Safe Systems: Construction, Destruction, and Deconstruction

摘要

A deconstructive reading will be very alert to a text's unwillingness to follow up the implications of avowedly peripheral issues that it does not avoid mention of. There is no reason why safety arguments should not be confronted with the same challenge, particularly as the risks of incompleteness, of 'confirmation bias', and the necessity for creative 'safety imagination' when identifying hazards are already recognised by safety engineers. At the same time there is increasing recognition of the irreducible subjectivity involved in safety judgements and concern over whether 'expert opinion' is enough to cover gaps in meaningful data (Redmill 2002a), (Redmill 2002b), (Adams 1995). Indeed, the controversy that opened up during the drafting of the Royal Society Study Group report on Risk Analysis, Perception, and Management (Royal Society 1992) has not receded. Those who think risk management can be given a rational and scientific basis, and those who doubt that it can, seem unable to find arguments that can convince those predisposed to the other view (Hood & Jones 1999). The deconstructive perspective would view this debate as an inescapable 'social text'. Deconstructive thought predicts that safety engineers will be unable to define any objectively meaningful unit of risk - since meaning is a relational property, there is no 'objectively meaningful' term in any case. Neither will there be any unarguable criteria for determining risk 'tolerability'. Yet we cannot abandon this impossible search without relinquishing our discourse to a self-destructive and indeed contradictory relativism. Rational safety argumentation requires basic definitions, but by that very fact remains perpetually vulnerable to a charge of presupposing a conceptual foundation that - if we recognise the challenge of deconstruction - it cannot possibly have. Foundational concepts - for example, the usually unquestioned likelihood-severity distinction - must be artificially constructed; we cannot base them on the 'discovery' of some truth that lies beyond all problems of interpretation. Deconstruction can be viewed provisionally as a philosophical framework for 'reading between the lines'. It stimulates the readers' imagination by encouraging a close questioning of basic terminology and its effects upon conceptual thinking in what are, after all, rather dry technical documents. Most of the flaws sought out in deconstructive readings are not qualitatively different from those targeted in critical reading generally: e.g. ambiguities, logical fallacies, and gaps in reasoning. Thus deconstructive reading could be used by assessors to analyse safety arguments and used by systems developers in order to test and improve their safety arguments before assessment. However, our examples will have alerted the reader to the fact that deconstructive reading can undermine even the most logically 'watertight' argument by pointing out the limits of the language used to express it. A major question for us is whether such fundamental questioning leads to intellectual paralysis (in what is after all a decision-making process) or whether the insights gained will be intellectually stimulating. Arguably, the point of intellectual paralysis marks where safety 'decision-making' really begins (afresh?). Acknowledgments: This work was supported under EPSRC research project GR/R65527/01. The authors would like to thank Bob Malcolm for introducing us to the work of Barry Turner on deconstruction and safety engineering.