Wednesday, November 27, 2013

Educational Complexity and Organizational Recursion

A second property of complexity is what Edgar Morin calls organizational recursion. Taborga and Lawrimore both use the more common term feedback, which I think fails to capture the richer implications of the complex interactions inherent in complex systems, but feedback provides an easier starting place with organizational recursion, so I start there.

Taborga says:
Feedback is particularly relevant to complexity. The system responds to and acts on feedback within the system and received from the outside world. A project team, for example, can change course when it receives feedback that a risk has been discovered.
Lawrimore says:
Feedback Impacts Systems: The primary way a system interacts with its environment or other systems is through feedback. When you move your hand, your nerves provide feedback signals to your brain so you know where your hand is. When a customer tells you he likes or dislikes something which your organization is doing, that is important feedback. Feedback in the form of information or signals is essential for an organization to be able to adapt to changes in its environment. Feedback within the organization is also essential for people to adapt to each other. Feedback occurs in two forms: balancing, which keeps the system stable by limiting change (like a thermostat), and reinforcing, which intensifies the change or activity.
Most people seem to understand simple feedback—our fingers tentatively touch a piece of metal, and we get sensory feedback that tells us if the metal is hot or cold or safe to handle—but I suspect that most see feedback in this linear fashion, something like a stimulus-response mechanism: we see a piece of chocolate, and our mouth waters. This seems to be the gist of feedback for Taborga and Lawrimore, but it is too narrow a view to explain complexity.

Morin's concept of organizational recursion is better. In his book On Complexity (2008), Morin says that recursion is:
a process where the products and the effects are at the same time causes and producers of what produces them. … The recursive idea is, therefore, an idea that has broken away from the linear idea of cause and effect, of product/producer, or structure/superstructure, because everything that is product comes back on what produces it in a cycle that is itself self-constituting, self-organizing, and self-producing. (49, 50)
Morin uses the recursive loops among people and societies to help us visualize this dynamic feedback loop: "individuals produce society that produces individuals" (49). This is a problematic concept for our view of simple classrooms. As Nicolescu has demonstrated, complexity undermines the hegemony of local causality: that any given event is necessarily caused by (follows from) another, previous event proximate in space and time. Does society follow from the interactions of a collection of people, or do the interactions of a collection of people follow from the society? The answer is yes, and that's a damned nuisance for those who want to find the magic causal bullet for any situation.

Recursive, or circular, causality seriously complexifies our understanding of schooling (as well as everything else), for it suggests that a student is both the product of her school and also the producer, in part, of that school. Without the school, the student would not be quite what she is, for the school feeds back into the student. Likewise, without the student, the school would not be quite what it is, for the student feeds back into the school. This recursive feedback loop constantly changes both agents, which in turn changes the other, again and over again.

This circular causality enlarges our sense of how education takes place. Traditionally, we have assumed that a teacher's instruction is the local, effective cause of a student's learning. Our entire assessment regime for student, teacher, and curriculum is based on this assumption. If the student is learning, then the teacher did something right to make that happen—end of story. However, circular causality says that local causality is only a part of the story, often not the largest part. Rather, we must factor in the recursive, evolving interactions of the student and teacher, then the recursive interactions of the student to other students, then the recursive interactions of the student to the content, to her family, to her outside social groups, and so forth, until we finally realize that the single student's learning can be assessed only in the nexus of all the recursive interactions, what Morin calls retro-eco-interactions, with all of her connections, including whatever local causes are, in fact, present. Measuring a student's learning is like measuring a thunderstorm: a few numbers are a start, but just barely, and those numbers can be as obfuscating as enlightening.

Saturday, November 23, 2013

Complexity and Systems

I've reviewed my posts, and I notice that complexity has been dominating my writing for the past several months. I've looked at my reading list, and it appears that it will dominate for several more months. I'm plowing through lots of ideas that are new or almost-new to me, but I feel some need to stop pushing outward and pause long enough to see where my boundaries have gotten to. I feel the need to define. Of course, this is definition from the inside-out, not the outside-in. I'm not trying to limit my sense of complexity by separating it from other concepts; rather, I'm trying to see what new shapes have emerged to give form to the new ideas I'm working through. More importantly, I want to see what new gateways, or connections, are emerging as the new ideas interact with other things I know. What affordances do my thoughts about complexity provide me, especially as I think about education, more especially as I prepare to facilitate today's class about writing arguments.

