In March of 2008, salmonella infiltrated the public water system of the town of Alamosa in southern Colorado. The resulting disease outbreak infected an estimated 1,300 people, over 14% of the town’s population. Of those infected, one person died and 20 more were hospitalized. The Alamosa outbreak was the second-largest water-borne illness outbreak in the United States that decade.
Though teams worked as quickly as they could to sanitize the water system, the people of Alamosa were unable to use the water for weeks. While some people were able to get water from friends who had wells or were otherwise not connected to the system, most had no options. Without undertaking the major operation to deliver and distribute bottled water for drinking and cooking, it would have been extremely difficult for the town to weather the outbreak.
Before I became a designer, I spent five years as a public health emergency planner. I planned for and responded to disease outbreaks, tornados, and pandemics. When the Alamosa outbreak occurred, I was part of a nine-person team dispatched to help manage the first week of the incident. What played out in Alamosa was not unique. The story is a microcosm of a larger issue that carries through much of what we humans create.
When we design systems and products, we do it based on a set of defined scenarios, or use cases. These scenarios help us define how the thing we’re designing will be used, so we can determine the required features, interactions, materials, capacity, and so on. The scope of those scenarios is a key determinant of how tolerant our design will be to changes in the environment and user behavior.
The water system in Alamosa was built on a deep well aquifer, a water source thought to be protected from contamination because of its depth. The system was designed to operate as a closed system devoid of harmful pathogens, and in 1974 Alamosa was granted a waiver to not include chlorination as a disinfecting step in the water treatment process. When the scenario changed and the closed system was breached, the design lacked the resilience to handle it; a chlorination step would have all but eliminated the risk. Alamosa has since added chlorination to its system, but only after the city had to reckon with the fallout of a fragile design.
—
Designing for the happy path
We don’t like to think about worst-case scenarios. Hell, we don’t even like to think about not-so-great-case scenarios. Instead, we design and build systems and products that work when conditions are just right. In design, this is sometimes referred to as the “happy path.” We design for the happy path first and then, if time allows, we go back later to look at other not-so-happy paths, or “edge cases.” But in a world of “move fast and break things,” time rarely allows for us to go back and look at the edge cases. If we do get time, we address those edge cases as an afterthought.
The impact of happy-path design isn’t limited to major infrastructure: We’re watching it play out every day. The inability of sites like YouTube, Twitter, and Facebook to tackle fake news and curb rampant harassment is a direct result of happy-path thinking. Those systems were conceived and architected with the best-case scenario in mind — a benign user posting about what they ate for lunch or sharing videos of their cat. These platforms have little to no resilience in the face of behaviors that diverge from that scenario, which means that if and when the system breaks down and people use it with ill intentions, these companies will be slow to respond or possibly incapable of recovering, as they try to react to a circumstance they’ve hardly considered.
The problem is that in the real world, things always go wrong. Reality is not a best-case scenario, it’s chaotic and messy.
Their goal is to move fast, and addressing edge cases is not fast. This isn’t limited to social media companies. In many industries, companies fail to prioritize edge cases, and this results in fragile products that struggle to recover when things go wrong.
The problem is that in the real world, things always go wrong. Reality is not a best-case scenario, it’s chaotic and messy, and we are moving toward a time in history that has the potential to become more and more so.
The next century could deliver an unprecedented level of change to our existence on earth. We’ve lost 50% of the world’s biodiversity in the last 40 years. We’re seeing increases in many forms of extreme weather. The climate is warming and all manner of things are changing.
We can clutch our pearls all day and say that climate change is a natural process and it’s not our fault, but that point is irrelevant. Man-made or not, change is already happening, and we have not designed a world that can handle it. So far we’ve proven ourselves unwilling to even try to stop it, so our ability to survive and thrive in the 21st century may be predicated more on our level of resilience in the face of it. This means we have to change the way we think about everything we create.
—
Designing for resilience
Designing for resilience isn’t just about helping people prepare for disasters; it’s about shifting our cultural mindset to change some of the ways we think about business strategy and collaboration, and this is not limited to those designing major infrastructure. Shifting culture means applying these concepts across the spectrum of design disciplines and beyond, weaving them into everything from seemingly minor product-level decisions, to major policies and systems on a societal level.
Here are some places to start.
Designing for the edge cases
By “moving fast” and ignoring edge cases, we are systematically weaponizing technology against groups and use cases that fall outside of our defined happy path. Facial recognition software, for example, still has trouble recognizing black faces. And that’s just a start — I mean, we barely take the time to design for people who are color blind. Across the web, algorithms and interfaces packed with bias and designed on best-case thinking sit like landmines just waiting to be stepped on.
In an effort to be agile and keep up with the speed of our broken tech culture, we are failing to do our due diligence as designers, and the consequences of that failure are growing. Resilient products that can successfully operate outside of the best-case scenario are less fragile, better-designed products. By committing to consider a wider set of scenarios, we make our solutions more robust and more valuable. As Cathy O’Neil puts it in her book, Weapons of Math Destruction:
“To create a model, then, we make choices about what’s important enough to include, simplifying the world into a toy version that can be easily understood and from which we can infer important facts and actions. We expect it to handle only one job and accept that it will occasionally act like a clueless machine, one with enormous blind spots.“
We can’t continue to willingly operate with enormous blind spots. The first step toward building a more resilient world is to dramatically widen our design process to account for the unhappy paths.
