Tuesday, October 29, 2013

How do we solve falling trust in online services before it becomes critical?

A few days ago LinkedIn launched its latest IOS app, Intro.

The app promises to integrate LinkedIn profile content directly into emails, allowing more rapid connections and helping give email recipients access to a range of relevant information about the sender.

Given both Apple and LinkedIn are well-known brands, many people are likely to trust that this app is safe for them to use, that these two global companies have taken every step to ensure that users are not exposed to privacy risks.

It's also not a big decision. Intro is free and installing the app is a two-click process, done in under 30 seconds. People are unlikely to spend the time to look at the usage policy in detail, or consider the impact of such a simple decision when they trust the brands.

However, in this case, trusting LinkedIn and Apple may not be wise. Global Security Consultancy Bishop Fox released a very compelling post outlining serious concerns with how LinkedIn's new app works.

According to Bishop Fox, the app works in the same way as a 'man in the middle' hacking attack, by sending all of a user's emails through LinkedIn's mail servers. Here they could be read by LinkedIn or, if encrypted, this process could stop the final recipient from ever receiving the email.

LinkedIn states that it will keep information from the emails it captures - and while it states that LinkedIn “will never sell, rent, or give away private data about you or your contacts.” there's no clarification of what data LinkedIn might consider private, nor any solid information on how LinkedIn has mitigated against the type of security breach it suffered in 2012.

This is just a single instance of a situation where the public are being asked to trust a company to do the right thing online, while there's no guarantee they will, and often there's few ways for an individual, organisation or even a government to hold a company to account when they fail to keep their end of the trust bargain.

So the conundrum for the public has become, who can they trust online?

Clearly there must be a level of trust to use online systems, with banks and government clear cases of where trust relationships are critical for transactions and service provision. With no trust in online systems, online banking and egovernment could not exist.

Social networks are also important. As places where people store personal information and share more and more of it over time, there's a clear requirement for companies to appear trustworthy and safe.

Even search engines, which have become the front door to most websites (with Google the dominant player), have a huge trail of data on their users - what you search for helps define who you are, particularly when people use search for medical and personal matters.

The public must implicitly trust all these organisations to both play nice with their personal information and to secure it such that nefarious groups or individuals don't get it. However it has become very clear that they simply can't.

Whether it is commercial providers, who primarily use this data to identify more effective ways to sell, or governments and banks who require this data to validate individuals, the number of reported data breaches is rising - in a global environment where few governments legally require companies to report breaches to the people potentially impacted.

On top of this comes revelations of data surveillance operations by government agencies, such as the NSA, commercial entities such as the example from LinkedIn above, where the data helps them productise their users, or organised crime, who use hackers and insider sources to secure valuable data for use and resale.

However despite increasing concern over how data is secured, who can access it and how it will be used, individuals continue to use many of these online services, either because they simply cannot live their normal lives, or conduct business, without using them, or because of the "it won't happen to me" principle.

If public trust disappears, what does that mean for every organisation using the internet to build its business or to provide more convenient and cost-efficient services?

What impact would it have on government, where a shift to electronic transactions means less investment in other channels and, over time, less capability to meet citizen needs should a collapse in online trust occur?

I don't know how this situation can be resolved, particularly with the low attention paid to ensuring organisations report and rectify data breaches and be clear on how they will secure and use data.

While it is a global issue, individual governments can have an impact, by establishing a robust privacy framework for their citizens and recognising that people own their own data and any organisation allowed access to it should be held accountable for not securing or using it appropriately.

Do we have such a regime in Australia today?

I wanted to finish with an extract from the response I received from the Australian Privacy Commissioner when I reported the LinkedIn app using their email form:

Dear Craig  
Thank you for your enquiry.  
The Office of the Australian Information Commissioner (OAIC) receives a large quantity of written enquiries each day. An representative will be assigned to your enquiry and will be in contact soon. 
We aim to respond to all written enquiries within ten working days. 
If your enquiry is urgent and requires an immediate response, please telephone us on 1300 363 992 and quote your reference number. More complex phone enquiries may require a written response and may still take some time.

A response within 10 working days (14 actual days).

I wonder how many individuals may have their privacy breached, or organisations their confidential data exposed, by a single popular mobile app from a well-known company in this period of time.

Thursday, October 24, 2013

What's the digital communication capability of Australian governments?

On the back of the UK Government's second whole-of-government communications plan, the UK Government has been undertaking a Digital Communication Capability review asking (in simple terms), how is digital communication and engagement done, and how could it be improved?

The Review has involved consultation with Communications Directors, digital engagement specialists and senior executives across the UK Government and was led by a team of three independent reviewers with a deep knowledge of digital communications.

The review is still in the closing stages (final due in November), however has been an extremely transparent process, with all comments available online and the draft report already released for final feedback (similar to the process the Australian Gov 2.0 Taskforce used in 2009, but has been rarely used since in Australian government).

