I would hate to have the logic of some system be "99.99% of the time we should stop motion, so that's pretty much the same as 'all the time'." No. It's a case-by-case basis, so you don't overlook that 0.01% circumstance.
An application, within itself which needs no exceptions (ref, my elevator example earlier), should detect hazards and prevent motion 100% of the time imo. My 99.99% comment relates to those rare systems that allow a safety device to allow motion. Very rare.
Even my new SUV has me forced to place my foot on brake before I can start the engine.
If an autonomous vehicle is traveling at 55 mph...a fork in the road appears...a hazard is detected at the entrance of both forks simultaneously...the vehicle should drop power to all drive motors, allow power to brake systems for controlled deceleration and maintain a straight path and let it all play out as it may. This is my opinion.
Forget the fork. Straight road. 55mph, hazard detected straight ahead. Same safety shutdown (imo), no swerving to miss hazard (possibly causing a vehicle rollover to collision to undetected person or object). Disanle power to main drives, allow brakes and of course low voltage power to monitor and deploy air bags if needed.
You know what concerns me the most? That this technology is advancing fast. Imo, faster than standards can be agreed upon and implemented...including government regulation (state & federal for USA). This is worrisome because, like hinted at earlier in thread, some programmer or hardware designer can do things counter productive to insuring safety. For USA work environments there are decades and decades of safety standards (OSHA, etc). Not so for autonomous vehicles...it will take time. So it is important that these developers use safety standards from other areas.
One more lack of standards point to make please. It would be unfortunate for Brian, at ABC company in New York, might use (2) low resolution optical cameras for front detection. While Julie, at XYZ company in Seattle, might use (4) high resolution cameras with advanced infra red night vision. The silly point I am making is both may help engineer a system but without strict industry standards and regulations, one system can be inferior to another
Anyway, all my opinions are based on automotive plant experience. Moving vehicles, inside a manufacturing plant, are not new to me. Been engineering them for over 20 years. They are usually called AGV (automatic guided vehicle). They zipp along car plant pathways all the time...with people constantly walking near them (often visitors taking a factory tour). No of course they do not do 55 mph inside a factory. However, one thing is always certain...whether in a USA, Canada, Mexico, U.K. or Japan plant for my projects....safety devices shut down motion devices. No decision making (yes we have full blown PLC's onboardthe AGV and fully capable of decision making routines in code. No way though. Our safety devices are redundant and always stop motion. Software input on PLC and also a mandatory hardwire circuit (bypassing PLC i/o) directly to relays.
Post seems like it is getting long. Wrapping up, I remain hopeful these vehicle will be safe for all. As far as legal liability? I am of the opinion it less risky to follow the old tried and accepted practice of "safety devices prevent motion, not allow it". This has held up well in USA and Japan courtrooms for decades. The day a company allows a safety device to allow motion (like swerving a vehicle suddenly) and a pedestrian(s) dies, it will untested territory in courtrooms from what I understand. That may not bode well for the manufacturer of that vehicle.
What's your thought Dave? On the courtroom aspect?