10 Technology Disasters
What do a 17th-century Swedish warship, an opulent Chicago theater and a Kansas City hotel “skyway” have in common? All met catastrophic ends–and they have important lessons to teach today’s innovators.
Let’s face it: something draws us to a disaster, as long as it doesn’t strike too close. And in all endeavors, but especially in technology, failures-even ghastly, gruesome, cataclysmic ones-can sometimes make better teachers than spectacular successes. The 10 examples offered below, drawn from a span of 373 years, show that though technologies change, many of the factors that make them go spectacularly wrong are surprisingly consistent: impatient clients who won’t hear “no”; shady or lazy designers who cut corners; excess confidence in glamorous new technologies; and, of course, good old-fashioned hubris.
In assembling this list of exemplary technological disasters, we’ve omitted the most familiar-those whose names have entered into the language, like Bhopal, Chernobyl, Three Mile Island, Titanic and Challenger-in favor of some with fresher tales to tell and lessons to impart. These events vary widely as to when, where, how and why they happened. But they all show how trusted technologies can suddenly go wrong, and how flaws that seem trivial or, in retrospect, painfully obvious can have devastating consequences.
The Vasa sinking
The Swedish flagship Vasa’s first and final sailing in August 1628 left fine fodder for future management consultants-an all-purpose cautionary tale of an overbearing but technically clueless boss pushing through his pet project. King Gustavus II Adolphus, striving to make Sweden a superpower, had wanted four new warships built fast. Workmen were already laying the Vasa’s keel when the king ordered its length extended. His seasoned master shipwright, fearing to challenge the famously hot-tempered king, went ahead. The shipwright then took ill, directed the project as best he could from his sickbed and died before it was finished. His inexperienced assistant then took over, and the king ordered a second gun deck, possibly spurred by false reports that rival Denmark was building a ship with double gun decks. The result was the most lavishly appointed and heavily armed warship of its day, but one too long and too tall for its beam and ballast-a matchless array of features on an unstable platform. When the standard stability test of the day-30 sailors running from side to side trying to rock the boat-tilted the Vasa perilously, the test was canceled and the ship readied for launch. None of Gustavus’s officials dared bear the bad news to the absent king, who was by then off warring in Poland and impatiently awaiting his new superweapon. Minutes after her grand launching, with all Stockholm watching, the Vasa heeled, listed and sank, killing about 50.
The Hyatt Regency walkway collapse
When three “floating walkways” crashed to the floor of Kansas City, MO’s swank new Hyatt Regency on July 17, 1981, speculation first fixed on the patrons who’d been dancing on them: perhaps their high-stepping had set off a harmonic wave that made the sky bridges buckle and crumble.
The truth proved more prosaic. The hotel’s engineers had originally designed two of the three walkways to hang on common, vertical metal rods. But the metal fabricator took a fatal shortcut, substituting shorter rods hanging from one level to the next. The second-floor walkway thus hung from the fourth-floor, doubling the weight on its connectors. The fabricator claimed to have requested approval for this change; the engineers insisted they weren’t asked, though they had signed off on final drawings that included it. The designers had also asked to be on site during construction, when they might have spotted the change, but were rebuffed by an owner determined to avoid additional expense. When enough patrons filled the walkways, the connections gave way. Thanks to miscommunication and corner-cutting, 114 perished in the deadliest structural failure in U.S. history.
The Iroquois Theater blaze
What the Titanic’s sinking represented at sea, the burning of Chicago’s Iroquois Theater marked on land: a supposedly indestructible, up-to-the-minute design-in this case, a theater advertised as “absolutely fireproof”-destroyed with an enormous loss of life. The Iroquois’s owners acted with as much haste and hubris as their Titanic counterparts, installing no firefighting equipment, forgoing fire drills and opening before the sprinkler system was ready. Instead, like so many others, they relied on a single technological magic bullet: an asbestos curtain that would drop down and shield the audience in the (rather common) event of a backstage fire. On Dec. 30, 1903, as vaudeville star Eddie Foy regaled the overcapacity crowd in Mr. Bluebeard, an oil-painted backdrop brushed against a hot calcium-arc spotlight and ignited. The asbestos curtain started dropping on cue but caught on a stage light. Crew and cast opened the stage door to flee, admitting a powerful gust that sent fireballs shooting out over the unshielded audience. Fleeing patrons either found the doors barred or could not turn the newfangled latches on them. Six hundred two died, more than twice the toll of “the Great Chicago Fire” 32 years earlier.