Many of the top-line findings would resonate with Australian public sector digital communications professionals, with the headline finding being:

Pockets of good practice notwithstanding, the headline finding is that digital communication in government is developing in silos and not in the mainstream. The consequence is that it is being outpaced by the best of the commercial and NGO worlds. Too much is broadcast and does not seek to engage. And, crucially, it is still treated by many in departmental leadership positions as a specialist area where the risks usually outweigh the benefits.
Underneath this, the review found that there wasn't a natural home for digital within departments - with placement in existing areas such as media relations leading to a biased approach which didn't serve all agency needs.

It also found that;
  • departments were not realising economies of scale, with different agencies separately purchasing the same or different social media management and analytics tools, 
  • communication focused far too much on informing rather than conversations, 
  • objectives were based on easily measurable quantitive scores (such as followers or tweets) rather than on changing outcomes,
  • there was an over-reliance on 'build it and they will come' approaches, 
  • there was a shortage of skills - exacerbated by a lack of confidence and judgement, 
  • there were limitations on access to social media due to IT security considerations - which may be valid but were poorly explained and understood, and
  • there was a lack of trust and overriding pre-occupation with risk.
Unfortunately there's been none of this type of work done in a systemic way in Australia - despite it being possible to take an approach (such as the UK one) and repeat it across every state, territory and the federal government to provide a comparable model (then do a cut-down version for local governments).

This is similar to where I started with the Digital Innovation Review I conducted in Victoria (no other states or territories have been interested in a similar review as yet though).

I'd like to help. Any takers in government?

Tuesday, October 22, 2013

Government as a Social Machine featuring Professor Dame Wendy Hall

I blogged today from the Government as a Social Machine forum hosted by ANZSOG and featuring Professor Dame Wendy Hall from the University of Southampton in the UK.

The discussion involved a diverse group of stakeholders from public and private sector organisations and covered the history of the internet and the challenges organisations, particularly governments, and citizens face in adapting to the new knowledge-rich, engagement-rich worked enabled by global real-time distributed communication systems.

Wendy also presented at a NICTA/OKFN event this afternoon, and is presenting at the Semantic Web Conference in Sydney later this week and in Victoria next week at the first Digital Literacy event being held by the Victorian public service (details of most of these events are in my Gov 2.0 calendar to the left).

Wendy opened with a story from before the web, on how no-one predicted the Internet, despite some earlier thinkers, such as Vannevar Bush, who foresaw a memory device (memex) in his brilliant work 'As we may think' in 1945, which contained many of the elements of modern computing systems.

She also discussed Ted Nelson, who coined the terms hypertext and hyperlinks back in the 1960s and Doug Engelbart, who invented the mouse, windows and much of the user interface that we find familiar today. In fact Doug gave the 'mother of all demos' which foresaw modern computers and the web.

Wendy recalled that when she met Tim Berners-Lee at the Hypertext conference in 1991 (which rejected Tim's paper on the web), she thought it was presumptuous that he had named the hypertext system he had invented the 'World-Wide Web', presuming that people around the world would use it.

At the time she didn't think the web was original or breakthrough - "how wrong you can be", she said.

Wendy said that Tim's strategy was to give away the web, making it an open protocol and standard - universally free to use and not controlled by any organisation. She said that otherwise Tim felt that the web would not grow or thrive, but be locked down by political, academic or commercial interests.

She also said that Tim believed that to make the web scale, it had to be able to fail. While many at the time believed that a system which could dead-end, linking to a non-existent page, would turn away users, Tim strategically introduced the '404 error' (which appears when a web page isn't found) to encourage individuals and organisations to build out the web, rather than limit it.

Wendy asked whether we could have built the web another way. She believes that we may have to at some point as the web is only 23 years old, "barely out of nappies".

Wendy also believes that there's many ways to kill or corrupt the web, such as having specific organisations or governments control it - however we don't really know the outcome of these scenarios as we haven't had those experiences yet.

She did ask about what if the Internet disappeared overnight - how would it impact on individuals, organisations, societies, even countries?

The impact of a one-day shutdown of Wikipedia was immense (she said) during the SOPA protest, and there is an increasing risk in some developed nations that blackouts, caused by inadequate electricity supplies, could cause a blackout of information, with people unable to access the information they need to cope with the situation.

Wendy also said that when Tim created the web he understood that it had to include an easy way to write, as well as read, web pages - leading to the development of his first web browser, which was also an editor.

Wendy said that in 1996-8 while the web was growing, the Internet wasn't sufficiently mature for broader use, due to difficulties with slow modems, finding information (pre-Google) and the cost of computers - making categories such as online shopping inconvenient.

However now the technologies have matured Wendy believes that High Streets will disappear. She said that the UK government's decision to sell off the Royal Mail, which was instituted in the Victorian era, is a sign of this change flowing through the system.

