Here is a new version of an article I published in 2006 in my old web site. I have expanded the article with more recent material pointing to the idea of the “completenes” of action and the need for new conceptual foundations for Information Security.
The original article did not explain the need for new concepts, and still used the idea of “secure time” versus “insecure time” as a valid measure for security evaluations.
I decided to rework this article some days ago because it contains key ideas around the relativity of any method, something that has been a constant in my work for many years.
An article by Donald Kunze gave me reason to think that my philosophical stance is not original, something which is actually very stimulating:
“Frame Theory is a method that disavows, from the beginning, what most methods regard as essential: the guarantee of consistent outcome. Such methods are called ‘monothetic’, partly on behalf of this goal. Polythesis deals, however, with an ‘imperfect’ world where single effects can be the product of multiple causes, where single causes have multiple and changing effects, where some effects become causes and vice versa. Human experience is disjointed and discontinuous, placed in its own perilous position between the realms of the symbolic, the imaginary and the Real. We do not, technically, ‘have’ our own identities, our own thoughts, or our own pleasures. The dividing line between subject and object, inside and outside is continually blurred; the polarities shift. Yet, while things seem to flip and dissolve, other things manage to coalesce. And, in the realm of the arts, we see the greatest evidence of stability. Audiences still laugh at jokes written hundreds of years ago; the Coptic face painted on the ancient casket is still beautiful; Odysseus’s exploits are still exciting. Certain symmetries built in to human consciousness manage to preserve a Rosetta Stone of effective design, despite the contingent, changing conditions that continually redefine standards, techniques, and paradigms. The polythetic method notes that these symmetries have mainly to do with acts of framing.” —- Donald Kunze, “Frame Theory – A Polythetic Method” – http://art3idea.psu.edu/locus/index.html
Of great interest too is an article by Rodney Needham: “Polythetic Classification: Convergence and Consequences”. Needham, an anthropologist at Oxford University, highlights the work of L. Wittgenstein in Philosophical Investigations (1953) on the idea of ‘family resemblance’ as used in the theory of classification.
Here is my article:
What is an error? For example, what is an erroneous decision in the realm of information security investment? To stay focused on the subject, let’s limit this enquiry to economic decisions in business and government. By economic decisions I refer exclusively to decisions on the allocation of resources geared towards either the conservation or the reproduction of capital.
It is important to mention “conservation” and “reproduction” of capital because the first corresponds to the normal public sector mode of operation, while the second pertains to the private sector. The first seeks the conservation of public funds, obtaining the best “value for money”, even when the goal is to expand services for the citizens. The second is characterised by seeking profit, a margin of accumulation beyond the initial value of invested capital.
In spite of this clear difference, both types of economic operation share similar principles of money management and calculation. As they are interdependent in the markets, they share also the environment, the culture and the influence of technologies and services, which are, more or less, the same for both sectors.
For our purposes here it is important that they share the notion of economic loss. I will just say that economic loss is the condition where the costs of the operation exceed the acceptable costs, thereby impeding either the conservation or the expansion of capital.
For both sectors then, an erroneous decision is one that leads to “loss.” The link between a decision and a loss may not be evident in many cases. Several linked or concurrent decisions may be the condition leading to loss.
At this point we may be tempted to state simply that “bad” decisions lead to loss, while “good decisions” lead to economic success. But, the same as we need to see that there may not be an evident link between a decision and a consequence, we need to understand that there are more than two combinations possible between a decision and its outcome.
A decision is normally judged “erroneous” if it generates negative consequences. This is the most common approach, but it is not useful for a complete analysis of investment decisions. It is not useful because it reflects only one of four possible combinations of a decision and its outcome.
For the sake of simplification let’s say that a decision is a choice among a variety of actions available at one moment in time. Either the individual or a group opt for an action among various at their disposal at the time of consideration.