This drive to define has been clarified for me by a couple of posts Complexity is … Complex on the Saybrook University blog site and Complexity: Introduction to the Basic Concepts. In both posts, the authors Jorge Taborga and E. W. Lawrimore list the characteristics of complexity thinking that they find particularly relevant to organizations. I've seen other lists, most differ in some lesser or greater way, but given that complexity is itself complex and may never be a well-defined scientific theory, then these two lists are as good a place to begin as any other, and because I want to talk about complexity in education, then it may be better than other lists that tend to focus on the sciences rather than on organizations.

Both Taborga and Lawrimore begin with the idea of systems. Taborga says: 
Complexity relates to a system—a system is a collection of many interacting objects or "agents." These agents can range from atomic particles to humans and, in an organization, they include processes and procedures. … A system … can have agents and networks. A network in a project team could be the leadership team.
Lawrimore says much the same:
Any system is a group of two or more parts which interact to function as a whole. (The root word systema means "organized whole.") The parts of a system are interconnected and interdependent. Every system is composed of subsystems and is nested within larger systems. A person is part of a department, which is part of a company, which is part of a community, state, nation and world. They are all systems. The important thing to understand whenever we talk about systems is that we are emphasizing that everything and everyone are interconnected and the whole has characteristics different from the parts. For example an organization has a "personality" that is more than just a group of people.
Systems thinking is a great place to start with complexity. It's where Edgar Morin starts in his book On Complexity (2008), and in some ways, systems thinking includes or leads to most of the other characteristics that Morin, Taborga, and Lawrimore discuss. Morin defines a system as "a complex unity, a whole that cannot be reduced to the sum of its parts" (10). Thus, systems are assemblages of different elements which work together to do things that no subset of the assemblage could do. Open systems interact with their ecosystems by exchanging matter, energy, organization, and information, and all living things are open systems. This leads Morin immediately to two major implications of systems thinking:
  1. The organization in a system is not determined by equilibrium, but by the tension between equilibrium and disequilibrium (order and chaos), or "stabilized dynamics" (11). Thus, a complex system is never static; rather, it always has an evolutionary arc which is the result of its unfolding, internal dynamics, which is the result of its juxtaposition between cold, fixed order and white hot chaos.
  2. The intelligibility of a system depends as much on its relationship with its environment as it does on the internal constitution of the system. A system cannot be defined by reducing it to the collection and organization of internal parts, but must include its interactions with its ecosystem.
These are profound changes in the way we normally think of the world, and many late 20th century thinkers have explored these implications. For instance, in his Philosophical Investigations (1953) Ludwig Wittgenstein contrasts his view of language with Augustine's attempt to define language, and systems thinking provides the coherent context for Wittgenstein's departure. Augustine defines language in our commonsense, dictionary sense that a word stands for some stable object or idea. Rock stands for an actual hard, collected mineral form. This approach tries to reduce the meaning of the word rock to its barest essentials, fixing it as a word separate from all other words with a reliable, fixed relationship to some real thing. Such a definition ignores the internal construction of the word, the evolutionary arc of the word, and the use of the word among other words. In other words, it ignores the word rock as a system with its own internal constitution (four letters) and arrangement, its own history of usage, and its relationships in any given text to all the other words in that text, to the writer who chose the word for various rhetorical purposes, and to the readers who read the word according to their own strategies for understanding, and the collection of literature in which the text exists. Wittgenstein says pointedly that "for a large class of cases—though not for all—in which we employ the word ‘meaning’ it can be defined thus: the meaning of a word is its use in the language” (PI 43).

This statement makes sense in a systems approach to reality. For Wittgenstein, the meaning of even a single word cannot be reduced to a single, discrete chunk that humans can pass back and forth among themselves like a coin. Rather, it is a living, evolving entity with its own DNA (in the case of rock, four letters of 26 with a particular arrangement), but also its own evolutionary history and its own interaction in the current conversation. While the word rock brings its own DNA to any conversation, it also has agency (a concept we'll explore later), and it can expand, restrict, or otherwise shift its meaning to make space for itself in a given context.

This changes everything, certainly everything in education, which is so preoccupied with meaning. We speak casually, day-to-day about our classes, for instance, and we think we all understand the meaning of the word class, but even to ourselves in the solitude of our own minds, the meaning of class in reference to my 12:30 Argumentative Writing class this term is quite different than the meaning of class in reference to last term's 6:00 World Literature I class. Meaning, then, is not some nugget that we find and can use. Rather, it is something that emerges in the engagements and interactions among speakers and that changes as speakers and engagements change.