The Eschede train derailment
Sometimes even the safest technology is vulnerable to the not-so-perfect world around it. In the 34 years since the inauguration of high-speed rail, no line anywhere in the world had suffered a fatal accident. All that changed on June 3, 1998, on the Inter City Express line near Eschede in northern Germany, when a small improvement in comfort derailed this carefully managed system. High-speed trains generally run on solid “monobloc” metal wheels, but to dampen noise and vibration the Inter City Express (like many lower-speed light-rail systems) wrapped these in metal “tires” cushioned with rubber inserts. Inspectors examined the tires daily, but even ultrasound failed to detect a minute crack in one tire. It broke, causing a partial derailment. But the train continued upright and likely would have reached a safe stop if it hadn’t chanced to pass under an old-style roadway bridge that, unlike newer bridges, rested on a central pillar, which stood between the line’s two tracks. A swinging car clipped the pillar, and the bridge collapsed on the train, causing a massive pileup and 101 deaths. So it goes, all too often, when new, high-performance technology is inserted into older infrastructure built to operate with a greater margin of error. The high-speed train was a round peg in the square hole of an outdated rail corridor.
The Ashtabula Creek Bridge wreck
The United States’ deadliest bridge collapse demonstrates the dangers in transposing what works in one material to a new, unproven one. In 1863, Cleveland railroad magnate Amasa B. Stone Jr. announced a bold advance in bridge technology-so bold it was never imitated. For two decades, the state of the art in American bridge design had been the reliable Howe wooden truss system, which added threaded iron upright supports to a classic structure of diagonal wooden trusses. The iron connectors provided more strength and eliminated the painstaking joinery of all-wood truss construction. So, Stone reasoned, why not go all the way and re-create the Howe design entirely in iron? Trusting too much in this newer, costlier material, Stone ignored both its potential for hidden weak spots and an essential flaw in his design: the bridge was assembled like an interlocking jigsaw, held together by pressure rather than the firm attachments of the wood originals; if one joint went, the whole structure would. Nevertheless, Stone proclaimed his 1865 creation “absolutely sound,” and it stood for 11 years, even as its parts shifted. Then, on Dec. 29, 1876, as a passenger train crossed, an iron support with a hidden air bubble collapsed, the bridge tumbled down, fires spread from the train’s tipped-over woodstoves, and more than 100 riders perished.
The St. Francis Dam burst
It’s never wise to underestimate the forces of nature. William Mulholland, creator of the Los Angeles water system and a designer of the Hoover Dam and Panama Canal, met his Waterloo at the little-remembered St. Francis Dam in San Francisquito Canyon, 72 kilometers northwest of L.A. On March 12, 1928, one day after Mulholland examined it and declared it sound, the dam burst, sending a wall of water, reported as 24 meters high, hurtling toward the Pacific. More than 500 people in its path perished. An inquest blamed unstable rock formations for the collapse, but later investigation suggests that the dam’s base was thinner than believed, and its engineers did not fully understand uplift forces or build in seepage relief. The underlying failure was more universal: the United States saw a boom in dam building in the first decades of the 20th century, as engineers threw up walls against the waters in unfamiliar terrain and on a scale never before attempted. They did so in large part by guesswork and extrapolation from much smaller projects. Ambition outpaced knowledge, and inevitably some of the new dams failed-most catastrophically the St. Francis. But its collapse left an important legacy: the world’s first dam safety agency, uniform engineering testing criteria and a state-mandated process for arbitrating wrongful-death suits still used today. Too late for Mulholland: “I envy the dead,” he intoned at the inquest, and faded into seclusion.
The Atlantic Empress/Aegean Captain collision
If ever there was an accident waiting to happen, it was your typical oil supertanker. These floating monsters can stretch over 400 meters, weigh more than 400,000 metric tons and require five kilometers to stop. And yet they are astonishingly undermanned, underpowered and ill prepared for unexpected problems. Where many smaller ships use multiple propellers to steer and brake, most tankers have just a single massive propeller. And the tools that help compensate for these limitations can contribute to a false sense of security; two ships relying on radar, which is great for navigating unchanging environments, may wind up traveling too fast to break from a collision course. Industry critics warned of an eventual collision between two supertankers, and on July 19, 1979, it happened: the Atlantic Empress and the Aegean Captain (which was apparently hauling bootleg oil to apartheid South Africa) collided near Tobago in an unexceptional rainstorm. Together they lost 26 crewmembers and spilled more than 185 million liters of oil-more than four and a half times as much as the Exxon Valdez spilled in 1989. But because it happened out of sight, this, the largest tanker spill ever, was soon out of mind and off the news.