This choice is done with more or less preparation, care or knowledge but is nonetheless a choice. In this sense, we can say that there is a “method” associated with each decision. The term “method” here does not imply completeness, exhaustiveness or even the existence of an ordered approach to the decision! “Method” means only that there is a preparatory stage preceding the decision. The considerations, elaborations, assessments or weightings during such stage may be arbitrary! There may or may not be a clear purpose in decision making.
Given this, there are four basic combinations of a method-decision pair and their outcomes:
1) The method is erroneous but the decision leads to a favourable outcome.
2) The method is of good quality, “proven”, repeatable, but the decision leads to an unfavourable outcome.
3) The method is unproven, questionable, and “wrong” and the decision leads to an unfavourable outcome.
4) The method is proven, safe, good, etc., and the decision leads to a favourable outcome.
All of this may seem speculative, but it is not. On closer analysis, the reader will find that these combinations are present all the time!
The existence of these combinations, where a wrong method can generate a good outcome, or a good method may generate a bad outcome, stems from the fact that reality is densely marked by uncertainty. There are no safe decisions and indeed, even maintaining the best levels of quality in the decision process, the outcome is not guaranteed. It is only a technocratic fantasy to aim at “percentages of risk”.
I like to express this condition with the following phrase: “all error is an error of method.”
Having said that a method can be good or bad, and that this is independent of the outcome, how can I now say that all error is an “error of method”?
To be clear I should write: “all error is an error of method but not in respect to the outcome.” This is equivalent to saying that all we can do is to care for the method, to make it as perfect as possible, while contemplating the outcome with patience and a cool head. If the method is wrong, even a good result will be worthless and fleeting, while if the result is negative, a good method will facilitate the recovery after an error condition or even successive errors!
Security practitioners will recognise easily in their own experience how many times “safe” security practices and well documented “risk management” processes fail to avoid security breaches, which –essentially—are not predicted or anticipated.
In philosophical terms what I am proposing here is a “selectivity” principle, following closely Stephen C. Pepper’s thinking in The Source of Values (1958) and in Concept and Quality (1961). In the first text Pepper wrote: The selective system “… operates to eliminate errors and accumulate correct results in terms of criteria embodied in the system.”
More clearly then: we should say that decisions should be judged not by the outcome alone or principally, but by a higher principle, above both the method and the outcome. As the outcome is paradoxically independent of the method, and cannot be fully predicted or determined, we can surely say that “all error is an error of method”.
To return to the world of investment decisions: these reflections help to focus on the fact that while the outcome is what matters in terms of gain on loss, in reality, in the economic process as a whole, it is the accumulation of business and organisational successes that counts, and this accumulation can be cultivated only by a selective method that counteracts the laws of uncertainty.
What is this action flow that may govern and counteract the inevitable errors and failures? The emphasis should be put in the idea of counteracting, quite different of eliminating uncertainty, which is something impossible. This “counter-action” should be understood as a permanent, never ending selective effort which depends on the completeness of human action.
This is a paradox, but the cause of this lies in the nature of human decision making, and corresponds to the fact that all depends on the Purpose, i.e. the Selective principle, the Direction of thought and action, and not on the methods good or bad that are put in practice. To be satisfactory a decision has to be complete and essentially has to have a balance of Purpose, Substance, Efficiency and Form.
A fundamental source of uncertainty is subjective action itself, the intent of the business leader, the decision maker, the risk taker. Hence, while we can seek to reduce uncertainty (or “avoid risk”) with processes and methods, we not only cannot eliminate all risk but actually need to take, allocate and share risk within a process of Trust Management.
A new concept of Error is necessary to overcome the current stagnation of the Security disciplines. A transformation focused on Trust Management and User-centric solutions is necessary. Decision makers have to define the boundaries of trust and select the forms of engagement they want to establish in the market. This by itself displaces the discussion of what is an error or what is a loss in terms of Enterprise Security, moving away for a simplistic calculation of “secure time” versus “insecure time”.
Because of the intrinsic uncertainty of any context, there will be negative outcomes and losses, so all our efforts must be dedicated to implement and maintain a method that underpins the goals of Trust Definition, Risk Taking, Trust Allocation and Risk Sharing.