A controlled burn of oil in the Gulf of Mexico, May 19
David Brooks has a good column today on the Deepwater Horizon disaster that sums up a significant problem my last post touched on: modern life is made possible by various complicated technological-bureaucratic systems. And these things can go south rather quickly and surprisingly. Part of the problem is that they’re complex, and not managed well. That’s par for the course. But the tricky thing is our collective expectations: we (and often the people running them) expect them to just work, and our expectations are way wrong:
Over the past years, we have seen smart people at Fannie Mae, Lehman Brothers, NASA and the C.I.A. make similarly catastrophic risk assessments. As [Malcolm] Gladwell wrote in that 1996 essay, “We have constructed a world in which the potential for high-tech catastrophe is embedded in the fabric of day-to-day life.”
So it seems important, in the months ahead, to not only focus on mechanical ways to make drilling safer, but also more broadly on helping people deal with potentially catastrophic complexity. There must be ways to improve the choice architecture — to help people guard against risk creep, false security, groupthink, the good-news bias and all the rest.
This is about right. But not exactly. The problem is not just technology, or human nature. It also includes nature and the earth itself – the ultimate complex system, and one that Brooks conspicuously omits. Our wondrous technology interacts with the biosphere, atmosphere and geological features in countless ways we don’t understand. And that creates some obvious problems, such as too much carbon dioxide in the atmosphere or massive amounts of oil spewing into the Gulf of Mexico. It’s not just that our own systems are complicated: we also make assumptions about the manageability of natural forces that are virtually unmanageable. Dave Roberts addressed this a couple of days ago:
Once we know that accidents can be catastrophic and irreversible, it becomes clear that there is no margin of error. We’re operating a brittle system, unable to contain failure and unable to recover from it. Consider how deepwater drilling will look in that new light.
The thing is, we’re already operating in those circumstances in a thousand different ways — it’s just that the risks and the damages tend to be distributed and obscured from view. They’re not thrust in our face like they are in the Gulf. We don’t get back the land we destroy by mining. We don’t get back the species lost from deforestation and development. We don’t get back islands lost to rising seas. We don’t get back the coral lost to bleaching or the marine food chains lost to nitrogen runoff. Once we lose the climatic conditions in which our species evolved, we won’t get them back either.
There’s another problem with a focus on manmade “complex systems.” No matter how descriptively accurate that may be, the term can all too easily be used as a shield against accountability. If our way of life depends on systems that are simply “too complex for any single person to understand,” as Brooks puts it, then nobody is truly responsible when they go south. Or at least, the people who are or should be responsible have a handy excuse. It’s really quite perverse when you think about it: we already wrongly blame “natural disasters” for manmade failures like the New Orleans levee collapses. Now, if there’s no proximate natural cause, we can blame “complex systems.” As T/S’s Nancy Miller noted in a comment on my earlier post:
On Wall Street and on Capitol Hill, everyone spoke of the financial meltdown of the past few years as a “perfect storm” — a term meant to deflect blame. It’s very much parallel to blaming the flooding in New Orleans on a “natural disaster” rather than deeply flawed human behavior.
We usually find out immediately after disaster strikes that there are all kinds of obvious, and eminently solvable, problems that set the stage for it. Brooks’s prescriptions (a more mature approach to understanding risks and decision-making to compensate for people’s tendency toward over-optimism) are good as far as they go. But we should also grapple with the flight from accountability that plays a major role in giant disasters. If the “complexity excuse” becomes the standard explanation for CEOs and political leaders, we’re in for rocky ride.
May 28, 2010 at 12:41 pm
I totally agree with your post. I posted a couple of days ago on the mathematical concept of being on the edge chaos as well. http://c0mplexity.wordpress.com/2010/05/26/the-oil-spill-and-the-edge-of-chaos/
Cheers.
May 28, 2010 at 5:53 pm
Gee whiz, life is complex. Who knew? So’s a William Faulkner paragraph. Should we not, then, UNDERSTAND the complexity BEFORE we set the Goldberg device up?
I know Murkns in the whole are igorant, but many are quite sharp.
May 28, 2010 at 5:54 pm
What kind of moron spells “iggerant” as “igorant”?
May 28, 2010 at 7:08 pm
I completely agree. I have said similar things weeks ago. (See http://www.infracritical.com/?p=3224 ).
The executive classes have somehow managed to get the best of both worlds: Reaping the benefits from the very latest technologies and well oiled organizations, and yet none of the responsibility. Even our own President can not escape the responsibility issue.
