and seeking expert advice. Only a few references were made to regulative frameworks or ideas from the regulative framework were rejected in the radical design cases. In these cases the approaches for dealing with ethical issues were to rely on personal or design experience and/or to discuss such issues with the customer. The regulative framework pertaining to car safety was rejected in the DutchEVO lightweight car case and in the trailer case the regulative framework concerning trucks and trailers was only used to obtain maximum dimensions, mass and pneumatic springs. Operationalisations of ethical issues were made based on internal norms existing in the company designing the trailer. These internal norms were also of help in deciding what trade-offs were deemed acceptable by the design team. The internal norms consisted of ideas, rules and guidelines as to what a good design is and how a design should be made. Such internal norms are shared by a design team, but can also be shared by (the department of) an organisation in which the design team works. In the radical design cases, internal norms were developed based on design experience, educational background and personal experience. In addition to these internal norms, customer norms can be used in operationalisations and in the making of trade-offs. In the trailer case, a lot of discussions was devoted to what load scenarios should be used to test the reliability of the trailer. These load scenarios were part of the operationalisation of the reliability of the trailer, and as indicated in chapter 7, safety was equated with reliability. The department of the engineering company in which the engineers worked specialised in lightweight composite design. Internal norms and ideas on good design practice existed within the department and were based upon the department’s design experience with

161

Ethical issues in engineering design composites and on the fact that most of the engineers had graduated in aerospace engineering. The engineers had prior experience in designing with composites, thus during the formulation and operationalisation of requirements the engineers used their own experience coupled with the internal norms and ideas on good design practice of the department. The customer had a lot of experience with the production of trailers and with how trailers are used in practice. The customer‘s experience was also used during the operationalisation and formulation of requirements. In the DutchEVO lightweight car case there were few if any shared internal norms and ideas on good design practice when the design process started. Internal norms and ideas on good design practice evolved as the design evolved. In the beginning of the design process it was decided that a lightweight sustainable car would be designed. After a while it became an internal norm that, when choosing between different options, the mass of the car should be taken as the decisive factor. This norm developed during the design process. It should be noted that the engineers were working with each other for the first time and most of the design team members had very limited design experience. The organisation, within which the design team worked, Delft University of Technology, consists of a number of different faculties and departments and few if any shared internal norms exist within the university at least not at this level of design. So the design team could not refer to such norms. It can be concluded that in the DutchEVO lightweight car case norms on good design practice were developed simultaneously with the design. The first conclusion is that working hypothesis 1b is only partly supported by the four cases. The way engineers deal with ethical issues does depend on design type but no influence of design hierarchy on the solution and decision strategy was seen. The second conclusion is that working hypotheses 2a is convincingly underpinned by the empirical evidence. In the normal design cases, the engineers referred to the regulative framework to account for most of the ethical issues. The regulative framework, however, did not provide rules and guidelines to account for every ethical issue. Some decisions in the normal design processes were made based on design experience and company rules. In the radical design cases decisions were made based on internal design team norms and, if available, customer norms.

8.3.1 Decision makers and design type and hierarchy At this point I want to focus on who is involved in the solution and decision approaches, as these actors can influence the decision that is made. First there is the question of which engineer(s) deal with the ethical issues and do they do this

162

Conclusions of the empirical study individually or collectively. Second there may be a customer that is involved in deciding on some ethical issues. Third, other organisations might be included or asked for advice, for example certifying organisations. In the case-studies a difference could be seen between radical and normal design processes in the organisation of the design processes. In the normal design processes there was more division of labour. Individual engineers (or small groups) designed a part. Most of the ethical issues that came up in designing that part were initially resolved by the individual engineers. The individual engineers were experienced and for some situations they could rely on internal company rules. If the problem was especially difficult or might influence other parts of the design then the engineers discussed the problem with the job engineers and / or with the engineers designing the other parts. Within the IBA the engineers would ask engineers who had the same role in another design project to check their design. In the piping and equipment case this was not possible because some customers did not want the engineers to work on projects for their competitors. Decisions to consult the customer or the certifying organisation were always discussed with the job engineer or project manager. Decision making in normal design processes can, therefore, be characterised as individual and hierarchical. This does not mean that there was no communication between engineers in the normal design process but the division of labour was very clear and every one had a clearly defined task in the design process. In contrast to individual engineers being confronted with ethical issues in normal design, ethical issues were discussed and decided on collectively in the radical design processes. Different design team members had different tasks in the two radical design processes that were studied but there was a lot of communication between members. The ethical issues concerned more than just one engineer designing a part so the ethical issues were decided on by the whole design team. In the DutchEVO lightweight car case, the master and bachelor students had to make a design for a small part of the car, for example the drive train or suspension. These students made preliminary choices in their work. These preliminary choices and the argumentation for them were presented to the whole design team. After the presentations, typically discussions followed and then definitive decisions were made. So although some decisions were first taken by one or two students, the whole design team was involved in discussions on these decisions and making the final decisions regarding the lightweight car design. Whether the design is made for a customer or not is important for who decides on ethical issues. There is little difference between the role of a customer in either a radical or normal design process. If the design is made for a customer then the customer plays an important role. In three of the case-studies, the

163

Ethical issues in engineering design customer had a design problem formulation including some requirements before hiring an engineering company to make the design. This design problem formulation may be changed during the design but only in co-operation with the customer. In the case-studies some decisions, especially those related to what code to use in normal design, were made by the customer. In the bridge case, the design team advised the customer with respect to choosing between the NEN and European codes. In the piping and equipment case, the customer could choose between several European codes if the installation was to be built in the EU. In the trailer case, the formulation of requirements and the first operationalisation of those requirements were done in co-operation with the customer. Further operationalisations that required more specialist knowledge were done by the engineers. Organisations that have to issue permits or certify the design may be involved in the normal design processes. Advice could be sought from these organisations. In the normal design cases, the decision making and solving approaches therefore included engineers, customer(s) and certifying organisations. The certifying organisations were not involved in the radical design processes. It should be realised, however, that if a radical design is to be produced and sold then it has to obtain a CE mark. So, in radical design processes, certifying organisations may play a role in the last phases of a design processes. The radical designs studied for this research were not in the last phases. The lightweight car of the DutchEVO project was not designed to produce a production model car. The trailer could have been produced and sold but the design process was stopped by the customer after the feasibility and preliminary design phase. The design processes were organised in the normal design cases in such a way that individual engineers were confronted with ethical issues depending on their role in the design process. In a normal design case the ethical issues could be decided on by an individual engineer designing a part of the product. Decisions on ethical issues were made collectively in the radical designs. The design team discussed the ethical issues and, although a single engineer might have prepared the discussion, the decision was ultimately made by the design team. In the cases where a design was made for a customer, the customer was involved in making decisions on some of the ethical issues, while certifying organisation could be asked for advice in normal design cases.

164

Conclusions of the empirical study 8.4 Regulative frameworks I address working hypothesis 2b in this section. Grunwald has proposed a number of requirements that a regulative framework must meet before engineers can be justified in working within the framework without further ethical reflection. Such a normative framework can thus be seen as providing the limits within which engineers can do their work. A normative framework is politically and socially sanctioned, and should, according to Grunwald, be pragmatically complete, locally consistent, unambiguous, accepted and observed. I have already established whether the regulative frameworks could be considered normative frameworks in the last sections of the empirical chapters. I concluded that, in the case-studies used for this research, Grunwald’s requirements were only partly met. A list of ethical issues related to problems with the regulative frameworks, based on Grunwald’s requirements is given in table 8.5. Table 8.5: Ethical issues and problems with the regulative framework. Product

Ethical issues questions Kind of issues

Relation with problems of the

and problems

regulative framework

Piping

Assumption: designing

Operationalisation I Regulative framework

and

by legislation and codes

of requirements

Equip-

leads to safe and good

by some groups for example

ment

installations.

installations neighbours and

available but it is not accepted

environmental groups. Which code will be used Operationalisation I Regulative framework in this design process to

of requirements

pragmatically incomplete.

What load and accident

Operationalisation

Regulative framework

scenarios need to be

II of safety

pragmatically incomplete.

make a good and safe design?

accounted for? Deviation from code

Operationalisation I Regulative framework allows

allowed?

of requirements

for deviation, ambiguous regulative framework.

Inconsistencies between Making trade-offs

Some inconsistency in

customer requirements,

regulative framework, or

codes and standards.

inconsistencies between regulative framework and customer requirements.

165

Ethical issues in engineering design Bridge

Assumption: designing

Operationalisation Regulative framework

by legislation and codes

I of requirements

leads to safe bridges.

available no signs of not being accepted, some ambiguities, not pragmatically complete.

Choice between

Operationalisation Temporarily ambiguity in

European code and NEN

I of requirements

regulative framework.

code. A choice between types

Operationalisation Inconsistency in the

of codes for certain

I of structural

specific parts of the

requirements

regulative framework.

bridge. What should the health

Operationalisation Work with complete health

and safety plan look like,

II of requirement

and safety regulative

should the engineers

to make a health

framework during

change the design to

and safety plan

construction or not.

prevent risks during construction? What misuse should be

Operationalisation Regulative framework does

prevented and how?

II of safety

not include rules about prevention of misuse of bridges, therefore incomplete.

The regulative frameworks used in the case-studies do not meet Grunwald’s requirements but they can provide ways of dealing with problems of ambiguity, inconsistency and incompleteness. It might therefore be possible to make regulative frameworks more pragmatically complete, locally consistent and unambiguous by including a few new elements. Some problems of ambiguity and inconsistency can be dealt with within the regulative frameworks. Regulative frameworks are hierarchical; not all elements carry the same weight. Legislation is at a higher level than codes and standards. Sometimes the framework provides ways of solving conflicts between elements, by making it possible to use an element at a higher level to solve the conflict. The regulative framework can be formulated in a way that leaves engineers with the freedom to not follow detailed prescriptive rules in exceptional cases. This possibility is available in most existing regulative frameworks because the detailed prescriptive elements like codes are not legally enforced. When designing, engineers together with the customer and certifying organisations can decide not to use codes instead they can choose to use an alternative way to

166

Conclusions of the empirical study design a product. Some regulative frameworks specify for example organisations that should check the design and certify it. In these frameworks a product is legally allowed to be sold and used only if it is certified. The certifying organisations can help engineers when they are confronted with inconsistencies in and conflict between elements of the framework or blind spots. Certifying organisations can for example indicate which of the conflicting elements can be ignored or how a trade-off is to be made; this allows ambiguity and inconsistency to be dealt with to a certain extent within the framework. One way in which engineering societies can help to reduce the ambiguity and incompleteness of regulative frameworks is to provide further interpretations and elaboration of codes, standards and legislation. Ideas on good design practice evolve in engineering practice and are taught in education. These ideas can be used to help to make a regulative framework less ambiguous and less incomplete over time. The above discussion indicates that it might be relatively easy to make regulative frameworks more locally consistent, pragmatically complete and unambiguous and that some of this can be done by the engineers, engineering societies and standardisation organisations. However, from a moral point of view, Grunwald’s requirement for acceptance seems to be the most important because acceptance legitimises a framework. Acceptance of a framework is related to trust (see section 2.3.3). Engineers cannot make the public accept a regulative framework. Therefore, the most important problem concerning regulative frameworks is that it is not clear whether they are accepted. I will come back on the problems regarding the acceptance of regulative frameworks in chapter 9.

8.5 Design problem formulation Until now, I have considered the design problem definition as something that is not part of but preliminary to the design process. At this point I want to make some comments on the ethical relevance of the design problem definition.1 I will first discuss why the design problem formulation is ethically relevant. In a design problem formulation a choice is made between a normal or a radical design and between a high level or a lower level design.2 Requirements in the —————————————————————————————————— 1

I will, however, not address the question as to whether engineers should, from a moral point of view, refuse to design certain products. Questions regarding the moral desirability of products are interesting but outside the scope of this thesis. These questions should be addressed by more stakeholders than only engineers, amongst others governments, nongovernmental organizations and the public. 2 Of course the design type can change during the design process. A radical design process may become more normal because a lot of normal parts are included or because the initial radical

167

Ethical issues in engineering design design problem formulation can refer to the working principle and the normal configuration and thereby imply a normal design without explicitly asking for a normal design. The choice between radical and normal design is ethically relevant. The design type influences the kind of ethical questions that need to be answered and the way these are answered during the design process. A regulative framework might be available for a normal design process, therefore more operationalisation I kind of problems can be expected. More operationalisation II kind of problems have to be solved in radical design. There might be ethical reasons for choosing a radical design. For example, in the DutchEVO lightweight car case the wish to produce a more sustainable car made the design process a radical design. A downside of radical design is that it usually implies a larger degree of uncertainty or ignorance than normal design. Radical designs are probably more prone to risks and unintended effects than normal designs [Van de Poel and Van Gorp, 2006]. This uncertainty may be a good reason to choose for a normal design. The influence on the kind of ethical issues the engineer must face, the possibility of better meeting ethically relevant requirements in a radical design process, and the additional uncertainty in radical design make the choice between radical and normal design ethically relevant. Therefore, engineers should reflect on the design problem formulation. If a design team formulates the design problem then the design team can and should take into account all the moral reasons for and against normal and radical design. The design team should establish whether there are signs, for example in the media, that the regulative framework for the product is contested. If such signs are visible then this provides a moral reason against using (part of) the regulative framework and for making a more radical design. This consideration should be weighted against the fact that a more radical design will lead to more uncertainty and ignorance regarding the actual effects of a radical design. Engineers sometimes believe that if a customer has defined the design problem they have no, or only little, influence on the formulation of the design problem. According to this point of view, engineers are hired to make a design to solve a certain design problem, not to reformulate the design problem. So even if there are strong moral reasons to make a radical instead of a normal design (or vice versa) engineers cannot change the design problem formulation. This claim overlooks the fact that the customer is hiring the engineering company for its knowledge and experience. The customer usually hires engineers to make a design because he or she lacks the knowledge and experience to make the design process turns out to be too difficult. A normal design process can become more radical during the design process if, for example, during the design process another material is chosen then was planned earlier.

