Cross posting a cross post: we need to be better at failing

I wrote a slightly grumpy post yesterday about some problems with the Ordnance Survey maps app. It went on my other blog, because of the circumstances in which it happened. But it’s worth mentioning here too, because it’s an example of a service design failure with some wider implications.

Things go wrong. Things go wrong in complicated ways because they have to operate in complicated environments. When things go wrong they should degrade gracefully, not break abruptly when there is no need for them to do so.

Graceful failure operates at different levels. Dan Catt has just written a marvellous post about designing ‘shutdownability’ from the outset. It is one of the principles of agile working that failure should be embraced. As Paul Clarke said a couple of years ago

As ever, design systems for the things that will go wrong, not the things you expect to go right.

And so to the grumpy post. This is the key paragraph – but do read the whole thing.

It should be pretty obvious that  updates – particularly updates requiring significant amounts of data – should happen when the user chooses. It should be pretty obvious that the fallback to a failed update should be that the earlier version continues to work, not that the whole app locks up completely. And if progress is being stopped by a preference setting, it should be pretty obvious that giving the choice of changing the preference is better than defaulting to failure.

We could all do with failing better.

Aphorisms 140 – 142

Good design costs the same as bad design, it’s just that bad design costs way more in the long run

Design is always and inevitably collaborative

The question you start with is always rubbish. Whatever it is, it’s always wrong, whoever you are and whenever you ask it.

Andrea Siodmok

Aphorisms usually appear here one at a time, but it’s worth making an exception for these three, all taken from Andrea’s RSA Bicentenary Prize Medal lecture on How Design is Shaping Thinking at the Heart of Government

Past aphorisms are collected on the aphorism archive page

Interesting elsewhere – 11 September 2015

Things which caught my eye elsewhere on the web

The Security Risks of Third-Party Data – Schneier on Security
Organizational doxing is a powerful attack against organizations, and one that will continue because it’s so effective. And while the network owners and the hackers might be battling it out for their own reasons, sometimes it’s our data that’s the prize. Having information we thought private turn out to be public and searchable is what happens when the hackers win. It’s a result of the information age that hasn’t been fully appreciated, and one that we’re still not prepared to face.

It’s not about us, it’s about collaboration | Government Digital Service
Digital transformation isn’t just service design, it’s organisation design. It’s as much about people as it is about pixels and processors. And it’s hard. Re-thinking digital services means re-thinking how your organisation does things and why it does them in a particular way. It means challenging the status quo and constantly asking “Why?” and “What is the user need?”

What I’m talking about when I’m talking about government as a platform | Dave Briggs
Digital is not about technology, and government as a platform is not about IT. It is instead a way of rethinking the operating model of an organisation to meet the current and future needs of its customers, in the digital age. The technology is an important enabler, but it is the means rather than the end.

The Future of Firms. Is There an App for That? — Medium
For most of the developed world, firms, as much as markets, make up the dominant economic pattern. The Internet is nothing less than an extinction-level event for the traditional firm. The Internet, together with technological intelligence, makes it possible to create totally new forms of economic entities, such as the “Uber for everything” -type of platforms/service markets that we see emerging today. Very small firms can do things that in the past required very large organizations.

Russell Davies: You can’t fix services with engagement
How did so many organisations end up here?

Because they’ve spent money on making their marketing digital, not their processes. They’ve got good at social media rather than service design.

They’ve invested in conversations, not services, so now they spend their whole time having conversations about how shit their services are.

Ben Holliday » Asking the right questions to frame the problem
I’ve found that framing the problem is something that teams really struggle with. This should be something we constantly refer back to as we look to iterate and improve what we’re working on. Framing the problem should provide the constraint and reasoning behind new features, or be used to guide the prioritisation of any content and design changes.

Web Design – The First 100 Years
Here we are, fifty years into the computer revolution, at what feels like our moment of greatest progress. The outlines of the future are clear, and oh boy is it futuristic.

But we’re running into physical and economic barriers that aren’t worth crossing.

