Browse Definitions:
Definition

law of unintended consequences

Contributor(s): Ivy Wigmore

The law of unintended consequences is a frequently-observed phenomenon in which any action has results that are not part of the actor's purpose.

The superfluous consequences may or may not be foreseeable or even immediately observable and they may be beneficial, harmful or neutral in their impact. In the best-case scenario, an action produces both the desired results and unplanned benefits; in the worst-case scenario, however, the desired results fail to materialize and there are negative consequences that make the original problem worse.

Examples of the law of unintended consequences in play:

A company mandates security mechanisms, such as strong passwords or multifactor authentication, to protect sensitive data. However, because the new passwords are too difficult to remember or the procedures too cumbersome, users find ways to circumvent the mechanisms, such as writing passwords on sticky notes on the monitor.

In the United States, the Patriot Act expanded the power of law enforcement and government agencies to monitor and intercept the data of private citizens. One unintended consequence was a reluctance of companies and individuals to allow any of their data to be stored in the U.S.

As machine-to-machine (M2M) communications and the Internet of Things (IoT) develop, an increasing number of devices have the capacity to transmit data over a network. However, these devices are often things that have not traditionally had any ability to communicate and as such have no security mechanisms in place to protect them. An unintended consequence is security attacks on IoT devices, which have included a light bulb hack.

Factors that reduce the likelihood of unintended consequences include an understanding of the systems involved, careful planning and an attention to detail during execution. In recent years, the law of unintended consequences is often evoked in reference to complex systems, which by definition cannot be fully understood. As a result, any action that involves a complex system is certain to have unintended consequences.

In this TED talk, historian Edward Tenner discusses the gap between our ability to innovate and our ability to foresee the consequences:

This was last updated in February 2016

Continue Reading About law of unintended consequences

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Thanks Margaret. I can't help but think about this law in terms of information security. A few examples include:
  1. Patching to be more secure that ends up taking systems offline or breaking applications. Risks increase.
  2. When implementing a new security control, the time and effort required to keep it rolling often take away from other important work. Risks increase.
  3. When documenting and enforcing a security policy, it gets in the way of doing business. Risks increase.

This is an important law that must always be considered before implementing anything new in/around security.

Cancel
I think the most fascinating aspect of this law is the phenomenon that is mentioned above regarding computer passwords.  It is when we react to a problem with a solution that unintendedly ends up causing exactly what it was designed to prevent.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • smart contract

    A smart contract, also known as a cryptocontract, is a computer program that directly controls the transfer of digital currencies...

  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • incident management plan (IMP)

    An incident management plan (IMP), sometimes called an incident response plan or emergency management plan, is a document that ...

  • crisis communication

    Crisis communication is a method of corresponding with people and organizations during a disruptive event to provide them with ...

  • Zerto

    Zerto is a storage software vendor that specializes in enterprise-class business continuity and disaster recovery in virtual and ...

SearchStorage

  • SSD write cycle

    An SSD write cycle is the process of programming data to a NAND flash memory chip in a solid-state storage device.

  • data storage

    Data storage is the collective methods and technologies that capture and retain digital information on electromagnetic, optical ...

  • hard disk

    A hard disk is part of a unit -- often called a disk drive, hard drive or hard disk drive -- that stores and provides relatively ...

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close