Wendy said that years ago she consulted to the Royal Mail, highlighting to them that the new business they needed to dominate was parcel delivery, based on online sales "however they didn't get it".

Wendy also said that "it is very hard to convince the big juggernauts of industry, including government, to change".

She said that, for example, large organisations seem to believe that people will always read books - Wendy believes that yes they will read, but not necessarily books.

She recalled telling biologists years ago that they would be reading papers online. They retorted that the Internet was so slow and computers so heavy that they would never be able to read their papers on the train. Wendy said, "Now, ten years on, biologists are reading their papers on the train using iPads."

Wendy said that Google was inconceivable before the web, and engineers had 'proven' it wasn't possible to quickly index huge amounts of information.

However she said that since Google, the world has changed - and Google is also no longer just a search engine, they are incredibly diverse, "there are at least 2,000 driverless Google cars driving around San Francisco".

Wendy believes that once an organisation has a majority of people using it on a network it becomes very difficult to dislodge. Google, eBay, Facebook and now Twitter are giants, at least in the English-speaking world - different titans exist in China.

Wendy opined that Google may be the James Bond villain of the future - because it knows what you search for, "everyone has searched for something they would not want to be made public". She believes that if Blofeld took over Google they would have something over every politicians.

However, Wendy said, when used benignly or even for commercial profit, Google is fine. She also believes many other industries are in a similar position of potential control over society.

Wendy also believes that even before the arrival of social networking "we should have known how much people would want to write about themselves, take photos, videos and share, based on what we knew about human psychology and behaviour".

Wendy said there is now an expectation that people can find anything, any knowledge online and if an organisation, product, place or individual doesn't have an online presence "they don't exist." As a result, Wendy believes that the web should be the first way any new entity is introduced or promoted.

Wendy said that while Tim Berners-Lee invented the technology and helps set the standards, we (globally) have created the web. We write the websites, blogs and micro blogs. We make the links and the apps. "The web doesn't have shareholders or owners - we are collectively the creators and custodians of the web."

She said that the web exists because we want it to be there, and it will keep existing as long as we want it to exist, so we all have a responsibility to ensure it is a place we wish to frequent.

When people ask her about issues online, she tells them that we didn't make the streets safer by imposing curfews - similarly we need to create the right culture on the web, not create legal restrictions.

Wendy said that Wikipedia was started as an experiment - even Jimmy Wales didn't believe it would work - however it is now equivalent to 1,900 volumes of an encyclopedia, most of which is very accurate. It has grown its own governance, it wasn't invented ahead of time, a lesson for organisations today.

Wendy also said that YouTube is another giant attractor to the web, the place for storing and sharing videos - now owned by Google.

Wendy believes that if an alien had came to earth a hundred years ago and then returned today they would find everything had changed - except possibly education, which is now being transformed by MOOCs. The first platform for MOOCs has also been bought by Google, which is developing it as an open source platform. She asked "who will be the university of the future? Google."

After the break Wendy took questions, giving a view that while cybersecurity is a risk to society, it is not a risk to the web. She commented that it was an area of high expenditure for the UK government.

She also said, in response to comments at morning tea about people being advised not to trust Wikipedia as a reference, that Wikipedia is at least as trustworthy and accurate as printed encyclopedias, plus it has a faster error correction rate. Plus, she said, we create Wikipedia, so it is what we wish to make it.

Wendy also believes that privacy won't kill the web, young people are growing up with different concepts of privacy and will adapt their approach and the web to suit their values.

However she believes that blackouts, siloisation and/or the end of a level playing field for creating and publishing content would end the web. Wendy said that net neutrality is also important. Without it we would lose the level playing field and commercial or ideological interests could control publishing and access to the web.

One of the crowd has commented that probably government is the biggest risk to the Internet, and Wendy says that she has concerns over legislators making decisions about an ecosystem they do not understand, which can lead to all kinds of unforeseen and undesirable consequences.

Wendy said it is hard to dictate in the web, to get people to use something they don't want to use. To get the network effect requires co-creation, meaning that government must work with communities collaboratively to develop platforms which benefit both.

An ABS representative said that they are now opening up a lot of data through APIs and unleashing developers through GovHacks to co-create new tools and services, however it is still a not insignificant challenge to get people within government to just agree on a common definition for Australia or Sydney, to allow datasets to correlate across agency.

Wendy next talked about Twitter, and how its real-time nature can support, even drive, community movements, "the way bad news spreads now is via Twitter. It is a mechanism for warning people to get out."

She said the interesting thing about Twitter is that it is being co-created, with functions like RT, MT and hashtags invented by the community.

Wendy believes co-creation is critical for the web, not only codesigning systems, but using systems which allow people to add value as they go about their daily interactions, such as via ReCAPTCH and Duolingo.

Wendy then talked about the semantic web, a web of data, saying it was in Tim Berners-Lee's original vision for the Web. However without sufficient data online (she said) we cannot experiment to find out what this will become or create the network effect, where people share and reshape data and create services or new visualisations with it.

