The Stuff of Bits and the Materiality of Machine Intelligence
Paul Dourish's The Stuff of Bits is a necessary correction to the idea that information is weightless. It shows why AI systems should be read through formats, infrastructures, databases, protocols, and the material arrangements that make data actionable.
Here, material information means data as an arrangement: representation, storage, standards, interfaces, labor, energy, permission, and institutional use combined into something a machine can process and an organization can trust enough to act on.
The review's practical claim is simple: an AI system is not only a model plus output. It is a chain of formatted records, compute, contracts, connectors, logs, credentials, cooling, workers, standards, and organizational decisions that make some realities executable and others hard to see. The materiality test is to name what was captured, normalized, transformed, indexed, retained, permissioned, powered, cooled, logged, and made appealable before treating an AI output as knowledge.
The Book
The Stuff of Bits: An Essay on the Materialities of Information was published by The MIT Press. MIT Press lists Paul Dourish as the author, the hardcover ISBN as 9780262036207, the hardcover publication date as May 5, 2017, the ebook ISBN as 9780262340137, and the paperback ISBN as 9780262546522 with a November 1, 2022 publication date. Amazon lists the hardcover product at the ISBN-10 path 0262036207. UC Irvine's faculty profile for Dourish also lists the book as a 2017 MIT Press publication.
The book studies four cases: emulation, spreadsheets, relational databases, and networking protocols. That list may sound modest beside today's artificial intelligence platforms. It is not. Dourish is asking how digital objects become workable, interpretable, portable, and authoritative. AI systems depend on exactly those prior arrangements.
Current Context
As of June 25, 2026, the materiality of information is no longer an abstract theory claim. The International Energy Agency's 2026 update reports that global data-center electricity demand grew 17 percent in 2025, while electricity consumption from AI-focused data centers grew 50 percent. Its central projection has data-center electricity use roughly doubling from 485 TWh in 2025 to 950 TWh in 2030. In the United States, the Department of Energy's summary of the 2024 Lawrence Berkeley National Laboratory report says data centers used 176 TWh in 2023, about 4.4 percent of total U.S. electricity, and could reach 325 to 580 TWh by 2028. These are aggregate and scenario-level figures, not per-query proof and not a footprint for every deployment; they show why materiality has to include location, load shape, cooling, water, cost allocation, and public infrastructure.
That energy context is only the most visible layer. NIST's AI Risk Management Framework Core treats AI risk as a lifecycle problem and asks organizations to govern, map, measure, and manage systems, including third-party software, hardware, and data. The W3C PROV overview defines provenance around the entities, activities, and people involved in producing data or things. The EU AI Act requires logging capabilities for high-risk systems and information that lets deployers interpret and use those systems appropriately. Dourish's older argument has become a current governance demand: before trusting an AI output, inspect the material chain that made the output possible.
The security context points the same way. The 2025 joint AI Data Security guidance from NSA, CISA, FBI, and international partners treats data supply chains, malicious modification, and data drift as lifecycle risks. It recommends reliable data sourcing, provenance tracking, integrity checks, signed revisions, and trusted infrastructure. In Dourish's terms, the "stuff" of AI is not decorative background. It is where trust can be built, lost, poisoned, or made impossible to audit.
Information Has Arrangements
The book's central discipline is to stop treating information as a ghost that floats above machines. Bits are not magic dust. They have formats, addresses, schemas, dependencies, timing constraints, interface expectations, storage media, labor histories, and institutional uses. A spreadsheet cell, database row, packet header, or emulated machine is not merely a vessel for meaning. It changes what can be represented, moved, queried, preserved, and acted on.
A useful definition has four layers. Representational materiality asks what can be encoded: fields, schemas, tokens, labels, formats, and metadata. Operational materiality asks what can be done: storage, compute, networks, APIs, credentials, logs, latency, and failure modes. Institutional materiality asks who may rely on the record: contracts, standards, policies, audits, retention, and legal duties. Environmental materiality asks what the system consumes or displaces: electricity, water, land, hardware, workers, local infrastructure, and maintenance capacity. The four-layer definition becomes an audit question: can the system name its representation boundary, action surface, dependency ledger, and environmental burden?
