Whilst architectures of control in digital systems can be complex, there are many very simple control architectures in products which are either self-evident, or become so once the design intention is explained.
Restriction of access
Some of the most obvious involve attempts to restrict access of certain users. At a very basic level, locks and the keys that go with them (whether physical keys, or passwords, or PINs, or biometric identification systems) are architectures of control. But it is childproof lids on medicine bottles, placing things ‘out of reach of little hands’ and child locks on car doors with which we are most familiar.
Equally, adult users may have their access restricted to particular components for safety reasons, although denying access in this way is often done for economic reasons—a recent example being the bonnet of the Audi A2, which is not intended to be opened by the car’s owner, but only by an authorised Audi dealer. It is presented as a ‘convenience’ feature—and some owners undoubtedly see it this way, for example this quote from an online review:
“You cannot open the bonnet—correct—a specialist has to open it for you—now I don’t know if some of you will think this a disadvantage, but I certainly didn’t! To access the water and oil supply, just flick a switch inside the car, and the Audi logo at the front of the vehicle flips open. There you will have access to fill up water and oil—clever stuff!” [31]
One way of opening the bonnet! Whilst it is in fact possible for the owner to release (detach) the bonnet/engine cover by turning two knobs in the ‘service flap’ at the front of the car (e.g. see the International Audi A2 Owners’ Club forums), it’s still an extra stage, removing control from the user and putting it into the hands of ‘experts’. Image from Euro NCAP.
The implications of restricting the ‘freedom to tinker’ (and even the ‘freedom to understand’) in this way will be examined in the sections on reactions later, but where the economic motive behind an architecture of control is more baldly obvious, such as Hewlett-Packard’s printer cartridge expiry (see Case Study: Printer cartridges), some consumer backlash has already started. Nevertheless, there is nothing unusual about economic lock-in; even when purchasing replacement parts for products where only the ‘genuine’ parts will fit (or where non-genuine parts will invalidate a warranty), from razor blades to batteries, we are consistently subject to it, reinforced by branding.
On a different note, many architectures of control in products are what Donald Norman calls ‘forcing functions’ (see Everyday things & persuasive technology)—“actions are constrained so that failure at one stage prevents the next step from happening” [32]. A common way of achieving this is an ‘interlock,’ which could be an aid to usability—to increase the likelihood that the product is operated in the correct order (for example, Steve Portigal suggests a card payphone where the card slot is underneath the handset, thus ensuring the handset is lifted before the card is swiped [33]).
Equally, interlocks can be used for more strategic disciplinary functions—preventing illegal acts by the user, such as a breathalyser fitted to a car’s ignition system such that only when the test is ‘passed’ can the car be started. There are variants of this, e.g. the ‘Simple Simon’ memory game using coloured lights, used on the MG/British Leyland SSV1 ‘safety car’ prototype in the 1970s, which would also deal with overly tired or drugged drivers:
“Get the (randomly generated) sequence wrong three times in a row, and [the driver] would have to wait an hour before being allowed to try again. While designed primarily as a safety device, this feature also doubled as pretty effective immobiliser.” [34]
Another commonly cited forcing function for a car ignition is a seat-belt interlock—championed by Lee Iacocca in the 1970’s, and briefly made mandatory on new cars in the United States, but deeply unpopular [32, 35]. “In response to public pressure, Congress took about twenty minutes to outlaw Interlock. They replaced it with an eight-second buzzer that would remind passengers to buckle up” [35].
The Interlock warning label from this 1974 VW Karmann Ghia (image from Type2.com)warns ‘NEVER attempt to defeat the Interlock!’; nevertheless, there was nothing to stop the driver buckling the belt and sitting on it if he or she wanted to. The label also admits that bags or luggage on the seat will also prevent the engine starting until the seat is cleared; one might expect that, given how many people carry things on the front passenger seat while driving alone, the repeated frustration of Interlock intervening would cause significant antipathy towards the system.
Whilst there are ways to defeat the interlock on these examples, e.g. “many people kept their seat-belts buckled—but without wearing them” [35], depending on how the architectures of control are designed into products, the amount of effort required to overcome them may be too great for most users, even if there are cost or convenience benefits. Apathy, and a fear of ‘meddling’ with devices which may have been an expensive outlay in the first place, may in themselves be significant architectures of control.
Related to interlocks are ‘lock-ins’ (in a different sense to the economic usage mentioned above) and lock-outs. In this sense a lock-in is a forcing function which prevents (or delays) a user from stopping an operation or action which is deemed important. In product terms, an example might involve certain buttons or keys being temporarily disabled, perhaps where accidentally pressing them would be detrimental.
Norman suggested, in 1988, the idea of ‘soft’ off switches for computers, which permit files and settings to be saved before allowing the power to be cut [32], and indeed such soft power switches are now the norm. In terms of control, this can be either useful to the consumer, or an irritation (in cases where a quick power-down is required), but it’s difficult to see it as a strategic architecture of control. Lock-ins with strategic intentions include ‘nag’ screens on software which require the user to wait a certain amount of time before clicking ‘OK’ (i.e. exiting the current ‘operation’) in the hope that a promotional message will be read (or that the irritation will become sufficient that the user registers, or pays for, the product [36]). In some cases, this type of lock-in is used to increase (marginally) the likelihood that an EULA will be read, by requiring that the user at least scroll to the bottom before proceeding.
