Tuesday, August 12, 2008

Responding to Uncertainty

How does a system respond intelligently to uncertain events?
"A person may take his umbrella, or leave it at home, without any ideas whatsoever concerning the weather, acting instead on general principles such as maximin or maximax reasoning, i.e. acting as if the worst or the best is certain to happen. He may also take or leave the umbrella because of some specific belief concerning the weather. … Someone may be totally ignorant and non-believing as regards the weather, and yet take his umbrella (acting as if he believes that it will rain) and also lower the sunshade (acting as if he believes that the sun will shine during his absence). There is no inconsistency in taking precautions against two mutually exclusive events, even if one cannot consistently believe that they will both occur." [Jon Elster, Logic and Society (Chichester, John Wiley, 1978) p 84]

Austrian physicist Erwin Schrödinger proposed a thought experiment known as Schrödinger's cat to explore the consequences of uncertainty in quantum physics. If the cat is alive, then Schrödinger needs to buy catfood. If the cat is dead, he needs to buy a spade. According to Elster's logic, he might decide to buy both.

At Schrödinger's local store, he is known as an infrequent purchaser of catfood. The storekeeper naturally infers that Schrödinger is a cat-owner, and this inference forms part of the storekeeper's model of the world. What the storekeeper doesn't know is that the cat is in mortal peril. Or perhaps Schrödinger is not buying the catfood for a real cat at all, but to procure a prop for one of his lectures.

Businesses often construct imaginary pictures of their customers, inferring their personal circumstances and preferences from their buying habits. Sometimes these pictures are useful in predicting future behaviour, and for designing products and services that the customers might like. But I think there is a problem when businesses treat these pictures as if they were faithful representations of some reality.

This is an ethical problem as well as an epistemological one. You've probably heard the story of a supermarket, which inferred that some of its female customers were pregnant and sent them a mailshot that presumed they were interested in babies. But this mailshot was experienced as intrusive and a breach of privacy, especially as some of the husbands and boyfriends hadn't even been told yet. (A popular version of the story involves the angry father of a teenaged girl.)

Instead of trying to get the most accurate picture of which customers are pregnant and which customers aren't, wouldn't it be better to construct mailshots that would be equally acceptable to both pregnant and non-pregnant customers? Instead of trying to accurately sort the citizens of an occupied country into "Friendly" and "Terrorist", wouldn't it be better to act in a way that reinforces the "Friendly" category?

Situation models are replete with indeterminate labels like these ("pregnant", "terrorist"), but I think it is a mistake to regard these labels as representing some underlying reality. Putting a probability factor onto these labels just makes things more complicated, without solving the underlying problem. These labels are part of our way of making sense of the world, they need to be coherent, but they don't necessarily need to correspond to anything.


Minor update 10 Feb 2019

Sunday, August 10, 2008

Faithful representation 2

In my previous post, Faithful Representation, I discussed the view that a situation model represented some reality, and attributed this view to both Tim Bass and Opher Etzion. However I should have made clear that Tim and Opher don't see things in quite the same way.

Tim's Simple Situation Model is not as simple as Opher’s Simple Situation Model, and it contains things other than events. However, I was under the impression that Tim and Opher were nonetheless each propounding a situation model that accurately (or as accurately as possible) represented some “reality”.

Both have now clarified their respective positions. In On Faithful Representation and Other Comments, Opher points out that his model involves events (in the computer world) representing the situation (in the "real world"), and he doesn't say anything about the situation itself representing anything. Meanwhile in The Secret Sauce is the Situation Models, Tim concurs that we are interested in modelling our knowledge of the real world.

If the model represents our knowledge of the real world, is it possible to measure or analyse the gap between our knowledge and reality itself? Not without a certain amount of philosophical cunning.

Which gives us a problem with uncertainty. In his comment to my earlier post, Opher argued that this problem is orthogonal to the representation problem, but I disagree. I believe that the problem of knowledge and uncertainty fundamentally disrupts our conventional assumptions about representation, in much the same way that quantum physics disrupts our assumptions about reality.

Let's look at the implications of uncertainty for business computing. There are different strategies for dealing with an uncertain situation. One strategy is to determine the most likely situation, based on the available evidence, and then to act as if this situation was the correct one. Another strategy is to construct multiple alternative interpretations of the evidence (possible worlds), and then to find actions that produce reasonable outcomes in each of the possible worlds. The notion that a situation model must be a faithful representation of the Real World makes sense only if we are assuming the first strategy.

For example, in fraud management or security, the first approach uses complex pattern matching to divide transactions into “dodgy” or “okay”. There is then a standard system response for the “dodgy” transactions (including false positives), and a standard system response for the “okay” transactions (including false negatives). Obviously the overall success of the system depends on accurately dividing transactions into the two categories “dodgy” and “okay”. Meanwhile, the second approach might have a range of different system responses, depending on the patterns detected.

A third strategy involves creating intermediate categories: “definitely dodgy”, “possibly dodgy”, “probably okay”, “definitely okay”. In this strategy, however, we are no longer modelling the pure and unadulterated Real World, but modelling our knowledge of the real world. This shifts the question away from the accuracy of the model towards the adequacy of our knowledge.

