Sorry that I wasn't able to respond to this till now, as I was attending a technical conference so could not find the time needed to dig into this post.
Instead Boeing chose to incrementally improve safety through the Runway Situation Awareness Tool (RSAT)--which was already on the 737NG--and the Roll Command Alerting System (RCAS). These enhancements were not mandated by the FAA. People who haven't read the released record do not know that Mark Forkner's discussion around pilot simulator training with the FAA and other regulators concern these particular new features. It was in the FAA's best interest to accept Boeing's arguments here about not imposing new simulator training because to not do so would create a significant disincentive to make these changes.
Revealing choice of words: "imposing" simulator training. Suggests profits are the primary concern, as opposed to safety.
So let's put the four-second rule into context. It was a criteria that had been imposed at the time of initial design of the 737 and is appropriate for the flight control cable-driven hydraulics system architecture.
Imposed? From what I read it's just an industry "rule of thumb" and exists in none of the federal aviation regulations.
Over the decades of 737 operations, the service record of the 737 would have shown whether this rule should still be relied upon. Without having the database available, I would have to assume that the data available shows no incidents prior to the 737Max.
Remember as well that to the Flight Controls engineers that MCAS is being considered as analogous to a run-away stabilizer trim as the behavior exhibited to the pilot would be similar. Run-away stabilizer trim can be either a continuous activation or an intermittent activation of the trim unit. This failure mode and its corrective action has already accepted by the FAA and the service record shows this to be acceptable.
Specious logic to me. Those previous decades of good safety occurred without MCAS being present. What was good enough for the past was good enough because the plane didn't have MCAS.
I would make the argument though that two factors should have been considered when evaluating incorporating MCAS. One is that how much more likely are you going to be relying upon pilot corrective action. I'd expect that relying upon service record might be a flawed approach as the reliability of the stab trim unit has improved over the years to the point where the fleet just doesn't see this failure mode anymore. In other words, the four-second rule is acceptable because it never had to be used. The second factor is that when Boeing introduced the Speed Stability function that it made pilot recognition of an uncommanded trim more difficult for the pilot to recognize. This appears to be the situation with Lion Air for both the accident and prior day's incident. When the pilot is accustomed to the trim wheels being rotated by the automation, he is not going to realize as quickly that this is failure.
Seems now you are supporting what I said earlier, the earlier baseline was made with simpler airplanes so should not have been given the significance it seems to have been given.
I am not making excuses here for a bad and poorly executed design. All I am saying is that I can envision the process by which the Flight Controls engineers were able to convince themselves that this was an acceptable design.
Which highlights we have no official rendering of exactly how "they" convinced themselves it was an acceptable design, nor even who "they" are.
As far as we know it was ultimately decided by one person within Boeing, and was done without an end-to-end simulation of multiple activations due to erroneous AoA data that would be triggering multiple other alerts. This is based on my recollections from multiple Seattle Times reports, so if my recollection is inaccurate I'd appreciate clarification.
I'm sill curious to see if the move to charge Forkner with criminal acts will motivate him to speak to the prosecutors or not.