This matters because so many AI stories begin too late. They begin with the model, the prompt, the benchmark, or the chatbot screen. Dourish sends attention backward into the substrate: what had to become countable, fileable, routable, table-shaped, and machine-readable before the system could appear intelligent?
The practical consequence is that representation is already governance. A form field, tokenization rule, database schema, API permission, image format, retention policy, or network protocol does not merely support a later decision. It helps define what the later decision can see. When a public agency, employer, school, hospital, or platform says "the system knows," the first question should be what sort of material information the system was allowed to know.
The AI Reading
Read in June 2026, The Stuff of Bits is a book about AI infrastructure even though it was not written as one. A model is trained on represented worlds. Those worlds arrive through files, labels, databases, APIs, scrapeable documents, image formats, logs, metadata, permissions, and network routes. The model does not encounter reality directly. It encounters reality after it has been materialized as information.
That should make readers suspicious of any account of AI that jumps straight to cognition. The central question is not whether the machine thinks like a human. It is what kind of world has been made available to calculation, what has been lost in the conversion, and who gets to decide that the conversion is good enough for action. The materiality of information becomes the politics of machine judgment.
For generative AI, the chain is especially long: scraping, licensing, filtering, deduplication, tokenization, embedding, labeling, preference ranking, safety tuning, retrieval indexing, logging, and interface design. Each step makes some material easier to process and other material less visible. The finished answer looks like fluent language, but it is downstream of decisions about formats, data rights, moderation labor, metadata, evaluation sets, and deployment permissions.
For AI agents, the issue is even sharper. An agent does not act in a pure information space. It acts through connectors, credentials, files, databases, calendars, tickets, payment systems, source-control repositories, identity systems, and workflow APIs. Those material arrangements decide what the agent can reach, what it can change, what gets logged, and who can reverse the action when the system misunderstands the world it has been given.
That is why agent safety cannot be reduced to model behavior. A cautious model with excessive file permissions, stale retrieval, weak identity controls, or missing audit trails can still act unsafely. A more capable model inside a narrow, well-logged, reversible workflow may be easier to govern. The unit of safety is the material arrangement around the model, not the model considered in isolation.
The Databaseable World
Dourish's discussion of relational databases is especially useful for AI governance. The databaseable world is not the whole world. It is the world after normalization, typing, field definition, key selection, omission, and repair. Some things fit cleanly. Some things are forced to fit. Some things remain outside the table and then disappear from the administrative imagination.
AI inherits this problem and magnifies it. Training data is not just collected; it is formatted. Evaluation data is not just sampled; it is structured around an idea of success. User data is not just behavior; it is behavior captured through a particular interface. The result is a machine-readable reality that can be efficient and useful while still narrowing what an institution is able to notice.
Retrieval-augmented generation makes the databaseable world newly visible. A model connected to a knowledge base may sound like it has institutional memory, but the memory is a product of document boundaries, chunk sizes, metadata, permissions, freshness rules, search ranking, and missing records. If the archive is stale, partial, biased toward official paperwork, or stripped of provenance, the generated answer can make an administrative fragment sound like the whole truth.
This is not merely a data-quality problem. It is an authority problem. When a retrieval system returns the wrong policy, ignores a buried exception, cannot see a local practice, or treats a missing document as proof that nothing happened, the interface can convert archival incompleteness into institutional confidence. The more conversational the answer, the easier it is to forget that it is speaking from a shaped store of records.
This is the same family of problems explored in "Raw Data" Is an Oxymoron and Sorting Things Out. Data is made, and classification sorts consequences. Dourish adds the material bridge: the form of the digital object helps decide which worlds become computable and which worlds remain inconvenient noise.
Governance of Material Information
Current AI infrastructure makes Dourish's argument harder to ignore. Governance should not stop at model cards, accuracy tables, or policy pages. It should ask for a material information map: source data, provenance, formats, transformations, schemas, labels, retention, storage location, access controls, vendors, compute provider, energy and water assumptions, human labor, benchmark construction, logging, incident records, and decommissioning plan. That map should live in an AI system inventory and in model and system documentation, not as a detached appendix nobody updates.
NIST's AI Risk Management Framework is useful here because it asks organizations to govern, map, measure, and manage AI risk across design, development, use, and evaluation. Dourish helps sharpen what "map" should mean. Mapping an AI system means mapping datasets, formats, transformations, storage, interfaces, energy use, vendors, access controls, and the institutional categories embedded in each layer. Without that map, transparency becomes a screenshot of the last interface rather than an account of the system.
For procurement and audits, the map should become evidence rather than rhetoric. A buyer should be able to ask for an AI bill of materials, data provenance records, model and system documentation, logging and retention rules, access-control boundaries, vendor and subcontractor lists, energy assumptions where material, and a decommissioning path. If the data source changes, the retrieval index is rebuilt, a connector receives write access, the hosting region moves, or a model is swapped, the material claim has changed and the review should reopen. A reviewer should be able to connect those records to AI audit trails and incident records rather than accepting a policy PDF as proof of control.
The safety implications are concrete. A missing provenance record can turn copyrighted, confidential, stale, or coerced data into invisible infrastructure. A narrow schema can erase disability, care work, informal labor, local knowledge, or uncertainty. A connector with excessive permissions can make an agentic error operational. A benchmark can train a team to optimize the representation rather than the real task. A data-center deal can shift costs onto local grids, water systems, or ratepayers. Material governance is the practice of making those dependencies visible before they harden into ordinary infrastructure.
For high-stakes systems, the minimum review should name the representation boundary, affected people, system components, third-party dependencies, legal duties, logging capability, human oversight, appeal route, provenance records, integrity controls, environmental assumptions, and criteria for stopping use. The point is not to make every system impossible to ship. It is to prevent an institution from treating a material chain of decisions as if it were a neutral cloud.
Where the Book Needs Care
The book is theory-heavy and does not offer a policy checklist. Readers looking for direct rules about model cards, audits, procurement, or labor rights will need companion texts. Its strength is more basic: it changes what counts as the object of criticism.
The danger is to say "materiality" and then stop at hardware. Dourish is more subtle. Materiality includes physical machines, but also standards, representations, work practices, routings, abstractions, organizational routines, and the constraints that make some actions easy and others almost unthinkable. For AI, that means the graphics processor and data center matter, but so do the file format, content policy, label taxonomy, benchmark suite, database schema, and integration contract.
The book also predates today's foundation-model platforms, agent frameworks, provenance tooling, content credentials, cloud concentration, and data-center politics. That does not weaken it. It means the book should be read with current sources on training data, energy use, privacy, classification, standards, and procurement. Dourish gives the lens; current governance has to supply the operational record.
What This Changes
The Stuff of Bits belongs in this archive because it makes machine intelligence less mystical and more accountable. Information systems do not escape the world. They reorganize it into forms that machines can process and institutions can trust. The ethical task is to inspect that reorganization before its outputs acquire the force of judgment.
The practical lesson is to treat every AI output as a downstream event in a material chain. Before asking whether the answer is impressive, ask what had to be formatted, labeled, routed, stored, cooled, powered, paid for, permissioned, and forgotten so the answer could appear.
This also changes how to read interface authority. A chatbot can make a database fragment sound conversational. A dashboard can make a schema feel like reality. A model score can make a category look discovered rather than imposed. The more seamless the interface, the more important it is to recover the seams: formats, standards, labor, energy, vendors, permissions, logs, and the people whose lives do not fit the representation.
The demand is not anti-technical. It is better technical accountability. Good systems should preserve provenance, expose limits, minimize unnecessary capture, document transformations, keep permissions narrow, maintain appeal routes, and retire representations that distort the world they claim to serve.
Dourish also clarifies the site's concern with legibility. Machine-readable reality is not only surveillance in the obvious sense. It is the slow redesign of records, workflows, identities, and environments so systems can classify and act. The danger is not only that machines may be wrong. It is that institutions may remake the world around what machines can conveniently process.
