Browse Definitions :
Definition

law of unintended consequences

Contributor(s): Ivy Wigmore

The law of unintended consequences is a frequently-observed phenomenon in which any action has results that are not part of the actor's purpose.

The superfluous consequences may or may not be foreseeable or even immediately observable and they may be beneficial, harmful or neutral in their impact. In the best-case scenario, an action produces both the desired results and unplanned benefits; in the worst-case scenario, however, the desired results fail to materialize and there are negative consequences that make the original problem worse.

Examples of the law of unintended consequences in play:

A company mandates security mechanisms, such as strong passwords or multifactor authentication, to protect sensitive data. However, because the new passwords are too difficult to remember or the procedures too cumbersome, users find ways to circumvent the mechanisms, such as writing passwords on sticky notes on the monitor.

In the United States, the Patriot Act expanded the power of law enforcement and government agencies to monitor and intercept the data of private citizens. One unintended consequence was a reluctance of companies and individuals to allow any of their data to be stored in the U.S.

As machine-to-machine (M2M) communications and the Internet of Things (IoT) develop, an increasing number of devices have the capacity to transmit data over a network. However, these devices are often things that have not traditionally had any ability to communicate and as such have no security mechanisms in place to protect them. An unintended consequence is security attacks on IoT devices, which have included a light bulb hack.

Factors that reduce the likelihood of unintended consequences include an understanding of the systems involved, careful planning and an attention to detail during execution. In recent years, the law of unintended consequences is often evoked in reference to complex systems, which by definition cannot be fully understood. As a result, any action that involves a complex system is certain to have unintended consequences.

In this TED talk, historian Edward Tenner discusses the gap between our ability to innovate and our ability to foresee the consequences:

This was last updated in February 2016

Continue Reading About law of unintended consequences

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

Thanks Margaret. I can't help but think about this law in terms of information security. A few examples include:
  1. Patching to be more secure that ends up taking systems offline or breaking applications. Risks increase.
  2. When implementing a new security control, the time and effort required to keep it rolling often take away from other important work. Risks increase.
  3. When documenting and enforcing a security policy, it gets in the way of doing business. Risks increase.

This is an important law that must always be considered before implementing anything new in/around security.

Cancel
I think the most fascinating aspect of this law is the phenomenon that is mentioned above regarding computer passwords.  It is when we react to a problem with a solution that unintendedly ends up causing exactly what it was designed to prevent.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • California Consumer Privacy Act (CCPA)

    The California Consumer Privacy Act (CCPA) is legislation in the state of California that supports an individual's right to ...

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

SearchSecurity

  • phishing

    Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication ...

  • privilege creep

    Privilege creep is the gradual accumulation of access rights beyond what an individual needs to do his job. In IT, a privilege is...

  • BlueKeep (CVE-2019-0708)

    BlueKeep (CVE-2019-0708) is a vulnerability in the Remote Desktop (RDP) protocol that affects Windows 7, Windows XP, Server 2003 ...

SearchHealthIT

SearchDisasterRecovery

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

SearchStorage

  • Hadoop as a service (HaaS)

    Hadoop as a service (HaaS), also known as Hadoop in the cloud, is a big data analytics framework that stores and analyzes data in...

  • blockchain storage

    Blockchain storage is a way of saving data in a decentralized network which utilizes the unused hard disk space of users across ...

  • disk mirroring (RAID 1)

    RAID 1 is one of the most common RAID levels and the most reliable. Data is written to two places simultaneously, so if one disk ...

Close