Double switching

A single-switched relay can close inadvertently in response to a single false feed current.

A double-switched relay cannot close inadvertently with the application of the same current. At least two separate faults would be required to allow this relay to close inadvertently.

Double switching is the practice of using a multipole switch to close or open both the positive and negative sides of a DC electrical circuit, or both the hot and neutral sides of an AC circuit. This technique is used to prevent shock hazard in electric devices connected with unpolarised AC power plugs and sockets. Double switching is a crucial safety engineering practice in railway signalling, wherein it is used to ensure that a single false feed of current to a relay is unlikely to cause a wrong side failure. It is an example of using redundancy to increase safety and reduce the likelihood of failure, analogous to double insulation. Double switching increases the cost and complexity of systems in which it is employed, for example by extra relay contacts and extra relays, so the technique is applied selectively where it can provide a cost-effective safety improvement.

Examples

Landslip and Washaway Detectors

A landslip or washaway detector is buried in the earth embankment, and opens a circuit should a landslide occur. It is not possible to guarantee that the wet earth of the embankment will not complete the circuit which is supposed to break. If the circuit is double cut with positive and negative wires, any wet conductive earth is likely to blow a fuse on the one hand, and short the detecting relay on the other hand, either of which is almost certain to apply the correct warning signal.

Accidents

Clapham

The Clapham Junction rail crash of 1988 was caused in part by the lack of double switching (known as "double cutting" in the British Railway industry).^{[citation needed]} The signal relay in question was switched only on the hot side, while the return current came back on an unswitched wire. A loose wire bypassed the contacts by which the train detection relays switched the signal, allowing the signal to show green when in fact there was a stationary train ahead. 35 people were killed in the resultant collision.

United Flight 811

A similar accident on the United Airlines Flight 811 was caused in part by a single-switched safety circuit for the baggage door mechanism. Failure of the wiring insulation in that circuit allowed the baggage door to be unlocked by a false feed, leading to a catastrophic de-pressurisation, and the deaths of nine passengers.

Tri-colour LED

Some tri-colour Light Emitting Diodes for railway use were wired with four wires, one for each of the three colours, and a common wire for the return. Due to water ingress and other problems, the lamp units were displaying false greens. The solution was to change to wiring with six wires with separate positive and negative wires to the LEDs of each colour.^[1]

Faulty attitude indicator

Big airplanes have three independent attitude indicators, one for the pilot, one for the co-pilot, and a third one to resolve disputes between the first two. A Peruvian airplane apparently had a faulty wire in one of the indicators.^[2] The indicators for the pilot and co-pilot were switched to common mode, so they both displayed the same wrong attitude indications. In the dark, it was not possible to tell the true horizon in any way other than the attitude indicator, and the plane crashed into the sea.

Railway couplings

Around 1994, new standards for the electrical couplings between carriages of United Kingdom passenger trains introduced the requirement for separate earth wires for critical functions such as brakes and doors.^[3] Common earths can cause interference between circuits that are otherwise independent, with unpredictable effects.

A similar crosstalk problem occurred when using Phantom circuits to increase the number of telegraph or telephone circuits.

See also

• Redundancy (engineering)
• Double insulation

References