168

Conclusions of the empirical study design. It would be strange to hire engineers for their knowledge and experience and then refuse to take on board any suggestions made by these engineers. So although engineers are hired to make a design to solve a design problem formulated by a customer this does not mean that it is impossible to change the design problem formulation from normal to radical design or vice versa. Engineers can discuss the design problem formulation with their customer at the beginning of the design process or even before that during contract negotiations between the engineering company and the customer. To conclude, design problem formulation is ethically relevant because it is decisive for the type of design chosen. Radical design can in certain cases lead to better designs with regard to ethical issues like safety or sustainability, than a normal design might. Radical design, however, also leads to more uncertainty. Engineers should reflect on the design problem definition, even in cases where a design is made for a customer.

8.6 Generalisation of the conclusions The availability and applicability of regulative frameworks in normal and radical design will be analysed to generalise the results from the case-studies. In this analysis I will make use of conceptual and empirical considerations. First, I will use the definition of radical design (see section 2.3.1) to indicate why existing regulative frameworks are not or only partially applicable in radical design. I will distinguish three ways in which (parts of) the regulative frameworks are not applicable. (1) In some radical designs the working principle is not changed, however, the normal configuration is changed, for example if another material is used. Designing something in a different material commonly changes the normal configuration because the material properties of the new material are different. For example, the new material might be stiffer but perform less well under fatigue loading. In some of these cases some of the concepts used in elements of a regulative framework can loose their meaning. For example, when a design that is usually made in homogeneous metals is now made in composite materials some of the material properties cannot be determined in the ways prescribed by the framework. With composite materials stresses will vary in the different parts constituting the composite (see note 5 on page 136). The notion “the stress in the material” as stated in regulative frameworks has lost its meaning because the different parts of a composite will be subjected to different stresses and speaking of “the stress in the material” thus becomes

169

Ethical issues in engineering design meaningless. The consequence of this is that all guidelines and calculation rules of a regulative framework referring to stresses are inapplicable for a product made in composites. (2) In a radical design where the working principle and the normal configuration have been changed or are new, elements of the existing regulative frameworks may lead to contradictions. Some of the goals of the regulative frameworks might still be relevant. For example, one goal of a regulative framework is to produce a safe product, but elements of the framework that should lead to safe designs can come into conflict with the goals of the radical design project. For example, designing an automatically guided vehicle using the existing regulative framework on traffic would lead to contradictions and strange situations. In the current regulative framework pertaining to traffic a vehicle should always have a driver but the goal of designing an automatically guided vehicle is to design a vehicle that can move safely without a driver.3 Of course one goal of the traffic regulative framework is to achieve safe vehicles and safe traffic flow and this higher level goal is still relevant for the design of automatically guided vehicles. So the rationale behind the regulative framework is still important but most legislation and codes contained in the traffic regulative framework will not be applicable in the case of an automatically guided vehicle. (3) Radical designs can also be radical at a functional level. An explicit choice can be made at the beginning of a design process to change the usual idea of a good product of this product type or to introduce a new product type. This means setting different criteria for a product or changing the relative importance of criteria. It can be that the regulative framework or parts of it pertaining to such a product are explicitly rejected or that there is no relevant regulative framework for the new product. If a choice is made to make a functional radical design then, from the start of the project it is not clear what parts of the normal configuration or working principle will be used and what parts will not be used, there may be no normal configuration and working principle available to use for the design. From the foregoing it may be concluded that a regulative framework may be available in radical designs but that it will be rejected or not (completely) applicable. Only in the first instance of radical design, can engineers still use parts of the current regulative framework. This would mean that in general a regulative framework cannot or can only partly be used in radical designs to decide on ethical issues. This has two consequences. First, the ethical issues that —————————————————————————————————— 3

Because Dutch legislation requires vehicles in public space to have a driver, special social arrangements need to be made to carry out tests with automatically guided vehicles.

170

Conclusions of the empirical study engineers have to face when making a radical design will be more of the operationalisation II kind than of the operationalisation I kind. There are few or no options given by the current regulative framework as to what choices can be made regarding operationalisations. When making trade-offs in radical design work it is often impossible to refer to minimal requirements given in a regulative framework. Second, because engineers cannot refer to regulative frameworks when working on a radical design they will, in general, refer more to internal design team norms. If there are no pre-existing norms then norms will be developed during the design process, the design teams members will use their education, design experience and personal experience to develop internal design team norms. I will now give some empirical data as to why regulative frameworks can be expected to exist for most products and processes and, hence are available for most normal design processes. Nothing in the definition of normal design given in section 2.3.1 indicates that a regulative framework is necessary for a design to be a normal design. It is possible to imagine a normal design without a regulative framework. Examples of normal designs made without a regulative framework can be found in history. Pressure vessels for steam engines existed and a normal configuration and working principle were established long before a regulative framework was formulated.4 In practice, however, it can be expected that a regulative framework exists for most normal designs. In the European Union, the main goal of standardisation is to ensure a free market and to remove technical barriers for trade within the EU [European Committee, 1999]. Besides the goal of supporting a free market, standardisation ‘promotes safety, allows interoperability of products, systems and services, and promotes common technical understanding’ [www.cenorm.be]. The “New Approach” has been formulated in 1985 to make free trade possible within the EU, before this specific products had to be approved. This was very time consuming, because a consensus between different countries on every product had to be obtained. Under the New Approach, general and goal oriented requirements were formulated for product groups like machinery, pressure vessels and toys [www.evd.nl].5 If products or product types comply with the general requirements written down in EU directives, then they obtain a CE mark. Products that have obtained a CE mark are allowed to enter the EU —————————————————————————————————— 4

The first version of a boiler code was issued in France in 1823. Regulative frameworks for boilers were developed later in other countries, for example 1838 in the US [Burke, 1966] 5 The principles of the New Approach are not followed in sectors where there was advanced EC regulation before the New Approach was formulated in 1985. Examples of these sectors include pharmaceutical products, chemical products and motorized vehicles [European Committee, 1999].

171

Ethical issues in engineering design market. The New Approach combined with the goal of a free EU market implies that all products will have to be covered by an EU directive eventually. There are indeed various EU directives for a broad range of products among which: •Machinery 98/37/EC, covers all machinery with moving parts except the machines that are covered by separate directives •Low voltage equipment Directive 73/23/EC, covers all equipment with a voltage between 50 and 1000 DC and 75 and 1500 AC with some exceptions that are covered by other directives •Lifts 95/16/EC •Active Implantable Medical Devices 90/385/EC •Toys 88/378/EC EU directives have to be implemented in national law. It is, therefore, certain that all EU countries will have national laws implementing the above directives. All these directives refer to harmonised EU codes. If these codes, or national codes if these harmonised codes are not available yet, are followed in design processes then compliance with the directive can be assumed. The European Committee for Standardization (CEN) is responsible for formulating the harmonised codes. CEN has committees for formulating harmonised codes on subjects ranging from chemistry to food, consumer products, construction, transport and packaging [www.cenorm.be/cenorm/index.htm]. These are only the EU codes. Every EU country also has its national codes for the subjects that are not yet implemented in EU codes. So it is reasonable to expect that EU directives, national legislation and codes exist for many products. This means that on empirical grounds it can be concluded that in general in normal design some form of regulative framework is available. The availability of a regulative framework does not have to mean that all elements of it are used in a design process. It is not legally required that engineers design by codes. Designs, however, have to be certified and checked before the products can obtain a CE mark. Designing by the codes is a way to comply with the EU directives and to obtain the CE mark. Engineering companies are free to use other design methods but they then have to supply the relevant Notified Body with proof of conformity to EU directives. This is more difficult than designing by codes and is not easily done. Besides this difficulty, engineers adhere to codes because they think that using the codes is a way to make good and safe designs. Experience has been gained in designing according to codes and some of the codes will have been adapted and changed over decades. Engineers do no lightly take the decision to deflect from the codes.

172

Conclusions of the empirical study It can be concluded from the conceptual and empirical considerations discussed above that in general the way that engineers deal with ethical issues depends on the design type. In normal design a regulative framework will usually be available to provide operationalisations of requirements and gives some guidelines as to what trade-offs are legally allowed. This regulative framework will be used to decide on ethical issues. In radical design the regulative framework will not be or only partly be used to make decisions on ethical issues. Hypothesis 2b: the regulative framework fulfils all Grunwald’s requirements and is therefore a normative framework, is not supported by the empirical evidence. In this research at least three commonly used regulative frameworks, those for the construction of bridges, of piping and equipment and for car design, did not meet Grunwald’s requirements. Generally speaking, the following problems may be expected in regulative frameworks. (1) There will be a problem concerning acceptance; it is not easy to establish whether all the affected actors accept the regulative framework. (2) EU directives under the New Approach are formulated in a goal-oriented manner for product groups [www.newapproach.org]. When defining regulations for product groups instead of for specific products, it may be necessary to be a bit vague and ambiguous. This vagueness and ambiguity can be used to help make the directive applicable for a broad range of products. So it is very likely that there will always be some ambiguity in regulative frameworks based on EU directives. (3) Regulative frameworks usually leave decisions to be made by the design engineers and are therefore not pragmatically complete. It is impossible to prescribe every little detail of a design even if this was the idea behind the EU directives. On these grounds it can be expected that in general, although a regulative framework will be available for normal designs, such a framework will probably not meet Grunwald’s requirements.

173

9 Towards warranted trust in engineers In previous chapters, I have taken a descriptive stance towards engineering design practice. I have described how engineers deal with ethical issues in design processes and related this to Vicenti’s distinction between radical and normal design. In this chapter I will make a tentative analysis of what moral responsibility is required from engineers in design processes. This analysis will be based on the trust relationship between the public and engineers and the descriptions of engineering practice given in chapters 4 to 8. I have formulated the hypothesis, in section 2.3.3, that trust in the engineers making a design is warranted if the engineers (1) have good intentions (2) are competent and work according to the relevant regulative framework and (3) the regulative framework is adequate, e.g. it complies to Grunwald’s requirements. Note that these conditions are conditions for warranted trust in engineers. It remains a question as to whether the public actually trusts engineers even if these conditions are met. According to Baier one cannot force another to trust someone [Baier, 1996]. So even if the above conditions are met the public can still be hesitant when it comes to trusting design engineers. If however, the public trusts the engineers to make a design and these conditions are met then the trust is assumed to be warranted. In the following I will assume that engineers act with goodwill towards society and the public during a design process. This goodwill includes that engineers use a regulative framework if available, applicable and adequate. With regard to the required competence of engineers and the adequacy of regulative frameworks, I will distinguish between radical and normal design. A start will be made with formulating conditions for warranted trust in engineers making normal designs in section 9.1. The same will be done for radical design in section 9.2.

9.1 Normal design Trust in engineers that make normal designs can be partly institutions-based (see section 2.3.3). The results of the cases show that engineers indeed use regulative frameworks in normal design and that regulative frameworks can be expected to exist for most products. Trust in engineers making normal designs is assumed to be warranted if engineers are (1) competent in using the regulative

175

Ethical issues in engineering design framework and (2) the regulative framework is adequate. The condition of competence of engineers will be further elaborated on in section 9.1.1. Whether a regulative framework meeting Grunwald’s requirements may indeed provide a basis for warranted trust will be discussed in section 9.1.2.

9.1.1 Required competence of engineers in normal design The competences that engineers should have in normal design processes are mostly technical, although some social skills are necessary to help maintain the regulative framework. Engineers should: • know how to use the regulative framework • know the limits of the applicability of the regulative framework • help to maintain and adapt the regulative framework I will explain more about these three competencies below. Engineers should know how to use the rules and guidelines from the regulative framework. They should know how the required calculations are made and what the concepts mean. This requires technical knowledge and skills from the engineers. In requiring that engineers work according to regulative frameworks, the engineers are not required to follow the regulative framework at all cost in all cases. Engineers should know for which cases the regulative framework can be used and those for which it cannot, that is, they should know the limitations of the regulative framework. Engineers are only required to use a regulative framework if it is applicable and adequate. I will go into requirements for adequacy in the next section. Here I only want to indicate that engineers should decide before using a regulative framework whether it is applicable to the case at hand. Engineers need to know the difference between radical and normal design to judge whether a regulative framework is applicable. In normal design a regulative framework is usually applicable, for most radical designs it is not (see section 8.6). The divide between radical and normal design is not clear-cut, design can be more or less normal or radical. In cases where the design is not completely normal design nor very radical design engineers should not use the relevant regulative framework without carefully investigating which elements of the framework are applicable and which elements are not. Engineers might sometimes encounter difficulties in applying elements of a regulative framework. If trust in engineers is to be warranted trust then engineers have a duty to help adapt and maintain the frameworks. Being a competent engineer with goodwill towards society includes warning the people who trust you that the current rules and regulations can lead to problems or

176

Towards warranted trust in engineers unwanted side effects. In trusting engineers the public expects engineers to use their skills and experience. If you bring your car to the garage because one of the windows is broken, you would want the car mechanics to inform you if they saw some other problems with your car, for example worn tires. You probably would not want them to change the tires without asking you if they should, but you would like to be warned. In this example it also depends on what discretion and the assignment you gave the garage. If you asked the car mechanics to thoroughly service your car then you would expect them to check everything and repair it, including replacing the worn tires. In a similar way, engineers are required to use regulative frameworks and to warn the appropriate organisations if they encounter problems. Individual engineers and design teams have the responsibility to report problems or difficulties to whoever has formulated the specific part of the framework. However, individual engineers and design teams do not have the responsibility to, nor are they allowed to, change complete regulative frameworks. For example, if an engineer encounters problems with a code then he or she should contact the commission that has formulated the code, he or she cannot decide to change the code. New versions of codes appear regularly and the comments of engineers who have experience with the previous versions are incorporated in the new versions. This means that knowing how to use a framework is not enough: engineers also need to know how a regulative framework is formulated and know which organisations formulate which part so they can report their experiences to the correct authority for changes to be made if deemed necessary by that authority.