Tuesday, August 05, 2008

Payment Mechanism

A number of security bloggers have picked up Tim Bass's recent post on the innovative payment mechanism now available in Thailand. Tim calls it The Magical ATM Card and SMS Message.

The mechanism appears to be an instantiation of a Fraud Free Payment for Internet Purchases, which is the subject of several international patent applications on behalf of an inventor based in Beijing.

For further explanation of how the Thai system works, see these Book and Pay instructions from Thai airline NokAir.

This is obviously an interesting development for e-commerce security. From an SOA perspective, it is also interesting as an example of decoupling the payment mechanism through a series of stand-alone payment services, which can be invoked by the Thai airline's ticketing system, thanks to an innovative payment platform provided by the Thai bank in collaboration with the Thai mobile phone company. Meanwhile, the ATM becomes a general-purpose multi-function kiosk, thus possibly restoring (at least for a short while) its potential to provide some kind of competitive advantage.

I wonder how long it is going to take for banks in other countries to sit up and pay attention?

Friday, August 01, 2008

IBM Flatters Finance Sector

According to an IBM Survey (June 2008)
"The banking and insurance industries lead in the maturity of their SOA deployments."

Frankly I think this is only plausible if you take a very narrow view of SOA maturity, based on a fairly limited SOA vision.

Governments typically have much more ambitious visions, especially in terms of customer service and inclusivity, and defence organizations have much more sophisticated concepts, while the finance sector merely spends a lot of money and has probably completed a larger number of worthy but dull SOA projects.

So this suggests some doubts about the robustness of IBM's maturity model. SOA maturity is about vision, not just about ability to execute, and certainly not spending power.

The survey also indicated a fairly high awareness and interest in SOA. But this was a survey of people attending an SOA conference in 2008, so that finding is not altogether surprising. The IBM press release claims that SOA deployments are on the rise, and that SOA is growing in popularity, but it would be interesting to quantify and qualify these claims. Is IBM comparing the results of the survey with the results of previous surveys? Did they ask the same questions in 2007? We aren't told.

See also 
More Flattery for the Finance Sector (October 2008)

Faithful representation

Systems people (including some SOA people and CEP people and BPM people) sometimes talk as if a system was supposed to be a faithful representation of the real world.

This mindset leads to a number of curious behaviours.

Firstly, ignoring the potential differences between the real world and its system representation, treating them as if they were one and the same thing. For example, people talking about "Customer Relationship Management" when they really mean "Management of Database Records Inaccurately and Incompletely Describing Customers". Or referring to any kind of system objects as "Business Objects". Or equating a system workflow with "The Business Process".

Secondly, asserting the primacy of some system ontology because "That's How the Real World Is Structured". For example, the real world is made up of "objects" or "processes" or "associations", therefore our system models ought to be made of the same things.

Thirdly, getting uptight about any detected differences between the real world and the system world, because there ought not to be any differences. Rigid data schemas and obsessive data cleansing, to make sure that the system always contains only a single version of the truth.

Fourthly, confusing the stability of the system world with the stability of the real world. The basic notion of "Customer" doesn't change (hum), so the basic schema of "Customer Data" shouldn't change either. (To eliminate this confusion you may need two separate information models - one of the "real world" and one of the system representation of the real world. There's an infinite regress there if you're not careful, but we won't go there right now.)

In the Complex Event world, Tim Bass and Opher Etzion have picked up on a simple situation model of complex events, in which events (including derived, composite and complex events) represent the "situation". [Correction: Tim's "simple model" differs from Opher's in some important respects. See his later post The Secret Sauce is the Situation Models, with my comment.] This is fine as a first approximation, but what neither Opher nor Tim mentions is something I regard as one of the more interesting complexities of event processing, namely that events sometimes lie, or at least fail to tell the whole truth. So our understanding of the situation is mediated through unreliable information, including unreliable events. (This is something that has troubled philosophers for centuries.)

From a system point of view, there is sometimes little to choose between unreliable information and basic uncertainty. If we are going to use complex event processing for fraud detection or anything like that, it would make sense to build a system that treated some class of incoming events with a certain amount of suspicion. You've "lost" your expensive camera have you Mr Customer? You've "found" weapons of mass destruction in Iraq have you Mr Vice-President?

One approach to unreliable input is some kind of quarantine and filtering. Dodgy events are recorded and analyzed, and then if they pass some test of plausibility and coherence they are accepted into the system. But this approach can produce some strange effects and anomalies. (This makes me think of perimeter security, as critiqued by the Jericho Forum. I guess we could call this approach "perimeter epistemology". The related phenomenon of Publication Bias refers to the distortion resulting from analysing data that pass some publication criterion while ignoring data that fail this criterion.)

In some cases, we are going to have to unpack the simple homogeneous notion of "The Situation" into a complex situation awareness, where a situation is constructed from a pile of unreliable fragments. Tim has strong roots in the Net-Centric world, and I'm sure he could say more about this than me if he chose.