Safety devices are a critical part of every complex, potentially dangerous system that humans interact with. Whether it's a table saw or an elevator, an automobile or a television set, things that could potentially do bodily harm generally have unobtrusive, built-in protection to prevent users from hurting themselves.
However, no safety device can be 100% guaranteed. Whether from wear, stress, abuse, or vandalism, everything fails eventually. This becomes a major problem when that safety device is the only thing preventing an injury from occurring. Some systems are only dangerous if used incorrectly, and safety devices are only needed to prevent a mistake from having more serious consequences. Other systems are dangerous to their users by default, and the failure of a safety device will immediately result in injury or death.
A table saw, for example, has a guard over the blade so that a moment's distraction won't slice off the operator's fingers. The table saw, when used correctly, is not dangerous by default. An elevator, on the other hand, suspends the user several stories above the ground. While the table saw has only one safety device, the blade guard, to prevent an injury, the elevator has two. This is because the elevator can be dangerous even if the operator does nothing wrong.
An elevator not only has redundant cables to keep it suspended if one frays or snaps, but it also has brakes that engage automatically to act as a backup if something happens to all the cables at once (for example, the drive motor acts as a single point of failure for all the cables). If it were not for the brakes, a single safety system failure could be lethal, while with the brakes the elevator is only put out of service until it can be repaired. The table saw, on the other hand, is not an immediate danger if the blade guard falls off, as long as the user turns it off and stops using it.
In any case, should a safety device fail, the system should be taken out of service immediately until it can be repaired or replaced. Unfortunately, this is rarely done in practice. Safety devices are rarely missed until they are needed, and then it is too late. The problem is exacerbated in the case of a backup or redundant safety feature, however, as the presence of one safety device can give the illusion of safety when two are necessary for actual safety.
Should the brakes of an elevator suffer damage or vandalism, the elevator would appear to be able to operate safely since it still has its redundant cables. However the elevator is now in a condition in which a single problem – with the counterweight, the motor, the electricity, or a number of other single points of failure related to the cables – could cause a lethal accident.
Other systems with redundant safety features include:
Circuit breaker panel: A main feed breaker backs up the individual circuit protection breakers.
Car hood latch: A secondary safety latch backs up the primary latch, so a failure at 75 mph on the highway doesn't wrap the hood around the windshield.
Car headlights, tail lights, brake lights, and backup lights: All come in pairs.
Commercial aircraft: A copilot backs up the pilot.
Nuclear missile: Two people are required to turn keys simultaneously to authorize a launch.
ATM: A thief who steals your ATM card is unlikely to know your PIN.
It should also be noted that the human body contains two of most of its most important organs. The loss of one eye, ear, lung, kidney, hand, testicle, or ovary, while an inconvenience, still allows a person to operate at near-normal levels in many cases.