An Oxford tutorial for cybersecurity, governance and eDiscovery

Editor’s Note: ComplexDiscovery OÜ’s new tutorial brings the discipline of Oxford-style argument to cybersecurity, information governance and eDiscovery at a moment when professional claims about evidence, privacy, attribution and artificial intelligence often move faster than their supporting reasoning. Built around 21 contestable propositions across three terms, the course asks readers to defend a position, confront the strongest opposing case and identify the assumptions carrying the argument.

For practitioners, the tutorial treats critical thinking as an operational discipline rather than an academic exercise. Discovery teams must defend search, preservation and review decisions. Governance professionals must evaluate privacy, consent and data-sovereignty claims. Cybersecurity leaders must assess breach narratives, attribution statements and human-in-the-loop controls. In each setting, the same question matters: is the claim defensible, or only familiar?

The three worked examples pair model essays with simulated tutor interrogations. They show how a proposition can be argued, tested, weakened and refined without being reduced to advocacy. For professionals working with agentic AI, defensible review, legal data intelligence and regulatory risk, the tutorial offers a practical method for slowing down consequential claims before courts, regulators, clients or markets test them first.

Industry News – eDiscovery Beat

An Oxford tutorial for cybersecurity, governance and eDiscovery

ComplexDiscovery Staff

At Oxford, the tutorial has long stood for a demanding form of teaching built around preparation, argument and close questioning. ComplexDiscovery OÜ has now adapted that method for a field that often moves faster than it reflects.

The result, “The ComplexDiscovery Tutorial,” takes the Oxford tutorial (a meeting in which a student prepares written work and defends a contestable claim under sustained challenge) and points it at cybersecurity, information governance and eDiscovery. The document is built around 21 contestable propositions across three academic terms, with a fully worked example for each term, a model essay paired with the interrogation that follows, so readers can watch the method at work rather than take its value on faith.

The tutorial, as commonly associated with Oxford teaching, is less a lecture than a disciplined conversation: a student prepares written work, defends it in discussion and absorbs sustained challenge from a tutor. The document sharpens that into a weekly argument between a student and a tutor. The student receives a contestable proposition and a short reading list, writes an essay of about 2,000 words that takes a position, then reads it aloud while the tutor takes it apart, locating the unexamined premise, pressing the weak inference, demanding the evidence and offering the strongest objection the student failed to anticipate. The point, the document says, is never to reach the tutor’s preferred answer. It is to make the student think harder, argue more honestly and hold a position under pressure without either collapsing or digging in.

The curriculum argues that this design is particularly well suited to the subject. Cybersecurity, information governance and eDiscovery are fields where the loudest claims are the least examined, where vendor language stands in for thought, and where a confident assertion about preservation, attribution or AI review can carry three buried assumptions no one has stopped to test. The tutorial is offered as a method for dragging those assumptions into the light, and for training a skill valuable to the trade press, the bench and the buyer alike: the ability to tell a defensible claim from a fashionable one.

A method, then three terms

The course runs three terms in the Oxford pattern, each with seven tutorials and a collections week that closes the term with a synthesis essay or an oral defense. The three terms take their names from Oxford’s academic calendar: Michaelmas falls in the autumn, Hilary in the winter and Trinity in the spring. Here the names simply mark the course’s three stages, the foundations of evidence, the politics of information and the machine frontier. Every proposition is written to be argued either way, a deliberate choice, since a claim you can only defend, the document notes, is not worth a tutorial. The essay specification is strict. One thesis, stated in the opening paragraph. The strongest version of the opposing case, presented fairly, before it is answered. A conclusion the argument actually earned rather than the one the writer preferred at the start. The hedge that lets a writer claim victory whichever way the evidence falls is the enemy the exercise exists to defeat.

Michaelmas: the foundations of evidence

Michaelmas, the first term, is epistemological. Before arguing about how information should be governed or secured, the student has to be honest about what a record is and how truth and proof come apart. Week one opens with the claim that discovery does not find the truth but manufactures a record, training the reader to distinguish what a process discovers from what it constructs, against readings that pair the Zubulake opinions and Federal Rules of Civil Procedure Rule 26(b)(1) with Bruno Latour on how facts are assembled rather than found. Week two presses the parallel claim that relevance is not discovered but decided, separating a finding from a judgment dressed as one, with the Sedona Conference principles and a public privilege log as evidence. Week three argues that metadata is more honest than the document it describes, a lesson in weighing layers of evidence that sets a technical metadata primer beside Luciano Floridi on the nature of information and a forensic examiner’s account of metadata that has been forged. Week four follows a technical fact to its legal consequence (that there is no deletion, only deferral), reading a storage-recovery primer against GDPR Article 17, the right to erasure, and the Google Spain decision on the right to be forgotten.

The back half of the term turns toward obligation. Week five holds that the duty to preserve is a duty to anticipate the unknowable, reasoning about obligations under uncertainty through the Zubulake preservation line, Rule 37(e) and its 2015 amendments on failure to preserve electronically stored information, and the precautionary principle from risk theory. Week six makes the case that proportionality is a moral judgment masquerading as a cost calculation, training the reader to spot normative claims hidden inside economic ones, with the Rule 26(b)(1) proportionality factors and the Sedona Conference commentary on proportionality as the primary texts. Week seven closes the teaching weeks with the proposition that every search is a theory of the case, treating method as argument rather than neutral procedure, anchored by Judge Andrew Peck’s “wake-up call” on keyword search in William A. Gross Construction Associates v. American Manufacturers and the Maura Grossman and Gordon Cormack research on technology-assisted review. The term ends with a collections essay of about 2,500 words asking the student to defend the view that eDiscovery is best understood as a method for producing an agreed record under conditions of conflict, and to name which weekly positions they have since abandoned.

Hilary: power, governance and privacy

Hilary, the second term, moves from epistemology to power. Once the record is understood as constructed, the question becomes who controls its construction, who is shielded from it and who profits from the systems built around it. Week one reads a benign-sounding practice for its real function, arguing that information governance is the management of organizational memory and therefore of organizational guilt, with the Sedona Conference commentary on information governance, the Generally Accepted Recordkeeping Principles and Michel Foucault on the archive. Week two tests a foundational concept against rival definitions (that privacy is not a right but a contextual norm), pairing Warren and Brandeis’s 1890 essay “The Right to Privacy” with Helen Nissenbaum on contextual integrity and Daniel Solove on understanding privacy. Week three holds two valid principles in genuine conflict, asking whether the right to be forgotten and the duty to preserve can both be honored, with GDPR Article 17 set against the preservation duty carried forward from Michaelmas. Week four evaluates when a justification actually justifies, arguing that consent is the weakest foundation of the data economy, reading GDPR’s lawful-basis provisions alongside Shoshana Zuboff on surveillance capitalism and an industry defense of notice-and-consent.

The term’s second half turns to security and its incentives. Week five reframes a temporal assumption (that a breach is a disclosure, not an event), following the consequences through a public post-incident report, the NIST Cybersecurity Framework and the literature on dwell time, the gap between compromise and detection. Week six separates the empirical content of a claim from its political use, arguing that attribution in cyberspace is a political act in technical dress, with Thomas Rid and Ben Buchanan on attributing cyber attacks and a government attribution statement read beside a skeptical analysis of the same finding. Week seven distinguishes a structural critique from a conspiracy theory, testing the claim that the security industry profits from the insecurity it is paid to cure, using Bruce Schneier’s market-failure argument and a breach in which the victim had already bought the relevant product. The term closes not with an essay but with a viva, an oral defense of the proposition that the governance of information is, in the end, the governance of power, applied on the spot to a case the examiner names.

