Stone Rice Big dot Net

In the latest issue of MIS Quarterly is a very well-written overview of theories in information systems research. Gregor (2006) starts with analyzing the historical development of theories and develops a framework of categories for systematizing existing theories in IS research:

• Analytical theories
• Explanatory theories
• Predictive theories
• Combination of explanation and prediction
• Design and action theories

Furthermore, she presents examples for each of her categories in the framework. In the discussion she poses the question whether there should by any sequential relationship between these types. According to Gregor (2006) there is not sequence between the categories. Merely, analytical theories can be regarded as the foundations of other theory categories.

However, in line with her remarks on relationships between theories, the different theory categories can be seen as a stack. It is perfectly possible to start developing a theory which is following the underlying principle of one of the categories. However, you should never forget the overall picture. So research with a design research method, for instance, should refer to other types of research (e.g. founding on a predictive theory) and present its results in a way that research within a different theoretical category can be applied and used the results.

Overall this paper is worthwhile reading to get into the concept of theory in IS research. It summarizes exisiting theoretical streams and presents them coherently.

References

Gregor, S. (2006). The Nature of Theory in Information Systems. MIS Quarterly, 30(3), 611-642.

The Economist writes about a new way of securing data in databases based on philosophy:

In the 1940s a philosopher called Carl Hempel showed that by manipulating the logical statement all ravens are black you could derive the equivalent all non-black objects are non-ravens. Such topsyturvy transformations might seem reason enough to keep philosophers locked up safely on university campuses, where they cannot do too much damage. (The Economist 2006 8493(380) p. 72)

The underlying principle is similar to the immune system, where lymphocytes (e.g. T-cells) do not have information about any potentially harmful intruders, i.e. all their information refer to body cells. By negating their information base, everything they do not know is a potential threat and thus will be attacked. Hence, lymphocytes do not need information about virusses, bacteria, etc.

Transferring this into the world of computers results in negative databases, that store everything but the actual information. Such negative databases are suitable for protecting privacy, e.g. by just storing the negative information of credit card information. For instance it is possible to query the database for the information about one entry (”Give me the credit card information of person X”). However, it is not possible to process Select *-statements (”Give me all credit card information of your German customers”) (Esponda et al. 2004).

Practically, this means that for instance surveys can use the information stored in such negative databases and derive statistical information of it and do not conflict with privacy concerns of the individuals, whose date is stored in the database (Esponda 2005).

Another application could be data exchange through web services. The big security and privacy problem of web services is that I have to hand out date to some probably unknown entity. So basically web services rely on the hope, that my business partner does not publish my information to the world or sell it to competitors (There is an interesting interview with Withfield Diffie on this topic here). Wouldn’t it be possible to design negative statements of information that I want to be processed by somebody else, that allows the external entity to process it and return a meaningful result without actually knowing the exact nature of the result? Obviously it would not work on any data, e.g. you definitely need to present shipping information to UPS to get the package delivered.

The analogy with the human immune system results in adopting its weaknesses. Failures in knowing what self is can do great damages. Allergic reactions then seem to be the result of the wrong negative information.

References

(Esponda et al 2004) F. Esponda, E.S. Ackley, S. Forrest and P. Helman. On-line Negative Databases. Third International Conference on Artificial Immune Systems (ICARIS 2004) Proceedings, pp.175-188, September 2004. 

[Esponda 2005) Esponda, F. Negative representations of information. University of New Mexico Dissertation, 2005.