Source Discipline
This review separates book metadata, interpretive claims, current infrastructure evidence, and governance sources. Book, author, standards, infrastructure, and regulator claims were rechecked for the June 25, 2026 review date. MIT Press, UC Irvine, and library metadata support claims about Dourish and the book. IEA, DOE, and LBNL support energy and data-center context; they are aggregate estimates and projections, not audits of any single AI deployment. NIST, W3C PROV, the EU AI Act, and joint cybersecurity guidance support governance, provenance, logging, and data-security vocabulary. Those sources do not prove that every AI system has the same footprint, legal status, or remedy.
Claims about "materiality" should name the layer: hardware, electricity, water, data source, file format, database schema, label taxonomy, network protocol, API permission, human labor, benchmark, model weights, interface, legal obligation, or institutional workflow. Without that level, materiality becomes a mood rather than an audit.
The same discipline applies to provenance and logging claims. A W3C provenance model, a C2PA content credential, a cryptographic hash, a model card, an audit log, a vendor data sheet, and a legal transparency duty are different kinds of evidence. Each can support a claim about origin, integrity, use, performance, or accountability, but none should be treated as proof of all of them.
This page does not claim that any present AI system is conscious, divine, or AGI. It treats AI systems as socio-technical arrangements whose authority depends on material information and institutional use.
Related Pages
- "Raw Data" Is an Oxymoron and the dataset myth
- Sorting Things Out and classification infrastructure
- Atlas of AI and the hidden body of the machine
- Protocol and network control
- Privacy in Context and information flow
- Training Data
- AI Data Provenance
- AI Bill of Materials
- AI Audit Trails
- AI System Inventory and Model Cards and System Cards
- AI Procurement
- AI Data Centers and AI Energy and Grid Load
- Retrieval-Augmented Generation
- Data Minimization
- Content Provenance and Watermarking
- Claim Hygiene Protocol
Sources
- The MIT Press, The Stuff of Bits: An Essay on the Materialities of Information, publisher listing for exact title, author, hardcover ISBN 9780262036207, ebook ISBN 9780262340137, paperback ISBN 9780262546522, publication dates, page count, and description, reviewed June 25, 2026.
- Amazon, The Stuff of Bits, retail listing at product path /dp/0262036207 for the hardcover edition, reviewed June 25, 2026.
- University of California, Irvine, Paul Dourish faculty profile, official profile listing research interests and The Stuff of Bits as a 2017 MIT Press publication, reviewed June 25, 2026.
- National Library of Australia, The Stuff of Bits catalog record, library metadata for title, author, MIT Press publication, hardcover ISBN 9780262036207, and pagination, reviewed June 25, 2026.
- International Energy Agency, Key Questions on Energy and AI, 2026 report on AI, data centers, electricity demand, bottlenecks, and disclosure needs, reviewed June 25, 2026.
- U.S. Department of Energy, DOE Releases New Report Evaluating Increase in Electricity Demand from Data Centers, December 20, 2024, summary of LBNL data-center electricity use and projections, reviewed June 25, 2026.
- Lawrence Berkeley National Laboratory, 2024 United States Data Center Energy Usage Report, report page and DOI for U.S. data-center electricity analysis, reviewed June 25, 2026.
- National Institute of Standards and Technology, AI Risk Management Framework and AI RMF Core, official NIST risk-management functions and lifecycle context, reviewed June 25, 2026.
- National Institute of Standards and Technology, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, NIST AI 600-1, generative-AI lifecycle risk profile, reviewed June 25, 2026.
- NSA, CISA, FBI, ASD ACSC, CCCS, NCSC-NZ, and NCSC-UK, AI Data Security: Best Practices for Securing Data Used to Train and Operate AI Systems, May 2025, reviewed June 25, 2026.
- World Wide Web Consortium, PROV-Overview, provenance model overview for entities, activities, and people involved in producing data or things, reviewed June 25, 2026.
- C2PA, Content Credentials: C2PA Technical Specification 2.4, manifest, provenance, authenticity, and content-binding definitions, reviewed June 25, 2026.
- European Union, Regulation (EU) 2024/1689, high-risk AI logging, transparency, and deployer-context obligations where applicable, reviewed June 25, 2026.
Book links are paid affiliate links. As an Amazon Associate I earn from qualifying purchases.
- Amazon, The Stuff of Bits by Paul Dourish, reviewed June 25, 2026.