Openism
— Designing an Organization with No Secrets

This essay is a reflection on organizational design and information disclosure. It does not advocate openism for all organizations.

1. The Inevitability of Secrets — Why Organizations Hide

Organizational secrecy is not a moral choice but a structural necessity.

Trade secrets as competitive advantage

Companies guard formulas and client lists because these are sources of competitive power. Coca-Cola's syrup recipe has remained undisclosed for over 130 years, constituting part of its market capitalization. Trade secret law provides legal protection for confidential business information and treats its leakage as criminal. Secrets are assets, and assets require management.

Information asymmetry and the duty to manage

Publicly listed companies are obligated to manage insider information. Privacy laws demand strict data governance. Physicians have a duty of confidentiality; lawyers have attorney-client privilege. As organizations grow, the volume of secrets to manage increases, and the personnel, systems, and procedures dedicated to that management expand accordingly.

Simmel's sociology of secrecy

Georg Simmel identified secrecy as a fundamental constituent of social relationships. Human relationships are structured by the asymmetry between what is known and what is not. Organizations, too, maintain their boundaries by erecting walls of information between insiders and outsiders. Without secrets, organizational borders become ambiguous.

"Secrecy is one of the greatest accomplishments of humanity... it produces an immense enlargement of life, because many of its contents could not emerge in the absence of secrecy."

— Georg Simmel, The Sociology of Secrecy and of Secret Societies (1906)

2. The Cost Structure of Secrecy — When Secrets Erode Organizations

If holding secrets is inevitable, so are their costs.

Direct costs

Information security investment, drafting and managing NDAs, deploying and operating access control systems, security audits, employee training — these are direct expenditures on maintaining secrecy. Global corporate cybersecurity spending runs into tens of billions of dollars annually. In a world without secrets, these costs would not exist.

Indirect costs — the paradox of trust

The more severe costs are indirect. Secrets breed distrust; distrust intensifies the pressure to "hide more," which generates more secrets. This cycle operates both within organizations and between organizations and society. Those who hold information hold power; information asymmetry solidifies hierarchies. Organizations divided into "those who know" and "those who don't" suffer distorted decision-making.

The cost of fragility

Secrets are predicated on being kept indefinitely. But as time passes and the number of people involved grows, the risk of leakage increases. Benjamin Franklin put it precisely: "Three may keep a secret, if two of them are dead." The cost of maintaining secrets compounds over time and eventually reaches a tipping point.

3. When Non-Disclosure Fails

Secrets do not last forever. The pattern of collapse repeats.

Whistleblowing — the structural limit of secrecy

Enron, WorldCom, Toshiba — large-scale fraud is always exposed by insiders. This is not coincidence. Maintaining a secret requires the silence of every person involved, but as their number grows, so does the probability that someone will choose to speak. Whistleblowing is not a failure of the system — it is a manifestation of secrecy's structural limitation.

Information leaks — the irreversibility of the digital age

The Panama Papers comprised 2.6 terabytes. The Snowden revelations involved millions of classified documents. Digitization has reduced the cost of copying secrets to zero. Mass leaks that were physically difficult in the paper era became possible with a single USB drive. The moment information is digitized, secrecy becomes structurally unstable.

The secondary damage of "having hidden"

Notably, the fact that something was hidden often inflicts more damage than the content of the hidden information itself. In corporate scandals, what destroys trust most thoroughly is not the misconduct but the cover-up. This pattern demonstrates that non-disclosure is itself a risk.

"An organization that holds secrets bears a double risk: the risk that the secret will leak, and the risk that having held a secret will be discovered."

4. The Third Option — Structural Openness by Design

The choice is not binary between "guarding secrets" and "secrets being leaked." There is a third option: having no secrets to begin with.

The open source proof

In 1991, Linus Torvalds released the Linux kernel to the public. It was an experiment that upended the assumption that source code should be hidden. The result: Linux now runs on 96% of the world's servers, 72% of smartphones, and 100% of supercomputers. Eric Raymond analyzed this in The Cathedral and the Bazaar. The intuition that secrecy produces higher quality was, at least in software, refuted.

Precedents in radical transparency

Ray Dalio, founder of Bridgewater Associates, introduced "principled transparency" — recording all meetings and making them accessible to all employees. Buffer publishes every employee's salary publicly. Patagonia discloses its entire supply chain at every stage. These are prior experiments in making "not hiding" an organizational architecture. All of them are commercially viable.

The difference between "choosing not to hide" and "unable to hide"

Here lies a crucial distinction. "Choosing not to hide" is an act of will, and will can change. When leadership changes, the policy can reverse. "Unable to hide" is a structure, and structure is independent of will. For openism to be sustainable, it must be designed at the structural level, not the policy level.

5. Engraving QR on Quartz — The Physical Implementation of Openness

Toki Storage engraves QR codes on quartz glass. In that single sentence, the structure of openism is condensed.

QR codes — "readable by anyone" as a design choice

QR is not a proprietary format. It is an international standard under ISO/IEC 18004, an open specification. Point a smartphone camera at it and anyone can access its contents. No dedicated reader, no password, no permission required. By choosing a format that assumes records will be read, secrecy becomes structurally impossible.

Quartz — a material that cannot be concealed

Fused quartz is stable on geological timescales. It does not degrade like paper, demagnetize like tape, or lose power like a server. This permanence eliminates even temporal concealment — the possibility that records will eventually become unreadable. A thousand years from now, that QR code will still be scannable. Engraving an open format on an indestructible material — this is the physical implementation of openism.

The choice not to encrypt

Encryption could make records secret. But Toki Storage chose a design that does not assume encryption. Encryption requires key management, and key management generates new secrets. From an openist perspective, encryption reintroduces the cost structure of secrecy. Only records that one is prepared to have seen are engraved — and this constraint itself confronts the recorder with a fundamental question: what is truly worth preserving?

6. Organizational Openism — Operating at Zero Secrets

What happens when not just the product but the organization itself is designed around openism?

Publishing the code

Toki Storage's source code is public on GitHub. The website's structure, deployment mechanism, update history — all are externally verifiable. Anyone can read the code to confirm "does this site really work the way they say?" If there are bugs, they'll be found. That's fine.

Self-disclosing concerns

We identified 37 concerns people might have about this service and published them ourselves. "Is this a scam?" "Are they exploiting emotions?" "Will it really last 1,000 years?" — questions organizations normally avoid addressing until forced by external criticism. Self-disclosure of weaknesses is a natural act for an organization with nothing to hide. If there are no secrets, there is no reason to fear questions.

The "Is This Right for You?" page

We do not say "this is right for everyone." Instead, we explicitly state "this may not be right for you" and provide a page honestly telling people when we're not the right fit. This contradicts revenue maximization. But for an openist organization, the cost of selling to someone who doesn't fit exceeds the cost of honestly declining. A relationship without secrets can only begin with honesty from the start.

The disappearance of management overhead

Through all of this design, something interesting happens. No NDAs to manage. No information access tiers to architect. No meetings debating "how much should we disclose." Resources that would have been spent managing secrets are redirected entirely toward the core mission — preserving records, protecting expression. Openism is also an organizational design that reduces management overhead to zero.

7. The Nature of Social Experimentation

Whether the openism described above actually works is unknown. But "not knowing" itself has value.

The hypothesis

An organization that structurally eliminates secrets can be freed from the costs of managing them, avoid the risk of secrets collapsing, and build trust more efficiently — this is the hypothesis of openism. This hypothesis is being tested in the real world through the operation of a single organization called Toki Storage.

Falsifiability

Scenarios in which openism collapses are clearly identifiable. Competitors could copy the code and offer a cheaper alternative. Bad actors could exploit public information. Complete transparency could chill decision-making. We are not denying these risks. We are experimenting with full awareness of them. If it fails, the insight "openism has limits" remains. That, too, is a contribution to society.

Why we call it "social experimentation"

Ordinary business activity is not designed to test hypotheses. But Toki Storage's openism is structured to generate knowledge regardless of the outcome. If it succeeds, it becomes precedent that "an organization can exist without secrets." If it fails, it becomes data on "under what conditions does openism break down." The record of what happens when non-disclosure ceases to hold — that record itself possesses the nature of social experimentation.

"An experiment is conducted not to prove success, but to test a hypothesis. If knowledge is gained regardless of the result, it is a good experiment."

8. The Limits of Openism, Honestly

We have no intention of presenting openism as a universal solution.

It cannot apply to every organization

National security, medical records, personal privacy — there are domains where secrecy is legitimate and necessary. Openism is an option for organizations that have no need to hold secrets. It is not a universal prescription.

The vulnerability of openism itself

An organization where everything is public is an organization where everything is attackable. Code vulnerabilities, business weaknesses, the full scope of strategy — visibility works in favor of malicious third parties as well. Choosing openism means accepting this vulnerability.

Why we choose it anyway

The cost of managing secrets versus the cost of having none. Toki Storage weighed this balance and chose the latter. This is a calculation, not a creed. If circumstances change, the judgment may change too. But the QR codes engraved on quartz will not change. Physically irreversible openness disciplines the organization's own decisions.

Conclusion — Let the Structure Speak

Organizations generate secrets. Secrets generate management. Management generates overhead. This chain is a given condition for most organizations, and there is nothing inherently good or evil about it.

But "a given condition" is not "the only condition." A design that structurally holds no secrets is possible, and at least one organization is running that experiment.

The act of engraving QR codes on quartz contains no declaration of philosophy. There is only structure — an open format, on an indestructible material, recorded irreversibly. We do not say "trust us." We say "read it and verify for yourself."

Openism is not a creed but an architecture. We adopted it not because it is righteous, but because we judged this structure to be the best fit for what we do. Whether that judgment was correct will be proven by time. A thousand years of it.