This is a profound shift in how we commonly think of meaning and conduct our school business. We can no longer speak of transferring knowledge. There is no nugget to transfer. Rather, we can only speak of engaging other active minds with the resources at hand (including words) to create a space, a field (another systems concept), in which meaning can emerge. We can trust that the meaning that emerges for me is similar enough to the meaning that emerges for you that we can work and play together, but life is full of examples that prove to us time and again that meaning is fluid and shifty and that agreement takes lots of hard work or an exercise of power.

Of course, systems thinking not only changes the way we think about meaning but also how we think about physical reality itself. Michel Serres makes this clear in his Conversations on Science, Culture, and Time (1995) with Bruno Latour. As just one example, Serres explains that time can not be reduced to the flat, fixed tick of a clock that measures in a locked, laminar fashion the succession of moments throughout the universe. Time is not a fixed progression of numbers along a single line. Rather, time is topological, like space. Serres says it better:
The usual theory supposes time to be always and everywhere laminar. With geometrically rigid and measurable distances—at least constant. Someday it will be said that that is eternity! It is neither true nor possible. No, time flows in a turbulent and chaotic manner; it percolates. All of our difficulties with the theory of history come from the fact that we think of time in this inadequate and naive way. (59)
This kind of systems thinking seriously undermines the way that we conduct education, especially a K12 education that streams cohorts of students along the factory assembly line in laminar fashion, expecting for instance, that we can reduce every nine-year-old boy and girl to a Fourth Grader to be stamped in the same machinery, or curriculum, to produce a consistent, consumable product. Many of our difficulties in education "come from the fact that we think of time in this inadequate and naive way." Systems thinking allows us to see each student as an unfolding, emerging agent with a meaning that emerges from the dynamic tension between a shared physical and social DNA on one hand and a unique trajectory full of potential on the other. Each student will emerge differently, and we need a school system that embodies that systems approach.

Tuesday, November 12, 2013

Emergent Boundaries

In their article Complexity and transdisciplinarity – Discontinuity, levels of Reality and the Hidden Third (2012, Futures 44, 711–718), Paul Cilliers and Basarab Nicolescu discuss the implications of emergence for boundaries. They say that:
The properties of a complex system are not confined to the properties of the individual components in isolation. The relationships between the components give rise to new properties which can be called emergent.
Emergence is a commonly recognized feature of complex systems, and it basically says that the properties of a complex system are not limited to its constituent parts; rather, new properties—new structures and behaviors—can emerge from the dynamic functions within the complex system and between the complex system and its ecosystem. The boundaries of a complex system must be elastic enough to include any newly emerging properties. Perhaps a better way to say this is that our definitions of the boundary of any complex system should be pliable enough to recognize that the shape of the complex system has changed. As the complex system rearranges its structure and develops new properties through its own internal activities and its external exchanges with its environment, then we must anticipate the emergence of new boundaries.

I'm old enough to have witnessed the many changes to the boundaries of my bank account. I am not old enough to have known when a bank account consisted of metal coins stored in a vault and data security consisted of a big lock and an armed guard. However, I think that most people still have this physical, mechanical view of their money and how to secure it. I fear that too many data security people also have this view.

Consider, for instance, my bank account: I'm in Florida, the bank's corporate offices are in Virginia, the online banking applications I use may be on servers in a third location or in distributed locations, the billing center is in Atlanta, the data could be housed in some data center operated by a third party company in a fifth location, the help center is in India, and each geographical location likely has different regulatory controls and business practices, certainly different data security practices. So just where the hell is my money, and how do I define the boundaries around this amorphous monster? Is it not obvious that assigning boundaries to my money is no longer like assigning boundaries to a stack of coins? And is it not obvious that my bank account has emergent properties and interactions that I'm probably not aware of, that perhaps no single person is aware of all the emergent properties of even this one, small account? Finally, consider the financial accounts of a Warren Buffett or an Apple, Inc., and I defy anyone to draw neat boundaries, or even ragged ones, around those puppies.

Cilliers and Nicolescu make another important point about boundaries as emergent properties of complex systems:
It is common to argue that the system is more than the sum of its parts. This is true to the extent that emergence is not simply a result of the characteristics of the components. However, in some sense the system is also less than the sum of its parts. The emergent properties of the system constrain the behavior of the system to the extent that not all the possible characteristics of the components of the system can be realized in the dynamic interaction which constitutes the system. (715)
Boundaries, then, have a complex role to play in complex systems. They not only set the limits of the internal interactions within the system, but they also form the zone of engagement between the system and its ecosystem. As Cilliers and Nicolescu say it, "Boundaries operate with the purpose to demarcate, but also, and essentially, to connect" (716).

