In praise of incompetence

Johannes Ernst


Shortly after the 2016 election, I pulled out a book written by my grandfather, chronicling the history of Bachhagel, the village in southern Germany where he grew up.

I re-read the chapters describing how the Nazis, in short order, took over life there in 1933. His eye-witness account describes in fascinating, and horrifying detail, how quickly the established order and century-old traditions were hollowed out and then overrun.

Bachhagel at the time was a tiny place, probably less than 1000 people, out in the countryside, of no political or economic importance. I could have understood how the Nazis would concentrate on the major population and economic centers to crush the opposition, but Bachhagel certainly was as far away from that as possible.

Nevertheless it just took a few months, after which the established order had been swept out and the thugs were fully in charge, day to day, from school to church to public events, and their entire worldview was the only thing that mattered.

With Joe Biden in the office this week, it seems we have turned a chapter. And looking back to the 2016 election day, I realize that although the past four years were bad, people died, children got separated, and many other outrages, we have been lucky. In 2016, I had been expecting worse, and possibly much worse.

Why didn’t it turn out as bad as I had feared? It’s not that the defenders of the republic did a particularly good job. Instead, the would-be usurpers just sucked at getting anything done, including just actually using the power in their. hands. If it had been the original Nazis, the consequences would have been so much worse.

I vastly prefer better defenses, however, than being lucky with having an incompetent opponent. In computer security terms, Trump was a Zero Day Vulnerability of the constitutional system of the US – a successful attack vector that previously had not been known.

Unfortunately, people still aren’t taking this attack vector as a seriously as they should, otherwise we’d have specific legal and practical fix proposals all over the news, which we don’t. Which means the vulnerability remains, and our primary defense will remain the same: hoping that the attacker is incompetent. As long as we don’t fix the system, the next attacker is going to try a similar route and they may very well be more capable. In which case we’d really be in trouble.

So: I raise my glass to imcompetence. Next time, may we get a similar bunch of incompetents. Or actually get our act together and make sure there won’t be a next time.