Trinity: the machine frontier

Trinity, the third term, carries the earlier epistemology and politics into the place the field is actually moving: automated review, agentic systems and the contest among states over data and the compute beneath it. Week one separates efficiency claims from accuracy claims, arguing that technology-assisted review was accepted because it was cheaper and the profession has confused cheaper with better ever since, with Da Silva Moore v. Publicis Groupe (Judge Peck’s 2012 approval of predictive coding), Rio Tinto v. Vale and the Grossman and Cormack accuracy research as the readings. Week two works the line between prediction and judgment, holding that an AI that predicts privilege does not exercise judgment and that the difference is collapsing, against a classifier primer, a bar opinion on AI in privilege review and a vendor’s description of its own tool read for what it avoids claiming. Week three, reproduced in full later in the document, argues that human-in-the-loop is a liability fiction rather than a safety control. Week four works a definitional dilemma (that an autonomous system cannot be held to account and an accountable system is not autonomous), reading the EU AI Act’s risk tiers beside the philosophical literature on responsibility gaps.

The closing weeks raise the contest to the level of states. Week five reasons about the friction between architecture and political demand, arguing that data sovereignty re-territorializes a technology built to escape territory, with the Schrems II decision, the U.S. CLOUD Act and Estonia’s data-embassy experiment as touchstones. Week six follows a dependency chain to find where power sits, holding that a sovereign AI is a fiction for any nation that does not control the silicon, against analyses of AI infrastructure, semiconductor supply chains and export controls. Week seven projects every earlier thread onto a problem with no settled answer (that the next evidentiary crisis is not the convincing fake but the undetectable authentic), reading deepfake-detection surveys against the law of authenticating digital evidence and the emerging work on provenance and content credentials. The term ends with a final viva and a synthesis essay of about 3,000 words tracing one argument across all three terms, from the manufactured record, through the allocation of power, to the breaking of accountability, and asking what it tells a working professional to do differently on Monday morning.

The form in motion

What separates the document from a reading list is its second half. ComplexDiscovery OÜ offers three tutorials in full, one from each term, as worked illustrations of how the discipline applies, a model essay followed by the tutor’s interrogation, written to demonstrate the method rather than to record a live session. The student does not win every exchange. That, the document says, is the point.

The first worked example argues the Michaelmas opening proposition that discovery manufactures a record. The essay defends the claim while refusing the nihilism it seems to invite, reaching for the cartographer rather than the forger as its governing metaphor. A map is made; every projection is a choice; and yet a map can still be accurate or deceptive, fit or unfit for the journey it is drawn to serve. The interrogation that follows is unsparing. The tutor catches the student retreating from a bold claim to a safe one under pressure, the motte-and-bailey move the curriculum names as a failure mode, then sets a hypothetical in which a good-faith custodian cap leaves a smoking-gun email outside the production. By the close the student has conceded that the standard for an honest record is itself another construction, and the exchange ends not in victory but in a sharper question the argument forced open.

The second example turns from machines and evidence to a contest of definitions. Its proposition, that privacy is not a right but a contextual norm, recasts privacy as the appropriate flow of information relative to the purposes of a setting, drawing on Helen Nissenbaum’s contextual integrity and Daniel Solove’s account of privacy as a family of protections rather than a single essence. The essay argues that the legal right is that norm hardened for enforcement, downstream of the norm rather than prior to it. The interrogation tests whether the account can still condemn a normalized surveillance workplace, then forces the student to supply a falsification condition rather than explain every counterexample away. The student concedes that the purposes a context serves are contestable, and that the powerful retain room the theory would rather deny them.

The third worked example sits on contested professional ground. Its proposition, “Human-in-the-loop is a liability fiction, not a safety control,” argues that the human positioned to absorb blame when an automated system fails is the same human poorly positioned to prevent the failure. The essay draws on Lisanne Bainbridge’s 1983 paper “Ironies of Automation,” which showed that automating most of a task degrades the human’s residual monitoring role, and on Madeleine Clare Elish’s idea of the “moral crumple zone,” in which the operator absorbs responsibility for failures they had little capacity to avert. When the tutor presses with aviation, where trained pilots have overridden automation and saved aircraft, the student concedes the counterexample rather than dodging it, then turns the concession into a sharper claim: the fiction is not a law of nature but a function of how much an industry will spend on the human’s competence and authority. The example cites Morgan v. V2X, a 2026 federal decision in Colorado on the use of AI tools in discovery, but the tutor forces the student to state the underlying principle without leaning on the ruling: ask not whether a human was present, but whether the human could have changed the outcome.

Running it against your own work

The document is built to be used alone, and it offers three ways to run the defense without an Oxford tutor across the table. A reader can hand an essay and the week’s pressure points to an AI interlocutor with instructions to argue back without flattery and without conceding early. A reader can trade the examiner’s chair with a single colleague each week. Or a reader can write the essay, set it aside for a day and return as a hostile examiner of their own work. The discipline is the same in all three: the position must survive someone who wants it to fail.

A closing section sets out what good critical thinking looks like by the document’s standard. A tutor listens for the strongest opposing case stated first, the unstated premise named, the empirical claim held apart from the normative one, and a willingness to say what would change one’s mind and mean it. The failure modes are named with equal precision, the motte and bailey, the proof that proves too much, the definition rigged so the conclusion is guaranteed, the appeal to industry consensus as though consensus were evidence, and the hedge that lets a writer claim vindication no matter what happened.

The practical payoff arrives in a short note on turning the method on one’s own work. Before publishing a piece that asserts a breach “happened” on a date, that a tool “decides” relevance, or that a human-in-the-loop control makes a system “safe,” the document urges the writer to put the sentence in front of an imagined hostile examiner and ask which buried premise is carrying the weight. For practitioners the transfer is direct. A compliance officer can run a vendor’s “defensible AI” claim through the same test before signing. A litigator can ask of any oversight arrangement not whether a human was present but whether the human could have changed the result. An editor can hold a draft’s confident verb (decides, finds, proves) against the evidence behind it before the piece goes out.

The habit, the document argues, is older than any single controversy, and once it is set every claim that crosses the editor’s desk, the buyer’s, or the bench’s gets the same quiet question the tutor asks: is that defensible, or only familiar. For a sector where confident language often outruns examined thought, the resource is a wager that slow argument still earns its keep. The harder test comes next. In a field that rewards speed and certainty, will practitioners make the time to argue with their own conclusions before the market, the regulator or the court does it for them?

The tutorials in full

The three tutorials below are examples provided by ComplexDiscovery OÜ to show how the discipline of the tutorial can be applied to this field. Each pairs a model essay with the tutor’s interrogation that follows it, and each is an illustrative demonstration of the method, a written simulation of the exchange, the kind the curriculum suggests a reader can run with a colleague or an AI interlocutor, rather than a transcript of a live human tutorial. The cases, rules, scholars, and frameworks the essays cite are real and verified; the student and tutor are composite, illustrative voices. The propositions are written to be argued either way, so the positions defended here are not the publication’s editorial stance. Reproduced in full from the source, one from each term: read each essay as the student would read it aloud, then read the interrogation as the part that does the teaching. In all three, the student concedes ground. That is the point: a position worth holding is one that has survived someone who wanted it to fail.

Tutorial one, Michaelmas, week one: “Discovery does not find the truth. It manufactures a record.”

Explainer

This first example argues a Michaelmas proposition about the nature of the discovery record. The faculty it trains is the ability to distinguish what a process discovers from what it constructs. The essay defends the claim that discovery manufactures rather than finds, while refusing the nihilism the claim seems to invite: its governing image is the cartographer, not the forger. The interrogation then tests whether the student is defending a bold claim or quietly retreating to a safe one, using a smoking-gun-custodian hypothetical and the law of spoliation to press the point. The student wins some exchanges and loses others, conceding by the end that the standard for an “honest” record is itself a construction. Watch for the named failure mode the curriculum warns against, the motte-and-bailey retreat, and for how the tutor closes by handing the student the unresolved question as the next week’s work.

The essay

A model essay, followed by the tutor’s interrogation. Read the essay as the student would read it aloud, then read the defense as the part that actually does the teaching. Notice that the student does not win every exchange. That is the point.