9.1.2 Grunwald’s requirements reconsidered Based on Baier’s notion of trust, I have formulated a hypothesis on the conditions for warranted trust in engineers making normal designs. One of the conditions for warranted trust is that the regulative frameworks are adequate. This means that the requirements for an adequate regulative framework need to be in correspondence with the notion of trust. So an adequate regulative framework should help to protect the things that affected actors value. Until now I have accepted Grunwald’s requirements on normative frameworks as requirements for an adequate regulative framework. There are, however, some problems concerning Grunwald’s requirements that may affect whether the normative framework can be considered a basis for warranted trust. I will look at five problems, three problems concerning the requirement of acceptance and two related to the requirements that a normative framework should be pragmatically complete and unambiguous.

177

Ethical issues in engineering design The first problem with regard to acceptance is that it remains unclear in Grunwald’s ideas how acceptance by actors has to be established. Can acceptance be assumed until actors actually state that they think that the framework is unacceptable? This might be very practical from the point of view of engineers and other people involved in defining the elements of the framework because they only need to be open to the signals of actors who do not accept the framework. Until the moment that there are these kinds of signals engineers can use the regulative framework. An example of actors voicing their objections about a regulative framework, taken from the media, was given in the piping and equipment case with respect to the regulative framework concerning chemical installations. If the above assumption of acceptance should not be made then the people defining a framework should seek active acceptance of any actors affected by a framework. This would require a change in the procedures used to define elements of a framework. A regulative framework in the EU partly consists of legislation that is formulated and voted on within the European Commission and European Parliament or national parliaments. People within society have, by voting for their representatives, a small and indirect influence on the legislation contained in regulative frameworks. Other elements of the regulative framework like codes and standards are formulated without any direct or indirect influence of the actors that might possibly be affected by the technology. In some countries there are special governmental agencies that formulate technical codes. In other countries codes are formulated by industrial organisations (see section 5.2.2). Ideas on the interpretation of codes and good design practice are usually learned in practice or during education, so these ideas may be harder for people outside engineering to influence. One way or another, active acceptance of the whole regulative framework by all possibly affected actors requires a different procedure for formulating the elements of a regulative framework than used at present or an explicit step of accepting the regulative framework after the formulation of the framework. The second problem with regard to the requirement that a normative framework should be accepted is that a regulative or normative framework is not static. A framework will change over time so it is not enough to accept a framework once. If the active acceptance of all the actors involved is required then this should lead to some kind of continuous, active acceptance process. One way to assure the acceptance of continuously adapted and changing regulative frameworks is to implement a participatory process for formulating and adapting such frameworks. I will not go into the problems of implementing such an approach, or discuss the opportunities for including participatory methods used in technology development, but requiring the active acceptance of regulative frameworks could result in some kind of participatory process (for

178

Towards warranted trust in engineers some case-studies on participatory methods in Europe and problems with these methods see [Klüver, Nentwich and others, 2000] and, for a more general discussion on democratization of technology see [Kleinman, 2000]). A third problem with regard to acceptance can be that acceptance of the regulative framework is not sufficient for warranted trust. The requirement of acceptance seems to imply that an accepted normative framework is also ethically acceptable. This implication is questionable because it appears to be based on a naturalistic fallacy: that practices are accepted does not imply that they are acceptable (see [Moore 1903/1988]). The question then becomes whether acceptance by the affected actors is sufficient for warranted trust or that the regulative framework should also be ethically acceptable. There might be normative frameworks that are accepted by the affected actors but that can be shown to be ethically unacceptable. One could think of a situation in which poor people accept poor working conditions because doing this dangerous work in unhealthy conditions is their only opportunity to support their families. The fact that someone seems to accept or says that he or she accepts a regulative framework is therefore probably not sufficient for warranted trust because this does not guarantee that the accepting person’s values are properly taken into consideration. Conditions or procedures might be proposed under which given acceptance is sufficient for warranted trust. The question then becomes: What is the basis of these conditions and procedures? One way or another such conditions and procedures seem to be connected to an idea of ethical acceptability instead of mere acceptance. As said above there are also problems concerning the requirement for a pragmatically complete and unambiguous normative framework. The first problem is that it is not clear how “pragmatically complete” and “unambiguous” a normative framework should be. It is impractical, if not impossible, to prescribe every little detail in a regulative framework. The more detailed and prescriptive a regulative framework is, the fewer situations it will cover. It is very difficult to formulate rules that cover a range of situations and that are not ambiguous or do not need further interpretation. This problem, amongst others, has led some philosophers to claim that it is impossible and undesirable to formulate universal principles in ethics. According to these philosophers, context and situation specific features should play a role in moral deliberation (see for example [Dancy, 2004]). Thus, formulating a regulative framework that is really complete and unambiguous is impractical and perhaps even impossible or undesirable. The second problem is that a balance needs to be found between complete and unambiguous frameworks and providing some freedom for engineers to

179

Ethical issues in engineering design make decisions. Very detailed prescriptive regulative frameworks might lead to engineers just living by the book instead of relying on their engineering judgment and experience [Pater and Van Gils, 2003]. According to philosophers some autonomy and freedom is necessary to act as a moral actor. Some moral and professional autonomy may be necessary for engineers to behave morally and professionally, and to be trustworthy engineers (see for example [Ladd, 1991]). Moreover trying to prescribe every little detail in a normative framework is at odds with the very idea of trust. According to Baier, the trustee has some discretion in what to do to take care of what the trusting person values (see section 2.3.3). This discretion is, in cases of normal design, limited by the regulative framework but when trying to define a really complete and unambiguous framework this discretion might disappear. Some engineers interviewed for the case-studies felt empowered by a regulative framework and especially by some of the more detailed prescriptive elements concerning safety. If some minimal safety requirements of a regulative framework are formulated unambiguously and given in detail then a customer can easily be persuaded to follow these requirements. If a customer refuses to allow an engineer to follow the minimal safety requirements then their design will not be certified. If a regulative framework does not include such detailed, minimal safety requirements then the engineer has to persuade the customer to take some minimal safety requirements into account without the backup of certifying organisations or legal pressure. Therefore a balance needs to be found between giving engineers the discretion to act professionally and morally, and giving them enough detailed prescriptive rules that they feel empowered towards their customers. To conclude, trust in engineers making normal designs is warranted if: • the engineers are competent. The engineers are responsible for being competent and this mostly concerns being technically competent in normal design. • the regulative frameworks used for the design are adequate. Requirements for determining the adequacy of regulative frameworks still have to be developed taking into account the problems with Grunwald’s requirements for normative frameworks. These two conditions are necessary but not sufficient conditions for trust. If these conditions are fulfilled and the public trusts the engineers involved in a design project then this trust is warranted. The public cannot be forced to trust the engineers making normal designs, even if the engineers are competent and the regulative framework is adequate.

180

Towards warranted trust in engineers 9.2 Radical design The results of the case-studies indicate that engineers do not use regulative frameworks for radical designs or that they only use some parts of a regulative framework. Therefore, trust in engineers making radical designs cannot be institutions-based. I return to Baier’s characterisation of trust to formulate conditions for warranted trust in engineers making radical designs: ‘A trusts B with valued thing C’ [Baier, 1986, 236]. In this characterisation it is not obvious what “valued thing C” can refer to. In fact, Baier herself acknowledges that ‘[seeing trust as a three way predicate] will involve some distortion and regimentation of some cases, where we may have to strain to discern any definite candidate for C..’ [Baier, 1986, 236]. She uses the example that when one is in a library one trusts other people with one’s peace and safety there [Baier, 1986, 238]. In this example Baier considers ‘one’s peace and safety’ to be the “valued thing C” that is entrusted to another person. In line with Baier I will use the characterisation of trust loosely and read for “valued thing C” “things the trusting person values”. A way to characterise trust would then be: affected actors trust engineers making a radical design with things they value. It is not obvious what things affected actors will value and should therefore be protected or promoted by the engineers, nor is it obvious how engineers should do this. If someone trusts their neighbour to take care of their house while on holiday it is clearer what the trusting person is expecting their neighbour to do. The neighbour should watch the house, take up the mail and water the plants. In radical design it is not clear what valued things should be taken care of. Not everything that people value is relevant for the radical design process of a product. Some people value Mozart’s music, other people value heavy metal music, but what music people value is not relevant for the design of all products. Musical preference might be relevant in the design of a radically new audio device but not in the radical design for a trailer. Because it is not obvious what affected actors value with regard to a radical design of a product, the conditions for warranted trust in engineers making radical designs appear to be: • the engineers should know or learn what the affected actors value relative to the product that is being designed. • the engineers should try, as well as they can, to take care of these valued things in their radical design. Some elements of the framework can often still be used in radical designs in which only the normal configuration is changed (see section 8.6). Using the elements of an adequate regulative framework that can still be used, can be seen

181

Ethical issues in engineering design as a way to help engineers to take into account what the affected actors value. In a regulative framework, rules and guidelines are given to prevent certain problems. Perhaps these rules or guidelines cannot be used completely, but it may be useful to know what problems have been encountered during normal design. Some of these problems might also be relevant in the proposed radical design. Engineers can use a regulative framework to generate ideas especially for designs in which the radicalness of the design is only due to changes in the normal configuration. If the design is radical because the functionality and/or the operational principle are different from those in the normal designs then this strategy of looking at existing regulative frameworks for ideas as to what the affected actors might value, and what possible problems should be prevented, will not work. If an adequate regulative framework cannot be used to get ideas because the operational principle and/ or functionality are different then the engineers need to identify what the affected actors value. If engineers know what the affected actors value, then they must have the technical competence to incorporate this in the design of the product. Identifying what the affected actors value also requires other competences. In the following section I make a start with developing ideas about how engineers can know, or learn, what the affected actors might value with regard to the design of a product.

9.2.1 Identifying what affected actors value A number of different ways to identify what affected actors value can be proposed. One option might be to ask all the possibly affected actors what they value with regard to the product that will be designed and to make a list of all the answers from the possibly affected actors. However, this would be impossible. First, not all effects and side-effects of a design will be known during the design process, especially in radical design processes. If the possible side-effects are unknown it is impossible to list all the affected actors. Second, it might be very difficult for people to list all the things they value relative to the design when asked. Sometimes you become aware that you value something once it becomes threatened, a radical design may prove to threaten something previously considered safe. It will be very difficult to make a complete list of what you think is valuable with regard to a new product and this will be impossible if the possible and actual side-effects of a design are not known. It is therefore not possible empirically to obtain a complete list of what affected actors value with regard to a product. Efforts have been made to broaden technology development and take more points of view into account during design and development processes: an example is Constructive Technology Assessment (CTA) [Schot and Rip, 1997]. It

182

Towards warranted trust in engineers seems that CTA requires that affected actors should be involved in the design process, examples of CTA projects include mostly large scale technology development projects like biotechnology or the Digital City Amsterdam project [Schot and Rip, 1997]. In such large projects it is feasible to invite actors to participate. However, the problem remains that there is no clear overview of what the side-effects and consequences of the new technology development will be, and therefore it is not clear who the affected actors are going to be. So, technology development can be broadened by inviting actors to participate but it will remain uncertain as to which actors will be affected by a technology development. This might mean that every actor should be represented in one way or another in the CTA procedure. In cases where new and controversial technologies are developed like biotechnology and nanotechnology, most of the public debate centres around which values are at stake, given the empirical uncertainties on what possibilities nanotechnology and biotechnology will provide in the future. Engineers cannot know what the affected actors value with regard to these new technologies because the possibly affected actors might not know this themselves, in such cases there will be a lot of discussion between groups of possibly affected actors as to what values are at stake. In these cases of very radical design it may be necessary to use CTA or informed consent procedures (see for example [Shrader-Frechette 2002]). I will not elaborate on these procedures, I only want to indicate that in cases involving the development of new technologies warranted trust in engineers may require the active participation of society in one way or another. In the radical design processes that I have described, some consensus might be expected between the affected actors on what values are at stake in the design of a product. The radical designs featured in the case-studies are radical designs of products that already existed. There is knowledge and experience within society on the positive and negative consequences of the product type. It is to a certain extent clear what things, that affected actors value, are at stake in these radical design processes, although the affected actors may prioritise them differently. It would be impossible from a practical point of view to include (representatives of) all the affected actors in all small scale radical design processes such as the DutchEVO project or the trailer design project. Therefore, I will propose a way that can be used to allow engineers to identify what affected actors value without having to ask the affected actors actively to participate in the design process.

