Shostack + Friends Blog Archive


Human Error and Incremental Risk

As something of a follow-up to my last post on Aviation Safety, I heard this story about Toyota’s now very public quality concerns on NPR while driving my not-Prius to work last week.

Driving a Toyota may seem like a pretty risky idea these days. For weeks now, weve been hearing scary stories about sudden acceleration, failing brakes and car recalls. But as NPRs Jon Hamilton reports, assessing the risk of driving a Toyota may have more to do with emotion than statistics.

Emotion trumping statistics in a news article?  Say it isn’t so!

Mr. LEONARD EVANS (Physicist, author, Traffic Safety): The whole history of U.S. traffic safety has been one focusing on the vehicle, one of the least important factors that affects traffic safety.

HAMILTON: Studies show that the vehicle itself is almost never the sole cause of the accident. Drivers, on the other hand, are wholly to blame most of the time. A look at data on Toyotas from the National Highway Traffic Safety Administration confirms this pattern.

Evans says his review of the data show that in the decade ending in 2008, about 22,000 people were killed in vehicles made by Toyota or Lexus.

Mr. EVANS: All these people were killed because of factors that had absolutely nothing to do with any vehicle defect.

HAMILTON: Evans says during that same period, its possible, though not yet certain, that accelerator problems in Toyotas played a role in another 19 deaths, or about two each year. Evans says people should take comfort in the fact that even if an accelerator does stick, drivers should usually be able to prevent a crash.

(bold mine)

From 1998 to 2008, about 2,200 people per year (out of a total of about 35,000 total vehicle deaths per year) died in Toyotas because of some sort of non-engineering failure.  During that same period, just under two people were killed per year due to the possible engineering failure.  So all this ado is about, at most, a 0.09% increase in the Toyota-specific death rate and a 0.005% increase in the overall traffic death rate.

So why is the response so excessive to the actual scope of the problem?  Because the risk is being imposed on the driver by the manufacturer.

Mr. ROPEIK[(Risk communication consultant)]: Imposed risk always feels much worse than the same risk if you chose to do it yourself. Like if you get into one of these Toyotas and they work fine, but you drive 90 miles an hour after taking three drinks. That won’t feel as scary, even though its much riskier, because you’re choosing to do it yourself.

And, lest we forget, even in the case where the accelerator did stick there was still a certain degree of human error:

Mr. EVANS: The weakest brakes are stronger than the strongest engine. And the normal instinctive reaction when you’re in trouble ought to be to apply the brakes.

My frustration is when I compare the reality of the data with most of the reporting on the subject, I think of Hicks’ Hudson’s NSFW “Game Over” rant. (Corrected per the comments.  Thanks, 3 of 5!)

After all, given that you’re more likely to die in your home (41%) than in your car (35%), you’re still statistically safer taking to the road than sitting home cowering in fear of your Prius.

4 comments on "Human Error and Incremental Risk"

  • Saso says:

    But, at the same time the Toyota debacle also shows how important it is for major companies to do three things right:
    incident management;
    crisis management;
    make sure bad news is delivered up the ranks.

    As it is, Toyota’s reputation ranks somewhere below Tiger right now because of: bungled public relations; revelations of hiding damaging information, patting themselves on their collective backs about saving large sums of money by not recalling vehicles; and downplaying and/or hiding what is really at fault. And let’s not forget selective recall: recall only where the law finds the fault to be critical, ignore all other regions.

    There are many, many lessons in there. Common thread: human error (galore in this sad tale) and bad risk assessment on Toyota’s side.

  • @Saso

    I completely agree. Your comments remind me of Schneier’s philosophy from Beyond Fear on the importance of not ignoring response to focus on prevention.

    Long-term, it will be interesting to see if Toyota comes through this relatively unscathed or winds up like Saab, whose market share never recovered.

    My comments were focused on the disparity between the hype and the actual relative impact of the defect from an overall traffic safety perspective. If Toyota as a company suffers as a result, then so be it–as you aptly noted, they have done a miserable job of managing the reporting and public perception and will suffer accordingly.

    Also curious was a comment last week on the Interesting People mailing list which pointed out that Toyota buys the accelerator in question from a third party, but only about 40% of all that are manufactured.

    In what other vehicles should we be hearing about these defects but aren’t? And why?

  • 3rd of 5 says:

    Slight correction about the NSFW link.
    Hudson, sir. He’s Hicks.

  • It would be interesting to see similar statistics about human error and how much that has contributed to failures in our information security systems … either through incompetence or malicious intent.

    Do you remember the story about Sleeping Beauty? The risk: “the sharp needle on the spinning wheel” … the King’s solution “get rid of all the spinning wheels in the kingdom so his daughter won’t prick her finger” … well you know the story “the witch had her own spinning wheel”. When I was a kid I can remember thinking “why didn’t the King just educate his daughter about spinning wheels?”.

    Same with driving cars … why don’t we teach people about the risks? Or with information security … how is our awareness and training plan going?

Comments are closed.