Introduction

View 3 Agency in the railway

1.0. How is a railway like a computer?
 

if all trains ran according to schedule and never broke down, there would be little need for a signalling system [BR Railway Signalling HB]

history of railways as a specification process

circumscription / closed system

even as of 1951 [RforD p215]: single box at York controls 6 route miles and thirty-three miles of complicated junctions including the 16 platforms of York station – never see a train, work entirely by illuminated track circuit diagram ... no point will move, no signal change from RED unless the movement they authorise is in order

full automation is quite possible

could it be made even simpler in some circumstances? e.g. using GPS.

1.1. How has this come about?

circumscription, closed world

foolproof? - against foreseeable perturbation of the system

train breakdown

engine failure

axle failure

timetable delay

signalman aberration

driver aberration yes, within reason

adverse weather conditions

cow on line? possibly not

vandals on bridge?

vandalism of railway equipment?

vandalism by a signalman

driver malicious aberration no?

catastrophic breakdown (eg explosion of freight truck)

earthquake? lightning? nuclear explosion? definitely not!

Can there be a danger in automatic control? cf concern about interlocking removing discretion from the signalman ... e.g. train passes clear signals and approaches points where it would in fact be safer, because of (say) crashed bus on line to redirect on to loop line .... concerns voiced in the early days of railway development

1.3. Key: possibility of stimulus-response to detect & correct (or negate)

signalling of its nature is communication = stimulus/response

__________________________________________________

View 2 Agency in the railway

2.0. Understanding fully automated railway derives from state-based views

To appreciate why railway can be automated have to open up a black box: don't simply want to see that points can be changed and signals switched safely etc, need to know what self-conscious stimulus-response patterns are encapsulated in electronic components. Cf. a model railway, where the driver has no autonomy and the synchronisation of signal and train is contrived.

Understand this most easily by considering an earlier stage in the technology: railway signalling as it was in the heyday of the mechanical signalling era (NB Shrewbury station has been more complex than it is today.)

2.1. Basic concepts

Signalling protocols: distant, home and starting signal

Blocks: absolute blocking, permissive working

Track circuits

Division of responsibility + transfer of control between signal boxes

Communication between station-supervisor and signal box

What purposes do these serve?

Consider e.g.

• consequences of ignoring signalling protocols
• consequences of relaxing blocking restrictions
• consequences of dispensing with track circuits
• consequences of liberalising the communication regime

responsible driver slows down at distant

proceeds cautiously in permissive working

responsible signalman clears signals in particular sequence

follows the communication protocols faithfully

interlocking

cf every point and signal is a free agent

continuous braking

cf every carriage is capable of independent motion

the signalman can't set the points against the signal

the driver can't cross a stop signal:

Automatic Train Control

synchronisation points in protocol

means of interrogation for confirmation

check the route is set-up

Reference data + prepared questions needed to accompany video

What perceptions and privileges do the agents have?

signalmen

oracles handles

telegraph in telegraph out

state of levers levers

state of points / signals

intercom in intercom out

external traffic

schedule amend schedule

block indicator status

whistle / hooter

road set = is road set?

Rule 55: when a train is brought to a stand at a stop signal the driver must whistle, and if signal isn't lowered within 3 minutes in clear weather, or immediately in fog or falling snow, must send some-one to inform the signalman of the presence of the train.

Necessary precaution against signalman forgetting that a train is standing on the line. Person will only leave if given the all clear else levers are suitably mechanically wedged.

