Information Is Not Panacea. It Is the Model That Ultimately Matters!

Stands on its own, the famous quote of “Information is power!”, if it is not a lie, exhibits a grave inadequacy in representing the real face of various kinds of information consumption. 

 

What is information in the first place? The information is data within the proper and focused context across time and space. Data exists and demises everywhere and anywhere in accordance with individual preference and selective perception to a subject matter. For data to be considered an asset, it must be understood and useful to decision-making process.

 

Decision-making process, indeed, is guided by a selective model, be it explicit or implicit. Too often, a decision maker is not even aware of the existence of model being adopted and framed in the process. No any decision may be made without a guiding model, whereas information is merely supporting factors to justify the decision. It is a misconception that more information will drive batter decision. In fact, the selection and development of model within a particular context in decision-making is more crucial and relevant to a batter decision than information on its own. But then what is a model actually?

 

A model is a real world representation. I like to use the scenario of a map in my lecture class. A map is a model as it is a representation of the real geographical existence. However that, a map cannot contain each pieces of information on the land. A usable and practical map should only include those pieces of information that could serve the purpose of reading and interpreting map to accomplish certain purpose. Hence the map to direct a traveller to move from one destination to another is very much different from the map for installing public utilities despite the geographical area is exactly same.   

 

In software engineering, we have too often heard the word “model”. But I bet you, many of those software professionals are not able to explain articulately the rationale and logic behind such modelling constructs. In database and data warehousing analysis and design, we talked about data modelling; in business process analysis and design, we talked about process modelling; in performance improvement, we talked about optimization modelling; and in enterprise architecture, we talked about architectural modelling.

 

All these modelling constructs require extensive deliberation and organization using knowledge, experience and techniques accumulated from learning and working. If a software professional does not display passion to consistently enhance, enrich and embody his/her skills, neither can we expect him/her plays good roles of modeller, nor problem solver, nor opportunity creator.   

Section 114A of Evidence Act: Perspective from an Information Technologist

The introduction of Section 114A receives many controversies and criticisms. When the issue surfaced a couple of weeks ago, and swiftly became a public debate, my immediate reaction was that, why the opposition parties were silent during the parliamentary sittings or any time before it came into force, but rather awaiting the campaign, Internet Blackout Day, on the 14^th day of August 2102 led by Centre for Independent Journalism (CIJ) ?

 

Almost all criticisms focus on public law, i.e. Section 114A could provide a foundation to legal enforcers and prosecutors to abuse their powers and thus becoming a means for ruling party bullying supports of opposition parties. While we cannot deny such potential side-effect in the course of regulating cyber-wrongdoings in public law, we should equally look into the good points in private law.

 

For example, defamation could be either a criminal or civil wrongdoing, but unless the victim of defamation is a well known public figure, it is utmost unlikely that police and/or law enforcer from relevant government agencies will seriously exercise their power to further investigate into the complaint be lodged by way of precisely looking into the possibility of instituting criminal defamation proceedings. Hence, the residuary avenue that the victim could take is civil defamation proceedings.

 

Without intervene of police and/or law enforcer in a defamatory wrongdoing investigation convicted in cyberspace, the evidence to be adduced before a court in civil litigation could be even harder than in criminal litigation. Such difficulty lies in procedural requirements in evidence law. With Section 114A comes into force, the plaintiff (victim) may only be required to establish prima facie evidence instead of adducing full evidence, particularly in procedural compliances and regulations.

 

Approximately five years ago, I attempted to provide computer forensics service to industry. The underlying objective of this service is to assist disputing parties to discover the truth of computer-related wrongdoings. I discussed this plan with research faculties from School of Computer Science of USM, and Faculty of Law of MMU. It was concluded that, despite the truth could be revealed in substantive way on the conditional requirements that the hardware could be provided, the truth of findings could be easily rebutted from procedural perspective in the absence of procedural framework that regulating the operational works of computer forensics. Just like language-translated evidence submitted before a court must be done by a certified translator recognized by a court, in America, the person who carries out computer forensics evidence must be certified and recognized by court in order he understands and practices respective procedural compliance before the admissibility of such evidence.