183

Ethical issues in engineering design Identifying what affected actors value with regard to the design of a product requires a degree of moral imagination from the engineers.1 Different proposals have been made to enhance the moral imagination of people by reading literature or enjoying art; I will not discuss this further (for a discussion on the importance of moral imagination and ways to develop it, see for example [Nussbaum, 2001] and [Murdoch, 1997]). My proposal is that engineers should use their personal experience to identify what affected actors might value. The strength of my proposal is that engineers already use their personal experience in radical design processes, as has been concluded for the case-studies on radical design. The engineers have personal experience and they use it during a radical design process, they only need to use this personal experience in a systematic way. The cases of radical design described in chapters 4 and 7 have shown that decisions on ethical issues were made based on internal design team norms. These internal norms were based upon the education that the engineers had had, their design experience and sometimes their personal experience. Relying solely on internal norms of the design team can lead to blind spots regarding the values that the affected actors have, as can be seen in the trailer case. Traffic safety was not taken into account in the structural design of the trailer. The engineers were not used to accounting for traffic safety; they only felt responsible for designing a safe, as in structurally reliable, light trailer. In this trailer case, the engineers did not take their personal experience systematically into account. The engineers did use their design experience and they called on their education, but personal experience was only used if it was personal design experience. Even though one of the engineers had personal experience with driving trucks, references to personal experience outside that of engineering design were rarely made. In the DutchEVO project, personal experience with cars was mentioned very often. The project leader used his personal experience as a parent to try and see what other parents would find acceptable in a lightweight family car. In discussions on the idea of making the driver feel vulnerable, the project leader indicated that the driver should not feel too vulnerable because a driver would never put his or her children in the back of a family car that gave the impression of being in a cardboard car. If engineers design very different types of products they will not have a lot of design experience with a particular product to use when making a radical design. Taking the personal experience of engineers systematically into account could —————————————————————————————————— 1

See also Patricia Werhane’s book on moral imagination and management decisions. She argues that identifying different perspectives is necessary for good management decision making [Werhane, 1999, 66-67 and 114-115]

184

Towards warranted trust in engineers help broaden the internal norms within a design team to include what affected actors value. Using personal experience can be a tool for identifying the perspectives that other actors have and the things that affected actors value. If engineers would think about the different social roles they have, outside their design role, then they should be able to get ideas about what affected actors value. Engineers might even get ideas as to what operationalisations and trade-offs other actors will find acceptable if they would consider what they themselves deem valuable as a parent or citizen. For example, what would I want from a car if I was driving in it with my children on the backseats? Or what would I want the car to be like when I’m walking or cycling on the streets and the car is driven by someone else? A similar idea can be found in MacIntyre’s moral philosophy.2 According to MacIntyre people should reflect on the evaluative standards of the different practices they participate in. MacIntyre defines practices as follows: ‘By ‘practice’ I am going to mean any coherent and complex form of socially established cooperative human activity through which goods internal to that form of activity are realised in the course of trying to achieve those standards of excellence which are appropriate to, and partially definitive of, that form of activity, with the result that human powers to achieve excellence, and human conceptions of the ends and goods involved are systematically extended.’[MacIntyre, 1981, 187]

Examples that MacIntyre gives of practices are, amongst others, chess, friendship and parenthood. MacIntyre distinguishes between institutions and practices. Institutions are the formal embedding of practices; institutions distribute power and resources. Standards of excellence are developed within the practice in interaction between the practitioners. The internal norms of design teams can be seen as standards of excellence; they define what a good design in this practice is, what responsibilities the engineers ascribe to themselves and what character traits are valued in the design team. According to MacIntyre, every person should strive to attain the good life for him or her. The quest for the good life is fed by conflicts between the evaluative standards of the different practices one participates in. Trying to resolve these conflicts helps the quest for a good life [MacIntyre, 1981]. According to MacIntyre a person should try to combine and harmonise all evaluative standards and practices he or she takes part in. MacIntyre sees the quest for the good life and therefore the harmonisation of evaluative standards of practices one participates in as a moral obligation. I will not go that far: I see the reflection —————————————————————————————————— 2

This idea is based on “Understanding moral responsibility in the design of trailers” [Van der Burg and Van Gorp, 2005].

185

Ethical issues in engineering design on the different evaluative standards of the practices an engineer participates in only as a tool to identify what other actors affected by the design might value. Engineers need to do this in radical design processes because they need to take into account what the public values for the public to have warranted trust in them. Questions an engineer should ask him/herself are: What would I think is important in the safety of this product if I were a bystander? For example, when designing a radically new chemical installation, engineers should ask themselves: What would I consider acceptable if I and my family were living in the neighbourhood? Asking themselves such questions during a radical design process should help engineers to reflect on operationalisations of ethical issues like safety and the trade-offs made between ethical issues or other issues. Engineer using their personal experience is not a guarantee that all things valued by the affected actors will be taken into account but it is a way to include more values in the design process. What engineers can identify as things that affected actors value will ultimately depend on the sort of lives the engineers taking part in the design team live. This has implications for what is desirable with respect to the composition of a design team. To increase the chance that a design team will be able to identify what affected actors value, it should include engineers with different personal life styles and backgrounds. These different engineers will all have access to different personal experiences thus diverse design teams are desirable. To conclude, the above means that besides having technical competence, engineers working on radical designs should know what affected actors value with regard to the product that is being designed. One way to identify what affected actors value is to use one’s personal experience. If engineers systematically use their personal experience, and think about what they would value concerning a design of a product if they were the users or bystanders then this reflection can be used to broaden the internal norms of a design team.

9.3 Further research Further research on the formulation of the requirements that an adequate regulative framework should meet is needed. An adequate regulative framework and technically competent engineers are proposed conditions for warranted trust in engineers making normal designs. Engineers can use such a framework in their normal design practice and have some reason to believe that the designs they make are acceptable. Broader questions regarding the acceptance of the framework and designs made using the framework would have already been solved because the framework meets the adequacy requirements.

186

Towards warranted trust in engineers It will not be easy to formulate these requirements. An argument can be given for detailed rule-based prescriptive frameworks while another argument can be given for avoiding detailed rule-based frameworks. In the European Union there is a trend towards regulation stating only a goal that should be attained or procedures that should be followed. Questions like whether a good procedure always leads to good results can be posed. Research into what requirements a regulative framework should meet needs to involve insights taken from diverse fields such as moral philosophy, engineering ethics, the experience of engineers; even aspects of sociology of law and policy research can be used to gain some interesting ideas. Moral philosophy and professional ethics can give insights into what actors should be involved in the formulation of regulative frameworks and in determining the freedom that is necessary for engineers to act professionally and morally. Sociology of law can be used to give insight into different forms of self-regulation by professionals. Engineering practice can help to establish what kinds of rules are applicable and those that can be used to empower engineers in engineering design practice. Part of the requirements will probably be procedural, these should answer the question of which actors should be involved in what way when formulating regulative frameworks. Some of the requirements will most likely be formal, for example the regulative framework should be consistent.

9.4 Recommendations for engineering education It is hoped that the results of this thesis will have an influence on the education that engineers receive, it is certainly the case that they should have an influence. First, engineers should be taught to understand the varieties in design processes and the implications of this for the way in which they must deal with ethically relevant issues. It is also important that engineers understand the relationship between normal and radical design and incomplete knowledge. The uncertainties and incomplete knowledge are larger in radical design. The difference between normal and radical design could be explained in the existing engineering ethics courses, for example during sessions where problems regarding risks and uncertainties in engineering are discussed, or in chapters of books where these issues could be deliberately introduced and discussed. Second, attention should be paid in engineering education to the regulative frameworks that exist in normal design. Engineers should learn who formulates which parts of the regulative frameworks and what their responsibility is in this. In the case-studies used for this research, experienced engineers did not always know the frameworks within which they worked and did not always know to whom problems should be reported. The engineers in the IJburg bridge case

187

Ethical issues in engineering design admitted that it had taken them about 5 years to figure out the regulative framework and the relationships between elements of it; also in the bridge case, the engineers did not know the regulative framework pertaining to health and safety at construction sites. The engineers only knew that they had to make a health and safety plan, but they did not know for example, whether there were limits to the mass someone is allowed to lift repeatedly on a building site. These examples show that it is problematic to assume that engineers will learn about regulative frameworks in design practice. Engineering students should learn the basics of regulative frameworks: the elements they consist of, the relationships between these elements and the responsible organisations that formulate these elements. This does not mean that engineering students should learn the content of all the regulative frameworks that they might encounter in their later professional life. If engineers have a basic knowledge of regulative frameworks then they are capable of discerning particular details of the specific regulative frameworks they encounter in their jobs. Without such basic knowledge engineers will have difficulty establishing what regulations pertain to their design processes and they cannot take up their responsibility for adapting the frameworks. The engineers need this knowledge for the public to have warranted trust in engineers making normal designs. In my opinion there is no need for a separate course on regulative frameworks. The general outline of regulative frameworks could be discussed in engineering ethics courses and in design courses. Design assignments in normal design are apt to require engineering students to design a product and to find the relevant regulative frameworks and use these in the design. As I experienced in doing the casestudies, it can be difficult and time consuming to list all the relevant EU directives, national legislation, codes and standards pertaining to a product (see sections 5.2, 6.3 and 8.6). EU directives are often amended and commonly refer to other EU directives. Searching for codes is difficult because codes are not freely available. Delft University of Technology library has to pay for access to such codes and, while the Dutch NEN codes and standards are accessible, most of the American, German or British codes are not. So there are difficulties to be overcome when describing a regulative framework that is relevant for a product design but if engineering students have had to do this once during their education then it will be easier for them to find, use and understand regulative frameworks in their professional lives. For example, an engineer who has knowledge about regulative frameworks can see the importance of a design requirement to design according to a certain code, while engineers who do not have this knowledge may not realise that if they deviate from the code that they carry the burden of proof concerning compliance with EU directives.

188

Towards warranted trust in engineers Third, it is important that engineers are able to reflect on different operationalisations of requirements and the values underlying them particularly in radical design. This means that engineers should be educated to know that for example, safety is not an obvious and unambiguous concept, the term safety refers to several conceptions of moral value and can be operationalised in different ways (see sections 4.3 and 7.3). Engineers can learn this by using their personal experience systematically during reflection on the design process. Engineering education should include the stimulation of a student’s moral imagination. Engineering students should reflect on the different operationalisations and trade-offs made during a design process and use these skills in practice when they carry out assignments.

189

Literature Aalstein M., ‘Brug 2007 Ontwerpverantwoording Voorontwerp’, Ingenieurs Bureau Amsterdam april 2004 Algemeen Dagblad, March 30 2005, ‘Maastricht wil af van waaghalzen op de brug’, AMG Rotterdam Algemeen Dagblad, July 18 1997, ‘Barsten in de brug’, AMG, Rotterdam Arbeidsomstandighedenbesluit version 25 Feb 2004, Sdu Uitgevers Den Haag, 2004 Baier, A. (1986). ‘Trust and Antitrust.’ Ethics 96, 231-260. Baird, F., Moore, C.J., et al. (2000). ‘An ethnographic study of engineering at Rolls-Royce Aerospace.’ Design Studies 21, 333-355. Baum, R.J. (1980). Ethics and Engineering Curricula. Hastings-on-Hudson: The Hastings Center. Baxter, M. (1999). Product design; a practical guide to systematic methods of new product development. Cheltenham: Thornes. Bird, S.J. (1998). ‘The Role of Professional Societies: Codes of Conduct and their Enforcement.’ Science and Engineering Ethics 4(3): 315-329. Birsch, D.& Fielder, J. H. (1994). Ford Pinto case; a study in applied ethics, business, and technology. Albany: State University of New York Press. Bouwbesluit version 2002, Staatsblad 411 2001 and amendments Staatsblad 203, Den Haag: Sdu Uitgevers Bovens, M.A.P. (1998). The quest for responsibility : accountability and citizenship in complex organisations. Cambridge: Cambridge University Press. Brabants Dagblad, May 25 2004, ‘Doden na instorten vertrekhal Parijs’, Den Bosch: Wegener N.V. Bucciarelli, L.L. (1994). Designing Engineers, Cambridge: MIT Press. Burke, J.G. (1966). ‘Bursting boilers and the federal power.’ Technology and Culture 7(1), 1-23 Carros, 11e jaargang, nr 6, sept/okt 2004 Cross, N. (1989). Engineering design methods, Chichester: Wiley Cross, N. (2000). Engineering Design Methods; Strategies for Product Design, third edition, Chichester: Wiley Dancy, J. (2004). Ethics without principles. Oxford: Oxford University Press Darley, J.M. (1996). ‘How Organizations Socialize Individuals into Evildoing’. In: Messick D.M. &. Tenbrunsel A. E. (eds.)Codes of Conduct, Behavioral Research into Business Ethics.. New York: Russel Sage Foundation, 13-44. Davis, M. (1998). Thinking like an engineer. Oxford: Oxford University Press.

191

Ethical issues in engineering design ---- (2001). ‘The Professional Approach to engineering Ethics: five research questions.’ Science and Engineering Ethics 7(3), 379-390. De Haan, F.W., Bermingham, S.K., Grievink, J. (1998). ‘Methanol, fuel for Disucssion’. Ethische aspecten in de besluitvorming rond een fabrieksontwerp, Delft: Delft University of Technology. De Kanter, J.L.C.G. & Van Gorp, A.C. ‘Use throw away or recylce; Reflection on sustainable design’. Conference Engineering Education in Sustainable Development, Delft, 2002 Devon, R. L.A., McReynolds, Ph., Gordon, A. (2001). ‘Transformations: Ethics and Design’. American Society for Engineering Education Annual Conference & Exposition 2001. Disco, C., Rip, A. & Van der Meulen B. (1992). ‘Technical Innovation and the Universities. Divisions of Labor in Cosmopolitan Technical Regimes.’ Social Science Information 31, 465-507. DRO & IBA, Programma van Eisen brug 2007, 31-01-2003 Amsterdam European Commitee (1999). Guide to the implementation of directives based on New Approach and Global Approach. Brussel. European directives accessed at http://europa.eu.int/eur-lex/en/ 97/23/EC Pressure Equipment Directive 2000/53/EC end-of-life of vehicles 96/53/EC, 97/27/EC and 2002/7/EC masses, dimensions and manoeuvrability of national and international transport 89/106/EC construction products 89/391/EC health and safety at work 92/57/EC health and safety at construction sites 98/37/EC all machinery 73/23/EC amended by 93/68/EC low voltage equipment 95/16/EC lifts 90/368/EC Active implantable medical devices 88/378/EC amended by 93/68/EC toys Fenton, J. (1996). Handbook of vehicle design analysis. London: Mechanical Engineering Publications Limited. Florman, S.C. (1983). ‘Moral blueprints.’ In: Schaub J. H., Pavlovic K. &. Morris M. D (eds.) Engineering Professionalism and Ethics New York etc: John Wiley & Sons, 76-81. Friedman B., Kahn. Jr P.H. &, Borning, A. (2003). Value Sensitive Design: Theory and Models. UW CSE technical report 02-12-01 version June 2003, University of Washington.