She wrote a paper with Tim in 1996 which identified four principles for the Semantic Web, however says that the commercial sector still didn't get open data, hugging it tight.

Then governments began opening data based on discussions with Tim and others, leading to President Obama's declaration and a cascade of open data releases by governments around the world and initiatives like the Open Data Institute.

Wendy used an example of UK prescribing data, how open data allowed the NHS to identify 200 million pounds in savings each year.

Wendy said that while engineers and scientists often think of the web as a technological byproduct of a set of simple standards, it is a socio-technical construct, effectively a 'social machine' co-created through interactions between technology and millions of humans.

The technologies that underpin the web didn't create the web - people did, providing the content, linkages and developing, sharing and using the apps and websites that sit on it. However without the technology the web could also not exist.

Wendy said that social machines start with an incomplete specification that evolves and grows to cover more of the problem via interactions. They achieve participation through local incentives and the network effect, eventually succeeding through a process of rapid trial and error involving subsets of participants.

Wendy is working on understanding social machines through a 'web observatory' at Southhampton University that observes, monitors and classifies social machines as they evolve. She said this will also become an early warning system for detecting new disruptive social machines and identifying the 'tipping points' where they become ubiquitous.

Her group is studying Twitter networks, as well as Wikipedia and YouTube, amongst other services, to understand 'activity pulses' and how they help explain social movements and trends. For example, Wikipedia was a better indicator of a trend around 'Gangnam style' than Google with the trend occurring a month earlier on Wikipedia.

She asked how does Government, potentially the original social machine (as one audience member commented), transform itself to take advantage of digital channels to be a better social machine?

How do governments employ gamification, the network effect and web observatories to develop and deliver better policies and services?

How do we address the challenges of the 24-hr news cycle, election cycles and other factors which make developing and maintaining social machines difficult?

Wendy said she can't help reflecting back on governments from Victorian times, the 19th century, that created amazing long-lasting infrastructure in Britain that still serves the population today. She believes they were amazing social machines and still have lessons to teach us today on how to transform government to address the challenges of the 21st century.

Friday, October 18, 2013

Suggestions for governments stepping into open data

I've been completing a survey for the Spatial Industries Business Association (SIBA) related to the Queensland Government's open data initiative, where one of the questions asked Can you list or describe any learnings that would be useful in Queensland?

I've provided a number of my thoughts on this topic, having closely observed open data initiatives by government over the last five years, and written periodically on the topic myself, such as:


To share the thoughts I placed in the survey more broadly - for any value they have for other jurisdictions - I've included them below:

  • Data released in unusable formats is less useful - it is important to mandate standards within government to define what is open data and how it should be released and educate broadly within agencies that collect and release data.
  • Need to transform end-to-end data process. Often data is unusable due to poor collection or collation methods or due to contractual terms which limit use. To ensure data can be released in an open format, the entire process may require reinvention.
  • Open data is a tool, not a solution and is only a starting point. Much data remains difficult to use, even when open, as communities and organisations don't have the skills to extract value from it. There needs to be an ongoing focus on demonstrating and facilitating how value can be derived from data, involving hack events, case studies and the integration of easy-to-use analysis tools into the data store to broaden the user pool and the economic and social value. Some consideration should be given to integrating the use and analysis of open data into school work within curriculum frameworks.
  • Data needs to be publicly organised in ways which make sense to its users, rather than to the government agencies releasing it. There is a tendency for governments to organise data like they organise their websites - into a hierarchy that reflects their organisational structures, rather than how users interact with government. Note that the 'behind the scenes' hierarchy can still reflect organisational bias, but the public hierarchy should work for the users over the contributors.
  • Provide methods for the community to improve and supplement the open data, not simply request it. There are many ways in which communities can add value to government data, through independent data sets and correcting erroneous information. This needs to be supported in a managed way.
  • Integrate local with state based data - aka include council and independent data into the data store, don't keep it state only. There's a lot of value in integrating datasets, however this can be difficult for non-programmers when last datasets are stored in different formats in different systems.
  • Mandate data champions in every agency, or via a centre of expertise, who are responsible for educating and supporting agency senior and line management to adapt their end-to-end data processes to favour and support open release.
  • Coordinate data efforts across jurisdictions (starting with states and working upwards), using the approach as a way to standardise on methods of data collection, analysis and reporting so that it becomes possible to compare open data apples with apples. Many data sets are far more valuable across jurisdictions and comparisons help both agencies and the public understand which approaches are working better and why - helping improve policy over time.
  • Legislate to prevent politicians or agencies withholding or delaying data releases due to fear of embarrassment. It is better to be embarrassed and improve outcomes than for it to come out later that government withheld data to protect itself while harming citizen interests - this does long-term damage to the reputation of governments and politicians.
  • Involve industry and the community from the beginning of the open data journey. This involves educating them on open data, what it is and the value it can create, as well as in an ongoing oversight role so they share ownership of the process and are more inclined to actively use data.
  • Maintain an active schedule of data release and activities. Open data sites can become graveyards of old data and declining use without constant injections of content to prompt re-engagement. Different data is valuable to different groups, so having a release schedule (publicly published if possible) provides opportunities to re-engage groups as data valuable to them is released.

