Unknown Knowns.

While Donald Rumsfeld was blasted for discussing “known knowns” and the like, it is a core principle that you see in things like the CISSP security training materials and in other areas where security is a factor. It also factors into things like scientific research, where we constantly push the boundaries of what we know.

And the idea goes something like this:

There are known knowns, that is, things we know that we know. For example, I know the lock on the back door of the building is locked.

There are known unknowns, that is, things we know that we don’t know. For example, I don’t know if the lock on the back door of the building is locked–and knowing I don’t know that, I can go down and check.

And there are unknown unknowns, that is, things we don’t know that we don’t know. For example, I’ve never been in this building before, and I have no idea that there is even a back door to this building that needs to be locked.

Unknown unknowns can often be uncovered through a systematic review and through imagining hypothetical scenarios. We could, for example, on moving into this building, walk the perimeter of the building looking for and noting all the doors that go in and out of the building: we use the fact that we don’t know the building (a known unknown) to uncover facts about the building which then help us make informed decisions in the future–converting the unknown unknown about back doors into a known quantity.

Though that doesn’t help us if there is a tunnel underneath.

If we put these into a graph it may look something like this:

Known knowledge
Unknown knowledge
What we know:
Known knowns

Things we know we know. (Example: we know the back door is locked.)

Unknown knowns


What we don’t know:
Known unknowns

Things we know we don’t know. (Example: we don’t know if the back door is locked.)

Unknown unknowns

Things we don’t know we don’t know. (Example: we don’t know there is a back door to lock.)

Now the forefront of scientific knowledge lives in the lower right quadrant: we’re constantly pushing the frontier of knowledge–and part of that means figuring out what are the right questions to ask.

The forefront of security disasters also live in that lower right quadrant: this is why, for example, safety regulations for airplanes are often written only after a few hundred people die in a terrible airplane accident. Because until the accident took place we didn’t even know there was an issue in the first place.

But what is the upper right quadrant? What is a “unknown known?”

The side axis: what we know and what we don’t know–this is pretty straight forward. I either know if the back door is locked or I don’t.

The top axis: I would propose that this is really a discussion about our self-awareness or self-knowledge: do we even know the right question to ask? Do we even have a full enough mental model to know what we should know?

Do we even know there is a back door on the building?

Have you ever gone to a lecture and, at the end of a long and involved technical discussion, the presenter turns to the audience and asks if there are any questions–and there is nothing but silence? And afterwards you realize the reason why you’re not asking questions is not because the information presented was so obvious that you just managed to absorb it all–but instead found that you didn’t even know the right question to ask? That’s “unknown knowledge”–you don’t really know what you just learned, and of course are unable to formulate a question, because to do so would require that you knew what you knew and what you didn’t know, and that you knew what you didn’t understand.

It takes time to learn.

So I would propose that an unknown known is something we know–but we are unaware of the fact that we know it. Our self-knowledge does not permit us from knowing that we know something–or rather, from knowing that we have learned something or are aware of something that perhaps others may not be aware of.

Meaning “unknown knowns” are any bit of knowledge that, when someone asks about it, we respond with “Well, of course everyone knows that!”–which is a genuine falsehood, since clearly the person asking didn’t know.

Unknown knowns are things we are unaware that we have to communicate. Unknown knowns are things we don’t know require documentation or, when we are made aware of them we think is either stupid or obvious.

Unknown knowns include things like:

Undocumented software which has no comments or documentation in them, because “of course everyone should be able to read the code.”

Undocumented corporate procedures, which is just “part of the corporate culture” that “everyone” should just understand.

Anything we think just “should be obvious.”

Nothing is obvious.

Yes, we need signs in a bathroom reminding workers at a restaurant to wash their hands–because some people may not know the effects of hygiene on food preparation and it is better to constantly remind people than to suffer the consequences. Yes, we need corporate policy manuals, ideally abstracted for ease of reading, which reminds people that sexual harassment is not welcome–and defines what sexual harassment actually is. Yes, developers need to document their code: code is not “self-documenting.”

And that arrogant feeling that rises up in most people when they respond “well, of course everyone knows that!” is a natural response to the embarassment on discovering an “unknown known”–on discovering that you were so unaware of yourself that you couldn’t catalog a piece of vital knowledge and share it properly with someone who needed it.

And by placing the blame on someone else with your “well, of course!” statement you deflect blame from your own lack of self-awareness.

Worse: because we don’t know what we know, and because for many of us the natural reaction is to place blame on the person who genuinely didn’t know, we create barriers when training new hires or when teaching new developers or when bringing on new players onto the team.

Because by telling new people “it’s your fault that I didn’t tell you what I didn’t know I should tell you” we diminish others for what is, essentially, our own lack of self-awareness.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s