192

Literature Gert, B. ‘The definition of morality’, The Stanford Encyclopedia of Philosophy (Summer 2002 edition), E.N. Zalta, http://plato.stanford.edu/archives/sum2002/entries/morality-definition/ Gere J.M. & Timoshenko, S.P. (1995) Mechanics of Materials, Third SI edition, London, Chapman & Hall Gillum, J.D. (2000). ‘The engineer of record and design responsibility.’ Journal of Performance of Constructed Facilities, May 2000, 67-70. Grunwald, A. (2000). ‘Against Over-estimating the Role of Ethics in Technology Development.’ Science and Engineering Ethics 6 (2), 181-196. ---- (2001). ‘The Application of Ethics to Engineering and the Engineer's Moral Responsibility: Perspectives for a Research Agenda.’ Science and Engineering Ethics 7 (3), 415-428. ---- (2005). ‘Nanotechnology- A new field of ethical inquiry?’ Science and Engineering Ethics 11 (2), 187-202. Hampden-Turner Ch.; Trompenaars, A. (1993). The Seven Cultures of Capitalism. New York: Currency Doubleday. Harris, C.E., Pritchard M.S., Rabins, M.J. (1995). Engineering ethics: concepts and cases. Belmont: Wadsworth. ---- (2004). ‘Internationalizing Professional Codes in Engineering.’ Science and Engineering Ethics 10( 3), 503-521. Hofstede, G. (1991). Cultures and Organizations, Software of the Mind. London: MacGraw-Hill. Hughes, T.P. (1983). Networks of Power; Electrification in Western Society 1880-1930. Baltimore: The Johns Hopkins University Press. ---- (1987). ‘The evolution of large technical systems’. In: Bijker W., Hughes, T. P. & Pinch, T (eds.) The social construction of technological systems; New directions in the sociology and history of technology. Cambridge: MIT Press. Hunter, T.A. (1995). ‘Desiging to Codes and Standards’. In: Dieter, G. E. (ed.) ASM Handbook. Vol. 20 Materials Selection and Design, 66-71. Jones, K. (1996). ‘Trust as an Affective Attitude.’ Ethics 107, 4-25. KIvI, Koninklijk Instituut van Ingenieurs (2003), RVOI 2001 Regeling van de verhouding tussen opdrachtgever en adviserend ingenieursbureau. Den Haag: KIvI Kleinman, D.L. (2000). ‘Democratizations of Science and Technology’. in: Kleinman, D.L. (ed.) Science, Technology and Democracy.. New York: State University of New York Press. Klüver, l. Nentwich, M. et al. (2000). Europta, European Participatory technology Assessment; Participatory methods in technology assessment and technology decision-making. Copenhagen: The Danish Board of Technology. Knoppert M. & Porcelijn R., DutchEVO the development of an ultralight sustainable conceptcar. Delft, 1999

193

Ethical issues in engineering design Kroes, P. (2002). ‘Design methodology and the nature of technical artefacts.’ Design Studies 23, 287-302. Kroes, P.A., Franssen M.P.M., et al. (2004). ‘Engineering systems as hybrid, socio-technical systems’. Engineering Systems Symposium, Cambridge: Marriott. Ladd, J. (1991). ‘The quest for a code of professional ethics. An intellectual and moral confusion’. In: Johnson, D. G. (ed.)Ethical issues in engineering. Englewood Cliffs: Prentice Hall, 130-136. Lloyd, P. (2000), ‘Storytelling and the development of discourse in the engineering design process.’ Design Issues, 21, 357-373 Lloyd, P.A. &. Busby. J. S. (2003). ‘Things that went well- No serious injuries or deaths; Ethical reasoning in a normal engineering design process.’ Science and Engineering Ethics 9, 503-516. Lloyd, P. A. &. Busby., J.S. (2001). ‘Softening Up the Facts: Engineering in Design Meetings.’ Design Issues 17(3), 67-82. London Crown (1987). mv Herald of Free Enterpirse Report of Court No. 8074 Formal Investigation. London: Crown. Moore, G. E. (1988 (1903)). Principia Ethica. Buffalo, NY, Prometheus Books. Luegenbiehl, H.C. (2004). ‘Ethical Authonomy and Engineering in a CrossCultural Context.’ Techne 8(1). MacIntyre, A. (1981). After Virtue. Notre Dame: University of Notre Dame Press. Martin, M.W., Schinzinger R., (1989). Ethics in Engineering, New York etc: McGraw-Hill. Murdoch I. (1997) Existentialists and Mystics. Writings on Philosophy and Literature. Conradi P. (ed.), Foreword Steiner G., London: Chatto & Windus Limited Nagel, T. (1979). ‘The fragmentation of value.’ Mortal Questions. Cambridge: Cambridge University Press NEN 6723, Regulations for concrete Bridges (VBB 1995); Structural requirements and calculation methods, Delft: Nederlands Normalisatie-instituut. NEN6787, Design of movable bridges; Safety, Delft: Nederlands Normalisatieinstituut. NEN 6788, The design of steel bridges, basic requirements and simple rules, Delft: Nederlands Normalisatie-instituut. Nooteboom, B. (2002). Trust. Cheltenham, UK; Northampton, MA, US: Edward Elgar. Nussbaum, M.C. (2001) Upheavals of thought. The intelligence of emotions. Cambridge: Cambridge University Press Oberlandesgericht celle, Pressemitteilinung Eschede-Verfahren: Gericht regt die Einstellung des Strafverfahrens an, www.oberlandesgerichtcelle.niedersachsen.de, 2003

194

Literature Ottens, M. M, Franssen, M. P. M et al. (2004). ‘Modeling engineering systems as socio-technical system’s. IEEE Systems, Man and Cybernetics 2004, The Hague, The Netherlands. Pater, A. & Van Gils, A. (2003). ‘Stimulating ethical decision-making in a business context. Effects of ethical and professional codes.’ European Management Journal 21(6), 762-772. Pfatteicher, S. K. A. (2000). ‘The Hyatt Horror’: Failure and Responsibility in American Engineering.’ Journal of Performance of Constructed Facilities May 2000, 62-66. Polanyi, M. (1962). Personal Knowledge. Chicago: The University of Chicago Press. Rawls, J. ([1971] 1999) A Theory of Justice. Cambridge (Ma.): The Belknap Press of Harvard University Press. Rip, A. & Kemp, R. (1998). Technological change. In: Rayner S. &. Malone. E.L. (eds.) Human Choice and Climate Change. Columbus OH: Battelle Press. Roozenburg, N. & Cross , N. (1991). ‘Models of the design process-Integrating Across the Disciplines’., International Conference on Engineering Design (Iced91), Zurich, August 27-29, 1991 Rothengatter, T. (2002). ‘Drivers' illusions- no more risk.’ Transportation Research Part F 5, 249-258. Schaub, J. H., Pavlovic K., et al., Eds. (1983). Engineering Professionalism and Ethics. New York etc: Jon Wiley & Sons. Schot, J. & Rip, A. (1996). ‘The past and future of constructive technology assessment.’ Technological Forecasting and Social Change 54, 251-268. Shrader-Frechette, K.S., (2002). Environmental justice. Creating equality, reclaiming democracy, New York: Oxford University press. Simon, H.A. (1973). ‘The structure of ill-structured problems.’ Artificial intelligence 4, 181-201. Simon, H. A. (1996). The Sciences of the Artificial. Cambridge: MIT Press. StatLine, Centraal Bureau voor de Statistiek. 2003. Thompson, D. F. (1980). ‘Moral Responsibility of Public Officials: The Problem of Many Hands.’ ASPR 74, 905-916. TNO, Algemene Voorwaarden voor onderzoeksopdrachten aan TNO, 1 May 2003 Trompenaars, F. & Hampden-Turner, Ch. (1999). Riding the waves of cultures, understanding cultural diversity in business. London: Brealey. Trouw, 17 June 2002, Chemieconcern DSM tornt aan veiligheidsgrens. Unger, S.H. (1982). Controlling technology: ethics and the responsible engineer. Chicago: Holt, Rinehart and Winston. Van de Poel, I. (1998), Changing Technologies. A Comparative Study of Eight Processes of Transformation of Technological Regimes, PhD-thesis, University of Twente.

195

Ethical issues in engineering design Van de Poel, I. R. (2000). ‘Ethics and Engineering Design’. SEFI, Rome ---- (2000a). ‘On the Role of Outsiders in Technical Development.’ Technology Analysis & Strategic Management 12(3), 383-397. ---- (2001). ‘Investigating Ethical Issues in Engineering Design’ Science and Engineering Ethics, 7 (3), 429-446. Van de Poel, I.R. & Van Gorp, A.C., ‘The need for ethical reflection in engineering design; the relevance of type of design and design hierarchy’, to appear in Science Technology and Human Values, in 2006 Van der Burg S. & Van Gorp A. (2005) ‘Understanding moral responsibility in the design of trailers’, Science and Engineering Ethics 11 (2), 235-256 Van der Vaart, R. (2003). ‘The Netherlands: a cultural region?’ in: Van Gorp, B.H., Hoff, M. & Renes H. (eds.), Dutch Windows, Cultural geographical essays on The Netherlands. Utrecht, Faculteit Ruimtelijke WetenschappenUniversiteit Utrecht. Van Gorp, A. & Van de Poel, I. (2001). ‘Ethical considerations in engineering design processes.’ IEEE Technology and Society Magazine 21(3), 15-22. Van Kampen, L. T. B. (ed). (2003). De verkeersonveiligheid in Nederland tot en met 2002. Leidschendam: SWOV. Van Poortvliet, A. (1999). Risks, Disasters and Management. Delft: Eburon. Vaughan, D. (1996). The Challenger launch decision; risky technology, culture, and deviance at NASA. Chicago: University of Chicago Press. Vincenti, W. G. (1990). What Engineers Know and How They Know It, Baltimore and London: The John Hopkins University Press. ---- (1992). ‘Engineering Knowledge, Type of Design, and Level of Hierarchy: Further Thoughts About What Engineers Know ...’ in: Kroes P. & Bakker M. (eds.) Technological Development and Science in the Industrial Age.. Dordrecht: Kluwer, 17-34. Voertuigreglement, accessed jan 2005 overheidsloket.overheid.nl Walton, M. (1997). Car; a drama of the American workplace. New York: Norton. Werhane, P. H. (1999). Moral Imagination and Management Decision-Making. New York, Oxford: Oxford University Press. Wilde, G. J. S. (1994). Target Risk. Toronto: PDE Publications. Wilders, M.M.W (2004). Het compleet Arbo-Regelgevingsboek 2004. Zeist: Uitgeverij Kerckebosch bv. World Commission on Environment and Development, Our Common Future, New York, Oxford: Oxford University Press, 1997 www.dualnature.tudelft.nl accessed Aug 2004 www.cenorm.be/cenorm/index.htm, accessed 29-09-2004 www.eng-tips.com accessed weekly from Dec 2001 to Mar 2002 www.euroncap.com accessed 15 Jan 2004

196

Literature www.eurncap.com accessed 22 May 2002 www.evd.nl/CE-markering accessed 18 Feb 2005 www.focwa.nl accessed 20 Aug 2003 www.frontpage.fok.nl accessed 28 March 2005 www.fsc.org accessed 10 Mar 2004 www.ieaust.au accessed 21 Dec 2004 www.krone.de accessed Aug 2003 www.nyu.edu/projects/valuesindesign/index.htm accessed 3 March 2005 www.newapproach.org accessed 17 Jan 2005 www.safetyline.wa.gov accessed 19 Jan 2005 www.smartproductsystems.tudelft.nl accessed regularly between 2001 and 2005 www.swov.nl accessed regularly between Dec 2002 and Sept 2003 www.tno.nl accessed Mar 2003 Yin, R.K. (1984, 1989, 1994). Case-study research; design and methods, 2nd edition, London: Sage. Zandvoort,H., Van de Poel, I. & Brumsen, M. (2000). ‘Ethics in the engineering curricula: topics, trends and challenges for the future.’ European journal of engineering education 25(4), 291-302. Zucker, L.G. (1986), ‘Production of trust: Institutional sources of economic structure’ Research in Organisational Behaviour 8, 53-111.

197

Samenvatting Ethische aspecten in ontwerpprocessen; veiligheid en duurzaamheid In dit proefschrift staan ethische vragen centraal die zich voordoen in technische ontwerpprocessen. De onderzoeksvraag is de volgende: Wat voor ethische problemen komen er in technische ontwerpprocessen voor en hoe gaan ingenieurs hier mee om? Om deze vraag te beantwoorden is het noodzakelijk om in de praktijk te gaan kijken welke ethisch problemen zich voordoen en hoe ingenieurs beslissingen nemen over ethische aspecten en welke argumenten ze daarbij gebruiken. Beschrijvingen van de ingenieurspraktijk die verkregen zijn in dit onderzoek moeten een bijdrage leveren aan discussies over de morele verantwoordelijkheid van ingenieurs. Er is in literatuur over ontwerpprocessen nog niet echt systematisch aandacht besteed aan ethische aspecten van ontwerpprocessen. In de ingenieursethiek is niet veel onderzoek naar ontwerpprocessen gedaan, terwijl toch veel ingenieurs ontwerpen. Op basis van een literatuurstudie naar de aard van ontwerpprocessen concludeer ik in hoofdstuk 2 dat ontwerpprocessen gezien kunnen worden als: ‘georganiseerde sociale processen waarin min of meer slecht gestructureerde technische problemen opgelost worden’. Als ontwerpprocessen op die manier gekarakteriseerd worden dan betekent dat, dat men om een beschrijving te maken van een ontwerpproces niet kan volstaan met een rationele reconstructie aan de hand van de ontwerpeisen en een beschrijving van het uiteindelijke ontwerp. Er is onder andere informatie nodig over de organisatie van het ontwerpteam, over de manier waarop beslissingen genomen worden en over het ontwerpprobleem. In dit onderzoek werd deze informatie verkregen door het doen van casestudies. De keuze van de case-studies werd sterk bepaald door de verwachting dat er in verschillende ontwerpprocessen verschillende ethische problemen voorkomen. Voor het karakteriseren van ontwerpprocessen is gebruik gemaakt van ideeën van Vicenti. Vincenti heeft de begrippen “ontwerphiërarchie” en “ontwerptype” geïntroduceerd om ontwerpen te kunnen karakteriseren. Het ontwerptype kan variëren van radicaal tot normaal. In een normaal ontwerp zijn zowel het werkende principe (hoe het product functioneert) als de normale configuratie (hoe het product eruit ziet) bekend. In een radicaal ontwerp zijn deze niet bekend of worden de bestaande configuratie en het werkend principe

