Human Failure -

Human Failure

Click here for reader response to this article

“Cessna 47 Quebec, turn left towards Mitchellville.”

“Cessna 47 Quebec, roger,” the pilot replied.

A few minutes later the air traffic controller more insistently repeated his command. The plane was approaching restricted air space near Washington, DC.

“47 Quebec, roger.”

Radar tracks showed the plane was still bearing in on the no-fly zone. Exasperated the controller fairly barked an order to turn immediately, now giving the pilot a compass course. Shocked out of a mental fog induced by the vibration, noise and an assumption everything was OK, the pilot made the course change.

This event, which eerily presaged Wednesday's incident, happened in 1984. I was the pilot.

I had been approaching Andrews Air Force base, home of Air Force 1, from Baltimore. With not much experience in the Cessna 172 I had been busy playing with radios and navigation gear, rather than listening closely to the controller. I'd heard a name other than Mitchellville, and was somewhat puzzled as the plane was already headed for that destination. Why was this fellow asking me to change course to a destination that was dead ahead?

I'd presumed he was confused, not me. Him, a controller with decades of experience, compared to my paltry few hundred hours as a pilot.

As an engineer I'm a great believer in the power of technology to solve problems. But there's always a person somewhere in the loop, and we are imperfect creatures operating in a world where there's less margin for error every year. A hundred years ago people operated horse-drawn vehicles at 10 MPH. Today we zoom down the road at 100 feet per second, hanging inches from each others' bumpers while chatting on the cell phone and eating a Big Mac. One second's inattention and someone dies.

As I write this the media are portraying the pilots who were forced down as bozos. Perhaps they are. But we can be sure that people will always make mistakes, dumb ones and smart ones. Mistakes stemming from too little sleep or not reading the instructions. Sometimes our equipment confuses us, or one unit displays something a bit different than another, resulting in a bit of head-scratching as our vehicle propels us at breakneck speed through the air or down the highway.

Wednesday the system worked well, ironically mediated by more humans in the loop. An automated system that made decisions to shoot based on estimated threat would probably have knocked these two bewildered people out of the sky. Instead, helicopter and F-16 pilots evaluated the situation, realized the threat from a 1500 pound Cessna 150 was low, and successfully diverted the plane.

We technologists, designing systems for use by flawed humans, must always assume the user will do something stupid, or will be tired or confused. A hospital engineer recently described how on one IV pole he spotted three infusion pumps all with inconsistent interfaces. Each emitted a different set of beeps in response to changing patient conditions. Imagine the poor intern, 24 hours into a shift, trying to understand what's happening as these things wail and the patient is crashing.

Though our system may work perfectly, accidents will still happen when our user is befuddled. Perhaps the next great arena is developing better machine/human interfaces. Towards that end I highly recommend Don Norman's book The Design of Everyday Things. In it he shows how we haven't even mastered the art of designing intuitive doorknobs. How will we manage much more complex embedded devices?

What do you think? Have you ever gotten into a dangerous situation after being baffled by a device?

(Eventually, in an effort to make the skies safe for mankind, and forced to choose between two expensive hobbies, I gave up flying in favor of the sea. Be very thankful. It's a lot easier to get a license than to be a safe pilot.)

Jack G. Ganssle is a lecturer and consultant on embedded development issues. He conducts seminars on embedded systems and helps companies with their embedded challenges. Contact him at . His website is .

Reader Response

Your thoughts on machine/human interface have hit the nail on the head (an interface we all understand!). I'm a Brit, and a few years back I moved into a house previously occupied by an American couple. One of my first jobs was to turn all the light switches back the 'right' way up (flick down for on, up for off). If we can't agree on a standard for a simple switch, we don't stand much chance on the more complex devices!

Nevertheless, I agree we should try. It may even be easier to agree on a complex interface (one that's not 'obvious' at first sight) than on the ones we all think we know already.

– Paul Tiplady

Never mind confusion from devices – I was on my way to work this morning (on a road not so far away from the Frederick County Airport, by the way)when I got behind an antique tractor pulling a hay mower. He signaled with his left arm that he was about to turn off the road, and I somehowdecided he was telling me to pass. Well he did turn left, and I had to stand on the brakes to keep from hitting him!

Somehow I doubt the two were complete morons – they were resourceful enough to be able to slip away without the hyper-alert media managing to get a picture!

— John Teller

In a related vein I have always been somewhat amazed at the iconology used for automotive controls. After a while you come to accept that the little button with a 4 leaf clover on it means that it controls the fan in theHVAC unit, but many other icons are even more obscure. In the 60's we knew that to turn the headlights on high beam we pushed a large button on the floor. On my 96 Chevy pickup, the left side control stalk controls notonly the high beams but the wipers (including 6 levels of intermittency and two constant speeds as well as a manual control) the windshield washer, the turn signals, and the cruise control. Needless to say, these functional assignments are not standardized across all makes and models.
I refuse to carry a cell phone because I can't see the legends on the buttons because they are too small and because its been my past experience that they do not work worth a damn. And some of the icons are ambiguous. Does the green handset icon mean to start a call or end it? Same question for the little red handset icon. And just how many functions does one really need in a cell phone anyway? If I carried one I would trade all the tricky little features and games and so forth for a few more milliwatts ofTX power and a few more microvolts/meter RX sensitivity so that I might actually be able to maintain a good connection. Make that a few hundred more milliwatts of TX output power. And while they're at it how about giving me a high gain antenna to make even better use of the TX/RXcapabilities. Or perhaps adding a lot more cell sites so that I could actually find a usable signal when needed. Ah to heck with it, I don't need (want) an electronic leash anyway.

— Don McCallum

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.