Skip to main content

The frightening reality of bad design

news #design #user-interface

Bad design is often ridiculed on internet forums and social media.

Last week a Reddit poster discovered a job application website which features a drop-down menu with months sorted alphabetically. Seeing the months appear out of chronological order completely throws off the user. What followed was a series of amusing comments from people reordering their posts in alphabetical order.

But there are times when design failings are no laughing matter. On 13 January, the Hawaii Emergency Management Agency (HI-EMA) issued an emergency alert informing Hawaii residents of an inbound ballistic missile, with advice to seek immediate shelter.

Sourced from @CivilBeat

After nearly 40 minutes of panic a second alert was dispatched, informing residents that the warning was a false alarm. So they were safe, but the people of Hawaii endured a pretty terrifying 40 minutes.

It turns out that this wasn’t a mistake in identifying a missile launch, but was the result of a user error when choosing from a number of options inside a menu. The user had intended to – and believed they had – chosen the option for a drill, but actually selected and confirmed a live, and very real, emergency alert.

Tests have been conducted by HI-EMA since November 2017, amid fears of an attack by North Korea. These tests went by without issue, but on this occasion “the operator selected the wrong menu option,” HI-EMA spokesman Richard Rapoza told The Washington Post.

So how did the HI-EMA operator make such a big mistake? Security concerns have prevented HI-EMA from providing an image of the actual user interface used. Instead, a representation of what the HI-EMA employee would have seen has been provided, including the options available from the menu. It’s worth pointing out that the false alarm option wasn’t present at the time of the incident.

Image provided by HI-EMA via @CivilBeat

The key options are “DRILL-PACOM (DEMO) STATE ONLY” and “PACOM (CDW) – STATE ONLY”. While there are clear differences, it’s also easy to see how a mistake was made.

Even when you take into account that the operator had to confirm his choice, there’s a strong argument not to present these options in the form of a drop-down. In a high-pressure scenario they could be muddled. There should also be additional checks made to ensure the user is fully aware of the chosen action.

HI-EMA has already introduced a “two-person activation/verification rule” which requires a second operator to confirm the request of the first – a rule which would likely have prevented the false alarm from happening.

The worry here would be that if one person could make a mistake, there’s a chance a second could too.

Rapoza added: “Part of the problem was it was too easy — for anyone — to make such a big mistake. We have to make sure that we’re not looking for retribution, but we should be fixing the problems in the system.”

That’s simply not good enough for a service vital for the safety of the residents of Hawaii, meaning design changes must be made.

It’s not only important to ensure there isn’t another false alarm, but also to ensure that a test alert isn’t issued when a real alert is required – resulting in no alert going out to residents.

The mistake also highlights the need for user testing, including what happens in scenarios when the user makes a mistake or doesn’t follow the expected script.

It took 38 minutes before a “false alarm” message was broadcast over the same channels as the original alert.

Testing might have revealed that the menu wasn’t clear enough, resulting in design changes to prevent the wrong option being selected. Furthermore, testing based on a scenario in which an emergency alert was sent in error would have quickly revealed that no system was in place to respond to a false alarm.

It took 38 minutes before a “false alarm” message was broadcast over the same channels as the original alert.

Yet, the official HI-EMA timeline of events states that the false alarm was confirmed only three minutes after the initial alert was broadcast.

Sure, a tweet was posted 13 minutes after the alert, but it took a further 25 minutes for an official Civil Emergency Message to be authorised and broadcast to residents. The reason for the delay was simply because no system was in place for such a scenario.

“In the past there was no cancellation button. There was no false alarm button at all,” Rapoza told The Washington Post.

Speaking to Reuters, Rapoza added: “Our focus was on getting the message out quickly, and not enough attention was paid to what happens if there’s a mistake. And frankly, that was a failure of planning on our part. We’re not making any excuses for it.”

Thankfully, HI-EMA has already remedied the issue, but this should have been discovered with user testing, not in a live scenario.

People will make mistakes, it’s just part of being human. The job of designers must be to ensure systems make it as difficult as possible for mistakes to happen.

Hawaii’s missile alert false alarm should be a wakeup call that bad design isn’t always as funny as seeing the calendar months displayed in alphabetical order.