Human Error Vs. Design Error
Marc Green
"Authorities" in many fields ascribe 70-90% of all accidents to human error. These estimates are misleading because they assume that a person should have taken (or not taken) a possible action but ignore whether that possible action was likely or reasonable under the circumstances. In many cases, the real source of the error is the design rather than the human - someone created a product, facility or situation where safety depends on unrealistic or unattainable standards of behavior. When the inevitable error occurs, it is blamed on the human rather than on the flawed design. In short, designers sometimes expect the user to compensate for poor design.
Below, I illustrate poor human factors produces errors that are better described as design error than as human errors. My examples originate in everyday devices from around my house. I chose these mundane examples to illustrate that poor human factors design is commonplace. We are surrounded by so much poor design that most people simply take it for granted and then blame themselves for stupidity when they make an error. These examples show that the problem is not user stupidity but rather designers who fail to consider proper human factors.
1. Poor Light Controls
These are the light switches on my upper hall landing. One is the upstairs overhead light, one the downstairs overhead light and the other is the bathroom. In spite of living in the same house for 21 years, I still frequently hit the wrong switch, turning on the upstairs light when I mean the downstairs light and vice versa - even the bathroom. The reason is that the design has no logical relationship between the switches' layout and their effect on the environment.
A properly designed switch would look like this and eliminate errors. The upper and lower hall lights would be mapped to their actual locations in space and the bathroom light switch would be obvious due to different orientation. (The switches might as well be sideways, since they are wired in parallel with the set on the lower landing. There is no correlation between switch position and light on-off status.) This is an example of the need for "stimulus-response compatibility," the establishment of a natural connection between the control layout and the effect.
You might ask why I have never simply remembered the correct meaning of the controls. The answer is simple: you can't remember everything. In The Design of Everyday Things, Norman discusses the difference between "knowledge in the head" and "knowledge in the world." When people approach an object such as a door, their memories contain general information (a schema) about how it will operate. However, there are many different types of doors, each operating somewhat differently. There is usually no need to remember how any specific door operates, because one look tells you exactly what to do; if it has a knob, grasp, turn and push with the hand if you are outside and pull if you are inside; if it has a handle, grasp and pull; if it has a metal plate, push. (Violation of these rules is sure to create errors.) In other words, the knowledge needed to use the door is partly in the head (schema for doors) and partly in the world (the door's appearance/affordances.) The reason that I've not consciously memorized the light switches is that I use hundreds of different sets of light switches in a week and thousands in a lifetime and I couldn't possibly memorize the operation of them all. And why should I? Their appearance should tell me what to do. In the case of my landing switches, they provide little useful information: they don't tell me which switch controls which light. They don't even tell me whether flicking the switch up turns a light on or off. Of course if the consequences of error were severe enough, then I'd started memorizing light positions.)
2. Poor Electronic Device Control
This is the remote for my old Mitsubishi VCR. The major controls are located in a ring. The "stop" button is a tiny dot in the upper right. Naturally, I push "pause" when I mean "stop" much of the time. I also confuse the "eject" and "stop" buttons because their locations are completely arbitrary much like the positions of the hallway light switches. The design is flawed for several reasons. People think of actions in pairs - stop is the opposite of start, so that's where it should be located. Further, the most commonly used controls should be largest and easiest to find - "stop" is hard to find and hard to push because of its size. This is especially important for TV and VCR controls because people do not typically look at them, relying instead on felt position. (The subsequent Mitsubishi model properly reverses the positions of "stop" and "pause" buttons.)
3. Poor Elevator Control
This picture shows the elevator from a local shopping mall. I have used this elevator many times and frequently push the wrong button. Moreover, I have often observed other passengers also pushing the wrong button. When there are so many "errors," the design is clearly flawed.
The elevator goes from the single parking level to the single floor with stores. There are two buttons, parking level (P1) and ground (G). (The third button does nothing as far as I can tell.) For such a simple device, it has many human factors design errors. First, the buttons are labeled incorrectly. "G" is for "garage" (to me) which means parking, so I often errantly press G get to the parking level. Why label the other button P1 if there is only one parking level? Moreover, the placards are not highly conspicuous, and they don't match the buttons. "Shopping Concourse" translates to the "G" button and "Covered Parking" to "P1?" There is no connection between the signs and the buttons.
Second, the buttons are misaligned. Elevators travel up and down, not side ways. The buttons should therefore be aligned vertically with P1 below and illuminated when in parking and G on top and illuminated when the elevator is on "ground." (Actually, it would be better design to illuminate the button for the floor that you want to reach rather than the floor that you are on. The lighted button is the one that draws attention and says, "push me." Unfortunately, this is not standard and it's better to stick with convention most of the time.) That would remove the need to even look at the labels. It's another version of the problem with the light switches - the control layout fails to be consistent with the actions that they perform.