In complex systems, boundaries are always problematic, and as near as I can tell, that makes data security problematic. Boundaries always demarcate, but they also, and essentially, connect. No complex system can have a boundary that does not connect as well as separate. Ahh, there's the rub.

Tuesday, November 5, 2013

Boundaries as Enabling, not Confining

Next, I want to work through an article by Paul Cilliers called Knowledge, limits and boundaries (2005, Futures, 37, 605–613). Prof. Cilliers is mostly exploring the concept of knowledge, but he makes some observations about how knowledge is entangled with boundaries and limits that can help us understand better the problematic nature of data security.

Cilliers first notes that we should avoid thinking of boundaries as "something that separates one thing from another" (611). Rather, boundaries are those things that constitute "that which is bounded." Without a functioning boundary, there is no defined, bound thing that we can know or interact with. In other words, without a functioning boundary, I have no bank account. My account ceases to exist as an entity or thing, and whatever data it contained, or defined, is dissipated into larger systems. Our consideration of boundary, then, shifts from an attempt to keep things out (something that separates one thing from another) to an effort to express things within (something that constitutes that which is bounded). This reminds me of Edgar Morin's advice in On Complexity that we must learn to define things from the inside out and not from the outside in. Data security begins with constituting and maintaining the integrity of the data as an entity. It begins on the inside by defining outwardly what constitutes my bank account, for instance. Boundaries, then, are a push outward toward the functional limits that say, in effect, this account has this structure, this much data/money, at this time, and no more.

This push outward suggests that boundaries are dynamic and malleable, or as Richardson and Lissack say, boundaries "are emergent, critically organized, and temporary." Cilliers says it a little differently:
The boundary of a complex system is not clearly defined once it has ‘emerged’. Boundaries are simultaneously a function of the activity of the system itself, and a product of the strategy of description involved.
 A boundary, then, is the outer limit of the entity and the expression of the entity's internal functions, growth, and changes and its exchanges and interactions with its ecosystem. The boundary, however, is not merely an epiphenomenon, a secondary byproduct, of the entity. Rather, it is a functioning, constitutive aspect of the entity and a major aspect by which we humans can describe the entity, recognizing it as distinct in some way from its surroundings. But it is never static and fixed. Even in so simple a system as my bank account, the boundaries wax and wane as data/money flows in and out and as the number and character of interactions with larger economic systems shift.

The second point that Cilliers makes follows from this dynamic, malleability of the boundaries of a complex system. Our usual habits of mind tell us that any entity occupies a contiguous space. A turtle, for instance, is all inside itself and everything non-turtle is outside. In the practical, everyday world, this may be a useful way to frame reality, but this insistence on all of the turtle being inside the turtle is certainly not true of social or virtual entities. Social groups such as English teachers or skateboarders exist in disparate locations. They can clearly function as a group, but specifying the enclosing boundary can be very problematic. Even my bank account is problematic. It can exist in multiple places, which is both a convenience and a problem.

Because social, virtual, and quantum entities can exist in different spatial locations, then "non-contiguous sub-systems could be part of many different systems simultaneously. This would mean that different systems interpenetrate each other, that they share internal organs" (Cilliers, 611). My bank account is part, however minuscule, of my bank's general balance, on the ledger of checking accounts, and in whatever other aggregates the bank finds useful. Throw in the more than 400,000 ATMs just in the US alone, and the boundaries of my bank account start squirting out everywhere. This is the benefit and the burden of virtual entities, but it isn't limited to virtual entities. Our physical transportation lanes (roads, airways, shipping lanes, etc) have similarly extended and made fluid the boundaries of countries, companies, militaries, goods, and services. And if we add the people who have knowledge of my bank account as, for instance, bank employees, it becomes even more complex. The awareness of the data in my bank account leaves the bank each day as an accountant to become a parent, spouse, part-time student, or whatever else, and the carry with them the data in my account, even if they are unaware of it. My data is now sharing internal organs with systems around the world. How do you like my boundaries now?

