[SystemSafety] WG: words you cannot use at GM

Andrew Rae andrew.rae at york.ac.uk
Thu May 22 16:44:34 CEST 2014 

Put me in the "on the one hand, on the other hand" camp. I actually think
"Acceptably safe" gets used as a halfway-house compromise between the
two useful definitions of safety:
 1) "Safe" is the absolute of zero risk. It's not achievable, so we are
never safe. We can just talk about how to approach this condition.
 2) "Safe" is the point where the level of risk becomes acceptable.

"Acceptable" is a loaded term, which requires unpacking, but that's the
point. The unpacking are all questions we should ask. Acceptable to whom?
Based on what information? Based on what standard of judging?

Too often, denying the term leads to failure to unpack. You aren't removing
the concept of acceptable risk by refusing to talk about it. Pinto is a
fantastic example for this. All cars have this nasty habit of spilling fuel
and catching fire when you hit them hard enough in the right way. Small
cars are less safe than big cars. At some point, even though they aren't
"safe" (by definition 1 above) we're going to allow them onto the road.
We're not going to make this decision in a sane way by denying that there
is a finite risk that people are going to die, and that if we spent more
money and effort those people might not die. Yes, it is an incredibly vague
and shifting standard when it is okay to stop trying to make the car safer,
but that's the reality of safety work.

That's why I hate this perception so common in the USA that it isn't OK to
talk about risk and cost benefit analysis. Of course it's okay. More than
that, it is a moral and legal obligation. Yes, if you make a cynical and
unreasonable trade off with other people's lives, and then write that down
on paper, the courts are not going to be happy. SO DON'T MAKE THE CYNICAL
AND UNREASONABLE TRADEOFF! Court cases are not exercises in cherry picking
your words. They're the exact opposite. If someone writes an email saying
"this is a death trap" and it is one of ten thousand emails openly
discussing and dealing with risk, the court is going to see those 10
thousand emails and the words in context. If you have a company policy
"don't admit to anyone that we're selling death traps" the court is going
to see that, too.

My system safety podcast: http://disastercast.co.uk
My phone number: +44 (0) 7783 446 814
University of York disclaimer:
http://www.york.ac.uk/docs/disclaimer/email.htm


On 22 May 2014 15:30, C. Michael Holloway <c.m.holloway at nasa.gov> wrote:

>
> On 5/22/14 8:31 AM, Nancy Leveson wrote:
>
>   I think saying that "acceptably safe" is safe is a ridiculous
> definition.
>
> On one hand, I concur.  Reusing a word in its 'definition' leads to
> infinite regress (as Dewi pointed out earlier concerning GM), and violates
> generally accepted principles of lexicography.
>
> On the other hand, I completely disagree.  "Safe" in the absolute sense
> (no chance whatsoever of harm) does not exist in reality. Well, except in
> baseball, where it is usually possible to determine conclusively whether
> someone is "safe" or "out."  In practice, "safe" is always relative never
> absolute.   So, it seems much more intellectually honest to admit that all
> discussions about safety are really discussions about an acceptable level
> of safety, than to pretend otherwise.
>
> Often when I talk about safety, I show the following definition of what I
> mean by the word "safe":  not resulting in losses to life or health (except
> to the extent that the number and frequency of such losses is deemed by the
> public to be small enough so as to be outweighed by the benefit provided).
> I also note that this public deeming is almost always done implicitly and
> may change over time. As an example, the public generally perceived
> commercial air travel as safe many decades ago, when the accident rate was
> significantly higher than it is today.  Were we to return to the accident
> rate of several decades past today, the public would no longer consider air
> travel to be safe.
> --
> *cMh*
>
> *C. Michael Holloway*, Senior Research Engineer
> Safety Critical Avionics Systems Branch, Research Directorate
> NASA Langley Research Center / MS 130 Hampton VA 23681-2199 USA
> office phone: +1.757.864.1701 *often forwarded to* +1.757.598.1707
>
> The words in this message are mine alone; neither blame nor credit NASA
> for them.
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140522/d827354e/attachment.html>

More information about the systemsafety mailing list