3. Boeing design changes (MCAS used to be disabled automatically if the pilot applied sufficient counter-input, this feature was removed in the -MAX series, requiring the pilot to explicitly disable the system using a separate button)
Take away any 1 of those causes and the plane doesn't crash. They all had to happen at the same time for these two tragedies to occur.
FAA pushed much of the safety analysis to Boeing engineers due to lack of funding and external pressures to help Boeing speed through certification.
The safety analysis was performed on incorrect data. The initial safety report said the MCAS system could lower the nose by 0.6 degrees. After flight testing, that value was increased to 2.5 degrees but the safety analysis was never updated to reflect the new parameters. Additionally, the MCAS system could reset each time the pilot attempted to override, and it could change 2.5 degrees for each reset. So effectively it was unbounded. The numbers on the safety report did not reflect the actual system. If the real numbers had been updated, the problem likely would have been caught sooner.
Presumably so that the pilot can be blamed for not knowing the procedure to manually disable the automatic system that is flying the plane into the ground.
1. Faulty MCAS
2. Insufficient pilot training
3. Boeing design changes (MCAS used to be disabled automatically if the pilot applied sufficient counter-input, this feature was removed in the -MAX series, requiring the pilot to explicitly disable the system using a separate button)
Take away any 1 of those causes and the plane doesn't crash. They all had to happen at the same time for these two tragedies to occur.