(Like this article? Read more Wednesday Wisdom! No time to read? No worries! This article is also available as a podcast). You can also ask your questions to our specially trained GPT!)
In my other professional interest, the law, people have a healthy understanding of, and respect for, the differences between the formal aspects of a topic and its material goal. Consequently, in law school, I was made to take two different classes on each of the major areas of law: Criminal law, civil law, and administrative law. One of these classes was about the content of the law (the actual rights and crimes) and the other class was about the process and procedures that you had to follow to bring a case to the attention of the judge, what was allowed in terms of proof, and which ways the plaintiff and the defendant could control the direction of the case.
In law, the form is an essential aspect of safeguarding that the material goals can be reached within the constraints of justice and fairness. So no withholding of information from the other party, lots of protection of the less powerful, but also autonomy of the parties in the process. Forms are often considered so important that a breach or outright neglect of the rules of procedure can lead to a complete loss of your ability to litigate the facts of the matter. In fact, one of the “famous” (in the Netherlands) reasons for the Supreme Court to throw out a ruling by a lower court is a “failure to follow prescribed forms” (Dutch: Verzuim van vormen).
Consider the following world famous lines: ““You have the right to remain silent. Anything you say can and will be used against you in a court of law. You have the right to an attorney. If you cannot afford an attorney, one will be provided for you.” These words, that every self respecting watcher of American TV shows knows, are an essential form that must be obeyed by the police in order to ensure that any statement that a suspect gives, solicited or unsolicited, is given freely and in full knowledge of the fact that they don’t have to talk to the police if they don’t want to. A statement given following the caution can be used as evidence in court, without the caution the statement is inadmissible.
Legal tip: It is almost always better not to talk to the police without an attorney present. Even after you have been “read your rights”, even if you think you are a smart and smooth operator who can talk their way out of anything, even if you know you are innocent and think you have incontrovertible evidence to prove so.
Watch this video if you don’t believe me!
While we are on the topic of the so-called Miranda rights, here is a fun fact: The Miranda warnings come from a case called Miranda v. Arizona where Ernesto Miranda confessed to a crime while being unaware (or at least: uninformed) of the fact that he did not have to talk to the police. In 1966 (a stellar year by any measure), the Supreme Court threw out Miranda’s confession and instituted the now famous lines. In his later life, Miranda got arrested a few more times and on each occasion was read his “own” rights.
In law, forms are considered essential to ensure the material goal is obtained, as evidenced by the fact that we are willing to forego reaching the materially desired outcome if a critical form was not followed. What the layman will call a “technicality”, a lawyer often understands as an important precondition. The importance of forms in law is so widely supported that even undemocratic and autocratic regimes feel a pressing need to show the world that they follow them, even though in truth everyone knows they don’t care. The importance of forms is on full display when countries like Russia feel a need to put dissidents through a show trial instead of just taking them out to a ditch behind the prison and executing them, which they clearly have the power to do (and often end up doing anyways).
In software engineering, we also have forms and we also see cases where the forms are shallowly followed but where any intention to realize the material goals seem absent.
Look at code reviews for instance. I know of many companies that officially have code reviews but where pull requests (or change lists, or whatever) are just rubber stamped without a meaningful review. This is completely useless. That said, any suggestion to just do away with the requirement of code reviews is usually met with stiff opposition because code reviews are very important! Yes they are, but only if you do them right! If you don’t, they are just “code review theater”. They might give you a warm fuzzy feeling; they might allow you to tell interview candidates that “of course we do code reviews”. But they have no meaningful outcome and are therefore a waste of time. They don’t even help you comply with regulations that require code reviews because any judge worth their salt would throw out your code review theater as materially not conforming to the obligations of the regulation.
Another example of going through the motions is “post-mortem theater”. Of course we need to learn from our mistakes! Stands to reason. Pilots do it, NASA does it, Google does it, and so do we. But, a shocking amount of post-mortem meetings I have attended following a flagrant breach of service levels, fail to bring about material improvements. A lot of post-mortem documents are exceptionally badly written and there is often a lack of the brutally honest self-reflection that is essential to uncover what actually happened. Without that sort of honesty there can be no learning, but, unfortunately, that sort of honesty is a lot of work and not seldom painful, and so people would rather not do it. The other folks in the meeting are usually all too happy to go along with that, because it means that they will also be handled with kid gloves when the time comes for them to be in the hot seat.
And let us not forget my favorite type of theater: Security theater. The term was coined by Bruce Schneier (who you should basically always believe when it comes to security). He applied the term first and foremost to most airport security, which is a topic that surely deserves a riveting book of its own. But let’s not forget the essential forms without accompanying material outcomes that visit us every year through the mandatory security and privacy computer based trainings. These trainings manage to waste an amazing amount of money and time in return for, as far as I can see, near-zero net benefit. The industry swears by security training, but in multiple decades of being exposed to these trainings, I have never seen or heard about a good one. It’s not just me who says that, because according to this report: “Eighty-five percent of leaders say their organization has a security awareness and training program, yet more than half believe their employees still lack cybersecurity knowledge.”
And I think the other half is lying.
If you have code reviews without actual reviews, postmortems that do not lead to improvements, and training without learning, you have form without function. It might look good, but it is useless.