Future-focused design
When we design something new, most often we design it for the world of today: today’s population, today’s market demand, today’s resource availability, today’s climate. We talk to users about their current challenges, and we look at recent data to decide what we should do next. Being present-focused is an outgrowth of happy-path design. Generating projections of future needs and conditions can be time-consuming, and decisions based on projections can be harder to justify. Building on current conditions is much faster and more straightforward. The problem is that today is not tomorrow, and designing for current conditions makes our solutions less resilient to future changes. This is especially critical when we think about the impacts of climate change.
Take road construction. Our current decision-making process for road construction is still based on historical weather data from the last century. Certain grades of asphalt are made to withstand certain temperatures, and many new roads are being built to withstand cold temperatures that are increasingly rare, instead of being built to withstand the higher temperatures that are becoming the norm. The result is more road damage, unnecessary maintenance costs in the billions of dollars, and even full-on melting. We also see this in the design of plastic products, many of which are not built to tolerate higher temperatures. Items like plastic mailboxes and trash cans have melted in the face of heat waves in Arizona.
We’ve become better than ever at forecasting the future, especially in climatology, but we haven’t shifted our decision-making processes to respond to those forecasts. We need to take a longer view of what we are creating: Based on what we know about the future, how will our solution work when conditions change?
Distributed systems and interoperability
Our model of business today is monopolization. We strive to dominate markets by pushing out the competition and maximizing market share. The drive for monopoly motivates companies to try to build “competitive moats” around their businesses, in the form of centralization or proprietary products. While this has the potential to drive financial success for companies, monopolization creates systemic fragility.
Proprietary products
I have a drawer full of old iPhone charger cables. I haven’t thrown them away yet, but they’re useless because they don’t work with my new phone. I also have a box of random chargers and cables that belong to a long list of devices that I may or may not even own anymore. These have also become useless. Then there’s my drawer of dongles. If you’ve ever had to connect your computer to a TV or some other external device, you’ve inevitably had to play the dongle game, especially if you have a Mac. Apple dongles were the top-selling Apple product at BestBuy stores from 2016 to 2018.
Being able to swap parts and pieces and communicate across devices makes it much easier for a person to handle scenarios that don’t follow the happy path.
While some of this detritus is created by the inevitable evolution of technology, much of it is the result of the competitive moats of proprietary tech. We’ve made it incredibly difficult for our various technologies to connect and communicate, and that’s a symptom of a fragile system.
Being able to swap parts and pieces, share cables, and communicate across devices makes it much easier for a person to handle scenarios that don’t follow the happy path, like when they forget their charger or have to present unexpectedly at a meeting or need to share a file between devices. Interoperability creates a resilient system and allows for easy recovery from suboptimal scenarios.
To achieve interoperability, we have to move away from leveraging components for proprietary value and instead focus on designing for and adopting open technology standards. This can feel like a business risk, but it actually has the potential to create significantly more value than any competitive moat could. You are reading this article right now using an accepted set of open technology standards that drive the internet. This standardization has created a level of interoperability that has unlocked more value than almost any other technology in human history and made the web one of our most resilient systems. Where would we be if every company had its own proprietary web?
Centralization
As businesses grow, they work to align products, systems, and strategy to eliminate (or acquire) competition and centralize the market around their offerings. This drives value, but it also creates significant failure points. Food production is an excellent example.
As we have moved away from distributed, local food production, we have centralized the system around a shrinking number of multinational companies who source, produce, and distribute most of the things we eat. This system has allowed us to achieve nearly ubiquitous availability of food products — you can find the same foods everywhere at almost any time of the year. But this system is also rife with fragility.
The flow of food is so dependent on centralized distribution networks that changing conditions at any point in the system can have major ripple effects across the globe, and increasingly, cities and towns have little to no ability to compensate. Most grocery stores only stock enough food for a week of demand. If production or distribution is disrupted, a town or city can quickly run out. This is why we have to distribute emergency food supplies during emergencies.
Food is just one example. This sort of centralization exists in fuel distribution, power generation, telecommunications, and so on. In a world where changes to the climate have both short- and long-term potential to dramatically impact these and other systems, we have to start questioning the validity of the monopoly model. How can we build businesses and design systems that drive economic value but do so in a robust way that builds resilience and can cope with change?
—
Breaking away from fragile design requires a shift in thinking. It means spending more time considering less-than-optimal scenarios and putting in the effort to address them. If we do this, we’ll create more resilient, accessible, and ultimately more valuable design solutions. In a world where the only constant is change, we’re selling ourselves short by staying on the happy path.
—
“Resilience Is the Design Imperative of the 21st Century” was originally published in Medium on May 15, 2019.