This Microsoft EULA implementation ‘knows’ if the user ticks the box without actually having read the agreement, and won’t let the user proceed.
Lock-outs are perhaps more obviously ‘architectures of control’—the aim being to prevent undesirable behaviour or events from occurring. A good example given by Norman is a barrier on a staircase to prevent people, in a panic (e.g. in the event of a fire), accidentally running downstairs past the ground floor and into a basement [32].
To a large extent, forcing functions as architectures of control have been inherent in product design and engineering for many decades without necessarily being explicitly recognised as such.
The idea of mistake-proofing, (poka-yoke in Shigeo Shingo’s system, as applied at Toyota and other Japanese firms [37]), whilst by no means identical with the idea of architectures of control, is a common theme in design [38], ranging from manufacturing engineering (much machinery cannot be switched on until safety guards are in place) to project management (critical path analysis or Gantt charts to ensure that operations are performed in the correct order) to safety in consumer products (the long earth pin on UK electric plugs enters the socket first and removes the guard which otherwise prevents objects being inserted).
The long earth pin on UK electric plugs enters the socket first to remove a spring-loaded guard which otherwise covers the neutral and live terminals to prevent objects being inserted.
Some would certainly fall into the ‘architectures of control’ category, whether physical (such as cattle-grids), or a combination of physical and psychological (cone-shaped disposable cups, discouraging users from leaving them on tables); particularly in quality management within manufacturing industry, the architectures of control in mistake-proofing (such as designing parts which can deliberately only be assembled one way) are in fact, commercially strategic, since the business’s reputation can depend significantly on maintaining a low error rate in its product assembly. The thinking of ‘design for manufacture and assembly’ promulgators such as Boothroyd and Dewhurst [e.g. 39] is evident in many of these often very simple mistake-proofing architectures.
Mistake-proofing and forcing functions in medical environments are also common, both in terms of isolating safety hazards and ensuring procedures are followed. The challenge of retaining these architectures of control once a patient is in charge of his or her own treatment (such as taking the correct dose and combination of pills [e.g. 40], or performing particular exercises) should not be underestimated, and is indeed an area of very worthwhile current research [41].
New opportunities for architectures of control in products
The idea of encouraging/incentivising people to exercise (whether for specific medical reasons or on more general health grounds) is a recurring theme, both in gentler ‘persuasive technologies’—see ‘Academic precedents: everyday things and persuasive technology’—and as architectures of control.
Square-Eyes, an electronic children’s shoe insole developed by Gillian Swan at Brunel University, records how many steps the child takes during a day, and ‘translates’ that into a certain number of minutes of ‘TV time,’ with the information transmitted to a base station connected to, and controlling, the television [42]. There is no easy way around it for the child: he or she must exercise in order to obtain the ‘reward,’ and as Tim Ambler points out [43], even ‘cheating’ by, say, jumping up and down on the spot rather than walking or running will still be exercise. All in all, an interesting architecture of control, with possible consequences beyond the child—Brunel Design’s Paul Turnock suggests that “it will raise awareness among the family of their sedentary lifestyle and bring about a change in behaviour for the whole family” [44].
100 steps recorded by the Square Eyes insoles (styling model in left-hand image; functional prototype in right-hand image) equates to precisely one minute of TV time, as controlled by the base station (blue box in left-hand image). From *sharper.
On a more whimsical premise, but retaining the theme of showing how technology is allowing architectures of control to become embedded in design thinking, is Your Turn, a washing machine from Pep Torres of Spanish creative agency DeBuenaTinta, which cannot be operated by the same person twice in a row, by using biometric identification. “It’s an invention that has a philosophy behind it and I hope both women and men will think it’s time for the men to do more around the house” [45].
Your Turn may be ‘a tongue-in-cheek idea which seemed to catch the imagination,’ but one can easily think of possible ways of applying a similar biometric architecture of control to regulate access in other situations—even, say, as simple as ensuring that a child can only buy one sugary snack per day from a vending machine. Image from BBC News.
Would this kind of system have been conceivable on a consumer product twenty years ago? Possibly, but perhaps the widespread use of passwords and identification systems, and the apparent ease with which they now pervade new technology, has made it much more realistic to consider incorporating architectures of control into new products—right from the concept stage.
Previous: Architectures of control in the digital environment | Next: Strategic intentions
[...] What other examples are there? I guess the Mosquito might cause hearing damage but it’s probably not life-threatening. Child-proof lids on medicine bottles, child-proof door locks on cars and other simple control can certainly cause unintended problems for adults too – for example, if someone has arthritis it may be difficult to open a child-proof pill bottle. A car throttle preventing excessive revving could also prevent a motorist accelerating to avoid danger. Skateboarding deterrents can cause injury: in fact, if they are not specifically signed as being there but are introduced without warning, I don’t think it’s going too far that they are specifically intended to cause injury and damage, and in most cases their installation is funded with public money. [...]