The proposition is true, and almost everyone who repeats it has it backwards. “Discovery manufactures a record” is usually said as an accusation, a way of suggesting that the eDiscovery process produces something thinner than truth, a curated artifact that the credulous mistake for the real past. I want to argue the reverse. The manufactured record is the only form in which the past can enter a contested proceeding at all, and recognizing the record as made does not lower its authority. It relocates the burden of that authority, from the world onto us. The whole argument turns on a single equivocation buried in the word “truth,” and my first task is to prise it open.

Let me first state the opposing case as strongly as I can, because it is strong. The realist says: a document either existed or it did not. An email was sent at 3:42 on a Tuesday or it was not. When the court in Zubulake confronted the destroyed backup tapes, it did not invent them. It found that they had once existed and had been lost. Rule 37(e) authorizes sanctions for the failure to preserve electronically stored information precisely because something real, prior, and independent was destroyed. If discovery merely manufactured records, there would be nothing to spoliate, no fact against which to measure a party’s bad faith, and the entire sanctions regime would be incoherent. The realist concludes that the events are prior and the process is truth-tracking: flawed, expensive, adversarial, but aimed at recovering a past that exists whether anyone recovers it or not. To call this “manufacture,” the realist warns, is to flirt with a nihilism that would dissolve the very rules that keep discovery honest. This is the position to beat.

It can be beaten, but only by noticing that the word “truth” is doing two jobs at once. The first is correspondence truth: the brute past, what actually occurred, fixed and mind-independent. The email was sent or it was not, and no amount of process changes that fact. The second is forensic truth: what a contested process can establish, to a standard, on a record, under rules of admissibility, privilege, and proportionality. The realist is entirely right about the first sense and wrong to believe that discovery delivers it. Discovery never hands the court the past. It hands the court a record. The past itself is not in the courtroom and cannot be. What stands in for it is a bounded, selected, processed, de-duplicated, privilege-filtered, proportionality-limited assembly of artifacts, each of which is itself a representation rather than the event it represents. The email in the production set is not the sending of the email. It is an inscription of it, and the inscription arrived through a long chain of human and machine choices, none of which the past dictated.

Consider that chain stage by stage, because the manufacture is visible at every link. Identification decides where to look, and in doing so decides where not to look. Preservation decides what counts as potentially relevant before anyone yet knows what relevance will turn out to mean. Collection imposes a scope on a universe that has no natural boundary. Processing strips metadata, normalizes formats, threads conversations, and de-duplicates, and each of those verbs is a decision about what will count as one thing rather than two. Review applies relevance and privilege judgments that the documents cannot make for themselves. Production is then negotiated between adversaries who each want a differently shaped record to exist. At every step a person or a model chooses, and the choice is underdetermined by the events. This is the sense in which Latour’s account of scientific fact applies cleanly to the courtroom. A fact, he argues, is the far end of a chain of inscriptions, instruments, and decisions, and its solidity is a function of how well that chain holds rather than of some unmediated contact with reality. The discovery record is exactly such a chain. It is made, and it is made all the way down.

Here, though, I part company with the nihilist conclusion the realist fears, and the parting is the heart of my thesis. To say the record is manufactured is not to say it is arbitrary, or false, or unmoored from the past. The events constrain the record even though they do not determine it. You cannot manufacture into the record an email that was never sent without committing fraud, and that constraint is real and enforceable. The right metaphor is not the forger but the cartographer. A map is made. Every projection is a choice, every scale a selection, and no map is ever the territory. And yet a map can be accurate or inaccurate, honest or deceptive, fit or unfit for the journey it is drawn to serve. When the proposition says discovery “manufactures,” it should be heard the way the cartographer hears “draws,” not the way the forger hears “fabricate.” Manufacture here means constrained construction, and the constraint is what separates a defensible production from a fraud.

This reading dissolves the realist’s strongest objection rather than dodging it. Spoliation is not evidence that discovery finds the truth. It is evidence that the manufacture is constrained. Rule 37(e) does not punish a party for failing to recover the past, because no party can be asked to recover what the process only ever represents. It punishes a party for corrupting the construction, for removing from the chain materials that an honest process would have carried forward. The sanction presupposes not that the record equals the truth but that the record owes a duty to the past it stands in for. That duty is precisely what you would predict if discovery were constrained manufacture, and precisely what would make no sense under either of the alternatives. If discovery simply found the past, you could not fail to preserve what the process merely recovers, and spoliation would be impossible. If discovery were pure invention, there would be no prior fact to betray, and spoliation would be meaningless. The existence of the sanction is the strongest available proof that the record is neither found nor fabricated but made under obligation.

I should hold the empirical claim apart from the normative one, because they are easy to run together and the running-together is where bad arguments hide. Empirically, discovery is manufacture: that is a description of what the process does to produce its output. Normatively, the manufacture metaphor does not lower the standard of the output. It raises it, and it moves it. If discovery found truth, the integrity of the result would rest on the world, and our methods would be incidental. Because discovery manufactures the record, the integrity of the result rests on the integrity of the manufacturers and their methods, and nothing else is left to carry it. This is why the profession’s apparent obsessions are not ritual. Defensibility, repeatability, documented protocols, the validation of a review’s recall, the chain of custody: these are the only places a truth-claim can live once you accept that the record is made rather than found. A found truth would need no defensibility. A manufactured one needs nothing else.

I will be precise about scope, because a claim about American adversarial civil discovery should not be smuggled into a claim about all of law in every system. My argument is about contested discovery under a rules regime of the kind the Federal Rules describe. I am not claiming that there is no fact of the matter about the past, I affirm that there is, nor that every legal process everywhere works this way. And I will name what would change my mind, since an argument that nothing could falsify is a posture rather than a position. If it could be shown that some discovery process delivers the unmediated past to the court without selection, representation, or choice, the manufacture thesis would fail at once. I do not believe any process does this, but the claim is falsifiable in principle, and that is the honest place to rest it.

So the proposition is true, and its truth is the opposite of a debunking. Discovery does not find the truth, because no contested process can deliver the past into a courtroom. It manufactures a record, a constrained construction that stands in for a past it can never reproduce. The ethics of eDiscovery live entirely in the gap between the made record and the unmade past, and the whole apparatus of preservation, sanction, and defensibility exists to keep that gap honest. To call the record manufactured is to say, correctly, that in litigation the burden of truth rests not on the world but on us.

The interrogation

Tutor. That was a clean essay. I am going to spend the hour trying to break it, and we will see what is left standing. Start here. You said the record is constructed, made all the way down. But the email I sent on Tuesday either existed or it did not. Reconcile the construction with that brute fact, in one breath, before you reach for the map.

Student. The brute fact and the record are different objects. The email’s existence is a correspondence fact, fixed and independent of anyone. The record is what the process can establish about that fact, and that is constructed. The construction does not touch whether the email existed. It touches whether, and how, the email enters the proceeding.

Tutor. Then the construction is trivial. Of course the courtroom contains a representation and not the literal past. No one ever thought the magistrate was handed the actual Tuesday. If that is all “manufacture” means, you have defended a claim nobody denies. Your proposition was bold. Where did the bold version go?

Student. It did not go anywhere. The bold version is that the shape of the record is underdetermined by the events, that two honest, competent processes run on the same facts will produce different records, and that which record exists is decided by choices the past does not dictate. That is not trivial. It means the output of discovery cannot be read as a transcript of what happened, only as one defensible construction among several the facts would have permitted.

Tutor. I want to test whether you actually hold that or only say it under pressure. Because a moment ago, when I squeezed, you retreated to “the construction does not touch whether the email existed,” which is the safe motte. Now you are back out on the bailey claiming two honest processes yield two records. Pick one and stay on it. Which are you defending, the modest claim that records are representations, or the strong claim that the record is underdetermined by the facts?