On the other hand, we have traditions at sea and in the air that the Captain is ultimately responsible for everything that happens on board. Some, like Captain Sullenberger conduct themselves in a technically accurate and exemplary fashion. Some, like Captain Smith of the Titanic, may not be doing the best he can do. But they both are examples of leaders who, for better or for worse, take responsibility for the situation they’re in.
We need that in industry and in Government. This nonsense of assigning blame to committees, regulations, and legislation is ultimately a cop out. When it comes to public safety, real leaders deal with the situation they’re in –and leave the laws and regulations for a court inquiry after the fact.
We need real leadership, not committee chairmen.
May 29, 2010 at 3:40 am
I disagree. Few things are more complicated than the modern aviation industry. Still, about 1,999,999 of every 2,000,000 flights arrives unharmed. And that stat has been steadily rising for decades. 20 years ago, it was only one in a million flights that cratered, and they’ve cut the error by another factor of two.
How? Few industries are more regulated or held to higher standards. Every part of the system (machinery, people, maintenance procedures, replacement rates, testing protocols) has standards and standards for checking standards.
The Titanic, on the other hand, came about because the shipbuilders completed regulatory capture of the British Board of Shipping in the 19th century and methodically picked away at the early safety features on large ships until they had no double hulls, fewer watertight compartments, and then not even enough lifeboats. All of these requirements were restored by regulators – afterwards.
Brook’s column is a facile use of “it’s complex and hard, give us a break” to excuse a similar level of regulatory capture and systematic removal of safer designs and procedures. The serious treatment of the complexity issue is found in William Langewiche’s article on the crash of ValueJet 500 into the Everglades, in the Atlantic several years ago.
That crash occurred because, ironically, complex safety systems getting a very conservative lifecycle replacement – that is, the chemical cannisters that generate oxygen for your drop-down masks in jets themselves – were part of the cargo, and the chemical reaction emits heat. They started setting each other off and soon the cargo hold was on fire.
Langewiche concluded that there is some limit to how many safety and backup systems you can load into a process before they themselves make it less safe. But I’ve ended where I began: this point of diminishing returns has only been reached at better than six-nines perfection.
Since there are FAR fewer than 2 million deep ocean rigs out there, it’s clear that deepwater drilling is orders of magnitude riskier than flying, though both are extremely complex technology, understood by no one person. No ten PhD’s on the planet could build a 737, much less all the air traffic systems, engine inspection technologies, supply chains for parts, and so on.
Brook’s column is little more than a technological double-talk gloss on Rand Paul’s handwave that “accidents happen”.
May 29, 2010 at 9:50 am
I think you’re missing one key point: standards and regulations only work when people understand why they’re there and where there is sufficient daily use to justify their existence.
There are many hundreds of thousands (if not millions) of aircraft flying in the world today. The standards, policies, and regulations reflect those numbers. However, as you point out, there aren’t that many oil rigs that do what the Deepwater Horizon did. If you had only a dozen aircraft like the 747 flying and nothing else of that size existed anywhere, you would be at a loss to figure out how to set standards and regulate one too.
The problem is not complexity alone. It is a combination of complexity and uniqueness. Mind you, I’m not buying Brook’s argument either. I still believe that we should assign responsibility to a leader who has the authority to shut down the operation if/when things get out of hand.
However, Mr. Brooks does have a major point: We do need better ways to manage complexity. Smearing responsibilities around so that no one person is responsible is a recipe for disaster.
May 29, 2010 at 4:49 pm
Sorry, I must disagree with you on every point:
I think that standards and regulations work when you are shut down (or go to jail) for breaking them. “People understand why they’re there” if they themselves are engineers that have seen the consequences of them not being there – and Horizon is hardly the first accident of its sort.
My counterexample was the Titanic, and there were only a (few) dozen passenger ships over 20,000 tons (Titanic was 40,000) in the world at the time.
By contrast, from: http://oils.gpa.unep.org/facts/extraction.htm
I quote: ” Offshore oil production accounts for about 30 per cent of the total world oil production… The UNEP Offshore Oil and Gas Environment Forum (OEF) gives these figures: more than 6,500 offshore oil and gas installations worldwide, about 4,000 of which in the U.S. Gulf of Mexico.”
That’s more than twice as many as all the 1417 Boeing 747′s built so far.
Yes, I know most of those 4000 “installations” are not drilling rigs; you drill, you set up a steady flow, the rig moves on until it’s time to go back and drill some more or fracture the rock some more to bring the flow back up.
Worldwide, there are about 750 offshore drilling rigs and they clock in at a couple of 747′s each in terms of money, so I think the industry can afford some standards bodies and regulators.