Third, there should not be two buttons. If you are on the ground level, the only place you can go is parking. If you are on the parking level, the only place you can go is ground. If there were only one button, the user could never make a mistake. One goal of proper human factors design is to head off error before it occurs.
4. Poor Appliance Control
I recently burned dinner and destroyed a pan because I set the heat to high rather than to medium. The cause is the stove's badly designed controls. The picture shows two of the four controls on my fancy new stove. Three of the four burner controls are similar to the top one shown in the picture. The "Min" position is at about eleven o'clock and the "Max" is at about one. To set the burner on medium heat, for example, you turn the arrow to point down, somewhere around 6 o'clock. The lower control is the oddball. Note that it has two sets of Min and Max markings. This is a fancy burner that has both a small and a large heating element, and the more complicated control does double duty, letting you set either. The two markings on the left refer to the smaller diameter heating element while the two on the right a larger one. Most important, turning the arrow downward is likely to set the burner to MAX, not medium as on the other burners. That's exactly what I did. Wanting a medium setting, I merely flipped the arrow downward as I do on all the other controls.
The human factors error here is making controls look the same but work differently. But there are labels you say? One basic human factors rule is that people quit reading labels after extended use due to cue generalization. Never depend on labels alone to guide behavior and to prevent errors.
This example is also similar to another important error that designers often make - the creation of modes. A mode occurs when an action causes a different effect or a signal has a different meaning depending on context. A universal remote is a good example; a particular button might have one effect when in TV mode and a completely different effect in VCR mode. Errors are common because the user must know, not only which button to push, but also which mode is in effect. Mode awareness may require good memory and an accurate mental model of the device's operation. Errors are especially likely if there is no clear visible or audible signal to inform the user of the current mode. Ideally, there should be a one-to-one relationship between action and effect, which eliminates mode errors because the context is irrelevant. In the case of the remote, designers purposely created modes because of a functional constraint - to save space so that the remote is small enough to hold in the hand. However, designers often create modes intentionally to save money by reducing the number of controls and displays, which are generally expensive design elements. That is likely why the fancy control on my stove was performing double duty.
Unfortunately, there is now an explosion of "creeping featureism," an increase in the number of functions that a single device may perform, and an attendant increase in modes and mode errors. This is due to two factors: 1) modern electronics are so cheap that designers can add features at minimal cost and 2) people tend make their buying decision based on the number of features. If there are two products of the same price, consumers will always buy the one with more features - even if they don't need the extra functions. It simply seems like better value.
5. Poor Physical Design
This is my Sony portable radio/tape player. Note the positions of the handle and the antenna. The antenna is attached to a hinge that rests directly on top of the radio. The hinge allows the antenna to lie horizontally along the radio's top. To use the radio, the antenna is turned vertically and telescoped up. The handle is fixed to the sides and rests behind the antenna when the radio sits on a surface. The handle then rotates upward and over the top when you pick up the radio. As a result, you will snap off the aerial if you pick up the radio quickly.
You can avoid the accident by either remembering to lower the aerial and returning it to a horizontal position or to pick up the radio slowly and carefully. In fact, it is foreseeable that few people will bother to play with the aerial when simply moving the radio from one place to another. This is human factors at its worst - the user is expected to compensate for a design deficiency through consciously controlled behavior that is unlikely to occur 100% of the time.
Conclusion
All of these examples might be called "human error," especially by the companies that designed the devices. If my "errors" caused a serious injury, they would doubtless be added to the assessment that human error causes 70-90% of all accidents. In reality, however, these are "design errors" that have become manifest through human action. In every case, the designer(s) violated one or more simple human factors principles and failed to plan for likely and foreseeable human action. Said another way, human errors are not random. It may be impossible to say exactly when a bad design will generate an error, but it is possible to say both whether an error is likely and the form that the error will manifest.
In sum, the designers are using idealized and unrealistic assumptions about idealized and unrealistic human behavior to compensate for their design defects. Product manufacturers should be just as responsible for proper human factors design as they are for proper electrical and mechanical design. Unfortunately, some designers still think of human factors as a secondary issue that does not require serious effort.
In closing, I do not mean to say that humans never make errors that lead to accidents. Moreover, functional or other pragmatic constraints sometimes force designers into compromises that are less than ideal (as with the universal remote.) Rather, my main point is that apparent cases of human error are often really cases of design error. Whatever the actually contribution of human error to accident causation, it is far less than the frequently estimated 70-90%.