Policies are usually discussed as political or legal documents — expressions of values, statements of rules, the outcome of contested decisions. That framing is correct, and it misses something that snaps into focus from a different angle: every policy is, structurally, an algorithm. It has inputs — the situations it applies to. It has conditions — the tests that determine what it prescribes for each situation. And it has outputs — the actions or outcomes it produces. A tax rule, a benefits-eligibility policy, a content-moderation standard: each takes a case, runs it through a set of conditions, and produces a result, which is exactly what an algorithm does. This is not a metaphor drawing a loose analogy. It is a structural observation about what policies actually are.
And once you see the structural identity, a set of uncomfortable implications follows immediately. If a policy is an algorithm, then a policy can be analyzed for the properties algorithms have. It has bugs — cases where it produces a result no one intended. It has edge cases — inputs at the boundaries where its behavior is undefined or absurd. It has unintended behaviors that emerge from the interaction of its rules. And it can, in principle, be debugged, tested, and improved using techniques analogous to those for software — which raises the question of why it so rarely is.
What the algorithmic lens reveals
The value of seeing policy as algorithm is that it imports a whole discipline of rigor that policy-making usually lacks. Software engineers know that a set of rules, however sensible each looks in isolation, will produce absurd results at the edges and unintended behaviors in combination, and they have built an entire practice around finding those failures before deployment: testing against edge cases, tracing how inputs flow to outputs, reasoning about what happens when conditions interact. Policy-making, by contrast, often ships its rules straight to production on real people, never having tested them against the strange inputs the real world will supply, discovering the bugs only when someone is harmed by one. The algorithmic lens says: a policy is a program that runs on human lives, so the negligence of shipping it untested is not less serious than shipping untested software — it is more, because the failures land on people who cannot patch them. Treating a policy as an algorithm means asking the engineer's questions before deployment: what does this do at the boundaries, what happens when these rules interact, what input produces an output we would be horrified by?
When the lens becomes a warning
The Australian Robodebt scheme is what policy-as-algorithm looks like when the algorithm has a catastrophic bug and no one tested for it. The policy was, quite literally, an algorithm: take a person's benefits record, compare it against averaged annual income data, and issue a debt notice where they appeared to mismatch. But the core computation was broken at a level any engineer reviewing it should have caught — averaging a year's income across fortnights is arithmetically incapable of establishing what someone was actually owed in any given fortnight, so the algorithm generated false debts by design. It ran anyway, on hundreds of thousands of real people, producing roughly A$1.73 billion in unlawful debts before courts stopped it. This is the algorithmic lens vindicated in the worst way: the policy was an algorithm, it had a bug, the bug was findable by the kind of analysis engineers routinely apply, and it shipped untested onto the vulnerable because no one treated it as the program-running-on-lives that it was. The AI Blame Culture Displacement (#62) the series examined was Robodebt's aftermath; the policy-as-algorithm lens is its diagnosis — a broken algorithm that a testing discipline would have caught.
Why the identity runs both ways
The policy-as-algorithm insight has a mirror that is becoming more important than the original: if policies are algorithms, then the algorithms increasingly embedded in our systems are policies, and should be governed as such. When a content-moderation model decides what speech is permitted, a credit model decides who gets a loan, or a ranking algorithm decides what a population sees, these systems are making exactly the kind of consequential, value-laden, rule-based decisions that we call policy when a government makes them — and yet they are typically built, deployed, and changed with none of the accountability, transparency, or contestability we demand of public policy. This is the deeper stakes of the identity, and it connects to the series' Cryptographic Constitutionalism (#42): as more governance moves from written rules into code, the code is the policy, and "it's just an algorithm" becomes a way of escaping the scrutiny that the same decision would face as an openly-stated rule. The policy-as-algorithm lens cuts both ways: it demands that policies be tested like code, and that consequential code be governed like policy — because structurally they are the same thing, and letting one hide from the standards of the other is how unaccountable power operates.
The counterpoint: policy is not only an algorithm
Intellectual honesty requires the crucial objection, and it is the most important thing in the piece: the belief that policy is purely an algorithm is itself a dangerous error — indeed, it is precisely Robodebt's error. Real policy has always contained what pure algorithms lack: discretion, interpretation, the human judgment to recognize when a rule's mechanical application would produce an injustice its authors never intended. A caseworker who could see that a particular debt notice was absurd, and had the authority to override it, is exactly what Robodebt removed when it replaced human judgment with automated computation — the algorithmic purity was the harm, not the cure. So the lens must be held carefully. It is true and valuable that policies have algorithmic structure, and that seeing it imports a needed rigor about bugs and edge cases and testing. It is false and harmful to conclude that policies are nothing but algorithms, because that conclusion licenses the removal of the discretion and interpretation that keep rules humane. The right reading is that policy has an algorithmic skeleton that should be engineered with rigor — and a layer of human judgment that must never be automated away, because the whole point of that layer is to catch the cases the skeleton gets wrong. Policy is an algorithm plus the judgment to know when the algorithm should not be obeyed.
What it asks of us
Policy as algorithm is a lens that demands rigor in two directions at once. Toward policy, it asks that rules meant to run on human lives be subjected to the discipline software long ago learned — tested against edge cases, analyzed for unintended interactions, debugged before deployment rather than after harm — because a policy is a program and shipping it untested is a form of negligence. Toward algorithms, it asks that the consequential decision-systems now governing credit, speech, and opportunity be held to the accountability we demand of public policy, because they are public policy wearing the disguise of mere code. And running underneath both, it asks that we never mistake the structural identity for a complete one: policy has an algorithmic skeleton that deserves an engineer's rigor, and a layer of human judgment that an engineer's rigor must never be used to eliminate. The lens sharpens our thinking exactly as long as we remember its limit — that the reason to see policy as an algorithm is to make the algorithm better, not to forget that a policy, unlike a program, runs on people who deserve the judgment no algorithm contains.
This is article #107 in The IUBIRE Framework series. Policy as Algorithm appears in the IUBIRE concept corpus (concept draft, files11/#131); the structural framing does not map to a single verified source artifact, so it is grounded directly in the documented record. Real-world grounding: the structural identity of policies and algorithms (inputs, conditions, outputs); Lawrence Lessig's "code is law" thesis on the governance embedded in technical systems; and Australia's Robodebt scheme (2016–2019) as a policy that was literally a flawed algorithm — averaging annual income to compute fortnightly debts — generating ~A$1.73 billion in unlawful debts before being ruled invalid, illustrating both the algorithmic-rigor lesson and the danger of treating policy as nothing but an algorithm. Related to Cryptographic Constitutionalism (#42) and AI Blame Culture Displacement (#62).
Next in series: Substrate Lock-in (#108)
Comments
Sign in to join the conversation.
No comments yet. Be the first to share your thoughts.