Student. The strong one. The modest claim is true but I am not resting on it. Let me make the strong one concrete. Take relevance. Two review teams, same documents, same good faith, will draw the relevance line differently at the margins, and the margins are where cases turn. Take proportionality. A magistrate caps custodians, and the cap is a choice the facts did not require. Each choice produces a different record, and none of them is the false one. That is underdetermination, and it is the claim I will defend for the rest of the hour.

Tutor. Good, because I am about to make you pay for it. Here is the case. The producing party, in good faith, chooses twelve custodians. A magistrate approves the scope as proportionate. The smoking-gun email sits with a thirteenth custodian, outside the cap, and so it never enters the record. On your account, did discovery find the truth, manufacture it, or fail?

Student. It manufactured a record that omits the email, and it did not fail, because the omission came from a choice the rules sanctioned as reasonable.

Tutor. That is a chilling answer. The record is wrong, the smoking gun is real and excluded, and you call the process a success.

Student. I did not call it a success. I said it did not fail by its own standard, which is the standard of defensible construction, not of correspondence to the past. That is exactly my point and I think it is the uncomfortable one. The process was not built to find the truth. It was built to produce a record that both parties and the court will accept as the basis for decision. When the smoking gun is excluded by a reasonable scope, the system did what it is designed to do, and what it is designed to do is not the same as recovering the past. If you find that chilling, the chill is in the design, and my essay is the description of it, not the apology for it.

Tutor. Then answer the realist’s last and best card, the one your essay was a little too pleased to think it had played. Spoliation. You say the sanction proves the manufacture is constrained, that the record owes a duty to the past. But a duty to the past is a relation to a fact. If the record can owe a duty to the past, the past must be available as a standard against which the record is measured. And if it is available as a standard, why is it not available as a finding? You cannot have the past present enough to ground a sanction and absent enough to forbid a finding.

Student. That is the sharpest version and I want to slow down on it. The past is available as a counterfactual, not as a presence. The sanction does not measure the record against the actual past. It measures the record against the record an honest process would have produced. We do not need to recover the destroyed tapes to punish their destruction. We need only to establish that a party removed from the chain something the honest chain would have carried. The standard is a hypothetical honest construction, not the brute past itself.

Tutor. That is a real answer, but notice what it costs you. You have made the standard for honesty another construction, the construction an honest process would have produced. So when two parties dispute whether spoliation occurred, they are not comparing the record to the past. They are comparing one hypothetical construction to another, and arguing about which hypothetical is the honest one. Have you not just relocated the whole problem? You promised the manufacture was constrained. Now the constraint is itself manufactured.

Student. Yes. I concede that, and I think it is the genuine weak point of the essay, so let me try to say what survives rather than pretend it does not bite. The constraint is constructed, but it is not therefore arbitrary, and the difference is the place I should have built out more. The hypothetical honest process is constrained by things that are not up for negotiation: the metadata that does or does not exist, the system logs, the retention policy that was or was not followed, the timestamps. When parties argue about the honest counterfactual, they argue with those fixed materials as evidence. So the regress does not run forever. It bottoms out in artifacts that are themselves constructed, inscriptions again, but constructed under tighter constraint and harder to bend. The honesty of a construction is judged by other, more tightly constrained constructions. That is weaker than my essay implied, and it is, I think, the true shape of it.

Tutor. That is the most honest thing you have said all hour, and it is worth more than the essay’s tidy ending. Last challenge, and it goes to your method rather than your case. You split “truth” into correspondence truth and forensic truth and then assigned discovery the one it happens to be able to satisfy. That is a convenient division. How do I know you have not simply defined the word so your conclusion was guaranteed before you began?

Student. Because the distinction is older than the question and was not built for it. The gap between what is the case and what can be established to a standard runs through epistemology, through the law of evidence, through the difference between a fact and a finding of fact. Courts already act on it every time they instruct a jury that an acquittal is not a declaration of innocence but a failure to establish guilt to a standard. I did not invent the two senses to win. I pointed at a distinction the law already lives by and showed that discovery sits on the far side of it. If anything, the rigged move would be the realist’s, who needs the two senses collapsed so that a found record can pass for a recovered past.

Tutor. I will let you have that one. Here is where you actually stand. The strong thesis holds: the record is underdetermined by the facts, and your custodian example earns it. The spoliation defense half holds, and you were right to concede that the constraint is itself a construction. Your task now is the regress you opened and did not close: if the honesty of a construction is judged only by other constructions, what stops the whole edifice from floating free of the past entirely? You gave me the beginning of an answer, the tightly constrained artifacts at the bottom. I am not yet persuaded the bottom is solid. That is next week’s seed, and it is the right seed, because it is the question your own argument forced open.

Tutor. For week two the proposition is that relevance is not discovered but decided. Do not let it become a restatement of this week. The new claim is about authority, about who gets to decide and what disciplines the decision, and I will be watching for whether you can keep the decider honest without smuggling the brute past back in through a side door to do the work for you.

Tutorial two, Hilary, week two: “Privacy is not a right but a contextual norm.”

Explainer

This Hilary example turns on conceptual analysis rather than evidence or machines: a contest between two definitions of privacy and a test for deciding which is right. The proposition denies that privacy is a freestanding right with fixed content and recasts it as a contextual norm about the appropriate flow of information, Helen Nissenbaum’s contextual integrity, with the legal right as that norm hardened for enforcement. The interrogation drives at the thesis’s two pressure points: whether a contextual norm can condemn a normalized surveillance regime without collapsing into “whatever people already do,” and whether the account is falsifiable or merely absorbs every case as confirmation. Watch the falsification condition the student is forced to supply, and the concession that the contextual norm rescues less from the powerful than it first claimed.

The essay

A model essay, followed by the tutor’s interrogation. This one turns on conceptual analysis rather than evidence or machines: a contest between two definitions of privacy and a test for telling which one is right. Watch the falsification condition the student is forced to supply, and the concession that the contextual norm rescues less from the powerful than it first claims.

Privacy talk is dominated by the language of rights, and the language is doing less work than it appears to. We say people have a right to privacy the way we say they have a right to free speech or a fair trial, as though privacy were a fixed possession that the law recognizes and the powerful occasionally trample. I want to argue that this picture is backwards. Privacy is not a freestanding right with content of its own. It is a contextual norm about the appropriate flow of information, and the legal right we invoke is that norm hardened into an enforceable claim. The right is real and useful, but it is downstream. The norm is what does the work, and seeing this changes what we should examine when we ask whether privacy has been violated.

Let me state the opposing view as strongly as it deserves, because it has the founding texts and most of the intuitions on its side. In 1890 Warren and Brandeis named privacy “the right to be let alone,” a right against the world, prior to and independent of any particular setting. The European tradition went further and made privacy and data protection fundamental rights, enshrined in the Charter and elaborated through the GDPR. The intuition beneath all of this is that a right is valuable precisely because it resists context. A right you hold only when the surrounding circumstances happen to permit it is no right at all. Picture a workplace that has normalized total surveillance, every keystroke logged, every room watched. The rights view says the worker still has privacy that is being violated, and it says so exactly because the right stands above the context that has eroded it. To call privacy a mere contextual norm, the objection runs, is to hand the victim’s protection to the very context that is crushing them. This is the case to beat, and it is a serious one.

It can be met, but only by asking a question the rights view cannot answer on its own terms: what does the right protect, and when is it breached? Consider a single piece of information, your medical diagnosis. Your doctor shares it with a specialist, and nothing has gone wrong. The same doctor shares it with your employer, and something has gone badly wrong. The information is identical in both cases. What differs is the context of the flow, the norms that govern what may move from whom to whom and for what purpose. Helen Nissenbaum’s account of contextual integrity captures this exactly: privacy is the appropriate flow of personal information relative to the norms of the context in which it sits, the medical context, the context of friendship, the commercial context, each with its own settled expectations about what flows are fitting. The bare right to be let alone cannot, by itself, tell the appropriate sharing from the inappropriate one. Every time we apply the right, we are making a prior judgment about which flow is appropriate here, and that judgment is the contextual norm. The right does not generate the answer. The norm does, and the right is the name we give to enforcing it.

This exposes the buried premise of the rights view, which is that privacy has context-independent content. It does not. Even “the right to be let alone” smuggles a context in through the back door. It assumes the private sphere, the home, the sealed letter, the closed door, settings in which being let alone is the operative norm. Move the same person into a public protest or a witness box and the claim to be let alone evaporates, not because their right was suspended but because the context never granted it in the first place. Daniel Solove makes the structural version of this point: privacy is not one thing with a single essence but a family of related protections against surveillance, against disclosure, against aggregation, against intrusion, each of them bound to the settings that give it meaning. The long search for the one right with fixed content has failed because there is no such thing to find.

Here I have to refuse the conclusion the rights theorist fears I am heading toward, because refusing it is what keeps the argument honest. The fear was that calling privacy a norm leaves the surveilled worker unprotected, since the norm of a total-surveillance workplace just is total surveillance. The answer is that a contextual norm is not the same as a prevailing practice. The norm that governs a context is not whatever people have come to do there. It is the flow that is appropriate given the purposes and values that make the context the kind of context it is. Employment is an exchange of labor for pay, not a total claim on the person, and the appropriate information flows are the ones that serve that exchange. A workplace that has normalized total surveillance violates the norm of the employment context even when everyone has been worn down into accepting it, because the standard is set by the legitimate purposes of the relationship and not by what the stronger party has managed to impose. This is the move that rescues the contextual account from mere conventionalism. The norm is normative, not descriptive, and so it can condemn a normalized regime, which is the very thing the rights view insisted only a right could do.

Now let me give the right its due, because I am relocating it, not abolishing it. Law needs rights as instruments. They are blunt, portable, court-enforceable claims, and they exist precisely because adjudicating contextual appropriateness from scratch in every dispute would be slow and would favor the party with the deeper pockets. The right is a useful hardening of the norm into a fixed-looking claim that lets a data subject bring an action without first reconstructing the entire architecture of contextual expectation. But it inherits its content from the norm beneath it. Watch what courts and regulators actually do when privacy is contested. The GDPR’s legitimate-interests basis asks whether a processing purpose outweighs the interests of the data subject. The right to be forgotten weighs erasure against the public interest in the information remaining available. These are contextual-integrity judgments conducted in the vocabulary of rights. The word on the page is right. The reasoning underneath is appropriate flow.

I should hold the empirical claim apart from the normative one. Empirically, privacy disputes are in fact resolved by contextual judgments about appropriate flow, and the case law shows it whatever language the statutes use. Normatively, the rights framing can actively mislead. It encourages the belief that there is a fixed object called private information and that more individual control always means more privacy. Both are false. The same datum is private in one context and public in another, so private information is a category error when stated without a setting. And appropriate flow sometimes requires sharing rather than withholding: the doctor who refuses to tell the specialist is not protecting your privacy but failing the norm of the medical context. The practical payoff of the contextual view is that it redirects the analyst to the right question. Not is this private information, and not did the individual consent, but is this flow, in this context, appropriate to the purposes that make the context what it is.

Let me fix the scope and name what would change my mind. The claim is about what privacy is and how privacy violations are best analyzed in information governance and data protection, the settings this publication lives in. It is not a claim that legal rights to privacy should be repealed. The opposite: they should be understood, so that they are applied to track the norms they encode rather than drifting into a fixed-content fiction. As for falsification, if there were a class of privacy violations that could be identified and adjudicated from the nature of the information alone, with no reference to who is sending it to whom and for what, the contextual thesis would weaken. Intimate bodily information is the obvious candidate, and it feels context-independent. But even there the violation tracks the flow. A clinician may see what a stranger may not, and what makes the stranger’s view a violation is the inappropriate flow, not an intrinsic property of the data. The feeling of context-independence is an artifact of the fact that, for intimate information, the inappropriate contexts vastly outnumber the appropriate ones, so the context drops out of view. The claim is testable against such cases, and that is where a critic should push.

So the proposition holds. Privacy is not a freestanding right with fixed content. It is a contextual norm about the appropriate flow of information, and the legal right is that norm hardened for enforcement. Recognizing this does not weaken privacy or hand the individual to the mob. It tells the data subject, the regulator, and the engineer where to actually look. Not at whether information is private in the abstract, and not at whether a consent box was ticked, but at whether this flow, in this context, serves the purposes that give the context its point. The right is the hammer. The norm is what tells you where to strike.

The interrogation

Tutor. A confident essay, and a more slippery thesis than it looks, so I will be blunt with it. Begin with the case you said you had to beat and then beat too quickly. The total-surveillance workplace. On your account the norm of a context is set by the context, but in that workplace the context now is total surveillance. Everyone logs everything, the expectation is settled. By your own definition the appropriate flow just is total surveillance, and the worker has no complaint. You have defined the victim out of existence. Answer it.

Student. Only if the norm of a context is whatever people there have come to do, and that is exactly the equation I deny. The norm is not the prevailing practice. It is the flow appropriate to the purposes that make the context what it is. Employment is an exchange of labor for pay. The flows appropriate to it are the ones that serve that exchange, attendance, output, conduct that bears on the work. Total surveillance exceeds those purposes, so it violates the norm of employment even when the practice has hardened into the expected. The worker’s complaint survives because the standard is the purpose, not the practice.

Tutor. Neat, but you have only moved the problem. Who fixes the legitimate purposes of employment? The employer will say productivity requires total visibility, and now we are arguing about purposes instead of practices, with the same powerful party defining the terms. You promised an escape from conventionalism and delivered a regress.

Student. I concede part of that, and I want to concede it cleanly rather than paper over it. The purposes are contestable, and the powerful do try to define them. But they are not infinitely up for grabs, and that is the whole of the difference. A context has a point that constrains what can count as its purpose. Employment is an exchange, not ownership of the person. You can argue at the margin about whether monitoring output requires monitoring keystrokes, but you cannot, without changing the subject, claim that the purpose of employment is the total transparency of the employee’s life, because that is not what employment is. The foothold is the nature of the context, and it is narrower than practice even if it is wider than I would like. That is weaker than my essay’s confident tone, and it is the honest version.

Tutor. Now the move I have been waiting for. Your bold claim was that privacy is not a right but a contextual norm. Then halfway through you let the right back in as the enforcement layer, the norm hardened into a claim. So privacy is a right after all, one with contextual content. Have you defended anything bold, or retreated to a truism nobody disputes, that rights need content?

Student. The bold claim is intact, and the distinction is the reason. The rights view does not say merely that rights need content. It says privacy has content of its own, context-independent, that the law then recognizes, the right to be let alone as a fixed thing. My claim is that the right has no content of its own at all. It is parasitic. Strip away the contextual norm and there is nothing left for the right to protect, no fact of the matter about what being let alone requires until a context supplies it. That is not the truism that rights need content. It is the stronger claim that this right is downstream of something prior, and the rights theorist denies exactly that.

Tutor. Then take the counterexample that should break you. Intimate bodily information. A stranger reads your diagnosis. That is a violation, and it feels like a violation of the information itself, no context required. The datum is private, full stop.

Student. It feels that way, and the feeling is explicable on my account rather than against it. Even there the violation tracks the flow. The clinician may read the diagnosis and commits no violation. The stranger reads the same words and does. If privacy were a property of the information itself, the clinician would violate it too. What makes the stranger’s reading wrong is the inappropriate flow, the wrong recipient for that information in that context. Intimate data feels context-free only because, for it, almost every context is one in which the flow would be inappropriate. The exceptions are few, so the context drops out of view. Rare exceptions are still exceptions, and they are fatal to the intrinsic reading.