 

Section 114A exhibits certain ingredients of occupier liability. Traditionally, tort of occupier liability is applied to physical premises and land. In cyberspace, many account owners of social media perceive this dedicated cyberspace as their cyber-home. They have rights to determine who is welcome and who is not. They also can determine the contents in their cyber-home as to whether to keep or remove.  Hence, the advent of ICT should naturally extend the meaning of tort of occupier liability from physical premises and land to cyber-home. Having said this, the primary difference between the two should be that, the occupier of cyber-home owes a duty of performing house-keeping of his cyberspace if any content deemed to be defamatory and/or seditious within a reasonable time horizon, but the owner of physical premises and land cannot perform post-event rectification. The principle of tort of occupier liability should therefore evolve in accordance with the advent of ICT and its implication to socioeconomic changes.

 

Nonetheless that, holding an account registration person for Internet access liable on the principle of reverse evidence is apparently ridiculous and gravely wrong. If such a liability stand, then Internet service providers or licensees under Communications and Multimedia Act, such as Telekom Malaysia which provides Streamyx and Unifi, should equally be held liable as part of wrongdoing chain echelon. Indeed, they have to prove themselves innocent prior to an Internet account registration person proves himself innocent.

 

In summary, the introduction of Section 114A of Evidence Act should be seen as an endeavour to combat cyber-wrongdoings which serves as procedural law to complement inadequacy of respective substantive laws. Neither should it be short-sightedly perceived as with bad and hidden agenda for political purpose, nor be it a means to restrain fundamental liberty of speech freedom. While the advent and development of ICT is characterized by fast-moving, the development of legal principles must not be left too far behind towards socioeconomic demands in a balancing mechanism. The gap between the two domains will surely be enlarged and deepened if our legal professionals fail to exhibit strong technopreneur spirits to confront ever-changing environment as what described by Professor Susskind in his popular book, “The End of Lawyers?”. Notwithstanding, however that, I echo the suggestion of Malaysian Bar to call upon setting-up a taskforce comprising civil society, industry players and technology experts to revisit concerns and issues surrounding the controversial Section 114A.

 

The Importance of Being Equipped with Risk Intelligence Capability

The UK philosopher and psychologist, Dr. Dylan Evans, defines risk intelligence as “a special kind of intelligence for thinking about risk and uncertainty”, at the core of which is the ability to estimate probabilities accurately. Risk is often thought of in terms of threats — bad things happening to your business. Nevertheless that, risk also has a positive side, one that applies to value creation and risk taking for reward. Hence, business thrives by taking risks, but falter when risk is managed ineffectively.

A mankind receives signals of risk from our complex biosensor and biochemical mechanism and thereafter being transmitted via intricate nexus neural systems for further interpretation before biological body takes corresponding actions. A mankind is a learning organism. The ability to interpret incoming signals by ways of classifying and re-classifying them into complex categorical structures with embedded meanings is the foundation of building the intelligence of a mankind to confront risks before him. Although different person displays different characteristics of risk intelligence, the ability to translate incoming signals into corresponding actions within a reasonable time period determines the extent of intelligence and health a person is.

Putting the characteristics of human intelligence into enterprise strategies and operations in ever-increasing competitive and fast-moving business environment, the ability to manage risk is becoming essentially fundamental to business sustainability, growth and profitability. Unlike mankind, an enterprise does not possess the characteristics of intelligence by itself without a purposeful design, development, and deployment of its well-coordinated information systems. One may argue that his enterprise has deployed wonderful ERP, SCM, CRM, APS, MES, CMMS, PDM, and the like, but the bottom line is, as far as the characteristics of intelligence are taken into account, these systems are far less than adequate to enable addressing the issues arisen from risk intelligence.

