New laws of physics for software: contextual flow control.

This is a name I came up with for how to combine a few existing concepts in a new way to create a system with very different properties.

Contextual Integrity is Helen Nissebaum's notion of the platonic ideal of privacy.

"My data is used in line with my interest and intent"

Information Flow Control is an applied math framework that's been around for 50 or so years.

It allows making formal statements about the confidentiality and integrity of information as it flows through a graph of operations.

Facebook just shared that they use it as a fundamental concept underpinning their internal data privacy aware infrastructure.

Contextual flow control is an approach that applies Information flow control concepts in a specific way to software that has been contained within independent modules, so all data flow across modules can be tracked and verified, allowing contextual integrity for novel software.

Think of it like type checking for privacy policies.

If the software "compiles", then it by construction does not have any data flows that go against a user's privacy goals.

Engineers know the power of type checking: it's more work up front, but gives you significantly more confidence that your software is correct.

This allows modifying your software in a tighter / faster iteration loop.

Make the change that you want to see, and then keep resolving compiler errors until the software compiles, and you're done.

LLMs can do this iteration cycle for you automatically; they're very good at taking the structured output of a compiler error and tweaking software to improve it.