Tutor. That is exactly the answer I distrust. You have explained away the counterexample by saying the context was implicit. You can do that to anything. Is your thesis falsifiable at all, or have you built a machine that absorbs every case as confirmation?

Student. Fair, and I owe you the falsification condition rather than another absorption. Here it is. Produce a privacy violation that can be identified and adjudicated from the nature of the information alone, with no reference to who sent it, to whom, or for what purpose. Not one where the context is implicit and I wave at it, but one where specifying the flow does no work, where the verdict is the same across every sender, recipient, and purpose. If such a class exists, my thesis fails, because it claims the flow always does work. I have not found one that survives, intimate information included, because in every case I can flip the verdict by changing the recipient. But the test is real, and it is the place to attack me. If you can name one, I lose.

Tutor. I will hold that over you. Now the question that decides whether any of this matters. A data protection officer has to rule tomorrow on whether a flow is lawful. Your framework tells her to ask whether the flow is appropriate to the context’s purposes. That is either the legitimate-interests balancing she already runs under the GDPR, in which case you have renamed her job, or it is vaguer than the statute she has. What does your account give her that “is this personal data, and did the subject consent” does not?

Student. It gives her the right two questions in place of two wrong ones. “Is this personal data” invites a yes or no about a category, but the same datum is appropriate to share in one context and not another, so the category answer does not settle the case and she ends up importing context anyway, unacknowledged. “Did the subject consent” is worse, because consent neither cures an inappropriate flow nor condemns an appropriate one. You cannot consent your way into your employer reading your therapy notes, and your failure to consent does not make the specialist’s reading wrongful. So my account is not vaguer than her law. It is the reasoning her law already performs when it works, the legitimate-interests balance, named honestly. Where it departs from the statute is where the statute leans on consent and category, and there it tells her those are the parts most likely to mislead her. That is a payoff, not a relabeling.

Tutor. Last challenge, and it is about your method. You defined privacy as appropriate information flow, which is Nissenbaum’s definition, adopted whole. Did you pick the definition that makes your conclusion come out true? Why should I take contextual integrity over the right to be let alone, except that it hands you the result you wanted?

Student. Because it is the one that tracks the verdicts we actually reach, and the rival is not. Test both against the doctor and the specialist, the doctor and the employer, the worker and the logger. Contextual integrity predicts our judgments in every one. The right to be let alone cannot even distinguish the appropriate sharing from the inappropriate, because being let alone says nothing about which flows are fitting. The test of a definition of privacy is whether it accounts for our considered judgments about privacy, and on that test one definition passes and the other does not. That is not choosing the definition that wins. It is choosing the definition that works, which is the only legitimate ground for choosing one.

Tutor. Here is where you stand. The two-layer move is the keeper, the right as the enforcement of a prior norm, and you defended it against the charge that you had merely smuggled the right back in. The workplace answer holds, with the concession you were right to make, that the purposes are contestable and your foothold is the nature of the context, narrower than practice but not as firm as you first sounded. The falsification condition was the honest turn, and I will be watching whether your intimate-information answer survives a harder case than the one I gave you. What you have not closed is that regress. You located the foothold in the point of a context, but you have not shown what fixes that point when the parties disagree about it, and until you do, the powerful retain more room than your theory should allow them.

Tutor. For next week the proposition is that consent is the weakest foundation of the data economy. You leaned on it twice today, that consent neither cures nor condemns a flow, and you cannot lean on it next week. You have to defend it head on. Bring me the account of consent that survives the obvious reply, that overriding individual choice is paternalism, and do not reach for the contextual norm to do all the work again, or I will make you choose between this week’s thesis and next week’s.

Tutorial three, Trinity, week three: “Human-in-the-loop is a liability fiction, not a safety control.”

Explainer

The third example sits on contested professional ground rather than abstract epistemology, and it is the one practitioners will recognize from their own compliance programs. The proposition holds that human-in-the-loop oversight, as ordinarily deployed, routes blame rather than preventing harm. The essay builds its case on Lisanne Bainbridge’s “Ironies of Automation” and Madeleine Clare Elish’s “moral crumple zone,” then concedes its hardest counterexample, aviation, rather than dodging it, and uses the concession to sharpen the thesis into a claim about economic equilibrium. The interrogation disciplines the student’s use of a single case, Morgan v. V2X, and forces the practical question a general counsel actually faces on Monday morning. The takeaway is portable: ask not whether a human was present, but whether the human could have changed the outcome.

The essay

A model essay, followed by the tutor’s interrogation. This one sits on contested professional ground rather than abstract epistemology, so watch how the tutor refuses to let the student lean too hard on a single case, and how the strongest objection, aviation, is conceded rather than dodged and the thesis sharpened because of it.

Human-in-the-loop is asked to do two jobs that pull in opposite directions, and the tension between them is the whole of my argument. As a safety control, the loop must contain a human who can detect the system’s errors and override them. As a liability device, the loop must contain a human who can be named as the responsible party when an error gets through. My claim is that the human well-positioned for the second job is poorly positioned for the first, and that this is not an accident of bad implementation but a structural feature of how the two roles are configured. The person who is present, nominally in charge, and signing off is exactly the person best suited to absorb blame and worst suited to prevent harm. So human-in-the-loop, as it is ordinarily deployed and sold, is a liability fiction wearing the costume of a safety control, and the costume is the danger, because it persuades courts, regulators, and buyers that oversight exists where only blame-routing does.

Let me build the opposing case first, because it is genuinely strong and I do not want to win against a weak one. The proponent says human-in-the-loop is a layer, and layers reduce error even when each layer is imperfect. A pilot monitoring an autopilot has overridden it and saved an aircraft. A radiologist reviewing a model’s read has caught the false negative. A privilege reviewer has reversed a classifier’s call before a protected document went out the door. The EU AI Act’s Article 14 does not treat oversight as decorative; it requires that oversight be effective, that the human be able to understand, monitor, and intervene. The proponent’s strongest move is the charge of composition: to argue that some, or even most, human-in-the-loop deployments are hollow does not show that human-in-the-loop is a fiction, any more than bad locks show that locks are theater. A bad implementation of a good idea is a bad implementation, not a refutation of the idea. This is the position I have to beat, and beating it requires showing that the hollowness is structural rather than incidental.

The structural argument begins with an old paper that the field keeps rediscovering, Lisanne Bainbridge’s account of the ironies of automation. Her point is that automating most of a task does not leave the human’s residual monitoring role untouched; it degrades it. The human is asked to sit idle while the system runs well, then to step in with sharp judgment at the rare moment the system fails. But sustained idle monitoring is precisely the task humans are worst at, and a skill unused is a skill that decays, so the human is least practiced and least engaged exactly when their intervention matters most. Layered on top of this is automation bias, documented across decades, the tendency to over-trust automated output and to under-engage in independent verification. The two effects compound. The human in the loop is not a fresh, independent error detector applied to the system’s output. The human is a degraded, deferential monitor whose vigilance the automation itself has eroded. The proponent’s buried premise, that adding a human adds independent error-correction, is the very thing the evidence undercuts.

Now bring in the liability side, where the picture becomes sharper and, I think, harder to escape. Madeleine Clare Elish’s idea of the moral crumple zone names it exactly. In a highly automated system, the human operator absorbs the blame for failures they had little real capacity to avert, the way a car’s crumple zone absorbs force to protect what is behind it. The human-in-the-loop is structurally positioned to be the thing the system points at when it fails. This is not a side effect. It is the function the configuration performs most reliably. When the agentic system produces a bad outcome, the organization can say a qualified human reviewed and approved, and the human’s presence converts a question about the system into a question about the individual. The loop did not prevent the harm. It assigned it. That is what I mean by a liability fiction: a mechanism that produces the appearance of a safety control while functioning as a device for relocating responsibility onto a person who could not have changed the result.

