Cilliers first notes that we should avoid thinking of boundaries as "something that separates one thing from another" (611). Rather, boundaries are those things that constitute "that which is bounded." Without a functioning boundary, there is no defined, bound thing that we can know or interact with. In other words, without a functioning boundary, I have no bank account. My account ceases to exist as an entity or thing, and whatever data it contained, or defined, is dissipated into larger systems. Our consideration of boundary, then, shifts from an attempt to keep things out (something that separates one thing from another) to an effort to express things within (something that constitutes that which is bounded). This reminds me of Edgar Morin's advice in On Complexity that we must learn to define things from the inside out and not from the outside in. Data security begins with constituting and maintaining the integrity of the data as an entity. It begins on the inside by defining outwardly what constitutes my bank account, for instance. Boundaries, then, are a push outward toward the functional limits that say, in effect, this account has this structure, this much data/money, at this time, and no more.
This push outward suggests that boundaries are dynamic and malleable, or as Richardson and Lissack say, boundaries "are emergent, critically organized, and temporary." Cilliers says it a little differently:
The boundary of a complex system is not clearly defined once it has ‘emerged’. Boundaries are simultaneously a function of the activity of the system itself, and a product of the strategy of description involved.A boundary, then, is the outer limit of the entity and the expression of the entity's internal functions, growth, and changes and its exchanges and interactions with its ecosystem. The boundary, however, is not merely an epiphenomenon, a secondary byproduct, of the entity. Rather, it is a functioning, constitutive aspect of the entity and a major aspect by which we humans can describe the entity, recognizing it as distinct in some way from its surroundings. But it is never static and fixed. Even in so simple a system as my bank account, the boundaries wax and wane as data/money flows in and out and as the number and character of interactions with larger economic systems shift.
The second point that Cilliers makes follows from this dynamic, malleability of the boundaries of a complex system. Our usual habits of mind tell us that any entity occupies a contiguous space. A turtle, for instance, is all inside itself and everything non-turtle is outside. In the practical, everyday world, this may be a useful way to frame reality, but this insistence on all of the turtle being inside the turtle is certainly not true of social or virtual entities. Social groups such as English teachers or skateboarders exist in disparate locations. They can clearly function as a group, but specifying the enclosing boundary can be very problematic. Even my bank account is problematic. It can exist in multiple places, which is both a convenience and a problem.
Because social, virtual, and quantum entities can exist in different spatial locations, then "non-contiguous sub-systems could be part of many different systems simultaneously. This would mean that different systems interpenetrate each other, that they share internal organs" (Cilliers, 611). My bank account is part, however minuscule, of my bank's general balance, on the ledger of checking accounts, and in whatever other aggregates the bank finds useful. Throw in the more than 400,000 ATMs just in the US alone, and the boundaries of my bank account start squirting out everywhere. This is the benefit and the burden of virtual entities, but it isn't limited to virtual entities. Our physical transportation lanes (roads, airways, shipping lanes, etc) have similarly extended and made fluid the boundaries of countries, companies, militaries, goods, and services. And if we add the people who have knowledge of my bank account as, for instance, bank employees, it becomes even more complex. The awareness of the data in my bank account leaves the bank each day as an accountant to become a parent, spouse, part-time student, or whatever else, and the carry with them the data in my account, even if they are unaware of it. My data is now sharing internal organs with systems around the world. How do you like my boundaries now?
I think that most things in the universe are complex systems, rather than simple or complicated systems; thus, I believe that most entities have complex boundaries such as Cilliers has described. This means that even my knowledge of boundaries is a complex system with complex boundaries. I can push the limits of my knowledge, and this pushing shifts the boundaries. This knowledge can interpenetrate other knowledge systems, for instance, my knowledge about story telling or your knowledge about MOOCs, and this internal development and external interpenetration makes for very complex boundaries, which makes it very difficult for me to fix a definition of my understanding of complex boundaries and about impossible to secure that understanding.
Complex boundaries also make for very complex approaches to data security. If, in fact, most data are complex systems or subsystems, then how do we think about securing their complex boundaries? If we start with the idea that boundaries enable an entity and enable our knowledge of that entity, then how do we go about securing that boundary? Good question. I'm still looking for an answer.