Thursday, October 17, 2013

A look into the mind of John Miri

Yesterday I had the opportunity to catch up with John Miri, the former Deputy to the State CTO for Texas, following his presentation at Sitecore's Digital Citizen Engagement event in Canberra.

John is also presenting in Melbourne today, and in Perth next week.

The first thing that struck me about John is how different he is from the stereotype of a government IT professional.

Personable, approachable and possibly the only tea drinker left in the US, John was trained in physics but pursued a career in IT after it was pointed out to him that there were more career opportunities in IT than science.

He came late to government, spending a number of years founding and working in early-stage start-ups before making the leap to public service in 2005, as Director of E-Government and Web Services for the State of Texas, reporting directly to the State CTO.

In that role John was responsible for shepherding the TexasOnline.com program (now texas.gov), implementing 829 new online services, and leading to 83 million citizen financial transactions, with more than $5 billion online revenue.

John is now Editor-In-Chief for the Center for Digital Government and principle of Bluewater Technology Services, a technology consulting company.

John believes that government is at an interesting crossroads - still applying governance principles from the 19th and 20th centuries, while trying to rapidly adapt to the 21st.

He talked to me about the vision that the founders of the US had for their nation, a participatory democracy where citizen involvement in governance didn't end with their vote, where citizens were empowered and supported to contribute to civic life.

John says that with today's technologies it is now possible for societies to realise this kind of vision - to reshape governments to be more participatory without losing the strong institutions and traditions that make democracy possible.

We discussed how government institutions are designed to maintain the status quo, the value of bureaucratic processes in maintaining stable, safe and secure societies, however these strengths can also become weaknesses when politicians and public servants stop asking 'what is the goal of government' and focus on repeating the processes in government - resisting change from within or without.

John asked the question 'what is the role of citizens in delivering government services?' saying that governments need to begin considering citizens as stakeholders and engaging them in the same way agencies engage expert panels, companies and lobby groups.

He also commented on how government's tendency to silo problems and attempt to solve them individually is failing - today's problems are complex and multifaceted, crossing traditional ministerial portfolios and requiring complex and collaborative solutions.

John argued that the current structures in government are poorly suited to solving these problems, and our reliance on subject matter experts - rather than problem solving experts - meant that many problems are being seen through specific lenses and perspectives that made them difficult, if not impossible to solve.

He gave the example of US state road taxes on petrol - designed to cover the cost of maintaining roads. As cars have improved their efficiency, travelling far further - and doing more road damage - on the same amount of petrol, the gap between the funds the tax raise and the maintenance cost has been growing.

John asked a group of road policy experts in government about this issue, and their response was that the solution was simple - raise road taxes. His comment to me was that while the experts may think this was simple to do, it wasn't simple to get tax increases through political processes or sell their value to the public - more participatory processes and more innovative solutions were needed for the long-term.

He said that the increasing size of many of the complex problems that face government today mean that the odds are in the favour of those who advocate for more participative government and Government 2.0.

As traditional approaches to problem solving fail, due to agency silos, expert bias and limited community involvement, governments will be forced to look towards more innovative solutions - involving citizens and reshaping bureaucratic processes.

John also said that digital was an opportunity for governments to do more than simply replicate their business processes online. Rather than mimicing or tweaking paper-based workflows and forms for online use, agencies should use the opportunity to reinvent their business processes.

This involves questioning every assumption - what information is needed, when and how is it needed, how should it be stored, actioned and how should citizens be informed and engaged throughout the entire process.

John says that agencies that simply replicate existing processes online are unlikely to realise the full benefits in cost-savings, accurate completion and citizen satisfaction - an automated mess is still a mess.

He says there are no shortage of example of how technology has transformed business processes and the situation is no different in government. If agencies and politicians can focus on the goals and outcomes they are working towards, rather than bury themselves in repeating the same processes they've used for decades.

John also suggested that a reinvention approach allows room for innovations in how government services are delivered. For example as train timetables become digitalised, why should trains runs at the same time every day?

Would it be possible to adjust train schedules on a flexible basis, managing it like an electricity grid, based on the number of travellers and communicated via electronic messaging boards.

He also asked whether child protection services could be radically reinvented to provide 24/7 access to case workers for children in need. Could a single contact phone number, SMS and email address be used to route case workers to where they are needed most, using GPS and mobile devices to ensure they had the information they needed at all times to maximise their efficiency and protect more children from harm.

