Wednesday, October 20, 2004

Nothing Causes Action

In a posting entitled Alice in Wonderland, Hugo Rodger-Brown discussed the difficulties within BizTalk of having an alert triggered by the non-arrival of a message. He explains how he has to turn BizTalk inside out to cope with this.

Gregory Bateson pointed out long ago that Nothing can be a cause. "The letter which you do not write can get an angry reply, and the income tax form which you do not fill in can trigger the Inland Revenue boys into energetic action." (I quoted this in my 1992 book in Information Modelling.)

So the non-arrival of a message may convey significant information. (As Bateson puts it, it is "a difference that makes a difference".) Exception actions may be triggered by positive messages or negative ones. In a perfect world, there may sometimes be pure symmetry between the presence of a message saying X and the absence of a message saying not-X.

Example: If my wife is delayed, I may need to collect the children from school. Does it matter whether my action is triggered by a phone call saying she's been delayed, or is inhibited by a phone call saying she's on time – as long as we agree which way round it is?

But what if there is a problem with her mobile phone – perhaps she is out of range or out of battery? A system that relies on positive messages is more robust than one that relies on the absence of messages – although they may be logically, functionally equivalent.

Many business processes rely, at least in part, on unreliable communications (email, voicemail, fax, leaving messages with whoever answers the phone). Business processes generally build in practical safeguards against faulty communication – acknowledging, confirming, chasing, expediting, recorded delivery. These safeguards complicate the workflow – but they are generally thought necessary for business-critical systems.

Will technology one day give us communication that is reliable enough to abandon these complicated safeguards? I don't think so. But we may perhaps look to technology to support these safeguards more efficiently and consistently. This already happens in the world of safety-critical, fault-tolerant and real-time systems, which are generally based on positive messages.

Update (July 2005)

Over on the Usable Security blog, Ka-Ping Yee talks about the Simon Says problem.
A Simon Says problem occurs when the safe course of action requires the user to respond to the absence of a stimulus. ... The “Simon Says” game and login-spoofing attacks both exploit an especially severe form of the Simon Says problem, in which the user is expected to respond to the absence of something with the absence of an action. Such a situation is doubly troublesome for humans.

Technorati Tags:

No comments: