MCAS alternates between the left and right sensor each time the plane lands. With the Lion Air flight I think cycling the electrical power for diagnostic work caused MCAS to pick up the faulty sensor for two flights in a row.
Pilots and first officers tend to switch who has flight control on each leg of their flights (which is the Pilot Flying vs Pilot Assisting), and the MCAS system uses the AoA vane associated with the side of the cockpit that currently has flight control.
There is no good reason for only listening to one sensor.
There is a sort of good reason for having a split between pilot/copilot side: the instruments are redundant (both physically and electrically), so in the event of malfunction you can failover to the other side.
That actually sounds awful, sorry for my naivety if this is just industry standard. But for such a mission critical piece to have no redundancy build over it is just poor. Especially that it's prone to failure since it's situated on the outside of the plane.
It just seems to be that this is some terrible engineering done on Boeing's end of not fully understanding the critical situation here.
Generally two failures:
1. a lack of redundancy in a mission critical sensor
2. a blind trust on MCAS's priority over pilots
There is redundancy in the sensors, but the sensors are not being used in a redundant manner. There are whispers that the 767 fuel tanker (KC-46/KC-767) has a system similar to MCAS that will look at both alpha vanes for disagreement, which is a bit damning to say the least.
a blind trust on MCAS's priority over pilots
The entire purpose of MCAS is to engage only when the pilot is flying to prevent the pilot from doing something dangerous. Previous generations of 737 had the same problem but the MAX is more delicate and compounds it with nacelles that generate lift.
Part of the problem was that MCAS was originally designed with very little control authority, and so wasn't considered safety-critical. However, during testing they realized they needed to up the gain, and made pretty major retuning without reexamining their safety assumptions.