In conclusion John was of the view that egovernment, Government 2.0 and the rise of digital citizens who wish greater participation in the democratic process, should not be seen as a threat to traditional democratic institutions - we're not trying to add a third house of parliament.

Instead he said that these movements and emerging technologies should be embraced as a way to realise the original intent and goals of government - to represent, serve and involve citizens. 

Wednesday, October 16, 2013

GitHub launches portal illustrating examples of government-citizen collaboration on open data, open source and open government

In an exciting and useful development, GitHub, the world's best known portal for collaborative software development, has launched a portal illustrating how governments and citizens have worked together to deliver better outcomes.

Now live at government.github.com the portal provides some great examples of GitHub projects that have saved government money and time and delivered better outcomes through citizen participation.

The portal also links to GitHub hosted open civic projects that governments can reuse - at no charge - to enhance what they provide to citizens.

If you've been having trouble explaining to senior management or IT teams how collaborating on software and open data with citizens can deliver better outcomes, then this is a great source to demonstrate how other agencies have reached success.

And, in case you were wondering, policies and laws can be open sourced as well - all of Germany's laws are available through GitHub, ready to be forked, edited and reused by other jurisdictions around the world. Learn more from the OKFN blog

Tuesday, October 15, 2013

Has government found its feet in social media?

Earlier today I gave a presentation to the IABC's Canberra chapter on the use of social media within the Australian Government.

The slide deck I used is below, and fairly well carries my point - that government has indeed found its feet in social media, however there's still uneven ground waiting to trip it up if it missteps.

I'm interested as well in whether others agree with my assessment of the 18 Australian Government departments into social media leaders and followers (slide 17).



Thursday, October 10, 2013

The road to public sector IT hell may not be paved with intentions at all

Something that scares me enormously is the house of cards that many (if not most) governments have built with their IT systems.

It can be witnessed every time government agencies get 'MOGed' - Machinery of Government changes where parts of agencies are shifted to other agencies to meet the latest political whim.

In these cases it's not simply a matter of moving tens, hundreds or even thousands of public servants to new offices - in fact in many cases they may not move at all - it is about extracting them from the secure environment, software and network systems of one agency and connecting them (including all their historical records, emails and files) to the network and software of another.

This is a hugely complex and increasingly expensive exercise that can have an enormous productivity and cost hit each time it occurs.

Why is it complex and expensive? Because every agency uses different systems - or different versions of systems - and agencies are now so wedded to these systems after a purchase decision many years earlier that, even though senior bureaucrats recognise the issue, they can not address it without a complete (expensive and time-consuming) overhaul of how government runs its information technology.

Another example is eTax. While I have a great deal of praise for eTax, and it has been very successful by most measures, when the system was originally procured and built it was done in such a way that limited it to the IBM-PC platform. Certainly no-one can blame the ATO for not foreseeing the rise of Apple or the arrival of smartphones and tablets - however the decisions made at the time locked the system into a single platform, which has caused significant pain over the years.

Other examples include the Department of Finance and Deregulation's choice of a document management system as a Web Content Management System for www.australia.gov.au, an entirely appropriate decision at the time based on their well-governed procurement approach, but which led to delays and cost blowouts, constraining the site from what it could have become.

A better known example would be the failure of the Queensland Health payroll system several years ago, where an enquiry is still ongoing. It even has its own website - www.healthpayrollinquiry.qld.gov.au

Indeed, there are hundreds of examples both big and small, where this has occurred - a decision has been taken with the best possible knowledge at the time, or small incremental decisions have been taken over time - all for the right reasons - which have inadvertantly led into blind alleys or very expensive remedial work years later.

And lest you think this is an issue only for the public sector, consider the disaster that was Telstra's bill payment system, the issues our largest banks have had keeping their systems operating, or Virgin's booking system.

With the pace of change accelerating and the increasing limits on public sector employment, the likelihood is that these types of issue will continue to grow and plague IT, becoming even more widespread and expensive.

Agencies could increasingly find themselves trapped into slow and inefficient systems, restricting staff productivity and absorbing more and more of their resources to maintain, with no funds to 'jump tracks' to more future-proofed solutions.

This can even affect the performance of elected governments - who may be forced to change their policies to fit IT limitations. I am already aware of government initiatives that have had to be abandoned (never having seen the light of day) not because they were bad ideas but because the IT constraints in government make them impossible to cost-effectively deliver.

This isn't the fault of public servants or of politicians - seeing that far into the future simply isn't possible anymore. Technology isn't progress linearly and the accelerating rate of change means left-field technologies can appear and radically transform peoples' expectations and strain existing IT systems within a few years (remember the iPhone).

There's many more of these technologies emerging around us. For example 3D printers, capable of printing anything from kitchen utensils to medical devices to firearms, disintermediating physical manufacturers, opening a new front in the ownership of intellectual property and providing access to deadly weapons. There's also unmanned aerial vehicles (UAVs), drones that are capable of live-streaming video, or even carrying weapons, that can be bought online for a few hundred dollars and flown with limited chance of detection by individuals or corporations.

