On Saturday, January 13th, 2018, Hawaiians got an alert that said:
BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.
It took 38 minutes for people in Hawaii to realize this was a false alarm. The whole timeline was released by Hawaii’s Emergency Management Agency (HEMA) and is available here.
An employee at HEMA clicked the wrong button during a routine test. At first, I was inclined to blame this solely on human error. However, I didn’t have enough context, was it a physical button? Was it an application on a computer? If so, how was it designed?
Luckily Honolulu CivilBeat released a picture of the user interface, and after seeing this I changed my mind, I place slightly more blame on the interface, just look at this thing:
This is so poorly designed, it’s surprising this exact thing hasn’t happened before. While the operator is still expected to not make mistakes, the software engineer should be expected to minimize the likelihood of human error.
This kind of thing happened on the Apollo 8 mission, the first fly-by of the moon. The NASA software engineer who wrote the code for that mission, Margaret Hamilton, had worked out how to write error-correcting code in case the operators pressed the wrong button: the “P01” button while in midflight.
Even though she had figured out a way to make the Apollo astronauts safer, the people above her thought it was unnecessary, saying that “They were trained to be perfect” .
While it is certainly true that NASA has exceptionally high standards and submits all their astronauts and engineers to the highest level of training and accountability, humans can and do still make mistakes, and sure enough, someone pressed the P01 button.
All the navigation data was erased, so Hamilton and some MIT programmers regenerated the data and uploaded it, luckily that worked, but it shouldn’t have come to that, she had already anticipated this and it should have been handled by the software.
Getting a handful of people back from the moon is amazing, although the downside of failure is less than 10 people dead. The Hawaii alert had much higher stakes. If that false alert had been mistakenly believed to be a real ICBM, the U.S. might have launched ICBMs in retaliation, since that was what they were designed for, launch while the enemy missiles are in the air. We are lucky that didn’t happen, it could have meant tens of millions of people dead.
User interface design is not just about making things pretty, it’s about making it easier for humans to do a routine task, and making it harder for them to screw it up. In this case, it’s an issue of global security.