Why IT As We Know It Cannot Be Private By Design

On Dennets Dangerous Idea

To the mind of an IT professional, information is the stuff to be delved and made available for the common good. Data is the new gold and digging it up can be hard work. It has tremendous value and a lot of the everyday work of an IT professional is dedicated to construct machinery to extract it, collect it, store it, ship it from one place to another and to present it in as many and beautiful ways as possible.

Privacy, however, means hiding information.

That goes against the grain!

It is, by its very nature, not on the agenda of an IT professional.

I’ve exaggerated a bit. Of course individual IT professionals may be very much aware of privacy issues. So let me switch from motive to means. I will argue that the tools available to the IT professional make it very hard for him to even think properly about privacy.

IT systems are designed before they are programmed – or at least, they should be. For design, the professional reaches to the Unified Modelling Language (UML) tool bag. It is a collection of diagram types for various aspects of information systems. As the name implies, it arose as the unification of several approaches to modelling, in the mid-nineties of the previous century. The diagrams allow an IT professional to express the structure of information, the behavior of programs in connection to pieces of information, the packaging of program parts, the deployment of the code on physical hardware, and more. And yes, it also sports diagrams showing how users perform actions. But the real weight is put behind the task of describing the program. UML is about designing software machines.

There is no symbol for privacy. There is no diagram for privacy. It was not a concern at all for the founding fathers of UML. To be fair, in recent years there have been academic proposals to add diagram types and notation to express privacy concerns. But the point I want to make is that, in its bones, UML is privacy-ignorant. It was made to describe information and machines that make it available.

Let me dig deeper yet. UML is for information systems. What is this information thing? We divide our world in two domains. On the one hand, the physical world with tangible things that we understand so well, scientifically. On the other the mental domain that each of us knows so intimately. The connection between the two is a bone of contention. What is the relation between the physical and the mental? Is there causation? If so, in what direction? All sides have been defended fiercely. 

Now information holds a special position in this great debate. Of late, we’ve come to consider it as straddling the divide. It is physical, as we can literally grasp a hard disk and yet it is mental, as the right information can sway minds. In the 1980-s, philosophers of mind recognized this and founded their theories on it. Essentially these say that the mind is a Turing machine, a computer, really: it is embedded in the physical world as ‘wetware’ and yet handles symbols, firmly entrenched in the mental domain. These philosophers have shaped the minds of many influential IT professionals.

Etymologically, ‘to inform’ is to give a shape. A shape to what? A shape to a thought. This is what we do when we want to convey that thought to someone else. We need to put it into words, or a drawing, a gesture – any shape will do as long as it is interpreted correctly by the addressed party. This is the cradle of the concept of information. It arises in the context of parties trying to share thoughts. Now we’re all familiar with the phenomenon of information used outside its original context and then being misinterpreted. So we know that there is an important triangle between information, context and meaning (where context involves people).

Yet, information has been extremely objectified, in our times. This is nicely illustrated by the phrase “information carrier”, by which I mean devices such as hard disks and CD ROMs. But it is not information, that such devices carry – they hold thoughts, given a shape! A hard disk is information: it is thoughts, in a particular physical shape. “Information carrier” promotes the thought that information itself is meta-physical, just as the popular phrases ‘information can take many forms’ and ‘information can be copied easily’. 

Why is this important? Because it is not just a play of words. It is a dangerous idea. The idea is that information is meta-physical and, in that capacity, intrinsically carries meaning. To have the information is to have the thought. Period. Regardless of context, regardless of people! But at the same time it is physical, as magnetic orientations on a hard disk or ink marks on paper. And thus can be cut up, bolted together and otherwise used to construct new things – that then are supposed to carry meaning.

This dangerous idea underlies IT’s fascination with information. It explains the mistaken idea that, once a model of information has been drawn, the machine building can be carried out without looking back. It explains why many IT projects fail and especially why ‘system integration’ is particularly hard.

No one contributed more to the spread of this idea than the philosopher Daniel Dennet. He has greatly influenced popular Western thought on the mind body problem through many of his popular books. His work is based on this alleged Rosetta-stone like quality of the concept of ‘information’. Even though he certainly is not the originator of the idea I will, in recognition of his contribution to spreading it, call it Dennet’s Dangerous Idea.

Privacy advocates have called for privacy by design. They have drawn up an internationally acknowledged framework with seven foundational principles that must lead to information systems that inherently protect privacy. The privacy by design framework was published in 2009 and adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010.

This is important work. But it’s impact will be limited. I have argued no less than that in order to have IT professionals really design systems for privacy, we need to provide them with new conceptual tools. Otherwise privacy will remain an afterthought. Just think of the frustrating flurry of Cookie notices that GDPR has caused in recent months: absolutely unworkable bolted-on privacy protection.

What IT needs is a conceptual framework that recognizes that information should remain in its context. That takes co-operation between people as its point of departure and downplays the idea of information as bits and pieces that need to be captured, stored and sent.

Such a new toolset is available. It is called Perspectives, sports just five graphical symbols, two diagrams and a single connector, allows an analyst to design co-operation from many perspectives and results in an executable prototype. It’s basic concepts are contextrole and action. It does not describe software in any way, yet software can be generated from it. Combined with the distributed infrastructure that Perspect IT built to run models on, it results in truly privacy protecting systems for co-operation.


Posted in Uncategorised.