199

Ethical issues in engineering design niet gebruikt. Dit onderscheid is vooral gericht op de werking en structuur van een product. Ook functioneel kan een ontwerpproces radicaal zijn. In een functioneel radicaal ontwerpproces worden andere eisen gesteld dan in normale processen of is de prioriteit van de eisen anders, bijvoorbeeld in het functioneel radicaal ontwerpproces van een auto die de geluidsbarrière moet doorbreken. Snelheid is normaal gesproken wel een vereiste van een auto maar in dit geval is deze eis het belangrijkste. Door de eis om met de auto de geluidsbarrière te kunnen doorbreken is het ook niet duidelijk bij aanvang van het ontwerpproces welke onderdelen van werkend principe en normale configuratie nog gebruikt kunnen worden. Radicaal in functionele zin kan dus leiden tot radicaal in werking en structurele zin. De ontwerphiërarchie verwijst naar de verschillende niveaus van een product waarop een ontwerp probleem geformuleerd kan zijn. Hoog in de hiërarchie is het ontwerp van een heel product. Laag in de hiërarchie is de detaillering van een onderdeeltje. Volgens Vincenti zijn er lager in de ontwerphiërarchie meer randvoorwaarden. Deze randvoorwaarden, bijvoorbeeld over dimensies, worden opgelegd door beslissingen die hoger in de ontwerphiërarchie genomen zijn. In een normaal ontwerp zijn er volgens Vincenti meer externe randvoorwaarden dan in een radicaal ontwerp. Randvoorwaarden kunnen gerelateerd zijn aan het werkend principe en de normale configuratie maar ook aan wet- en regelgeving die voor een product gelden. In dit proefschrift is de term regulatief raamwerk geïntroduceerd om het geheel aan wet- en regelgeving voor een product aan te geven. Het regulatief raamwerk bestaat uit wetgeving (EU en nationaal), technische normen, standaarden, inspectie en controle. Ook interpretaties van de wetgeving en normen en standaarden gegeven door professionele organisaties of de inspecterende instanties behoren tot het regulatief raamwerk. Het regulatief raamwerk kan gerelateerd worden aan ideeën van Grunwald. Grunwald heeft in een artikel gesteld dat in “gewone” techniekontwikkeling er een normatief raamwerk bestaat. Dit normatieve raamwerk is min of meer een regulatief raamwerk dat aan bepaalde eisen voldoet. Het normatief raamwerk moet pragmatisch compleet, lokaal consistent, niet ambigu en geaccepteerd zijn bovendien moet het gevolgd worden. Als er een dergelijk normatief raamwerk is, dan moeten ingenieurs dit raamwerk volgen tijdens techniekontwikkeling. Ethische reflectie door ingenieurs is dan volgens Grunwald niet nodig of gewenst.

Op basis van deze ideeën zijn de volgende werkhypotheses opgesteld:

200

Samenvatting 1a. De soort ethische kwesties hangt af van ontwerptype en hiërarchie. 1b. De manier waarop ingenieurs omgaan met deze ethische onderwerpen hangt af van ontwerptype en hiërarchie. 2a. In normaal ontwerp wordt een regulatief raamwerk gebruikt om beslissingen te nemen over ethische kwesties. 2b. Het regulatief raamwerk voldoet aan Grunwald’s eisen. Om te bekijken of de werkhypotheses gesteund worden door empirische data, zijn in dit onderzoek vier casestudies gedaan. Twee normale ontwerpprocessen, één hoog en één midden tot laag in de ontwerphiërarchie, en twee radicale ontwerpprocessen één hoog en één midden in de ontwerphiërarchie zijn bestudeerd. In tabel 1 staan de cases genoemd. Tabel 1: de vier bestudeerde ontwerpprocessen radicaal normaal Hoog niveau ontwerp DutchEVO een Brug lichtgewicht duurzame stadsauto Laag niveau ontwerp Een lichte open Pijpen en drukvaten voor vrachtwagentrailer de (petro) chemische industrie De eerste case is het DutchEVO project dat uitgevoerd werd aan de TU Delft door studenten, aio’s en stafleden. Het idee was om een duurzame lichtgewicht stadsauto te ontwerpen van maximaal 400 kg. Hiermee wilde het DutchEVO team laten zien wat er aan de TU Delft mogelijk was maar ook een discussie in de maatschappij opstarten over auto’s. De belangrijkste ethische kwesties in de DutchEVO case waren de operationalisatie van de criteria veiligheid en duurzaamheid. De operationalisering van veiligheid zoals die gegeven wordt in het regulatief raamwerk voor auto’s wilde het DutchEVO team niet gebruiken. Deze operationalisering leidt tot zware en stijve auto’s die wel inzittenden bescherming bieden maar gevaarlijk zijn voor mensen buiten de auto en veel brandstof verbruiken. Hieraan is gerelateerd dat een lichte auto altijd de grootste versnelling krijgt in een botsing met een zwaardere auto. Een auto van 400 kg krijgt dus altijd de grootste versnelling, bovendien was het niet mogelijk om een auto te ontwerpen van 400 kg en daarin allerlei gebruikelijke veiligheidssystemen zoals Anti-lock Braking System en airbags in op te nemen. Het ontwerpteam wilde in plaats van een zware stijve auto vol met veiligheidssystemen een lichte auto maken die goed te manoeuvreren is maar waar mensen zich wat kwetsbaar in zullen voelen. Volgens het ontwerpteam gaan mensen als ze zich kwetsbaar voelen voorzichtiger en veiliger rijden. Het

201

Ethical issues in engineering design operationaliseren van het criterium duurzaamheid werd gedaan op de volgende wijze. Een duurzame auto is een auto waarvan het energieverbruik in de hele levenscyclus laag is. De meeste energie wordt verbruikt in de gebruiksfase. Het brandstofgebruik tijdens het rijden wordt deels bepaald door het gewicht maar ook door de aërodynamica en rolweerstand. Een auto met een laag gewicht is duurzaam omdat deze zuinig rijdt. Uiteindelijk is het duurzaamheidcriterium dus geoperationaliseerd als een auto met een maximaal gewicht van 400 kg. Buiten het lage gewicht werd er ook geëist dat de auto emotioneel duurzaam moest zijn. Emotionele duurzaamheid betekende volgens het ontwerpteam dat het gebruik van de auto meerwaarde moet geven buiten alleen het vervoer van de ene naar de andere plek. Het gebruik van de auto moet leuk zijn en er moet een band ontstaan tussen de auto en de bezitter. Deze operationalisatie van duurzaamheid kan tot tegenstrijdigheden leiden. Zo leidt het gebruik van lichtgewicht materialen tot een slechte recyclebaarheid van de auto. Bovendien is het niet duidelijk dat een leuke stadsauto, hoe lichtgewicht ook, duurzaam kan zijn. In steden in Europa zijn er vaak andere en meer energiezuinige manieren om je te verplaatsen zoals per openbaar vervoer of per fiets. De operationalisatie van veiligheid en duurzaamheid en de trade-offs hier tussen werden gemaakt op basis van interne ontwerpteam normen. De mensen in het ontwerpteam werkten voor het eerst samen en de interne normen ontstonden tegelijkertijd met het ontwerp. De interne normen waren gebaseerd op de opleiding van de mensen in het ontwerpteam, de ontwerpervaring (veel studenten dus er was maar weinig ontwerpervaring) en de persoonlijke ervaring van de mensen in het ontwerpteam. De tweede case gaat over de ethische kwesties die spelen bij het ontwerp van drukvaten en pijpleidingen. Deze zijn met name gerelateerd aan de veiligheid van de (petro) chemische installatie. Het ontwerp van drukvaten en pijpleidingen was in dit geval normaal ontwerp. In het ontwerp van installaties wordt gebruik gemaakt van een regulatief raamwerk bestaande uit Europese en nationale wetgeving, normen en standaarden. Bovendien moest het ontwerp gecertificeerd worden. Ingenieurs denken dat het volgen van het regulatief raamwerk een goede manier is om veilige installaties te ontwerpen. Toch zijn niet alle ethische kwesties geregeld in het regulatief raamwerk. Zo zijn er geen regels voor het opstellen van belastingscenario’s en ongevalscenario’s in het regulatief raamwerk opgenomen. De stress engineer moet hierover beslissingen nemen. De certificerende organisaties, waaronder Lloyd’s Register Stoomwezen, mogen de risicoanalyse die gemaakt moet worden door het ontwerpbureau officieel niet beoordelen. Buiten deze ethische kwesties speelt er soms nog een vraag over de verantwoordelijkheidsverdeling tussen ontwerpbureau en constructiebedrijf.

202

Samenvatting Sommige details worden door het ontwerpbureau niet helemaal ingevuld omdat het constructiebedrijf tijdens de constructie wat vrijheid moet hebben in de constructiemethode. Dit kan het ontwerpbureau er toe verleiden om de moeilijke details maar niet in te vullen. Volgens de geïnterviewde ingenieurs ontstaat er in Nederland mogelijk een probleem omdat de kennis over het ontwerpen van een veilige installatie afneemt. Ontwerpbureaus hebben in de jaren negentig ervaren ingenieurs ontslagen. Chemische bedrijven hebben hun ingenieursafdeling gesloten. Stoomwezen, dat tot de invoering van de Europese Richtlijn voor Drukvaten de enige certificerende instantie was in Nederland, heeft gedurende een lange tijd een vacaturestop gehad en op dit moment gaan daar ervaren inspecteurs met pensioen terwijl de jongere inspecteurs nog niet genoeg ervaring hebben. Deze situatie kan ertoe leiden dat er uiteindelijk te weinig kennis is om een veilig ontwerp te maken. De derde case is het constructieve voorontwerp van een brug over het Amsterdam-Rijnkanaal. Het Ingenieursbureau van de Gemeente Amsterdam (IBA) maakte dit voorontwerp. Het architectonische ontwerp en het pakket van eisen waren al eerder opgesteld door de architect en door een andere gemeentelijk dienst in samenwerking met IBA. Het was een normaal ontwerp van een boogbrug; het werkend principe en de normale configuratie werden gebruikt. Er speelden ethische vragen rondom de operationalisering van veiligheid en duurzaamheid en afwegingen die gemaakt moesten worden tussen veiligheid en architectonische vorm. Het ging bij de brug niet alleen om de veiligheid tijdens het gebruik maar ook om de veiligheid tijdens de constructie en het voorkomen van hinder aan schepen. Voor de veiligheid tijdens het gebruik bestaat een regulatief raamwerk gebaseerd op het Bouwbesluit. Dit raamwerk is uitgebreid maar niet compleet. Er is bijvoorbeeld niets opgenomen over het voorkomen van misbruik. Mensen op de brug kunnen dingen naar beneden gooien op schepen en omdat de bogen niet steil zijn kunnen mensen zelfs proberen over de bogen naar boven te lopen. Over het voorkomen hiervan zijn geen richtlijnen opgenomen in het regulatieve raamwerk. Op het moment dat de ingenieurs in een later stadium zouden beslissen om de bogen af te schermen met een hek, zou dat mogelijk kunnen leiden tot problemen met de architect omdat die zijn architectonisch ontwerp aangetast ziet worden door hekken. Een andere ethische keuze was dat er gekozen moest worden tussen de Europese normen en de NEN normen. Het regulatief raamwerk is dus wat ambigu. Er komt op dit moment een voorlopige versie van een nieuwe Europese code voor bruggen uit. Deze code zal uiteindelijk de oude Nederlandse NEN normen gaan vervangen maar gedurende een bepaalde tijd mag er een keuze

203

Ethical issues in engineering design gemaakt worden tussen de oude NEN en de nieuwe Europese code. In dit ontwerpproces moesten de ingenieurs hun klant adviseren over de keuze tussen NEN normen en de Europese code. De NEN normen onderschatten de vermoeiingsbelastingen maar de ingenieurs hadden wel veel ervaring met de NEN normen terwijl ze de nieuwe Europese code niet kenden. Uiteindelijk adviseerden de ingenieurs om de nieuwe Europese code te gaan gebruiken in het definitieve ontwerp. De ingenieurs moesten tijdens dit voorontwerp al een Veiligheids- en Gezondsheidsplan opstellen. Het Veiligheids- en Gezondheidsplan vereist dat risico’s voor mensen op de bouw in een lijst opgenomen zijn en dat waar mogelijk de risico’s verminderd worden. Deze eis werd procedureel opgevat en een lijst werd gemaakt met risico’s voor mensen op de bouwplaats. Het verminderen van deze risico’s werd doorgeschoven naar latere ontwerpfases of naar de aannemer. Er werd dus wel een Veiligheids- en Gezondheidsplan opgesteld maar dit had geen invloed op het voorontwerp. Op basis hiervan zijn geen ontwerpveranderingen aangebracht. De ingenieurs kenden ook alleen maar de eis om het plan op te stellen; de rest van het regulatieve raamwerk over veiligheid tijdens de bouw was hen onbekend. Als de arbeidsomstandigheden van bouwvakkers echt meegenomen zouden moeten worden in het ontwerp dan was alleen het eisen van een lijst met risico’s waarschijnlijk niet genoeg. Het is een morele vraag of ingenieurs niet alleen de lijst zouden moeten maken, maar ook het ontwerp aanpassen zodat de risico’s voor bouwvakkers minder worden. De vierde case is het voorontwerp en de haalbaarheidsstudie van een lichtgewicht open vrachtwagen trailer. Het voorontwerp werd gemaakt voor een klein trailerbedrijf dat zich richt op innovaties binnen trailerproductie. Het is een radicaal ontwerp omdat het materiaal waarvan de trailer gemaakt moest worden, composieten, nog niet vaak gebruikt was voor trailers. Bovendien werd de trailer uitgerust met een nieuw laad- en lossysteem. De normale configuratie werd dus veranderd. De trailer moest wel aan een normale truck gekoppeld kunnen worden. In deze case waren de belangrijkste ethische kwesties gerelateerd aan de operationalisatie van veiligheid en het toeschrijven van verantwoordelijkheden. De ethische kwesties die een rol speelden in de operationalisatie van veiligheid waren de volgende. Ten eerste operationaliseerden de ingenieurs een veilige trailer als een constructief betrouwbare trailer. Dat de trailer onderdeel zou gaan uitmaken van het verkeer en gevaarlijk zou kunnen zijn voor andere weggebruikers namen de ingenieurs niet mee. Terwijl de ingenieurs bij het maken van het voorontwerp wel beslissingen namen over waar stijve constructie onderdelen moesten komen in de trailer, werden verkeersveiligheid en botscompatibiliteit van de trailer