We’re starting to see that putting everything online has real and troubling social costs.

And the devices we use are becoming ‘good enough’, to the point where we can focus on making them cheaper, more efficient, and accessible to everyone.

So despite appearances, despite the feeling that things are accelerating and changing faster than ever, I want to make the shocking prediction that the Internet of 2060 is going to look recognizably the same as the Internet today.

Digital transformation strategy | Deloitte University Press
What separates digital lea­ders from the rest is a clear digital strategy com­bined with a culture and leadership poised to drive the transformation. The history of technological ad­vance in business is littered with examples of companies focusing on technologies without in­vesting in organizational capabilities that ensure their impact. In many companies, the failed imple­mentation of enterprise resource planning and previous generations of knowledge management systems are classic examples of expectations falling short because organizations didn’t change mindsets and processes or build cultures that fostered change.

Lessons for the Public Sector from the Evolution of Early Life | Richard Copley MSc, BSc, SMSITM (and CIO)
It is necessary for each partner to give something up if the eukaryotic organisation is to be created. The thing that you’re losing is sovereignty over some functions. To my mind the kind of protectionism/sovereignty that we typically see in the public sector is a crime. ‘Sovereignty’ is really little more than macho chest thumping and posturing. It is a dog, scent marking its territory. We need to grow up.

Thinking time

I went to the post office at lunch time. Lots of other people did too, so it was quite busy.

For the last few years, this post office has had a fancy queuing system (though it now no longer seems to require a dedicated member of staff to explain the self service options, which is progress of a kind). I took my ticket and prepared to wait.

Ticket to queue

But then I realised that it might be quite a wait. My little ticket told me that there were 54 people ahead of me in the queue, which sounded like a lot. There were three counter positions open, so if each transaction took about two minutes, I could expect to be there for half an hour. A moment’s further thought suggested that there was a big unknown in that estimate. An obvious reaction to facing a queue 54 people long is to go away and come back some other time when the queue is shorter. But it’s only possible to find out the length of the queue by getting a ticket and joining it – or by getting a ticket and promptly abandoning it. So information value is destroyed by the act of publishing it: telling people how long the queue is changes the length of the queue.1

In other words telling me that there are ‘54 customers in front’ actually tells me very little. It’s a production line view of the situation, not a user-focused view and it was a safe bet that there weren’t going to be 54 actual transaction before mine.

So I waited. And indeed the numbers rolled past faster than they should have done. I wasn’t counting, but at a rough guess, somewhere between a third and a half were no shows. And as I waited, three fairly basic lessons came to mind, applicable far beyond the post office

Modernising a service doesn’t necessarily make it better

Choosing an option on a touch screen which prints a numbered ticket has connotations of modernity which just standing in line in order of arrival altogether lacks.2 Being modern for the sake of doing things better is a very good thing. Being modern for the sake of appearing to be modern is not. Some aspects of the new way of doing things are undoubtedly better (people can sit while they are waiting, for example), but it’s not self-evident that the improvement is as overwhelming as the post office likes to think.

If there has to be a queue, the best thing to do is to make it visible

Shoes queuing for peopleWe would all prefer there not to be a queue. But if there has to be one, make it visible. That doesn’t have to be physically standing in order, smarter ways are possible too, as the picture shows.3 But whether it is a face to face interaction, a call centre or an order backlog, it is far better to know than not.


If you are going to give customers information, give them information which has some meaning

Telling me that there were 54 people ahead of me was at least an attempt to tell me something. But it suffers from the weakness that there is no easy way of converting what it is easy for the organisation to tell me to what I actually want to know. I wrote about two contrasting queues a few years back – one brilliantly managed, with visual queues supported by hard information about actual waiting times, and one which worked a bit differently:

If a customer had the temerity to ask how long they were going to have to wait, they were shown the pile of forms in the pending pile – which without knowledge of the number of staff on duty and the average time each one took to deal with, conveyed precisely no information whatsoever.  Similarly, ‘we are very busy at the moment, please hold until you can’t bear the tinny music any longer’ is dramatically less useful than ‘we are currently answering calls in six minutes’.

