|The design of legal products
Dialogue boxes are insentient, unwanted interruptions. They require pointless intervention before continuing the tedious task with which you were already occupied. They can and do get buried under windows, files and other pointless dialog boxes. They can be buried so deep as to be quite invisible, undetectable and unreachable. But they hang your session all the same, waiting obediently for reply that will never, and can never, come.
Dialog boxes are also, in their way, second-order derivative risk management tools. For what is one meant to achieve but an allocation of fault, that can only play itself out upon, and not before, catastrophe? Does a dialog box stop you from downloading that trojan worm? It does not. It just reminds you that it’s your’’ posterior in the sling. Does a quarterly compliance attestation prevent the mischief that compliance in itself is designed to avoid? Again, it does not. Quite the contrary: it provides comfort – false comfort – that compliance is in hand; it de-escalates whatever risk management process might otherwise be running and instead provides a green signal that the legible world is at peace.
It makes management happy in the meantime, and gives it someone to point a finger at later. In this way, it resembles many of the protections afforded by a legal contract that do not target practical, day-to-day compliance or meaningfully go towards ensuring a robust system, but which merely allocate liability should the unthinkable — and since you’ve designed a sodding dialogue box for it, it’s not really unthinkable, is it? — happen.
The risks attested to by dialogue boxes fall into two categories: real ones and bullshit ones.
Real ones, we think, will naturally weed themselves out in the same way that, as Rory Sutherland wryly suggested, a dishwasher does: if you want to make everything in your kitchen dishwasher-proof, just put everything in the dishwasher. Within 3-weeks, hey presto! Everything left will be dishwasher-proof. In the same way, real risks addressed by salutary dialogue boxes, auto-generated email reminders and the like will surely present themselves from time to time, and it will be no surprise that this dumb, set-and-forget prophylactic will be singularly ineffective at preventing the risk realising itself. But it will provide management with a culprit: a bad apple; a weak gazelle, a root cause. The poor sod who missed it will doubtless pay the P45 price — don’t let the door smack you on the arse on your way out, friend — said smacked arse covering not its condemned owner, but the systemic failure that this “human error” conceals. Sidney Dekker rights persuasively about this in The Field Guide to Human Error Investigations.
Bullshit risks, on the other hand, will remain, kludging up every employee’s day, burying themselves under open windows, causing system crashes, and doubtless full-time jobs employing and managing them to take account of whatever fantastical risks management is currently preoccupied with.