Many others technologies from Google Goggles to driverless cars are in development and could, in increasingly shorter timeframes, radically transform societies.

So when government agencies are still struggling to manage and maintain their legacy green-screen mainframe systems, out-dated (insecure and unsupported) web browsers, where they are locked into increasingly expensive proprietary technologies (due to the cost and resourcing required to migrate - even changing email systems can cost our largest agencies $100 million or more), what are they to do?

There's little time for innovation or for thinking of consequences - the majority of resources in an agency's IT team are committed to maintenance and quick patches on existing solutions.

The likely outcome over time is that we'll start to see more catastrophic IT failures - particularly across the most complex and most essential systems - such as welfare, payroll and grants management.

So how do we fix this? How do we break the cycle before the cycle breaks us?

There's no simply solution, but there's fortunately some trends which work for government agencies facing this challenge - if they're prepared to consider them.

A big area is open source software, which is increasingly being used by agencies in a variety of ways. While open source can run into the same issues as proprietary software, a platform with a large and diverse group of users can combine their IT assets to ensure the system is more useful to agencies and more rapidly updated as the world around it changes.

Another area is cloud-based solutions, which allow a government to more rapidly reconfigure itself to meet the needs of political masters. When software is independent from computer systems and there's a government-wide secure environment which can host software approved for use it can be far faster and cheaper for people moving agencies to retain the files and applications they require.

There's open data - which when made available in machine-readable formats liberates the data from proprietary systems and simplifies how it may be discovered and reused by other agencies (as well as the public).

These trends do not allow governments to replace all their existing systems - however they allow agencies to contain the problem to critical systems, which allowing all other services to be done 'in the cloud'. Imagine, a single email system and intranet across government. A web-based suite of office tools, graphic design tools, finance and HR tools - which can be managed centrally within a government, leaving agency IT teams to focus on the unique systems they can't share.

What does this vision take? Intention, planning and choice.

Governments that fail to proactively and intentionally plan their futures, who simply live on autopilot, will inevitable crash - not today, not tomorrow, maybe not in five years, but eventually - and the damage that their crashes will cause may take decades to recover from.

So for agencies who see themselves as being a continuous entity, with an existence that will exist as long as the state they serve, it is imperative that they plan intentionally, that they engage their Ministers and all their staff in understanding and addressing this issue.

It is not good intentions that will cause agency IT to fail, it is the lack of intention, and that is highly addressable.

CORRECTION: I have been advised by John Sheridan, the Australian Government CTO, there was no cost-overrun on australia.gov.au, it was a fixed price contract.


Wednesday, October 09, 2013

Online challenges arrive in Australian government

With psychedelic splendour, the ACT government has become the first Australian jurisdiction to launch a serious whole-of-government online challenges site.

Through the Digital Canberra Challenge website, the ACT is now asking "Canberra's brightest minds" to help improve government services.

The first round contains two challenges, to improve the process of event approvals and to make it easier to book a government service (such as a driving test).

The process is a little vague, however the two finalists for the round (one per challenge) can receive up to $5,000 of expenses reimbursed (on presentation of valid invoices) and the winner of the competition (over a number of rounds) will receive $12,500 - with the runner up receiving $7,500.

To participate individuals must be Canberra-based, teams must have at least one ACT resident and organisations must be both ACT-based and have less than 20 people.

It's a good attempt, though in my view the complexity of the criteria to enter, the way prizes are awarded and the actual psychedelic website itself risk overwhelming the actual goal, to involve residents in improving the delivery of government services.

That said, the goal is fantastic and all kudos to the ACT Government for making a start in this area. I hope that after the process they consider making this approach a standard one for involving residents, reflecting the success of challenge.gov in the US.

Tuesday, October 08, 2013

Where's Australia's back-up for governments shutting down access to open data?

On a regular basis, around the world, governments rise and fall.

We see this most commonly at local levels - with councils merging and demerging, however it also occurs at a slower rate at state and national levels, with new nations created out of the ruins of older states on a regular basis.

I've been thinking a great deal about this over the last week. Ever since the US Government, the richest and most powerful state in history, told 800,000 staff - about a third of their public service - to stay at home until further notice.

The result of this shutdown hasn't been limited to the shuttering of national parks and monuments, or a reduction in services to the public.

Significant online data sources have also been shutdown, including data.gov and even Census.gov, which can have a major flow-on impact to businesses and the public.

In Australia, where it has been difficult for a hostile opposition to block the Australian Government's budget supply since the events of 1975, we're not really familiar with the notion of governments abruptly shutting down - although we do see frequent mergers and demergers at council level and the appearance and disappearance of agencies at state and federal levels on a regular basis (we lost at least four Australian Government agencies following the last election).

Some of these decisions are taken very quickly, and can have major impacts on businesses reliant on government programs or data.


