Slashdot Mirror
The Tech Failings of Hawaii's Missile Alert
Over the weekend, Hawaii incorrectly warned citizens of a missile attack via their phones. According to The Washington Post, the error was a result of a staffer picking the wrong option -- missile alert instead of test missile alert -- from a drop down software menu. Hawaiian officials say they have already changed protocols to avoid a repeat of the scenario. The report goes on to add: Part of what worsened the situation Saturday was that there was no system in place at the state emergency agency for correcting the error, HEMA (Hawaii Emergency Management Agency) spokesman Richard Rapoza said. The state agency had standing permission through FEMA to use civil warning systems to send out the missile alert -- but not to send out a subsequent false alarm alert, he said. Though the Hawaii Emergency Management Agency posted a follow-up tweet at 8:20 a.m. saying there was "NO missile threat," it wouldn't be until 8:45 a.m. that a subsequent cellphone alert was sent telling people to stand down. Motherboard notes that new regulations require telecom companies to offer a testing system for local and state alert originators, but because of lobbying by Verizon and CTIA, this specific regulation does not go into effect until March 2019.
In a piece, The Atlantic argues that the 90-character messages sent by the system aren't suited to the way we use our devices.
In a piece, The Atlantic argues that the 90-character messages sent by the system aren't suited to the way we use our devices.
They need to add some AI:
"Hi, I'm Clippy! Are you sure you want to send a missile alert?"
"No, Clippy"
"OK then, launching missiles".
What's worse, is that the menu items were right under each other. "Missile alert" and "Missile alert Test". Both items give the same "are you sure" confirmation.
While it was certainly a bone headed mistake, it was one what was easily possible for someone in a hurry. As this fellow was just wrapping up his shift, he was clearly trying to get everything done in time.
I don't get the people calling for this guy to get fired. Like none of those assplugs have ever made a mistake on their job. How many know someone in the office that accidentally did reply to all, or forward some email chain to external Eric rather than the internal Eric.
Shit happens. Clearly the design of that system isn't the best.
Whilst I believe that you are right in identifying an mechanical failsafe as an incorrect approach I don't think this should fall to the user to pick from two items next to each other on a drop-down. Intelligent, highly-skilled operators make mistakes in these sort of circumstances and a bit of decent UI design goes a long way in preventing such things (without the need for mechanical safeguards).
Something as simple as giving obvious visual clues between test and live messages (icons, colour, font weight etc), separating the items on the drop down into obvious lists for test and live messages etc.
Getting only a _little_ more complicated in UI, a subsequent message confirming a live message (possibly with an action that requires a user to type 'live' or something to ensure that the validation request has been received and understood) would almost certainly eliminate any chance a live message being sent in place of a test one.
Decent design does not rely on users doing the right thing any more than it has to.
-- Gaxx
Seriously, contact all the major TV and radio stations in the area first. The expectation that everyone should get critical information from "social" media is a joke.
What's worse, is that the menu items were right under each other. "Missile alert" and "Missile alert Test". Both items give the same "are you sure" confirmation. While it was certainly a bone headed mistake, it was one what was easily possible for someone in a hurry. As this fellow was just wrapping up his shift, he was clearly trying to get everything done in time.
I don't get the people calling for this guy to get fired. Like none of those assplugs have ever made a mistake on their job. How many know someone in the office that accidentally did reply to all, or forward some email chain to external Eric rather than the internal Eric. Shit happens. Clearly the design of that system isn't the best.
I agree. Shit happens. Just was unfortunately some really bad shit in this case. I haven't made such public mistakes, but I've made some big ones. He is just a scape goat here.
The real problems I see here is that A) it wasn't blatantly obvious (through using a different workflow and by clear visual (and audio?) indicators) that he was going down the live path rather than Test and B) that having permission to use the EBS doesn't automatically carry the ability to send a "oh shit! we didn't mean to do that" message as well.
At the point where the workflow path deviates between Test and Real it should be impossible for someone, no matter how rushed/tired/bored, to get it wrong. Glaringly different color schemes. Audio prompts. Full screen dialogs so they can't be paying attention to something else. Extra steps down the Live path. Having a second account confirm the action. Etc...
Make it so that you have to be either blatantly ignorant or blatantly malicious to get to the point of sending a Live alert when you shouldn't. The timeliness nature of the system, however, does present some challenges since you want to delay getting the alert out as little as possible.
Now what I think is really being missed here is that this was a blessing in disguise. Yes it inconvenienced and scared the crap out of a lot of people, but based on all the reports I've seen no one had a clue what to do with it. Given the short time involved for a missile to get from NK to Hawaii and the devastation a nuclear warhead would do I question the point of giving warning (I'd rather die blissfully ignorant rather than in a panic or linger through injury/radiation poisoning), but if there is going to be a warning people need to know what to do and react accordingly.
They are concerned enough to spend money on the warning system, but have they spent the money on enough bunkers to hold the population of the islands? Are they located so that everyone has a reasonable chance of getting to one regardless of traffic/panic of everyone else trying to get there?