Norton Fitzwarren goods train involved in head-on collision with an express in such incident: had set its headlight from red (stop) to green (go) prematurely. Had the light been red it would have been visible at a greater distance.

what LSD guards apply to signalman privileges?

enabling condition for all clear signal to driver

driver

oracles

speed of train

stopping distance

weather conditions

brake setting

regulator setting

length of train

maximum permissible speed

road visibly obstructed (permissive working)

signal settings

is it important that the driver knows the route?

was in the last century: driver redirected onto line that he mistakenly supposed was a main line: train out of control

on the assumption that trains have to be on unusual lines in special circumstances, problem must still arise unless track can detect speed of train as well as inappropriate response to signals failures?

track circuit indicators – derivates? (cf York - no sight of trains)

World vs model

what's not in the signalman's picture

can't see schedule displayed on the platform indicator

doesn't know if there's a door open on the train

may not know why a train delays when signals cleared

what's partly under the signalmen's control

do I get to the office on time?

whether eat my lunch before arriving at work

whether it's possible to make a connection

Issues such as fairness, safety and liveness:

keep a train at the station all day:

why should I let this train go?

direct it around in circles

Need for conspiracy on the part of signalmen and possibly driver

cf. sabotage of train operation by drivers stopping in critical sections

(cf form of protest used by French lorry drivers)

Questions here re propriety and efficiency vs safety: how fast could the protocols be conducted to achieve all the appropriate goals? How would safety be compromised?

Incident at Hull 1927

Two signalling movements that should have been independently carried out, one legitimate the other normally impossible through interlocking, so synchronised that they led to misdirection of a train. Train from Scarborough redirected in to the path of the late arriving Withernsea train.

Probable that fail-safe guarantees some power to disrupt function: if agent doesn't act at all, then in some situations nothing will happen

"dead man's handle". Development in history towards protocols that mean that where an agent fails to act correctly, the consequences may be inconvenient, but they are not dangerous.

Limitations concerned with how fast a train can be boarded etc.

Summary: achieve smooth railway operation through

rationalising the perceptions of agents

formalising their protocols

restricting their privileges

subject to making assumptions about the reliability of the environment in which they operate. Difficult to express, but also present: disciplining the knowledge aspects of the role, so that if the stationmaster actually has a derivate

train_looks_lovely = no_door_open and sun_sets_over_train

this is of no relevance

___________________________________________________

View 1 Agency in the Railway

General Theme:

initially, railway pioneers don't know what should / shouldn't be considered relevant to train safety, don't know what can be changed

can't foresee technology: where would trains be without the telegraph? signalling by reflected sunlight off balloons? (trains on rainy days?)

couldn't appreciate that standard time could and must be established

"A Signal Ball will be seen at the entrance to Reading Station when the Line is right for the Train to go in. If the ball is not visible the Train must not pass it."

pre-1889 post-1889

independently controlled points interlocking lock

time interval system blocking block

manual brakes continuous braking brake

cf blocks control signals, signals can apply brakes

Division of responsibility

Autonomy: Brunel and Babbage

Babbage private train from Paddington

"must travel down on up line": breach of regulations

Before he departed, change of plan to travel on down-line

Met Brunel en route from Bristol on the up-line

Private carriages for gentry

travel on the roof (cf stage coach), leap off to retrieve hat

Scottish Central Highway regulation

Guards and brakesmen are responsible that the proper signals are made in fogs and in all accidents and detentions on the road according to regulations; but if in these cases a difference of opinion should arise as to what is the proper course to pursue the engine-man to decide.

criticised in an inquiry involving rear collision with a train that was 35 coaches and several sheep trucks long. Time interval strategy and lengths of trains related.

... My board fear that the telegraphic system of working recommended by the Board of Trade will, by transferring much responsibility from the engine drivers, augment rather than diminish the risk of accident.

John Chester Craven,
for London, Brighton & South Coast Railway, 1861 after the report on the Clayton Tunnel accident

Restrict privileges:

• lock passengers into train (train fire at Versailles)
• exits from moving trains still topical today
• regulate access to trains
• impose protocols on railway personnel (up and down line concept)
• despatch note time of starting, place and time of returning

• police the tracks
• restrict access to tracks
• impose railway time

• chain of switching men at signalling points
• communicate by flags and lamps
• [telegraph not available else switchmen not competent to use]
• whistles / bells / hooters

block introduce telegraph communication between major stations (1850s)

brake vacuum brakes for trials in 1875