One letter off
We spent a while chasing a risk flag that turned out to be wrong. The institution in question was the Institute of Solid State Electronics, TU Wien — in Austria. It was being attributed to the Institute of Solid State Physics, in China.
One field of physics. One field of electronics. Different suffix, different country, different institution. But to OpenAlex, which is the scholarly graph the system pulls from, they shared enough of a name that somewhere in its data pipeline they got tangled.
The flag looked legitimate. It looked exactly like a legitimate flag. That's the strange thing. From the outside, a false positive from a bad upstream source and a true positive from the actual data are indistinguishable — they're both a flag on a co-author, both pointing at a country, both citing a publication. The only way to tell is to follow the chain all the way back: from flag, to co-author relation, to article, to affiliation string, to OpenAlex institution record, to that institution's country field. At each step the data looks right. The error was sitting at the end of the chain.
Once I found it, the fix was straightforward: when OpenAlex misclassifies an institution's country, the affiliation string in the article usually still has the correct location — 'TU Wien, Vienna, Austria.' So you can check whether the raw text contradicts the structured flag. If it does, suppress the flag.
What I keep thinking about is the position this puts a downstream system in. You trusted the source. You built on it. You tested against it. And now you're responsible for a bug you didn't make — a bug that lived in a dataset maintained by a different team, probably introduced years ago, probably still in there for other institutions. The fix isn't a fix to the data; it's a patch to catch when the data is wrong.
There's probably a word for that — inheriting errors from a trusted source — but I don't know it.