This is where the threshold question that anchors this week’s reading does its work, and I want to handle the case carefully rather than lean my whole weight on it. The useful move in Morgan v. V2X is not any particular holding but the question it forces into the open: not whether a human was nominally in the loop, but whether the human exercised meaningful, independent judgment, whether the involvement crossed a threshold from label to fact. I do not want to over-read a single ruling, and the strength of my argument should not depend on a court having said exactly what I wish it said. The principle stands on its own. The right question to ask of any human-in-the-loop arrangement is not “was a human present” but “could the human have changed the outcome,” and a great deal of deployed oversight fails that question. The threshold is the place where “in the loop” stops being a description of an org chart and starts being a claim you have to prove.

I should separate the empirical claim from the normative one, because the danger lives in the seam between them. Empirically, deployed human-in-the-loop arrangements frequently do not improve safety, for the reasons Bainbridge and the automation-bias literature give, and they reliably allocate liability, for the reasons Elish gives. Normatively, this combination is worse than mere ineffectiveness, because it launders automation as oversight. An organization gets to purchase the moral and legal license of “a human checked it” without purchasing the safety that phrase implies. The fiction is not that a human was present; the human was present. The fiction is that the presence amounted to control. And a fiction that buys real license while delivering no real safety is more dangerous than honest full automation, because honest full automation at least does not let anyone pretend the danger has been managed.

I am not arguing the fully cynical line, and refusing it is what keeps the thesis honest. Human-in-the-loop can be a real safety control. It becomes one when the human has the time to engage rather than rubber-stamp, the information to judge rather than guess, the competence to evaluate the system’s output independently, the authority to override without penalty, and an incentive to look hard rather than wave through. Add one more: the system must surface its own uncertainty rather than present every output with the same confident face, because a human cannot meaningfully review what is designed to look uniformly trustworthy. Where these conditions hold, the loop is real and my proposition is false of it. The trouble is that these conditions are expensive, and worse, they are in direct conflict with the reasons organizations reach for automation in the first place. Real oversight is slow, and slowness is what automation was bought to eliminate. So the economics push, predictably and continuously, toward the cheap version of the loop, the version that is present enough to assign blame and absent enough to add no friction. The fiction is not inevitable. It is the equilibrium.

Let me fix my scope and name what would change my mind, because a thesis that cannot be falsified is a mood. My claim is about human-in-the-loop as a governance and liability arrangement in agentic and automated decision systems, with legal and security workflows as the central cases. It is not a claim about every domain. Aviation is the clearest place it may fail, and I will say so plainly: a profession that invests in pilot training, recurrent simulation, strict authority to override, and regulatory teeth has built the demanding conditions I listed, and there the human in the loop catches failures and is a genuine control. That concession does not weaken the thesis; it sharpens it. It tells you that the fiction is not a law of nature but a function of investment, and that in any domain unwilling to spend at aviation levels on the human’s competence and authority, the drift to fiction should be the default expectation. If someone showed me deployed legal or security human-in-the-loop systems that, studied honestly, caught and corrected errors at a rate that materially beat full automation across ordinary deployments, the thesis would weaken accordingly. I do not believe the evidence is there yet, but that is where it would have to be found.

So the proposition holds, and its force is practical rather than merely deflationary. Human-in-the-loop as ordinarily deployed is a liability fiction, a costume of safety draped over a mechanism for routing blame, and the right corrective is the threshold question: stop asking whether a human is in the loop and start asking whether the human could have changed the outcome. Where the honest answer is no, the human is not a control. They are a crumple zone, and calling them a safeguard is the most dangerous thing the system does.

The interrogation

Tutor. Strong essay, and a more dangerous one to defend than last week’s, because you are now making a claim that working professionals have built their compliance programs around. So I will be unkind to it. Start with the objection you flagged and then walked past too quickly. Bad locks do not prove that locks are theater. You have shown me that a lot of human-in-the-loop is hollow. The proposition says it is a fiction. Are you not generalizing from the worst deployments to the concept itself, which is the fallacy of composition?

Student. I would be, if my argument were “many deployments are bad, therefore the concept is empty.” It is not. My argument is that the two jobs the loop is asked to do pull apart by design. The configuration that makes a human good at absorbing liability, present and signing off and not slowing things down, is the same configuration that makes them bad at safety, idle and deferential and out of the loop. That is not a claim about frequency. It is a claim about structure. The hollowness is not a sample of bad locks. It is what the lock does when you build it to be cheap, and cheap is what it is for.

Tutor. Then I hand you the case that should end the hour. Aviation. Autopilot plus a trained pilot is human-in-the-loop, and pilots have demonstrably overridden automation and landed aircraft that would otherwise have been lost. That is the loop working as a safety control, in the open, with bodies counted on the saved side. Your structural claim is refuted by the clearest available example. Respond.

Student. I concede it, and I want to concede it properly rather than wriggle. Aviation is a real counterexample. The loop there is a genuine safety control. But notice what aviation spent to make it one. Recurrent simulator training, strict and protected authority to override, a regulator with teeth, a culture that drills the rare-intervention scenario precisely because Bainbridge warned that the rare intervention is the hard one. Aviation built every one of the demanding conditions I listed. So the example does not refute the thesis. It instantiates the escape clause inside it. The thesis was never that the loop cannot be a control. It was that, absent aviation-grade investment in the human’s competence and authority, it drifts to fiction. Aviation is what paying the price looks like.

Tutor. Careful, because you just moved. You opened with “human-in-the-loop is a liability fiction.” Under the aviation pressure it became “human-in-the-loop is a fiction in domains that underinvest.” The first is bold and, you now admit, false in at least one domain. The second is nearly a tautology. Of course a control you underfund fails. Which claim are you actually defending, the bold false one or the safe empty one?

Student. Neither of those, and I take the catch. The version I am defending is bolder than the tautology and survives the aviation concession. It is this: the drift to the hollow loop is not random underinvestment that a diligent organization could simply choose to avoid. It is an equilibrium that the economics actively select for. The reason real oversight is rare is that real oversight is slow, and slowness is the exact thing automation was purchased to remove. So the cheap loop is not a failure to try harder. It is the predictable resting state of any deployment where the loop’s job is to add safety without subtracting speed, which is most of them. “Underfunded controls fail” is a truism. “The function the loop is bought to serve structurally defunds the safety role and funds the liability role” is not a truism, and it is what I am defending.

Tutor. Better. Now I am going to discipline your use of the case, because I watched you lean on it and then claim you were not leaning. You built a load-bearing move out of the threshold question in Morgan v. V2X. Tell me the principle that survives if that case is reversed on appeal next year. And tell me honestly: are you confident you are describing what the court held, or what you would like it to have held?

Student. I am not confident enough to rest weight on the holding, and I tried not to, though I should have been more explicit. So let me state the principle without the case underneath it. The principle is that “in the loop” is not a fact about an organizational chart; it is a claim about causal capacity, and the only honest test of it is whether the human could have changed the outcome. That principle does not need any particular ruling to be true. If Morgan v. V2X is reversed, narrowed, or distinguished into nothing, the test still stands, because it follows from what a control is, not from what a court said. A good argument should not borrow its authority from a single case it might be misreading, and you are right that I came close to doing that. The case is the occasion for the question. It is not the warrant for the answer.

Tutor. Then face the consequence, because I think your essay flinched from it. Suppose I accept everything. A general counsel still has to deploy an agentic system on Monday. Your analysis seems to push toward removing the human, since the human adds no safety and only routes blame. But full automation removes even the fiction and the blame-routing with it. Have you argued yourself into recommending something worse?

Student. No, and this is the practical payoff, so let me be exact. The recommendation is not to remove the human. It is to stop letting the human’s presence stand in for proof of control. There are two honest positions and one dishonest one. The first honest position is to invest until the loop is real: build the competence, the authority, the time, the surfaced uncertainty, and then the human is a control and you may say so. The second honest position is to automate and own it, to say plainly that the system runs without meaningful human correction and to accept the liability and the scrutiny that honesty invites. The dishonest position is the middle, the one almost everyone occupies: claim the oversight, enjoy the license it buys, and deploy the cheap loop that cannot deliver it. My argument does not push toward removing the human. It pushes toward abolishing the comfortable middle. Either pay for the control or stop claiming it.

