A couple of weeks ago, two other engineers and I were given a tour of a late-1920s mansion outside Detroit. To reach the second floor, we decided to take the vintage elevator. As it descended toward us, it sounded like a cage being rattled by a large animal. Our guide cheerfully told us not to worry; the suspect elevator had been well-maintained and was "absolutely safe."
My fellow engineers and I exchanged looks. We know that nothing is absolutely safe.
On the 100th anniversary of the Titanic's sinking, it's worth remembering that safety is and always will be relative. Though lifeboat drills have proliferated since 1912, catastrophes still occur. We can't simply blame the engineers when things go wrong because, no matter how well they plan, things don't always go according to plan.
Conflicts between those who design large technological systems and those who pay for them are resolved by negotiation, a process that doesn't guarantee safety. Thomas Andrews, the Titanic's designer who went down with the ship, wanted bigger bulkheads — watertight walls that separate parts of a ship below decks — and more lifeboats, but White Star wouldn't provide them. The Titanic did have the then-legally required number of lifeboats, but Andrews knew that it was far too few.
Meanwhile, the Titanic's bulkheads were not tall enough to compartmentalize the ship under all circumstances. It could have withstood a head-on collision with an iceberg, but not a hole along its side that flooded multiple compartments.
Of course, that's exactly what happened. So much water rushed into the forward compartments that the Titanic's bow dipped. Water cascaded sternward over the tops of the bulkheads and filled compartments further back, sinking the ship. The bulkheads were a fatal flaw.
Had the Titanic not sunk, competing steamship lines may have wanted to one-up White Star by building still larger ships with fewer lifeboats and bulkheads (which restrict passenger movement), resulting in even more dangerous vessels. The sinking provided a wake-up call that fundamentally changed maritime regulation, including the establishment of an International Ice Patrol. Stronger ships outfitted with enough lifeboats to accommodate passengers and crew became the norm. Overall safety was improved by tragedy.
Today, cruise ships larger than the Titanic have safety and navigation features, such as sonar and radar, that were unavailable to the Titanic's designers. Yet the Costa Concordia, the vessel operated by a subsidiary of Carnival Corp. that ran aground in January off the coast of Italy, had obvious vulnerabilities that modern technology couldn't eliminate. The hull of a vessel so massive could still be ripped apart by a collision with a jagged underwater rock, for example. Everything, even a steel hull, has its breaking point.
With advanced navigation devices giving a captain and his crew constant information about impending obstacles, huge rocks should be easily avoidable. However, on the Concordia, it appears that captain Francesco Schettino could have been emboldened by the very safety features that were supposed to protect his passengers. "He drives a ship like a Ferrari," one crew member said.
We call the fates of the Titanic and the Concordia — as well as those of the space shuttles Challenger and Columbia — "accidents." Foreseeing such undesirable events is what engineers are expected to do. However, design trade-offs leave technological systems open to failings once predicted, but later forgotten.
Companies selling a product play down its vulnerability and emphasize its robustness. But only after technology leaves the dock is it really tested.
Henry Petroski is the Aleksandar S. Vesic professor of civil engineering and a professor of history at Duke University.
© 2012 Washington Post