Approximately two decades ago, University of Toronto embarked a big research project initiative known as Toronto Virtual Enterprise or TOVE in short. TOVE project has generated many insights into intelligence elements that an enterprise must possess in order to operate, compete and thrive. Unlike a mankind whom intelligence elements are represented by complex biosensor, biochemical mechanism, intricate nexus neural systems, and capability to translate into actions, an enterprise’s intelligence elements are constructed and represented by a comprehensive set of integrated enterprise ontologies.

An ontology body of knowledge has its philosophical root to Metaphysics, an area of the thoughts initiated by an ancient Greek philosopher, Aristotle. Metaphysics has been further developed and being applied in three distinct disciplines, namely, Linguistics, Religion, and Computer Science. Along its course of evolution, different terminologies with some variances of application are introduced such as Ontology, Semantics, and Taxonomy.

As an information systems practitioner, I am much more interested in how integrated enterprise ontologies could be applied into the development of enterprise risk intelligence. We are witnessing the adoption of Business Intelligence (BI) for the purpose of business analytics has been gaining its big momentum over last few years. Whether or not the advent of Risk Intelligence would take a quantum leap in near future is a question of interest.

Innovation Paradox: Irrelevancy of Argument

Some criticisms being put forth against the introduction of Computing Professionals Bill 2011 (“the Bill”) is that the Bill, by way of establishing Board of Computing Professionals Malaysia (BCPM), will restrain innovation among ICT knowledge workers. They further pointed out the success story of Bill Gate and Mark Zuckerberg, and argued that if the duo has to be registered under the Bill, the world will not enjoy the innovative products of Microsoft and Facebook.

This is a grave misconception of what ICT knowledge workers do is entirely in associations with the value of innovation. Indeed, innovation exists in everywhere and anywhere; it is certainly not proprietary nor privilege to IT and/or high-tech domain. From how a plumber connects water pipeline to how drug trafficking performs global delivery; from how a judge decides a landmark verdict to how a hawker cooks asam laksa, we can see certain elements of innovation and creativity. Hence, if we overly and blindly emphasize, which is the present state of paradox, the importance of innovation to ICT domain, our broader vision and strategic thinking ability are blocked by self-stupidity of arrogance.

One may be a super genius in innovating software solutions, but this must not be the case for accusing the establishment of BCPM could restrain him continues to be genius and outperformed. The thinking process of national development and economic growth must not be mixed with personal growth and individual skills development. Without such conscious deviation in mind, one will not be able to comprehend the rationales behind the proposed establishment of BCPM, no matter how genius one is. The innovation paradox, in this context, has its undividable root in inability to divide the two distinct mindsets.

 

In his media interview, YB Tony Pua commented that, there is no such law exists in the world attempting to regulate ICT knowledge workers. If this saying stands and is of correct, couldn’t we be INNOVATIVE enough to create an effective, efficient and productive mechanism to regular ICT knowledge workers? Should we be the innovator or follower in the context, YB Tony Pua?

A Quick Review of Computing Professionals Bill 2011

The Computing Professionals Bill (“the Bill”) was reportedly released in the evening of the 8^thday of December 2011. It has subsequently given rise to uneasiness among ICT fraternity despite MOSTI had clarified that the Bill does not apply to all ICT knowledge workers but only applies to those involved in Critical National Information Infrastructure (“CNII”) .

Although the Bill provides that CNII refers to “those assets, systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on National economic strength or National image or National defence and security or Government capability to function or Public health and safety,” it does not further illustrate the contextual meaning of such definition. Nonetheless, the information from NITC Malaysia website provides that, CNII sectors consist of (i) National Defence & Security; (ii) Banking & Finance; (iii) Information & Communications; (iv) Energy; (v) Transportation; (vi) Water; (vii) Health Services; (viii) Government; (ix) Emergency Services; and (x) Food & Agriculture.