204

Samenvatting buiten beschouwing gelaten. Het beslissen waar stijve constructiedelen komen bepaalt tevens waar andere auto’s of fietsers of voetgangers tegen aan botsen tijdens een ongeluk. Ten tweede werden om de constructieve betrouwbaarheid van de trailer vast te stellen, belastingscenario’s en materiaaleigenschappen van composieten gebruikt. Er zijn verschillende waardes voor de maximale rek waaraan een composiet mag worden blootgesteld. Deze waardes houden rekening met bepaalde invloeden van de omgeving op het composiet en er zijn ook veiligheidsfactoren in verwerkt. Er moest in dit ontwerp een keuze gemaakt worden tussen de door verschillende organisaties voorgestelde maximale rekken. Bovendien moesten er belastingscenario’s opgesteld worden voor de berekeningen. In een belastingscenario wordt aangegeven welke krachten er wanneer op de trailer zullen werken tijdens gebruik. Deze belastingscenario’s, voor bijvoorbeeld het rijden met een met zand volgeladen trailer, waren niet bekend. De belastingscenario’s en het ontwerp werden tegelijkertijd aangepast in de berekeningen. Dit is een ethische kwestie omdat deze berekeningen uiteindelijk bepalen binnen welke grenzen de trailer heel blijft. Als de trailer zwaarder belast wordt dan kan hij kapot gaan met alle gevolgen vandien. Ten derde schreven de ingenieurs de verantwoordelijkheid voor de verkeersveiligheid toe aan de overheid en de chauffeurs. De verantwoordelijkheid voor het opstellen van de eisen schreven ze toe aan de klant. De overheid moet in hun ogen zorgen voor goede regelgeving en de chauffeur moet voorzichtig rijden. De klant moet zorgen voor het stellen en eventueel aanpassen van de vereisten. Beslissingen over ethische kwesties zoals de constructieve betrouwbaarheid werden genomen op basis van interne normen. Deze interne normen zijn gebaseerd op de opleiding die de ingenieurs hebben -meer dan de helft van de ingenieurs in het ingenieursbureau heeft Lucht- en Ruimtevaart gestudeerdmaar ook op de eerdere ontwerpervaringen en persoonlijke ervaringen. Op basis van de vier cases trek ik de volgende conclusies met betrekking tot de werkhypotheses: - Werkhypothese 1a wordt gedeeltelijk ondersteund door de cases: Hoewel op een heel algemeen niveau de ethische problemen in een radicaal en een normaal ontwerp meest gezien kunnen worden als problemen rondom operationalisatie van veiligheid of duurzaamheid, het maken van trade-offs of het toeschrijven en verdelen van verantwoordelijkheid, is er toch wel een verschil te zien. In de normale ontwerpen waren de meeste operationalisatie problemen in de vorm van een keuze tussen gegeven alternatieven. In de radicale ontwerp cases kwam deze vorm van

205

Ethical issues in engineering design operationaliseren niet voor, maar moesten alle operationaliseringen nog helemaal uitgewerkt worden. - Werkhypothese 1b wordt ook gedeeltelijk ondersteunde door de cases: De manier waarop ingenieurs omgaan met de ethische problemen hangt af van het ontwerptype. In de normale ontwerp cases gaf het regulatief raamwerk soms alternatieven waartussen gekozen moest worden en als er geen alternatieven gegeven waren dan was het altijd nog mogelijk om met de certificerende instantie te overleggen. In de radicale ontwerp cases werden beslissingen over ethische kwesties gemaakt op basis van interne ontwerpteam normen. Deze normen waren gebaseerd op de ontwerpervaring, de opleiding en de persoonlijke ervaring van de ontwerpteamleden. - Werkhypothese 2a wordt ondersteund door de cases: In de normale ontwerpen werd, waar mogelijk, het regulatief raamwerk gebruikt om beslissingen te nemen over ethische kwesties. - Werkhypothese 2b wordt door de cases weerlegd: De regulatieve raamwerken in de cases voldeden niet aan Grunwalds eisen. Het regulatief raamwerk in de pijpleidingen en drukvaten case wordt niet geaccepteerd door alle relevante actoren. Het regulatief raamwerk voor veiligheid tijdens het gebruik van een brug is niet pragmatisch compleet en bovendien ambigu. Deze conclusies uit de cases kunnen op empirische en conceptuele gronden gegeneraliseerd worden. Op empirische gronden kan men verwachten dat voor de meeste producten inderdaad een regulatief raamwerk bestaat. Uit de doelstelling van de Europese Unie, namelijk een vrije markt voor personen en goederen, kan afgeleid worden dat het de bedoeling is om zoveel mogelijk producten onder Europese Richtlijnen te laten vallen. Alleen producten die onder Europese Richtlijnen vallen krijgen een CE markering en mogen daarmee in heel de EU op de markt gebracht worden. Deze richtlijnen verwijzen vaak weer naar normen en standaarden. Het is dus aannemelijk dat voor de meeste producten een regulatief raamwerk bestaat. Omdat producten gecertificeerd moeten worden en het volgen van het complete regulatieve raamwerk de gemakkelijkste manier is om aan te tonen dat een product voldoet aan de gestelde eisen, zal over het algemeen dan ook een regulatief raamwerk daadwerkelijk gebruikt worden in normale ontwerpprocessen. Er kan echter niet vanuit gegaan worden dat de regulatieve raamwerken voldoen aan Grunwalds eisen voor een normatief raamwerk. Op conceptuele gronden kan aannemelijk gemaakt worden dat in een radicaal ontwerp regulatieve raamwerken niet of slechts gedeeltelijk toepasbaar

206

Samenvatting zijn. Als alleen de normale configuratie anders wordt, bijvoorbeeld door een ander materiaal te gebruiken, dan zijn bepaalde delen van het regulatieve raamwerk niet toepasbaar. Als composieten gebruikt worden in plaats van metalen dan zijn alle delen uit het regulatieve raamwerk waarin gesproken wordt over de spanning in het materiaal niet meer toepasbaar. Als de normale configuratie en het werkend principe anders zijn dan kunnen de meeste delen van het raamwerk niet meer toegepast worden, hoewel het hoger gelegen doel van het regulatief raamwerk nog wel relevant is. Een voorbeeld is het ontwerp van automatisch geleide voertuigen.Volgens het regulatief raamwerk moet elk voertuig een bestuurder hebben. Dit wordt vereist om zo het verkeer veilig te maken. Veilig verkeer is nog wel relevant voor automatisch geleide voertuigen maar het vereisen van een bestuurder is tegenstrijdig met het doel van automatisch geleide voertuigen. Omdat in een radicaal ontwerp er minder of helemaal niet teruggevallen kan worden op regulatieve raamwerken zullen meer ethische beslissingen genomen worden op basis van interne ontwerpteam normen. In het laatste hoofdstuk worden deze conclusies gebruikt om een begin te maken met een discussie over wat de invloed van het ontwerptype en de aanwezigheid van een regulatief raamwerk is op de vertrouwensrelatie tussen de maatschappij en ingenieurs. Ik maak hierbij gebruik van de analyse van vertrouwen van Annette Baier. Volgens Baier is vertrouwen een ternaire relatie: persoon A vertrouwt persoon B met gewaardeerd ding C. Baier stelt dat vertrouwen een speciaal soort afhankelijkheidsrelatie is: je bent afhankelijk van iemands welwillendheid ten opzichte van jou. Op basis van deze ideeën heb ik in hoofdstuk 2 gesteld dat vertrouwen in ingenieurs gerechtvaardigd is als ingenieurs (1) welwillend zijn ten opzichte van de maatschappij (2) ze competent zijn en het regulatieve raamwerk gebruiken en (3) het regulatief raamwerk adequaat is en voldoet aan Grunwalds eisen. In hoofdstuk 9 neem ik aan dat ingenieurs welwillend zijn ten opzichte van de maatschappij omdat vertrouwen in mensen die kwaadwillend zijn nooit gerechtvaardigd is. De condities voor gerechtvaardigd vertrouwen in ingenieurs betekenen in het geval van normaal ontwerp dat ingenieurs technisch competent moeten zijn. Ingenieurs moeten het regulatief raamwerk en de grenzen ervan kennen, maar ook moeten ze weten welke organisaties welke onderdelen van het raamwerk formuleren. Als ingenieurs vertrouwd worden om normale ontwerpen te maken volgens het raamwerk dan horen ze ook de problemen die ze ondervinden met het toepassen van onderdelen van het regulatief raamwerk door te geven aan de organisaties die de betreffende onderdelen geformuleerd hebben. Technische competentie van ingenieurs is niet voldoende, het regulatief raamwerk moet ook

207

Ethical issues in engineering design adequaat zijn. Tot nu toe heb ik Grunwalds eisen voor een normatief raamwerk gezien als eisen aan een adequaat raamwerk. Er zijn echter problemen met deze eisen die het normatief raamwerk als basis voor vertrouwen in ingenieurs die normaal ontwerpen aantasten. Grunwald zegt over de eis dat het raamwerk geaccepteerd moet zijn, dat acceptatie breder moet zijn dan door alleen ingenieurs: alle betrokken partijen moeten het raamwerk accepteren. Maar betekent dit dat alle partijen actief moeten aangeven dat ze het raamwerk accepteren of mag er vanuit gegaan worden dat een raamwerk geaccepteerd is totdat er berichten over het tegendeel verschijnen in de media? Grunwald is hier niet duidelijk over. Bovendien kan uit het feit dat een raamwerk geaccepteerd is niet geconcludeerd worden dat het ook acceptabel is, dat zou een naturalistische drogredenering zijn. Ook de eisen pragmatisch compleet en niet ambigue zijn problematisch. Een raamwerk waarin geprobeerd wordt alles in detail voor te schrijven laat geen ruimte voor context en situatie specifieke overwegingen en is daardoor heel beperkt toepasbaar. Bovendien hebben ingenieurs ook wat vrijheid nodig om professioneel en moreel te handelen. Aan de andere kant geeft een gedetailleerd voorschrijvend raamwerk ingenieurs wel macht ten opzichte van een klant: aan bepaalde minimum eisen moet voldaan worden anders wordt het ontwerp niet goedgekeurd. Om de eisen vast te stellen waaraan een adequaat regulatief raamwerk moet voldoen zodat de maatschappij gerechtvaardigd vertrouwen kan hebben in ingenieurs die normaal ontwerpen moet nog uitgebreid onderzoek gedaan worden. Zoals uit dit onderzoek blijkt worden bestaande regulatieve raamwerken niet of maar gedeeltelijk toegepast in radicaal ontwerp. Vertrouwen in ingenieurs die radicale ontwerpen maken kan dus niet gebaseerd worden op het gebruik van regulatieve raamwerken. Voor de voorwaarden voor gerechtvaardigd vertrouwen in ingenieurs die radicaal ontwerpen val ik terug op de analyse die Baier gegeven heeft. Ingenieurs moeten de zaken die mensen, die mogelijke gevolgen ondervinden, waarderen beschermen in het ontwerp. De voorwaarden voor gerechtvaardigd vertrouwen in ingenieurs die radicale ontwerpen maken worden dan: - Ingenieurs moeten weten wat de mensen die gevolgen van het te ontwerpen product ondervinden waarderen met betrekking tot het te ontwerpen product - Ingenieurs moeten deze gewaardeerde zaken beschermen. Het is onmogelijk om empirisch vast te stellen wat mensen die mogelijke gevolgen ondervinden waarderen. In radicaal ontwerp zijn niet alle neveneffecten bekend, dus het vaststellen van alle mensen die gevolgen ondervinden is al niet mogelijk. Een manier voor ingenieurs om te weten te komen wat andere mensen waardevol vinden, kan zijn om te kijken naar wat zij

208

Samenvatting zelf waardevol vinden in andere sociale rollen die ze vervullen. Een vraag die ingenieurs zichzelf bijvoorbeeld kunnen stellen is: “Wat zou ik belangrijk vinden in dit ontwerp van een installatie op het moment dat deze in mijn buurt gebouwd zou worden?”. Het gebruik van persoonlijke ervaring door ingenieurs is geen garantie dat alle zaken die mensen waarderen ook erkend worden, maar kan wel leiden tot een verbreding van de waarden die meegenomen worden in het ontwerpproces. Om de kans op blinde vlekken zo klein mogelijk te maken zouden ontwerpteams divers moeten zijn. Een ontwerpteam zou moeten bestaan uit ingenieurs met verschillende levens en achtergronden. Op die manier is de kans het grootst dat het ontwerpteam als geheel alle zaken die mensen waarderen die de gevolgen ondervinden kan herkennen.