The day AT&T’s lines went dead
The Y2K bug was the long-awaited disaster that didn’t happen; the AT&T crash 10 years earlier was the software disaster everyone thought couldn’t happen. Ma Bell had one of the world’s largest and most famously reliable networks: hurricanes and earthquakes couldn’t shake it, a 1989 U.S. Congressional report on the general unreliability of government software lauded the dependability of AT&T’s, and the company’s ads impugned the glitches that pestered upstart competitors Sprint and MCI. Then, on Jan. 15, 1990, a single switch at one of AT&T’s 114 switching centers suffered a minor mechanical malfunction, momentarily shutting down that center. When it came back up, it sent out a signal that made other centers trip and reset-and send out similar signals. The centers crashed, writes Leonard Lee in The Day the Phones Stopped, “like a hundred mud wrestlers crowded into a too-small arena,” each pulling himself up by pulling down the others. American Airlines estimated it lost 200,000 reservation calls, and CBS couldn’t even reach its local bureaus to check on the story. The culprit proved to be a single line of faulty code in a complex software upgrade recently implemented to speed up calling. AT&T’s much touted backup switching system carried the same fault and suffered the same crash. “The condition spread,” AT&T chairman Robert Allen confessed afterward, “because of our own redundancy.” The company did not keep that redundancy sufficiently insulated from the main system; it could have retained the old software in its backup system until it had thoroughly road-tested the new. But just maybe, the company’s programmers had come to believe their own good press.
The 1965 Northeast blackout
California’s rolling blackouts in 2001 sent pundits harking back to the great 1965 Northeast blackout. But reckless deregulation, market manipulation and artificial shortages did not figure there as in California. Instead, the causes were technical-and stemmed from efforts to prevent shortages and blackouts. When electricity usage soared in the 1950s, power companies sought to ensure supplies by joining New York, New England and Ontario in a vast grid. When demand spiked in one locale, others would fill it. But in a twist that illustrates just how difficult it can be to predict how vast, complex networks will actually work, the engineers didn’t anticipate the effects surging supply in one area might have on others-effects that brought the whole grid down. The trigger was a single relay switch on a line bearing power from Niagara to Ontario, which had been set to trip off if power surged past a certain level. On Nov. 9, 1965, the power load exceeded that level, the switch tripped off-and the power that would have flowed to Toronto surged back into western New York, swamping the lines and causing generators to shut off to avoid getting fried. The cycle spread, south to New York City and east to the Maine border. Thirty million people across 207,200 square kilometers were cast into darkness. New Yorkers, who afterward claimed the regionwide blackout as their own, muddled through peaceably-dining out by candlelight, sleeping by the thousands in hotel lobbies, helping strangers. But one famed outcome-a baby boom nine months later-proved to be just legend.
The Concorde crash
Until July 25, 2000, the supersonic Concorde was aviation’s star in safety as well as speed. Before its first flight, its engineers tested it longer-for 5,000 hours-than any other plane in history; in 26 years and tens of millions of kilometers of transatlantic flights, the Concorde fleet had suffered not a single fatality. But for all its superb structural, aerodynamic and propulsion design, the Concorde bore a fatal combination of lower-tech flaws-proving the adage that it’s the little things that’ll get you. Its high takeoff speeds wore hard on its tires, which would often blow out despite being changed five times as often as those on an ordinary jet. And the fuel tanks in its wings were not strongly reinforced against impact, a precaution standard in newer planes.
It took just one more little mishap to make a disaster: a titanium “wear strip” fell off a Continental DC-10 in the path of an Air France Concorde leaving Paris. When the Concorde’s tire hit the strip, a chunk of rubber tore off and smashed into the wing, punching a 600-square-centimeter hole in its skin and causing fuel to leak and ignite. The resulting crash killed all 109 people aboard the flight, as well as four on the ground. Air France and British Airways subsequently installed new tires tested to repel titanium strips at speeds up to 403 kilometers an hour, as well as undercarriage reinforcements and bulletproof tank liners to prevent similar fuel leaks. One arguably foreseeable accident source had, belatedly, been eliminated.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today