Browse Definitions :
Definition

law of unintended consequences

Contributor(s): Ivy Wigmore

The law of unintended consequences is a frequently-observed phenomenon in which any action has results that are not part of the actor's purpose.

The superfluous consequences may or may not be foreseeable or even immediately observable and they may be beneficial, harmful or neutral in their impact. In the best-case scenario, an action produces both the desired results and unplanned benefits; in the worst-case scenario, however, the desired results fail to materialize and there are negative consequences that make the original problem worse.

Examples of the law of unintended consequences in play:

A company mandates security mechanisms, such as strong passwords or multifactor authentication, to protect sensitive data. However, because the new passwords are too difficult to remember or the procedures too cumbersome, users find ways to circumvent the mechanisms, such as writing passwords on sticky notes on the monitor.

In the United States, the Patriot Act expanded the power of law enforcement and government agencies to monitor and intercept the data of private citizens. One unintended consequence was a reluctance of companies and individuals to allow any of their data to be stored in the U.S.

As machine-to-machine (M2M) communications and the Internet of Things (IoT) develop, an increasing number of devices have the capacity to transmit data over a network. However, these devices are often things that have not traditionally had any ability to communicate and as such have no security mechanisms in place to protect them. An unintended consequence is security attacks on IoT devices, which have included a light bulb hack.

Factors that reduce the likelihood of unintended consequences include an understanding of the systems involved, careful planning and an attention to detail during execution. In recent years, the law of unintended consequences is often evoked in reference to complex systems, which by definition cannot be fully understood. As a result, any action that involves a complex system is certain to have unintended consequences.

In this TED talk, historian Edward Tenner discusses the gap between our ability to innovate and our ability to foresee the consequences:

This was last updated in February 2016

Continue Reading About law of unintended consequences

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

Thanks Margaret. I can't help but think about this law in terms of information security. A few examples include:
  1. Patching to be more secure that ends up taking systems offline or breaking applications. Risks increase.
  2. When implementing a new security control, the time and effort required to keep it rolling often take away from other important work. Risks increase.
  3. When documenting and enforcing a security policy, it gets in the way of doing business. Risks increase.

This is an important law that must always be considered before implementing anything new in/around security.

Cancel
I think the most fascinating aspect of this law is the phenomenon that is mentioned above regarding computer passwords.  It is when we react to a problem with a solution that unintendedly ends up causing exactly what it was designed to prevent.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • Transport Layer Security (TLS)

    Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating ...

  • van Eck phreaking

    Van Eck phreaking is a form of electronic eavesdropping that reverse engineers the electromagnetic fields (EM fields) produced by...

  • zero-trust model (zero trust network)

    The zero trust model is a security model used by IT professionals that requires strict identity and device verification ...

SearchHealthIT

SearchDisasterRecovery

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

  • business continuity policy

    Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk ...

SearchStorage

  • solid-state storage

    Solid-state storage (SSS) is a type of computer storage media made from silicon microchips. SSS stores data electronically ...

  • persistent storage

    Persistent storage is any data storage device that retains data after power to that device is shut off. It is also sometimes ...

  • computational storage

    Computational storage is an information technology (IT) architecture in which data is processed at the storage device level to ...

Close