According to such a broad coverage of CNII, it has virtually included utmost, if not all, every economic activities although such economic activities may not “have a devastating impact on National economic strength or National image or National defence and security or Government capability to function or Public health and safety.” Notwithstanding that, the relevancy or irrelevancy of devastating impact has always been in association with time and space, and I will provide an explanation at the later stage.

I wish to take this opportunity to address some issues arising from the introduction of the Bill, and share my views on respective issues.

(1) New Form of Inequality and Discrimination

The use of the word, “Professionals”, in the Bill may subconsciously create a distinction line between professionals and non-professionals. That is to say, those register under the Board of Computing Professionals Malaysia (BCPM) carry the weight of professionals, whereas others not. This is not a healthy atmosphere considering that the meaning of professionals is not weighted by the nature of works and deliverables performed, as well as quality of service, but a mere registration. Such distinction could create a new form of inequality and discrimination between the two camps; the reputations earned from, and the prices paid to, professionals and non-professionals may put the two camps into confrontation.

(2) Computer Malpractice and Professional Misconduct

An interesting question arising from professionals is that, whether or not those carry professionals designation shall equally carry its weight of professional liability in relation to computer malpractice and professional misconduct? According to Bad Software: What to Do WhenSoftware Fails (1998), written by Cem Kaner & David Pels, the case of Chatlos Systems v. National Cash Register Corp. (1979) is the first important computer malpractice case. An NCR salesman did a detailed analysis of Chatlos’ business operations and computer needs, and advised Chatlos to buy NCR equipment. Relying on NCR’s advice, Chatlos bought a system that never provided several promised functions. Chatlos sued. NCR was held liable for breach of contract. In its Footnote 1, the Court discussed Chatlos’ claim of malpractice:

“The novel concept of a new tort called ‘computer malpractice’ is premised upon a theory of elevated responsibility on the part of those who render computer sales and service. Plaintiff equates the sale and servicing of computer systems with established theories of professional malpractice. Simply because an activity is technically complex and important to the business community does not mean that greater potential liability must attach. In the absence of sound precedential authority, the Court declines the invitation to create a new tort.”

This refusal to recognize the validity of a lawsuit for computer malpractice has been widely quoted. With the introduction of the Bill, and subsequently be passed becoming an Act, whether or not, Malaysian courts will recognize a registered computing practitioner, computing professional, and computing service provider as being professional, and thus enforcing higher standard of duty of care? It may also be equally good if the Bill can also introduce the scheme of PII (Professional Indemnity Insurance) to cover liability resulted from breach of duty of care, negligence, and breach of contract.

(3) Dispute Resolutions Mode

I must point out a good effort to incorporate the use of arbitration in dispute resolution as prescribed in the Section 11(1)(N). The case of Bank Simpanan Nasional v Cyber Business Solutions Sdn Bhd (Suit No: D-22NCC-279-2009) marks a significant milestone in the software dispute resolutions. In the past, it was widely practiced that the jurisdiction of arbitration derives from the agreement of the disputants. Notwithstanding that, the Court gave a consent judgment in favor of Cyber Business Solutions Sdn Bhd that pursuant to the Section 24A of the Courts and Judicature Act 1964, in the absence of arbitration agreement between the disputants, a High Court possesses power to refer litigation to arbitration even if any party objects. The significant messages brought up by this case in relation to software disputes are that:

i.             Software development and implementation could be a complex undertaking which involves both hard-skills and soft-skills of software professionals at specifically different domain knowledge.

ii.            The learned judge was of the view that taking into consideration of the case involved scientific investigations relating to computer and software and prolonged examination of voluminous documents, the real issue before a matter could be referred under Section 24A will depend on the complexity of facts and cannot be of law.

Apart from arbitration, perhaps the Bill should also introduce mediation process before arbitral proceedings. We have witnessed that construction, financial and sport industries have established their respective Alternative Disputes Resolution (ADR) mechanism. It is now the time where computing industry setup our own ADR system.