I think that most things in the universe are complex systems, rather than simple or complicated systems; thus, I believe that most entities have complex boundaries such as Cilliers has described. This means that even my knowledge of boundaries is a complex system with complex boundaries. I can push the limits of my knowledge, and this pushing shifts the boundaries. This knowledge can interpenetrate other knowledge systems, for instance, my knowledge about story telling or your knowledge about MOOCs, and this internal development and external interpenetration makes for very complex boundaries, which makes it very difficult for me to fix a definition of my understanding of complex boundaries and about impossible to secure that understanding.

Complex boundaries also make for very complex approaches to data security. If, in fact, most data are complex systems or subsystems, then how do we think about securing their complex boundaries? If we start with the idea that boundaries enable an entity and enable our knowledge of that entity, then how do we go about securing that boundary? Good question. I'm still looking for an answer.

Sunday, November 3, 2013

Dynamic, Complex Boundaries

So what do complex boundaries look like? I have to confess, I have rather vague ideas. Fortunately, some other people have done a fair amount of thinking about this issue, including poet Robert Frost, whom I've spoken about before, and I think we can learn something from them.

Before I get to Frost, I want to absorb the work of some other people, most of whom, unlike Frost, intentionally engage and think about complexity. I want to start with an article called On the Status of Boundaries, both Natural and Organizational: A Complex Systems Perspective (Emergence, ISSN: 1521-3250, 2002, 3(4): 32-49) by Kurt A Richardson and Michael R. Lissack. I start with them because of how they start their article: "Contemporary science with its strong positivism tends to trivialize the nature of boundaries." I think this says better, certainly more succinctly, what I was trying to say in my previous post: those who manage data security tend to trivialize the nature of boundaries, and this likely leads to most of their problems. I should probably go back and rewrite yesterday's post, but …

Anyway, Richardson and Lissack then go on to say that "Complexity thinking forces us to review our conceptions of what natural boundaries are", and the rest of the article attempts just that. They make some points that shed light on the issue for data security—and for education, by the way. I'll deal with data security in this post. They first establish, to my satisfaction at any rate, that boundaries are the foundation of knowledge—if we can't identify boundaries that distinguish one thing from other things, then we have difficulty saying we know that thing; however, our "boundary assumptions go unquestioned, resulting in flawed understanding and leading to flawed decisions and actions" (33).

As does Snowden's Cynefin Framework, they distinguish complex systems from complicated systems, but their distinctions rely more on scientific properties than on the organizational properties of Snowden. For Richardson and Lissack, complex systems are
comprised of a large number of non-linearly interacting non-decomposable elements. The interactivity must be such that the system cannot be reducible to two or more distinct systems, and must be sufficient (where the determination of “sufficient” is problematic) to allow the system to display the behaviours characteristic of such systems. (34)
While some complicated systems, computers for instance, can contain non-linear interactions, they are not complex. Unlike the prescribed and fixed sub-systems of a complicated system such as a jet airplane, complex systems have emergent and temporary sub-systems. This implies that the boundaries of complex systems are inevitably emergent and temporary, and all human organizations and their sub-organizations are complex systems. Richardson and Lissack say pointedly that "the boundaries describing subsystems in a complicated system are prescribed and fixed, whereas the boundaries delimiting subsystems in a complex system are emergent, critically organized, and temporary. By this definition most organizational working boundaries are those of a complex system" (36).

Herein lies the big problem for data security. Emergent and temporary boundaries don't merely complicate the data security issue, they complexify it. Boundaries emerge and wane, though many are stable enough for us to rely on over the course of a human lifetime. Many more are not so stable, but the point for an organization is that all boundaries will shift, wax, and wane. This is a physical fact.

Moreover, organizational boundaries are rendered further problematic by the fact of scale. Boundaries tend to exist at one scale of reality and not at another. For instance, the very thick, impregnable steel walls of a bank vault become quite porous and pregnable at the atomic scale. Information can leach through the thickest steel. Curiously enough, most modern information works at a very small scale which most of us, including data security experts, simply cannot imagine and at which we are not mentally or physically equipped to function.

Then, boundaries within even the most simple of structures are dynamic. Drawing on the work of Sommerer and Ott (1993, A physical system with qualitatively uncertain dynamics, Nature, 365: 138–40), Richardson and Lissack note that "even with qualitatively stable order parameters, qualitatively unstable behavior occurs" (40). When two systems interact—two people, for instance—then the boundaries cannot remain stable. We know this intuitively, but we design organizations and data security systems as if the boundaries surrounding our data are fixed and persistent. They are neither. They cannot be.

