Monday 24 September 2012

Information Is Not Panacea. It Is the Model That Ultimately Matters!

Stands on its own, the famous quote of “Information is power!”, if it is not a lie, exhibits a grave inadequacy in representing the real face of various kinds of information consumption. 

 
What is information in the first place? The information is data within the proper and focused context across time and space. Data exists and demises everywhere and anywhere in accordance with individual preference and selective perception to a subject matter. For data to be considered an asset, it must be understood and useful to decision-making process.
 

Decision-making process, indeed, is guided by a selective model, be it explicit or implicit. Too often, a decision maker is not even aware of the existence of model being adopted and framed in the process. No any decision may be made without a guiding model, whereas information is merely supporting factors to justify the decision. It is a misconception that more information will drive batter decision. In fact, the selection and development of model within a particular context in decision-making is more crucial and relevant to a batter decision than information on its own. But then what is a model actually?
 

A model is a real world representation. I like to use the scenario of a map in my lecture class. A map is a model as it is a representation of the real geographical existence. However that, a map cannot contain each pieces of information on the land. A usable and practical map should only include those pieces of information that could serve the purpose of reading and interpreting map to accomplish certain purpose. Hence the map to direct a traveller to move from one destination to another is very much different from the map for installing public utilities despite the geographical area is exactly same.   
 

In software engineering, we have too often heard the word “model”. But I bet you, many of those software professionals are not able to explain articulately the rationale and logic behind such modelling constructs. In database and data warehousing analysis and design, we talked about data modelling; in business process analysis and design, we talked about process modelling; in performance improvement, we talked about optimization modelling; and in enterprise architecture, we talked about architectural modelling.
 

All these modelling constructs require extensive deliberation and organization using knowledge, experience and techniques accumulated from learning and working. If a software professional does not display passion to consistently enhance, enrich and embody his/her skills, neither can we expect him/her plays good roles of modeller, nor problem solver, nor opportunity creator.   

Monday 3 September 2012

Section 114A of Evidence Act: Perspective from an Information Technologist

The introduction of Section 114A receives many controversies and criticisms. When the issue surfaced a couple of weeks ago, and swiftly became a public debate, my immediate reaction was that, why the opposition parties were silent during the parliamentary sittings or any time before it came into force, but rather awaiting the campaign, Internet Blackout Day, on the 14th day of August 2102 led by Centre for Independent Journalism (CIJ) ?
 
Almost all criticisms focus on public law, i.e. Section 114A could provide a foundation to legal enforcers and prosecutors to abuse their powers and thus becoming a means for ruling party bullying supports of opposition parties. While we cannot deny such potential side-effect in the course of regulating cyber-wrongdoings in public law, we should equally look into the good points in private law.
 
For example, defamation could be either a criminal or civil wrongdoing, but unless the victim of defamation is a well known public figure, it is utmost unlikely that police and/or law enforcer from relevant government agencies will seriously exercise their power to further investigate into the complaint be lodged by way of precisely looking into the possibility of instituting criminal defamation proceedings. Hence, the residuary avenue that the victim could take is civil defamation proceedings.
 
Without intervene of police and/or law enforcer in a defamatory wrongdoing investigation convicted in cyberspace, the evidence to be adduced before a court in civil litigation could be even harder than in criminal litigation. Such difficulty lies in procedural requirements in evidence law. With Section 114A comes into force, the plaintiff (victim) may only be required to establish prima facie evidence instead of adducing full evidence, particularly in procedural compliances and regulations.
 
Approximately five years ago, I attempted to provide computer forensics service to industry. The underlying objective of this service is to assist disputing parties to discover the truth of computer-related wrongdoings. I discussed this plan with research faculties from School of Computer Science of USM, and Faculty of Law of MMU. It was concluded that, despite the truth could be revealed in substantive way on the conditional requirements that the hardware could be provided, the truth of findings could be easily rebutted from procedural perspective in the absence of procedural framework that regulating the operational works of computer forensics. Just like language-translated evidence submitted before a court must be done by a certified translator recognized by a court, in America, the person who carries out computer forensics evidence must be certified and recognized by court in order he understands and practices respective procedural compliance before the admissibility of such evidence.
 