(4) By-laws

I think the Bill should empower BCPM to make applicable rules or by-laws in relation to its governance, such as rules that regulating procedural matters of arbitration and/or mediation. These rules or by-laws should seek to be gazetted in order to be legitimately enforceable.

(5) Complexity in Software Value Chain

Section 19 provides the ground of restrictions on unregistered person to deliver services. In an open source environment, anyone can publish his/her codes onto the Internet for free use. The question arising here is that, if a registered person adopts the code from unregistered person, whether or not this could construe as a breach of Section 19?

Conclusion

The introduction of the Bill appears to be a shock at its prima facie. However, after attending the BCPM Open Day held on the 13^th day of December 2011, and reading the press statement released by MOSTI and materials and comments from the Internet, I see bona fide intent to propose the Bill. To be faithful, from its first glance, the Bill appears to be ridiculous and silly. On further deliberations and due considerations, I have no doubt in supporting the objectives as put forth in the press statement of MOSTI, and the establishment of a dedicated statutory body to propel and elevate the standards of ICT knowledge workers by ways of regulation, I object, nevertheless, the following two wordings:

(a)          The use of the word “professionals” to divide the two camps. An alternative way to resolve this literally discriminated division is to adopt something similar to the way Chartered Institute of Arbitrators (CIArb) divides the level of competency in the regime of arbitration, i.e. Associate, Member, Fellow, and Chartered.

(b)          The use of the name “Board of Computing Professionals Malaysia” should be replaced as it connotes a stale, bureaucratic and red-tape kind of governance. The revamped Bill should adopt a more forefront naming in representing ever-fast-moving ICT industry. For example, comparing “Malaysian Bar” and “Law Society of Singapore” which both represent professional body for practicing lawyers in Malaysia and Singapore respectively, it apparently obvious that the later carries a modern and forefront representation.

To sum-up, if the ICT industry is characterized by the robustness of innovative elements, then the introduction of the Bill should equally be regarded as the product of innovation!

Prologue: The Choice of the Name

The desire to become a blogger could be traced back to a few years before the advent of the social media conception. I indeed like to write more than talk despite my career requires me to talk more than write. Over the past more than 20 years of industrial track records on software development and implementation, if I were have to choose a single word to summarily represent what could be of crucially essential and yet fundamentally reflective to my professionalism and professional career, it would be certainly “Alignment”.

Looking back, I was first being taught the concept of “Alignment” in 1994 when I read the book, “Practical Steps for Aligning Information Technology with Business Strategies”, authored by Bernard Boar of AT&T, Bell Laboratories, when I was working in Singapore. This book is now on my bookshelf together with my other books which have since then I have been reading many related literatures, and gradually building an applicable body of knowledge.

 

Around 2003, I learned about a new philosophy known as Structurational Theory, which emerged to be an applied research methodology to the effects of information systems deployment in the context of social eco-lifecycle. Structurational theory advocates the phenomenon of an information systems deployment initiative could be assessed and predicted by way of taking into the dualism interaction of actor and structure. In other words, structure is a medium of activities of actor as well as the results of those activities. The words “Shape and Reshape” are widely and repeatedly used in the literatures of Structurational theory to explain cylinder view of the inherent endless of co-dependent relationship between actor and structure.

 

On another note, I have been running my own software development and implementation company known as Softegic Systems Management Sdn Bhd since 1999 after being employed for 8 years in Malaysia and Singapore. I incorporated another company, Lincoln ICT Disputes Management Sdn Bhd, in 2010 to promote the use of arbitration and/or mediation as a preferred mode of software-related disputes resolutions, as well as encourage disputants to use expert witness in software-related litigation and arbitral proceedings which could give rise to highly complex issues. The journey of technopreneurship is full of obstacles and barriers; it is an adventurous voyage which requires a strong spirit and courage along an odyssey!

 

Hence, I name my blog space as “ALIGNMENT: A Shape and Reshape Odyssey”.