With the data the post office ticketing system already has, it ought to be pretty straightforward to create reasonably accurate predicted waiting times. The fact that that is not the information they choose to provide is quite telling.

Meanwhile, today the BBC is reporting a much more subversive idea on queue management: serving the first person in the queue last and the last first. Let’s hope nobody from the post office gets to read it.

  1. Strictly this is a consequence of how the information is published: it is tangling it up with the act of deciding whether to join the queue which does the damage.
  2. Or at least it’s supposed to. There is though nothing quite so dated as slightly tarnished novelty.
  3. It was doing the rounds on social media a little while ago and the trail to the original source seems to be dead. I found it on Reddit, so it could have come from anywhere.

Driving licences have been abolished. You may not have noticed.

Secure printing is on its way to being one of the casualties of the digital revolution. It hasn’t yet gone away of course, with bank notes remaining its apotheosis.1 There is a reason for that complexity and the costs which go with it, which is that fundamentally bank notes are self-authorising.

That used to be true for lots of other things as well, some of them quite banal. Even the humble MoT certificate was produced on special paper using special inks to make forgery more difficult, and had to be kept securely to reduce the risk of theft of blank certificates. All of that has gone. As I noted a few years ago:

The penny has dropped at VOSA that the MOT certificate is no longer a certificate in any meaningful sense, it’s a receipt:  the real value, and the thing which needs to be secured is the database entry.

The piece of paper you get at the end of an MoT test may be convenient, but it’s not authoritative, it’s one way (and not even the only way) of getting to what really matters, which is the entry on the database.

Now the same has happened to the driving licence – in practice, if not yet in theory. The oddity which was the paper counterpart of the plastic card driving licence has been abolished, presumably because it achieved the unfortunate combination of being inconvenient, expensive to maintain, and open to abuse. But the information which used to be printed on that piece of paper still has uses, so DVLA have provided an alternative. The simple bit is that it is an online, but printable, version of the paper counterpart (but without any of the complexity of keeping it up to date). The clever bit is that it comes with a single use validation code. The result is that a third party recipient – a car hire company or an employer – can have a trustworthy and up to date view of the driving record.

That’s not supposed to replace the driving licence, just to supplement it. But it goes further to making the actual driving licence pointless than it first appears. Given the choice between trusting a plastic card, albeit one with security features designed to protect its integrity, and trusting a scruffy bit of paper which can be directly validated against the underlying database, I’ll go for the piece of paper, every time.

That leaves the driving licence itself with only two remaining advantages. The first is that it has a photograph of the driver and the print out does not. But since the photograph is just another field on the database, it would be trivial to change (or to provide access to, for example, the police by another means). The second is the widespread use of driving licences as a quasi proof of identity in situations which have nothing to do with driving. Arguably that isn’t DVLA’s problem, but in any case that use will be overtaken by other approaches to identity management in the not too distant future.

It’s about fifteen years since I was first in a serious discussion about the abolition of tax discs.2 This year they have vanished. In another fifteen years, there will be a gap in your wallet where your driving licence used to be. But that will be just the final stage of a transition which has already begun.3

Driving licences have been abolished. There’s just a bit of tidying up to do now.

There’s a wider point worth noting too. This is a example of what a few years ago I called Cheshire cat government – ‘The best service is the one which disappears.’4 DVLA seem to be particularly good at abolishing things in a good way, a skill with potential application across government far beyond the world of motoring.

  1. The Bank of England boasts that the £20 note has nine security features, and no doubt there are a few more about which it is more circumspect.
  2. The question was serious, the response was fairly dismissive.
  3. Unless, of course, they have already gone because driving by humans has been abolished. But that’s another story.
  4. ‘Disappears’ doesn’t mean cut or abolished – people need to be licensed to drive, they don’t necessarily need a thing called a driving licence.