Section 114A exhibits certain ingredients of occupier liability. Traditionally, tort of occupier liability is applied to physical premises and land. In cyberspace, many account owners of social media perceive this dedicated cyberspace as their cyber-home. They have rights to determine who is welcome and who is not. They also can determine the contents in their cyber-home as to whether to keep or remove.  Hence, the advent of ICT should naturally extend the meaning of tort of occupier liability from physical premises and land to cyber-home. Having said this, the primary difference between the two should be that, the occupier of cyber-home owes a duty of performing house-keeping of his cyberspace if any content deemed to be defamatory and/or seditious within a reasonable time horizon, but the owner of physical premises and land cannot perform post-event rectification. The principle of tort of occupier liability should therefore evolve in accordance with the advent of ICT and its implication to socioeconomic changes.
 
Nonetheless that, holding an account registration person for Internet access liable on the principle of reverse evidence is apparently ridiculous and gravely wrong. If such a liability stand, then Internet service providers or licensees under Communications and Multimedia Act, such as Telekom Malaysia which provides Streamyx and Unifi, should equally be held liable as part of wrongdoing chain echelon. Indeed, they have to prove themselves innocent prior to an Internet account registration person proves himself innocent.
 
In summary, the introduction of Section 114A of Evidence Act should be seen as an endeavour to combat cyber-wrongdoings which serves as procedural law to complement inadequacy of respective substantive laws. Neither should it be short-sightedly perceived as with bad and hidden agenda for political purpose, nor be it a means to restrain fundamental liberty of speech freedom. While the advent and development of ICT is characterized by fast-moving, the development of legal principles must not be left too far behind towards socioeconomic demands in a balancing mechanism. The gap between the two domains will surely be enlarged and deepened if our legal professionals fail to exhibit strong technopreneur spirits to confront ever-changing environment as what described by Professor Susskind in his popular book, “The End of Lawyers?”. Notwithstanding, however that, I echo the suggestion of Malaysian Bar to call upon setting-up a taskforce comprising civil society, industry players and technology experts to revisit concerns and issues surrounding the controversial Section 114A.
 

Saturday 14 July 2012

The Importance of Being Equipped with Risk Intelligence Capability

The UK philosopher and psychologist, Dr. Dylan Evans, defines risk intelligence as “a special kind of intelligence for thinking about risk and uncertainty”, at the core of which is the ability to estimate probabilities accurately. Risk is often thought of in terms of threats — bad things happening to your business. Nevertheless that, risk also has a positive side, one that applies to value creation and risk taking for reward. Hence, business thrives by taking risks, but falter when risk is managed ineffectively.


A mankind receives signals of risk from our complex biosensor and biochemical mechanism and thereafter being transmitted via intricate nexus neural systems for further interpretation before biological body takes corresponding actions. A mankind is a learning organism. The ability to interpret incoming signals by ways of classifying and re-classifying them into complex categorical structures with embedded meanings is the foundation of building the intelligence of a mankind to confront risks before him. Although different person displays different characteristics of risk intelligence, the ability to translate incoming signals into corresponding actions within a reasonable time period determines the extent of intelligence and health a person is.


Putting the characteristics of human intelligence into enterprise strategies and operations in ever-increasing competitive and fast-moving business environment, the ability to manage risk is becoming essentially fundamental to business sustainability, growth and profitability. Unlike mankind, an enterprise does not possess the characteristics of intelligence by itself without a purposeful design, development, and deployment of its well-coordinated information systems. One may argue that his enterprise has deployed wonderful ERP, SCM, CRM, APS, MES, CMMS, PDM, and the like, but the bottom line is, as far as the characteristics of intelligence are taken into account, these systems are far less than adequate to enable addressing the issues arisen from risk intelligence.


Approximately two decades ago, University of Toronto embarked a big research project initiative known as Toronto Virtual Enterprise or TOVE in short. TOVE project has generated many insights into intelligence elements that an enterprise must possess in order to operate, compete and thrive. Unlike a mankind whom intelligence elements are represented by complex biosensor, biochemical mechanism, intricate nexus neural systems, and capability to translate into actions, an enterprise’s intelligence elements are constructed and represented by a comprehensive set of integrated enterprise ontologies.


An ontology body of knowledge has its philosophical root to Metaphysics, an area of the thoughts initiated by an ancient Greek philosopher, Aristotle. Metaphysics has been further developed and being applied in three distinct disciplines, namely, Linguistics, Religion, and Computer Science. Along its course of evolution, different terminologies with some variances of application are introduced such as Ontology, Semantics, and Taxonomy.


As an information systems practitioner, I am much more interested in how integrated enterprise ontologies could be applied into the development of enterprise risk intelligence. We are witnessing the adoption of Business Intelligence (BI) for the purpose of business analytics has been gaining its big momentum over last few years. Whether or not the advent of Risk Intelligence would take a quantum leap in near future is a question of interest.