Stupidity versus Malice

As a web developer, I am required to build web applications and secure websites. One of the key requirement is to create a secure and well protected system to keep attackers at bay. Although securing the website from malice is important, it is also important to secure the web application from stupidity. Stupidity from the privileged users, administrators, developers, etc. The cost of stupidity is often underestimated. By stupidity I mean lack of average intelligence assumed for a particular task or not thinking through atleast a few worst case scenarios prior to doing something.

Let me give you a few big examples from history and recent times.

1) Data worth 2 billion dollars lost in courier
In 2007, 25 million child benefit records was sent from one government department to another and was lost by the courier company. The discs were sent by a junior staff member unencrypted and unregistered. The discs contained all kinds of personal data, names and ages of children, bank savings account numbers, partners details and even National Insurance Numbers (Equivalent to the Social Security Numbers).  The costs that this caused UK is not clear but it did involve high profile resignations, weeks and weeks of political debates, banks monitoring millions of accounts for fraudulent activity, etc. Some estimate the data alone could be worth over $2 billion in criminal hands.

2) The Honda Point Disaster (Off California Coast)

Aerial view showing all seven destroyers

Aerial view showing all seven destroyers

This was the largest peacetime loss of U.S. Navy ships in which seven destroyers were lost. This tragedy was not caused by malice. Twenty-three sailors died in the mishap. Two other destroyers were slightly damaged. The navy court ruled it as a fault of the navigators and the captains of each ship. How did this happen? The flagship was equipped with a radio navigational receiver, but ignored the bearings, believing them to be erroneous. No effort was made to take soundings or depth measurements. These operations were not performed due to the need to slow the ships to take readings. The ships were performing an exercise that simulated wartime conditions, hence the decision not to slow down. In this case, the dead reckoning (method of estimating position) was wrong and the mistake fatal. The need to slow the ship might also reminds us of another disaster, the Titanic!

3) Aviation Accidents
Boeing studied commercial jet accidents (not including hijacking, test flights, etc) between 1959 to 2008. They determined the primary cause of Airline hull loss accidents (aircraft beyond repair) to be the following:

  • 55%: Flight crew error
  • 17%: Airplane
  • 13%: Weather
  • 7%: Misc./Other
  • 5%: Air traffic control
  • 3%: Maintenance
  • Clearly a lot of these are preventable and a lot of lives could have been saved. Flight crew error and the Air traffic control accounts to about 60% of all hull loss accidents.

    In Conclusion
    Accidents do and will happen, I would recommend developers to think about stupidity and not just malice when building systems. I have two interesting quotes to leave you with.
    Albert Einstein - Two things are infinite: the universe and human stupidity; and I’m not sure about the universe.
    Hanlon’s Razor Never attribute to malice that which can be adequately explained by stupidity.

    Do share incidents that you have come across during your career.

    Also read...


    1. ma.gnolia said on :

      A recent cloud based incident was the data loss of the social bookmarking website They lost their entire user database. Their MySQL database had half a terabyte of data. It turned out that Ma.gnolia was pretty much a one-man operation, running on two Mac OS X servers and four Mac minis. It turned out they did not have a single database dump and had to use google cache, etc to restore data. A sad story but this was clearly not caused by malice.

    2. Somebody said on :

      I have a quote “Genius may have its limitations, but stupidity is not thus handicapped.” Even in an utopian world without malice, we still need to have regulations and laws. This is just to protect people from their own stupidity. Thinking about all the traffic laws in place today, no drunk driving, wear your seat belts, etc. Why on earth can’t we all do these little things?

    3. Schmoo said on :

      An aircraft manufacturer’s study found that aircraft weren’t to blame in the majority of accidents? While it may well be perfectly accurate, I’m taking that with a pinch of salt.

    4. Vivek said on :

      Malcolm Gladwell’s book “Outliers” has a chapter dedicated to how airplane crashes can be attributed to the social dynamics of an airplane crew.
      After reading that I dont believe crew errors can be categorised under the banner of “stupidity”. Its more a problem of communication between crew members.

    5. bsaunder said on :

      The examples given seem more like inattentiveness than stupidity. Which makes sense. Attention to every detail requires effort (a lot of effort). Sometimes one person may not have all of the resources required to pay enough attention to every detail. The ones you pay attention to (e.g. aircraft maintenance) account for fewer problems.
      Throughout my programming career, I’ve noticed a strong correlation of bugs with code that was given less attention (it was deemed to be an easier problem to solve, or compartmentalized and solved later).
      I don’t think it’s fair to claim people were stupid just because a detail was overlooked. Perhaps they could have allocated their attention differently, but without knowing all of the trade offs it’s hard to say they made a bad choice.
      I think that people have a finite amount of “attention” that they can devote to things during a day. Furthermore spending attention on a task seems to consume energy. It’s reasonable to think that occasionally some items get less attention than they should.

    6. Pingback: Ian

    7. Anonymous said on :

      Don’t forget the corollary: Any sufficiently advanced stupidity is indistinguishable from malice.

    8. otakucode said on :

      Stupidity is no longer a concept understood by society. Stupidity is acknowledged as the universal condition. It is intellectual acuity that is insulted, disrespected, and avoided. All media cooperates to transmit the message that stupidity is the master of the human race, and that all rational, learned thinking is trickery and charlatanism. And malice? Since everyone is expected to be stupid, good intentions have been declared equivalent to good results. Since a persons motivation can never be known with certainty except, occasionally, by the person who committed the action, good intentions can always be claimed. No person acting out of ignorance and flawed thinking would ever be lambasted by society, but praised as a hero. Mother Teresa is a great example. She fought to keep women in poverty oppressed and treated like cattle. She fought to extend and expand poverty and the suffering of millions. However, because she was stupid enough to see “value” in suffering (an idea which flies in the face of every person alive who wishes to remain so) and she claimed she had good intentions, whether she secretly harbored malice is not even questioned.
      If you’ve read this entire comment, with its big words and dense concept to sentence ratio, you are likely an enemy of society. A thinker. Someone interested in making sure that the things you believe and think are actually right and real. I’ve got nothing but sympathy for you. Try to keep your head down, and don’t let them know that you read and think. You’ll get nothing but grief for it.

    9. Simon said on :

      I never heard of the Honda point incident earlier. Interesting!

    10. tanasinn said on :

      “Folly is often more cruel in the consequences than malice can be in the intent.”
      –Aldous Huxley

    Comments are closed.