As the open data revolution progresses more and more companies will come to rely on government data to power their activities with the public. At the same time the public will also come to rely on this data, and the hackers and companies that make use of it, for the services that they use in their normal lives.

So where's the back-up to government if it suddenly shuts down access to its data?

This view appears to be shared by the Sunlight Foundation, whose Eric Mills recently wrote a great post on the topic, Government APIs Aren't A Backup Plan.

In the US not-for-profit civic groups are beginning to replicate data released by government as a risk-mitigation step - such as this great list of non-government government data sources compiled by Code for America: http://forever.codeforamerica.org/Census-API/shutdown-2013.html

In Australia this hasn't happened as yet - but it could, relatively easily.

All it would require is a couple of different cloud-based data storage environments (for redundancy), a good front-end data catalogue and appropriate crawlers and volunteers who source and update data as it is released.

We're already part-way there with the creation of GovPond during the last GovHack. Developed in Perth, originally as a way to locate open data for state-level GovHack participants (from the dark and dusty corners of the internet), GovPond has become a fantastic resource for finding data across the plethora of Australian government data catalogues, without the incredibly messy business of checking each site.

GovPond provides the front-end data catalogue for Australian government - without all the messy politics between and within jurisdictions who each feel the need to have their own 'central' data catalogues and then undermine them by storing open data on agency sites and not listing it centrally.

The second part, cloud-based storage, is already cheaply available and is already used by some government open data sites. For example Data.gov.au made the sensible step of storing data on Amazon's system - overcoming all the security concerns with the simple fact that the data is designed to be publicly accessible.

Other agencies and states have employed a range of approaches - with much of their data still stored on servers they pay significant amounts of money to own (now that's a real waste of government funds where the data is supposed to be publicly available) - however the ability to access low-cost and high resilience cloud storage is definitely there.

The final step is the tough one - coordinating the volunteers and designing the scrapers that find, copy, file and maintain government data from the thousands of government websites across Australia.

Some of this work has been done. Volunteers compiled GovPond and adding tools that check currency is very possible within the context of the site. Many government open data sites have moved to standard platforms like CKAN, which simplify copying and maintenance of data (although the vast bulk of available government data still sits outside these platforms).

Much remains to be done. There needs to be some structure or organisation that commits itself to recruiting, supporting and empowering these volunteers, sourcing the funds necessary to pay for data storage and some technical tools to maintain data.

There needs to be leadership from within the open data community - beyond the leadership that already exists (and is largely committed to other goals).

Finally there needs to be the interest and willingness within the broader Australian public and business community to support this approach. This interest will grow as government data becomes more mission-critical for certain businesses and for the public, making it logical for them to invest in ensuring that the data remains available to them when they need it.

When it comes to open data, the public, companies and even government agencies need access to the data - they don't need the data to necessarily be held in government hands.

As we move through the process of releasing more data and it becomes more valuable to the community, the ability for a single public servant, politician or party to suddenly cut-off access to a dataset, series or service, becomes more of a risk for the community.

As a result there will be a rising interest in having an Australian back-up to government holding open data - possibly many back-ups, stored in a peer-based approach across many servers redundantly to prevent its destruction or loss of access.

In the US they're there now - seeking to build alternatives to government data storage, as governments are no longer stable and reliable custodians of data. In Australia it's unlikely to be far away.

Friday, October 04, 2013

My presentation from RightClick - the latest in global digital government

Earlier this week I presented at RightClick in WA about the latest in global digital government.

My main points were that government in Australia has largely been doing OK in the digital stakes, although talent is thinly spread and there is not a consistent level of expertise across agencies.

For example, the fourth computer in the world was built by CSIR, an agency in the Australian government, and the WA government was using the internet seven years before Facebook was created.

Yes things have changed enormously in the last ten years, however the use of digital is now well-embedded within the public sector, not only in Australia but also across a large proportion of the world.

The challenge is to keep improving, to focus on designing services for digital which are relevance, simple and easy to use for citizens and to become better at connecting - reusing what others have done and at sharing what agencies are doing.

At the end of the day, however, it is not about the technology - that's simply an enabler - it's about meeting agency goals.

So even when you feel your agency, or you, are a dinosaur, remember that dinosaurs can survive massive change - provided they are prepared to change themselves.


Wednesday, October 02, 2013

"There are many grey areas when it comes to the use of social media by public servants." - ABC 7:30 Canberra report

Last week ABC 7:30 Canberra featured a report on social media use by public servants, highlighting grey areas and concerns.

The report can be viewed online and is well worth watching for everyone in a public sector role across Australia: http://www.abc.net.au/news/2013-09-27/public-servants---social-media/4986204

The piece didn't include any comments from current ongoing public servants - understandably - however did cover many of the concerns that I hear frequently from people in the APS who are concerned how their social media activities might affect their employment.

I was interviewed for the report, and you can see my views on camera.