Anke Christine van Gorp, november 2005, Technische Universiteit Delft

209

Appendix 1 All interview transcriptions were approved by the interviewees. All observation notes and tapes are transcribed but these were not given to the design teams for approval. Chapter 4 DutchEVO Interviews E. van Grondelle, projectleader, Delft Unviersity of Technology, 6 June 2001 N. Gerrits, BSc student, HTS Autotechniek Arnhem, 29 May 2001 J. de Kanter, PhD student, Aerospace Engineering, Delft University of Technology, 31 May 2001 P. van Nieuwkoop, PhD student, Aerospace Engineering, Delft University of Technology, 31 May 2001 R. Porcelijn, Industrial designer, 7 July 2000 and 14 March 2001 M. Ribbers, BSc student, HTS Autotechniek Arnhem, 28 May 2001 N. Gerrits, BSc student, HTS Autotechniek Arnhem, 29 May 2001 R.van Rossum, MSc student, Aerospace engineering, Delft University of Technology, 8 June 2001 A. van Schaik, PhD student, Recycling, Civil Engineering and Geosciences, Delft University of Technology, 3 July 2001 G. Sterks, MSc student, Aerospace Engineering, Delft University of Technology, 21 February 2001 H. Welten, MSc student, Aerospace Engineering, Delft University of Technology, 1 June 2001 Observations Design meetings (some lasted only 30 minutes others about 2 hours) 19, 20 and 21 July 2000 design meetings throughout the day 8 August 2000, 20 September 2000, 4 October 2000, 25 January 2001 (graduation presentation and discussion G. Sterks), 21 February 2001, 14 March 2001, 28 March 2001, 29 March 2001, 11 April 2001, 25 April 2001, 2 May 2001, 9 May 2001 Project meetings (project meetings lasted about 2 hours) 1 August 2000, 7 September 2000, 11 October 2000, 6 December 2000, 10 January 2001, 1 February 2001, 1 and 2 March 2001 (project excursion to companies) 21 February 2001, 11 April 2001

211

Ethical issues in engineering design Presentation and discussion: 11 July 2001. Attended by J. de Kanter, E. van Grondelle, P. van Nieuwkoop, R. van Rossum, N. Gerrits, J. Jacobs, J. Spoormaker and A. Vlot For the reconstruction of the design process before I started the observations I relied on the DutchEVO archive. Chapter 5 Piping and Equipment Interviews J. van Duijvenbode, Piping Designer, Jacobs Engineering, 3 April 2002 H. van Gein, Stress Engineer Jacobs Engineering, 3 April 2002 J. de Jong, Materials Engineer, Jacobs Engineering, 3 April 2002 N. van Leeuwen, Manager of Engineering Jacobs Engineering, 21 March 2002 R. Steur, Discipline Supervisor, Jacobs Engineering, 3 April 2002 A. de Wit, Job Engineer, Jacobs Engineering, 3 April 2002 A. van Hoynck van Papendrecht, Senior Design Appraisal Engineer, Lloyd’s Register, 23 May 2002. N. Kuipers, PhD student Materials Science and Engineering Delft Univeristy of Technology, former Specialist at Akzo Nobel Engineering, 4 April 2002. G. Küpers, consultanting engineer, 20 February 2002 Background information on problems in piping and pressure equipment design from the internet forum: engineering tips forum [www.eng-tips.com]. Discussion on this forum were followed from Dec 2001 to March 2002. Chapter 6 Bridge Interviews M. Aalstein, Design leader and Engineer Steel, IBA, 30 March 2004 J van der Elsken, Engineer Concrete, IBA, 30 March 20004 E. Hemmelder, Project Leader, IBA, 31 October 2003. H. van Kleef, Engineer Steel, IBA, 5 April 2004. S. Molleman, health and safety and Building Site Engineer, IBA, 29 March 2001 W. Quist, Architect, 27 April 2004 G. Wurth, Consultant Civil Constructions, IBA, 28 January 2003 Short interview by telephone with R. Dayala, IBA, 20 April 2004

212

Appendix 1 Observations Design meetings lasted about 2 hours. The following design meetings were observed: 3 February, 17 February, 1 March, 2 March, 15 March, 30 March and 13 April 2004 Presentation and discussion: 10 June 2004. Attended by E. Hemmelder, M. Aalstein, H. van Kleef, R. Segwobind, J. Swier and F. van der Pol Chapter 7 Trailer Interviews P. de Haan, Engineer CLC, 4 June 2003 P. Knapen, Ruflor, 20 November 2003 L. Tromp, Engineer CLC, 18 March and 18 June 2003 Observations Meetings with customer: 24 March, 7 May and 12 August 2003 Meetings without customer, these meetings lasted between 1 hour and a whole day: 18 March, 25 March, 4 April, 8 April, 10 April, 15 April, 17 April, 25 April, 2 May and 6 May 2003 Presentation and Discussion: 28 August 2003. Attended by L. Tromp, P. de Haan, G. van der Weijde, A. Verheus, A. Beukers, D. Tiemens, R. Brouwer, M. Gan, R. Janssen and H. van Schie

213

Appendix 2 Members of the DutchEVO design team.1 Thomas: project leader, worked 14 hours a week for DutchEVO, had a degree in Industrial Product Design from the Artschool Den Haag, had a degree in information technology, and an MBA in Management of Automobile Design. He has worked for an industrial design bureau and for a large company in the US as an advisor for styling departments in automotive industry where he advised on design processes and the use of ICT. He has worked freelance for over 6 years, sometimes as a car designer himself, sometimes teaching car engineers. He is married and has two young children. He joined the DutchEVO project at the end of 1999. Pete: head designer, studied Industrial Design at Delft University of Technology. He had done an internship at a car design studio in Italy. Pete was one of the members that had started the project, he worked 2 days a week for DutchEVO. He stopped working for DutchEVO in June 2001. Michael: Industrial designer, he was hired to design the interior but quitted in November 2000. Scot: Industrial designer and cultural scientist worked a few months begin 2001 for DutchEVO on ageing of design. Jack: Industrial designer and mechanical engineer, he worked one day a week for the university, teaching Vision in product design at Industrial Design, Delft University of Technology. He was an advisor and sometimes followed meetings and gave advice. He was reluctant to take any responsibility for the DutchEVO project. Dave: A PhD student when the project started, his appointment changed to that of Universitair Docent (Lecturer) aeroplane materials and design in October 1999. He had a M.Sc. in Aerospace Engineering. He supervised a lot of students doing their master’s thesis some within DutchEVO other students outside —————————————————————————————————— 1

The names are altered.

215

Ethical issues in engineering design DutchEVO but with overlapping subjects. He still intended to finish his PhD project on materials for crash safety. Ed: A PhD student in Aerospace engineering. He was doing research on the joining of aluminium and choosing between several joining techniques. DutchEVO was a case-study for him, he supervised Charlie and William together with Dave. Charlie: Student Aerospace Engineering did his master’s thesis on the load bearing understructure of the DutchEVO. He was supervised by Dave and Ed. He worked on his master’s thesis until January 2001. Josef en Jeff: Students from the HTS Autotechniek in Arnhem, did their end project for DutchEVO. They assessed different drivelines for suitability in the DutchEVO. They were supervised by Dave and finished their work November 2000. George en Jill: Students from the HTS Autotechniek in Arnhem, did their end project for DutchEVO. They made a concept design for the suspension of the DutchEVO. They were supervised by Thomas and a professor in car dynamics, they graduated in May 2001. Mark: Student Aerospace Engineering doing his master’s thesis in aerodynamics, he advised the DutchEVO team on the aerodynamics. His first supervisor was someone specialised in aerodynamics from Aerospace Engineering and his second supervisor was Dave. He worked on his master thesis from July 2000 until August 2001. William: Student Aerospace Engineering doing his master’s thesis in the DutchEVO project, he made a concept design for the upper structure of the car. He started begin 2001 and was supervised by Dave and Ed. Katinka and Alexander: Russian Postdoc and PhD-student looking at the development of a computer program to optimize material use. DutchEVO was a case-study for them. They should decide on (biodegradable) materials for nonloaded side panels (Alexander) and material for the rocker (Katinka). Official members of the team, unofficially they did not participate much in the design as well as in social activities. Alexander succeeded another Russian PhD student Natasha, who was forced to stop after a year, he started Dec 2000.

216

Appendix 2 Ryan: Industrial designer, who looked at driveline and fuel, worked for a few months for the project and quitted October 2000. He had car racing as a hobby. John: Student from Mechanical Engineering who did a lot of simulations for vehicle dynamic behaviour (in July 2000 to December 2000). He did not finish a report therefore making his results almost inaccessible to other team members. If the results were promising he would have been allowed to do his master’s thesis on the dynamic behaviour of the DuchtEVO with a supervising professor and a supervisor. This did not happen and he quietly left the team after a short presentation of his results. Susan and Ann: Both PhD student from Applied Earth Science studying recycling. They were not part of the design team but were (sometimes) present at project meetings and did have some input and gave advice. They were involved during the whole period that I have followed DutchEVO.

217

Dankwoord En dan is het eindelijk tijd om het dankwoord te schrijven……. Ik wil allereerst mijn promotoren Peter Kroes en Jeroen van den Hoven bedanken voor hun begeleiding. Peter bedankt dat je me deze kans gegeven hebt om als ingenieur zonder noemenswaardige achtergrond in de ethiek een proefschrift in de ethiek en techniek te schrijven. Je hebt me met veel geduld wetenschappelijk en filosofisch leren schrijven. Jeroen, jammer dat je er pas zo laat bij bent betrokken, maar ik heb toch veel gehad aan je commentaar en ideeën. Mijn twee dagelijks begeleiders, Henk Zandvoort en Ibo van de Poel, zijn onmisbaar geweest. Zonder hen had ik het voor mij nieuwe vakgebied niet eigen kunnen maken. Henk, bedankt voor al het commentaar en de steun die je gegeven hebt. Samen met Ibo heb ik twee artikelen geschreven en daar heb ik heel veel van geleerd. Ibo, je hebt me geholpen mijn ideeën te verbeteren en goed te formuleren. Ik ben heel vaak je kamer binnen gelopen om een idee uit te proberen of gewoon even te praten; bedankt dat ik dan welkom was. Theo van Willigenburg wil ik bedanken voor alle goede ideeën die hij mij gegeven heeft toen hij in mijn begeleidingscommissie zat. Miranda, thank you for the correction of my thesis and for all your advice on English writing. Ik wil ook al mijn collega’s bij de sectie Filosofie bedanken, ze hebben mijn promotie buiten een leerzame ook een gezellige tijd gemaakt. Sabine, je bent de beste kamergenote die ik me kan wensen. We hebben het heel gezellig gehad en je stond altijd klaar mij iets uit te leggen over ethiek. Verder wil ik Michiel bedanken, omdat hij mij zo goed opgevangen heeft toen ik begon met werken en nog de enige Aio was. Marcel, Jeroen, Lotte, Maarten en Noëmi jullie waren geweldige collega aio’s en ik vond onze besprekingen en etentjes heel gezellig. Verder wil ik nogmaals de mensen uit de case-studies bedanken. Het was heel erg interessant en leuk om mee te mogen lopen met ontwerpprocessen. Ik wil met name Jens, Elmer, Liesbeth, Peter, Piet, Erwin en Malcolm noemen; bedankt voor jullie tijd en steun. Mijn vrienden Joyce, Karin, Erwin, Michiel en Marjolein wil ik bedanken voor hun steun. Rest mij nog mijn ouders en mijn tweelingzus Bouke te bedanken, omdat ze er altijd voor me zijn. Bouke, ook bedankt voor alle boeken en artikelen die ik via jou uit de universiteitsbibliotheek van Utrecht geleend heb. Als laatste wil ik Thijs bedanken die letterlijk samen met mij heeft toegewerkt naar onze promoties.

219

Curriculum Vitae Anke van Gorp was born in Tilburg on the 24th of August 1975. From 1987 until her graduation in 1993 she attended St Odulphus Lyceum in Tilburg. After this she studied Materials Science and Engineering at Delft University of Technology. She received her M.Sc in 1999 on a masters’ thesis about the fracture toughness of aluminium metal matrix composites. After this she started her PhD research in the department of Philosophy, Faculty of Technology, Policy and Management at Delft University of Technology. She currently works as a researcher at the Tilburg Institute for Law, Technology and Society at Tilburg University.

221

Simon Stevin (1548-1620) 'Wonder en is gheen Wonder' This series in the philosophy of technology is named after the Dutch / Flemish natural philosopher, scientist and engineer Simon Stevin. He was an extraordinary versatile person. He published, among other things, on arithmetic, accounting, geometry, mechanics, hydrostatics, astronomy, theory of measurement, civil engineering, the theory of music, and civil citizenship. He wrote the very first treatise on logic in Dutch, which he considered to be a superior language for scientific purposes. The relation between theory and practice is a main topic in his work. In addition to his theoretical publications, he held a large number of patents, and was actively involved as an engineer in the building of windmills, harbours, and fortifications for the Dutch prince Maurits. He is famous for having constructed large sailing carriages. Little is known about his personal life. He was probably born in 1548 in Bruges (Flanders) and went to Leiden in 1581, where he took up his studies at the university two years later. His work was published between 1581 and 1617. He was an early defender of the Copernican worldview, which did not make him popular in religious circles. He died in 1620, but the exact date and the place of his burial are unknown. Philosophically he was a pragmatic rationalist for whom every phenomenon, however mysterious, ultimately had a scientific explanation. Hence his dictum 'Wonder is no Wonder', which he used on the cover of several of his own books.

Simon Stevin Series in the Philosophy of Technology Books and Dissertations Volume 1: Marcel Scheele, The Proper Use of Artefacts: A philosophical theory of the social constitution of artefact functions Volume 2: Anke van Gorp, Ethical Issues in Engineering Design; Safety and sustainability Research Documents Peter Kroes and Anthonie Meijers (eds.), Philosophy of Technical Artifacts

tot het bijwonen van de verdediging van mijn proefschrift:

Ethical issues in engineering design op maandag

14 november 2005 om 10.30 uur

Anke van Gorp

‘Wonder en is gheen wonder’

Uitnodiging

Ethical issues in engineering design

Engineers have to make decisions concerning ethical issues during technological design processes. In this thesis the kinds of ethical issues that engineers encounter are described, together with the way engineers deal with them, with a focus on ethical issues related to safety and sustainability. Four design processes were studied, the design process for an ultra light car, for piping and equipment for chemical installations, for a bridge and for a lightweight open truck trailer. A difference can be seen between normal and radical design. During the normal design processes for the bridge and piping and equipment for chemical installations engineers referred to regulative frameworks to account for decisions about safety and sustainability. These regulative frameworks give minimal requirements, (parts of) operationalisations, rules and guidelines for use in normal design. Engineers do not, or only partly use, the regulative frameworks in the radical design processes of an ultra light car and a lightweight open truck trailer instead they relied on internal design team norms for making decisions about ethical issues. Following the descriptive casestudy research, the author discusses some preliminary notions for conditions for warranted trust in engineers making normal and making radical designs.

Ethical issues in engineering design Safety and sustainability Anke van Gorp

in de senaatszaal van de aula van de Technische Universiteit Delft aan de Mekelweg 5

Voorafgaand aan de verdediging zal ik om 10.00 uur een korte toelichting geven. Na afloop bent u van harte welkom op de receptie.

Simon Stevin Series in the Philosophy of Technology

Anke van Gorp Simon Stevin Series in the Philosophy of Technology

Westeinde 21c 2512 GS Den Haag 070-3608712