[...] It’s been a while since I posted about an architecture of control designed to assist/protect the user rather than to frustrate or intimidate, but just reading a great article about the MG SV-R supercar formerly produced by MG Sports & Racing*, a very simple interlock example (more discussion of interlocks and forcing functions here and here) was mentioned: “So, behind the wheel… pressing the clutch all the way down (a US requirement to avoid starting in gear) the starter button brings the V8 to life….” [...]
This may not be what you had in mind, but I immediately thought of such things as toothpaste pumps that ‘meter’ use to insure the product will be used up quickly at a rate higher than needed. That made me think of the older method of training consumers to over-use. Typified, once again, by toothpaste, with ads which show a brush topped by a generous glop of paste that is far more than necessary to do the job. This strays a bit more from your topic but it could fall under the design for control heading.
Thanks Tim – those are good examples of a category of simple control that I hadn’t really considered too much, but which really is pretty prevalent.
An example I can think of off the top of my head – packets of biscuits (cookies) in the UK often have an ‘easy-tear’ strip on the packet so you don’t have to unpick the glued folds at the end. But the tear strip is deliberately (I presume) positioned at least two biscuits in, so that you pretty much have to eat those two biscuits, plus the next one down, to have enough wrapper left to fold over the end to keep the remaining biscuits fresh. You can’t open the pack and just eat one – to avoid the remainder going stale you have to take out three of them.
I think this category is definitely worth a new post – I’ll get together some photos and do it in the next few days. Thanks again!
[...] A few days ago, Tim Quinn of Dangerous Curve posted an interesting observation on the Simple Control in Products page: “This may not be what you had in mind, but I immediately thought of such things as toothpaste pumps that ‘meter’ use to insure the product will be used up quickly at a rate higher than needed. That made me think of the older method of training consumers to over-use. Typified, once again, by toothpaste, with ads which show a brush topped by a generous glop of paste that is far more than necessary to do the job. This strays a bit more from your topic but it could fall under the design for control heading.” [...]
[...] Even if the law went the other way, and there were a legally guaranteed right to tinker, all that would happen is that manufacturers will make it more difficult to do so by the design of products. Hoods (bonnets) would start to be welded shut, in Cory Doctorow’s phrase, (the Audi A2 already has this, sort of), backed up by stringent warranty provisions. You might have a right to tinker with your device, but no law is going to compel the manufacturers to honour the warranty if you do so. [...]
[...] Breathalyser interlocks for car ignition systems could become irritating to drivers if they have to be used every time the car is used, daytime as well as night time (and a false positive could be extremely inconvenient), but proposals for total compulsion have been put forward. [...]
[...] P.S. On the other hand, it’s worth considering the opinion expressed by the Audi A2 owner, that she didn’t find it a disadvantage having to take her Audi to a ’specialist’ in order to open the bonnet (hood). Is even that basic level of control (being able to see the engine) too much for some people? Is it because, say, a thermostat affects people personally (temperature) whereas a car engine is something dirty, difficult, complex, for someone else to worry about? Please share this!These icons link to social bookmarking sites where readers can share and discover new web pages. [...]
[...] This is a useful insight, and parallels the same kinds of thought process that engineers and designers often go through when designing safety or mistake-proofing forcing functions into products. These are architectures of control intended (at least) to be useful or beneficial to the user, or to the community as a whole (often contentious, e.g. skateboard ‘deterrents’). [...]
[...] Mr Person at Text Savvy looks at an example of ‘Guided Practice’ in a maths textbook – the ‘guidance’ actually requiring attention from the teacher before the students can move on to working independently – and asks whether some type of architecture of control (a forcing function perhaps) would improve the situation, by making sure (to some extent) that each student understood what’s going on before being able to continue: Image from Text SavvyIs there room here for an architecture of control, which can make Guided Practice live up to its name? [...]
[...] We’ve seen this thinking, specifically regarding encouraging exercise, embodied before on the blog in two products, as far as I can remember: Gillian Swan’s Square-Eyes (also from Brunel), and, of course, the Entertrainer. Both of these use television as the ‘reward’ for exercise – in the case of Square-Eyes, 100 steps on the special insole equate to 1 minute of TV time (controlled by a base station); with the Entertrainer, the user’s heart rate is monitored (you can set the level of exercise you want) and the TV’s volume is controlled, which is an interesting concept: you exercise watching the TV, keeping your heart rate within the optimal range: The chest strap heart monitor wirelessly relays your heart rate to the Entertrainer™. The Entertrainer then determines if your heart rate is within, above, or below your target zone. If your heart rate is low, the Entertrainer lowers the volume on your television (or other infrared remotely controlled device). If your heart rate is within the target zone (range), the volume remains at a comfortable level. If your heart rate is too high, the volume increases. [...]