Tutor. One last thing, and it goes to whether you rigged the game. Your standard for a real loop had five conditions, time, information, competence, authority, incentive, plus surfaced uncertainty. Almost nothing meets a six-part test. Did you set the bar so high that your conclusion was guaranteed before you started?

Student. I would worry about that too, except the six conditions are not a wishlist I assembled to win. They are the conditions any error-correction whatsoever requires, derived rather than chosen. You cannot correct what you cannot see, so you need information. You cannot correct in time if you have no time. You cannot judge what you lack the competence to judge. You cannot override without the authority to override. You will not look hard without a reason to look. And you cannot review what is built to look uniformly confident. Strip any one of them and correction becomes impossible by definition, not by my stipulation. The conditions are demanding because real oversight is demanding. That deployments rarely meet them is the finding. It is not an artifact of the test.

Tutor. Here is where you stand. The structural thesis holds, and the equilibrium argument is the part worth keeping: you showed that the hollow loop is selected for rather than stumbled into, and that is more than the truism I tried to trap you in. The aviation concession was handled honestly and made the claim stronger, which is the mark of a real argument rather than a defended one. Your discipline on the case improved under pressure, though it should not have needed the pressure. What you have not closed, and what I want next, is the harder economic question your own equilibrium argument opened. If the fiction is the resting state because real oversight defeats the speed that justifies automation, then is meaningful human control achievable at scale at all, or only in artisanal, high-cost domains like aviation that can absorb the friction? You have shown the middle is dishonest. You have not yet shown that the first honest position is reachable for mass agentic deployment, or whether the truth is that we must usually choose the second and own the automation. That is the thread.

Tutor. For week four the proposition is that an autonomous system cannot be held to account, and an accountable system is not autonomous. Take the equilibrium you just built and carry it forward, because if real human control does not scale, the accountability gap you will be arguing about next week is not a temporary engineering shortfall. It is the permanent condition, and I will expect you to either accept that or show me the way out.

An invitation

The tutorial ends, as the real ones do, without a tidy verdict. That is the feature, not the flaw. A position worth holding is one that has survived someone who wanted it to fail, and the habit this course tries to build is the willingness to put a claim in front of that someone before publishing it, deploying it, or ruling on it.

So treat this as an invitation rather than a conclusion. Take one of the propositions and argue the side you do not believe. That discovery does not find the truth but manufactures a record. That privacy is not a right but a contextual norm. That human-in-the-loop is a liability fiction rather than a safety control. Write the essay. Defend it against your own hardest objection. Then say where it held and where it broke.

You are holding the full curriculum and three worked examples. The questions are free. The thinking is the work.

Sources and reference materials

The propositions and worked examples draw on the primary law, regulation, standards and scholarship below, cited in full. Where a freely accessible public version exists, the title or case name links to it; the remaining entries are cited in standard form.

ComplexDiscovery OÜ

• ComplexDiscovery, ComplexDiscovery OÜ (2026).
• When Agents Act: The Rule 26(f) Disclosure Threshold for Agentic AI in eDiscovery, ComplexDiscovery OÜ (2026).

Cases and judicial decisions

• Zubulake v. UBS Warburg LLC, 220 F.R.D. 212 (S.D.N.Y. 2003) (Zubulake IV); 229 F.R.D. 422 (S.D.N.Y. 2004) (Zubulake V).
• William A. Gross Construction Associates, Inc. v. American Manufacturers Mutual Insurance Co., 256 F.R.D. 134 (S.D.N.Y. 2009).
• Da Silva Moore v. Publicis Groupe, 287 F.R.D. 182 (S.D.N.Y. 2012).
• Rio Tinto PLC v. Vale S.A., 306 F.R.D. 125 (S.D.N.Y. 2015).
• Morgan v. V2X, Inc., No. 1:25-cv-01991 (D. Colo. Mar. 30, 2026).
• Google Spain SL v. Agencia Española de Protección de Datos (AEPD), Case C-131/12 (CJEU May 13, 2014).
• Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems (Schrems II), Case C-311/18 (CJEU July 16, 2020).

Statutes, regulations and rules

• Federal Rules of Civil Procedure, Rule 26(b)(1) and Rule 37(e) (2015 amendments).
• Regulation (EU) 2016/679 (General Data Protection Regulation), arts. 6, 7 and 17.
• Regulation (EU) 2024/1689 (EU Artificial Intelligence Act), art. 14 (human oversight).
• Clarifying Lawful Overseas Use of Data (CLOUD) Act, Pub. L. No. 115-141 (2018).

Standards and frameworks

• The Sedona Conference, The Sedona Principles, Third Edition; Commentary on Proportionality in Electronic Discovery; and Commentary on Information Governance.
• ARMA International, Generally Accepted Recordkeeping Principles (GARP).
• National Institute of Standards and Technology, Cybersecurity Framework.

Scholarship and commentary

• Samuel D. Warren and Louis D. Brandeis, “The Right to Privacy,” 4 Harvard Law Review 193 (1890).
• Helen Nissenbaum, Privacy in Context: Technology, Policy, and the Integrity of Social Life (Stanford University Press, 2010).
• Daniel J. Solove, Understanding Privacy (Harvard University Press, 2008).
• Lisanne Bainbridge, “Ironies of Automation,” Automatica 19, no. 6 (1983): 775-779.
• Madeleine Clare Elish, “Moral Crumple Zones: Cautionary Tales in Human-Robot Interaction,” Engaging Science, Technology, and Society 5 (2019): 40-60.
• Maura R. Grossman and Gordon V. Cormack, “Technology-Assisted Review in E-Discovery Can Be More Effective and More Efficient Than Exhaustive Manual Review,” 17 Richmond Journal of Law & Technology 11 (2011).
• Bruno Latour, Science in Action (Harvard University Press, 1987).
• Luciano Floridi, The Philosophy of Information (Oxford University Press, 2011).
• Michel Foucault, The Archaeology of Knowledge (Pantheon, 1972).
• Shoshana Zuboff, The Age of Surveillance Capitalism (PublicAffairs, 2019).
• Bruce Schneier, Click Here to Kill Everybody (W. W. Norton, 2018); Data and Goliath (W. W. Norton, 2015).
• Thomas Rid, Cyber War Will Not Take Place (Oxford University Press, 2013); Thomas Rid and Ben Buchanan, “Attributing Cyber Attacks,” Journal of Strategic Studies 38, nos. 1-2 (2015): 4-37.

Assisted by GAI and LLM Technologies

Additional reading

• Estonia aims to be first to give AI agents official digital IDs
• Parliament hits pause on high-risk AI rules and bans nudifier apps
• Europe’s AI labeling rules arrive with a voluntary code and a hard deadline
• AI is becoming an advisor, and it is rewriting how buyers find you
• What marketing confidence actually looks like
• When credibility comes first, capability sells itself: The case for news-led marketing
• The one question that reveals whether your marketing plan is actually a plan
• How Prompt Marketing Is Redefining Thought Leadership In The AI Era
• Raising The Age Ceiling: How AI Is Extending Executive Leadership
• Staying Curious: One Practical Defense Against Creative Burnout
• From Longbows To AI: Lessons In Embracing Technology
• 20 Ways Creative Professionals Battle Burnout And Find Fresh Ideas
• 14 Points For Brands To Consider Before Making Sociopolitical Statements

Source: ComplexDiscovery OÜ

ComplexDiscovery’s mission is to enable clarity for complex decisions by providing independent, data‑driven reporting, research, and commentary that make digital risk, legal technology, and regulatory change more legible for practitioners, policymakers, and business leaders.