Richardson and Lissack conclude their article with a philosophical position called quasi-critical pluralism, a dynamic, dialogic position between objective realism on one hand and subjective constructivism on the other. That philosophical position deserves its own discussion, but later. As it is, I'm enjoying this line of thought, so I think I'll continue it for a few more posts.

Friday, November 1, 2013

Data Security and Boundaries

Data security is a problem for everyone, even for colleges and universities, as a recent post in The Chronicle suggests. Paul Voosen quotes Daniel K. Nelson, director of UNC-Chapel Hill's Office of Human Research Ethics, the team supposedly in charge on protecting sensitive data, "We're really just all waking up as a community to both the power and challenges of dealing with this." It is a serious issue, but I'm wondering if it is being defined correctly. If I take seriously what I've been reading lately about complex boundaries, then I know that I have to change how I think about data security.

It seems to me that data security has largely been framed in the simple or, at most, complicated domains according to Dave Snowden's Cynefin framework. This means that organizations have framed data security as a problem of enclosing well-defined, discrete data within well-defined, discrete boundaries, with well-defined rules for managing the exchange of that data across those boundaries with managed entities outside the boundaries. In this simple domain, the relationship between cause and effect is well known and explicit and people interact with the data according to best practices. This is something, I think, like the data in my checking account. That data is protected within strict boundaries, and the transactions, such as deposits, withdrawals, and inquiries, with that data follow well-defined best practices.

At least, that is how we define or frame the issue of protecting the data in my checking account. We want it to be a simple, airtight procedure, with reliable maintenance and audits of the data and reliable, verifiable exchanges between that data and the bank, my creditors, my employer, and me. The bank especially wants the process to be simple because it has millions of accounts, and it wants a simple procedure that it can reproduce and apply across all those accounts and rely on to protect the data in each account. Another way to say this is that we all want clear, inviolable boundaries around the data in my account, with well-defined and well-managed gateways through the boundaries that control the exchanges between the data on one side and appropriate stakeholders on the other side. This simple arrangement defines a simple system: my employer deposits data which I can use as money into my account regularly, the bank holds and protects that data, and my creditors appropriate some of that data regularly to keep my lifestyle going. The boundaries around the data protect the data and manage the interactions of the various stakeholders in this simple system. And by the way, it hardly matters if I stick to a strictly cash system. I move from virtual boundaries to physical boundaries (a safe or a weapon) to guard my data (money), but the relationships and boundaries retain pretty much the same functions.

Wouldn't it be nice if boundaries were really this simple? Unfortunately, they don't seem to be.

Rather, boundaries are complex. They are not merely complicated, which is just the simple multiplied with more parts and more gateways. Think of the complicated domain as a person (not me) with lots of data in lots of bank accounts with transactions among all those accounts and with all those various outside deposits, transfers, and withdrawals. The data security for this sort of complicated system likely requires much expertise to design and administer—not only  expertise from data security people, but also accountants and lawyers. Fortunately, my bank account is still in the simple domain, but I understand there are people whose numerous accounts are necessarily in the complicated domain "in which the relationship between cause and effect requires analysis or some other form of investigation and/or the application of expert knowledge, the approach is to Sense - Analyze - Respond and we can apply good practice." However, as with the simple domain, the complicated domain still has one or a few really good answers and practices, even if we often require experts to help us figure out what those answers and practices are.

The complex domain is different, for in this domain "the relationship between cause and effect can only be perceived in retrospect, but not in advance, the approach is to Probe - Sense - Respond and we can sense emergent practice." These are the financial systems of gamblers (aka day traders) who have completely uncertain deposits, transfers, and withdrawals with uncertain stakeholders, and all within ecosystems or markets almost completely outside of their control. They can win much and lose much, but they can tell why only in retrospect. They can sense emergent practices, and experience can improve their chances, but they can never guarantee an outcome.

Of course, I think that all financial systems, just like all other systems, are complex. Only a long, stable economy can give us the illusion that our financial systems—such as my little bank account—are simple systems with regular, secure deposits and withdrawals and a set of clear, secure relationships among stakeholders: me, my employer, my bank, and my creditors. As the 2008 recession taught us, all accounts are complex, with uncertain transactions among uncertain stakeholders within an uncertain, dynamic financial ecosystem outside the control of anyone.

Likewise, data security is a complex system with complex emergent properties, and we will profit if we view it as a complex problem rather than a simple or even complicated problem. More on that tomorrow.