Which they have. They have simply achieved regulatory capture in the US (not so much Norway, for instance). The problem isn’t that the owners don’t understand the need, it’s that they do – they understand that it’s their money vs public safety. If it were their safety – if BP executives and shareholders had to have their families live on the rig, they’d be the most regulated industry on earth, not aviation.
May 30, 2010 at 12:20 pm
Like you, I am a registered professional engineer. In addition, I participate in standards committees.
One of the interesting things about writing standards is that we are just as careful about what we leave out as with what we put in to these documents. Compliance with a standard or a regulation is no guarantee of safety. In fact, because we have to leave room for human judgment calls, there is no way compliance alone will ever be safe.
It may well turn out that the BOP system was entirely within regulatory and legal limits. The crew of the Deepwater Horizon simply didn’t catch the significance of the weird results they got from a test performed just before the well blew out.
Allow me to relate a relevant story: I used to belong to a flying club that owned a Piper Dakota single engine airplane. One freezing winter afternoon, while doing the pre-flight inspection of the aircraft, I pulled off the fuel cap and noticed a puff of air from the tank. I recalled a safety article I’d read earlier about in-flight engine stoppage due to a clogged fuel vent, and immediately looked at the fuel vent for this tank. It was clogged with frozen slush. I cleared it out and went flying.
Had I not bothered to clear out that vent, I might well not be here to tell you this tale. This brings up the question: Should we regulate such things?
What would it say?
Would anyone have noticed it?
The answer to all this is “probably not.” In this case, the article I read was more effective than any regulation regarding pre-flight inspections.
It’s the tiny stuff like this that often leads to big accidents. We know now that the test results from BP’s well yielded odd results just before the blowout.
What standards would we insert to prevent future problems like this? The unfortunate answer here is “maybe nothing”. This is why people are held responsible for their actions. This is why we leave details out of standards. We simply can not account for every last possible situation in advance.
That said, once the formal reports are made with all contributing factors, I would imagine a slew of additional regulations will be forthcoming. However, if you think that regulations alone are the answer, you are sadly mistaken.
Despite regulations concerning fuel reserves for a flight, every year there are a certain number of accidents and forced landings caused by fuel starvation. We can write until the volumes of regulations are so thick that nobody will ever take the time to read it all. That’s very nearly the state of the art in Aviation today.
Regulations are good for penalizing perpetrators after the fact. Education and outreach are good for preventing the situation in the first place. I won’t deny the opportunity for many to regulate an already heavily regulated industry. But if we stop there, we will have done a disservice to the industry and to public safety.
May 30, 2010 at 2:34 pm
Very valuable comments! Thank you. (Done some standards committee time myself; fled in horror – after enough hours of boredom, *I* was the guy ready to sign off on any crap to get out of the room. Not the right guy for the job.)
I’m certainly not sadly mistaken enough to think regulations are the end. They’re a beginning. And almost none of them would be necessary if everybody really understood the technology and used it with the right attitude. Virtually every regulation comes from an accident that left everybody scratching their head and saying “How could they have been so careless? I guess we have to write it down for them.”
When I did my “Titanic” lecture in 1998 for a bunch of military engineers (google my name for all that stuff) a very distinguished one bought me a drink and in conversation pointed out that most of the reduction in deaths per highway-mile in recent years (the US has kept to about 50,000/year despite soaring amounts of driver miles) was due to highway redesign. Wider lanes, more interchanges, more signage, that sort of thing…it was at least as valuable as all the Check-Stops for alcohol.
Bottom line is that behaviour and attitude control most of accidents, but the technological standards and the *minimum* standards for operation set by laws about operation (you can drive drunk but at least you have to have a license and your car has to be sold with working brakes) are what create the environment that behaviour and attitude exist in.
I think that an environment of tight regulation is not only a useful start in itself but helps set a tone that affects behaviour. I’m in another tightly-regulated industry, water/wastewater. The water plants especially are watched like hawks by the regulator and required to report and explain the smallest deviations in water quality. Because management doesn’t need the embarrassment of those reports, we also have a whole attitude at the plant about safety-first, double-check everything, *exceed* the regulations so that falling behind our own private standards is still not a reportable lapse, etc.
And the converse is true; when regulations are loosened and loosened again, and enforcement of them is reduced and reduced again (the MMS is our villain of the day, but the EPA has also gone through administrations that tell them to slack off) the people in the industry know they have permission to be less careful and diligent, and that affects behaviour.
Just like to add in parting: damn, it’s nice to have civilized discussion on the web with people who know their material and do some research. I’m not sure what T/S is doing to discourage ranters and encourage writers, but I like it.
June 18, 2010 at 6:00 pm
PTSD Reference List (Alpha)…
I found your entry interesting thus I’ve added a Trackback to it on my weblog
…