Monday, January 30, 2017

Governments need to think about productivity in society-wide terms, not just in terms of the public service

There's been enormous coverage of the new Centrelink debt letters process, whereby the Department of Human Services has automated the process of matching data from the ATO and Centrelink to try to find overpayments (but not underpayments) in welfare benefits to Australia.

The automation has involved removing human quality assurance steps, which has led to the number of debt checking letters growing from 20,000 per year to 20,000 per week. Over 260,000 of these letters have been sent out to-date.

Now automated data-matching can be a fantastic thing when used well. It can reduce duplication in identification processes, find patterns and trends that inform polices and service delivery, and even identify inaccurate payments - as was the intention with this approach.

However for a data-matching process to work well, the system rules need to be well-designed and tested, and the data needs to be comparable so as to be matchable.

The widespread issues that are being reported by former and current Centrelink payment recipients and the enormous (more than 350 articles over the last month) of media coverage suggest that the system that Centrelink put in place meet neither of these conditions.

Without going into the apparent system issues, which have been covered widely, the reason Centrelink and other agencies introduce automated systems is to allow them to achieve the same, or better, outcomes with fewer staff - something that in economic terms lifts the productivity of the agency.

Centrelink has reduced its workforce by around 5,000 staff over the last five years, and moved to have a larger casual workforce with fewer permanent staff. These types of changes are occurring across many large public sector organisations as governments tighten their belts.

However it seems that when governments today act to (hopefully) bring about productivity gains and cost cuts, they focus primarily on a subset of the economy, the public service.

They appear to overlook the potential impacts on other sectors, or the overall productivity or cost dividend to the community they serve.

Let's use the Centrelink situation as an example. By cutting a human quality assurance step, and using a purely automated approach for identifying potential overpayments, Centrelink has transferred the cost of checking that their data is accurate from internal staff to welfare recipients.

Now while it may be appropriate for the people receiving the payments to be responsible for justifying why they receive them, there is a significant productivity cost when passing the task of quality assuring claims from trained and experienced staff with strong systems supporting them to low income, sometimes low education, citizens.

This productivity cost is exacerbated when these citizens are expected to re-prove their eligibility for past welfare payments, dating back as far as six years. The citizens now must track down former employers, landlords and education providers to source the materials that Centrelink has decided it now requires (often for a second or third time) to revalidate past payments.

So not only are individual citizens required to spend significant time checking the documentation Centrelink holds on them (which is subject to errors from mistaken entry by Centrelink staff and algorithmic mistakes, such as averaging a citizen's part-time or sporadic pay over 26 fortnightly periods), but must also involve the time of a range of former employers and landlords.

Now I've been going through an employment process (you'll hear more about this shortly), which required me to source a range of documents from 4-6 years ago from former employers - both public and private sector. While not the same as the process welfare recipients are facing, it required similar information such as old payslips and employment dates.

All the organisations were very prompt in responding (thanks to you all), taking no more than two weeks to pull together what was required - however I estimate that the combined time they spent on this one matter for me exceeded ten hours work time, just for one person in one clearcut situation.

For the 260,000 welfare recipients who may have to re-source material from employers and others, this time adds up to potentially millions of hours of lost productivity for the companies involved - that's outside the time spent by the welfare recipients themselves to 'prove' they were not overpaid, or not as much as Centrelink claims they were.

The Minister for Human Services suggested before Christmas that around $300 million in debt had been recovered, this was later revised to being debt identified, with neither the Minister nor Department able to conclusively say how much had actually been paid to the Commonwealth.

Now let's look at a few estimates.

Welfare recipients are reporting that they are spending up to dozens of hours resolving this matter with Centrelink. That includes pulling together documents, dealing with former employers. waiting on the phone with Centrelink for up to four hours, with multiple call-backs for dropped lines, managing difficulties with MyGov and other associated activities.

For past recipients (who may have spent a few months or years on welfare when studying or during gaps in employment) who are currently employed, this can require non-productive time in business hours while at work (the only time Centrelink takes calls) and cutting into other job-related or educational activities outside hours.

In addition their former employers and educational institutions are spending hours pulling up old payslips from archives - noting that where employers have shut-down this becomes even more difficult and time consuming.

If we assume that the average welfare recipient is spending 6 hours on dealing with their Centrelink debt and that former employers are spending another 4 hours servicing their requests to meet DHS requirements, that's 10 hours productivity lost per debt notice.

Now if we assume that 60% of debt notices require this time investment, based on 260,000 notices issued, that's 156,000 debt notices on which people are spending 10 hours each on resolving - whether or not there is an overpayment at the end of the process.

Let's take a hourly rate of $30 - low for Australia - as the dollar cost of those hours. Based on 156,000 notices at 10 hours effort (1,560,000 hours effort total), at that dollar rate the cost to the economy is $46.8 million dollars.

Now that's the direct productivity cost to citizens and businesses. On top of that there's been extensive involvement by not-for-profit legal and counselling services dealing with an upsurge in complaints and counselling needs and the mental and physical distress people facing large unexpected Centrelink debt notices are currently facing, harming their ongoing productivity and effectiveness.

There's also time spent by citizens on social media engagement, the creation and management of the NotMyDebt website and, finally, the time being spent by Centrelink's own staff sorting out debt issues which could have been easily screened out through a QA process.

I'd estimate from the above that the net productivity cost to Australia of saving Centrelink's QA step is already approaching about $80 million, without considering the longer-term cost of the loss of credibility and potential impact that will have on future productivity.

While the Commonwealth may be able to claw back this amount of money via the debt notices, I think that the situation is already well past the point where the situation has a net productivity loss to Australia as a society.

In other words, the cost of reclaiming this debt in this manner, is significantly outweighed by the overall productivity cost to the country. Sure it might make a good political statement for a 'no-nonsense' approach to welfare (though this appears challenged by poll results), but the economic cost makes the approach very hard to justify from a pragmatic perspective.

Government is likely to face more and more of these types of situations as it attempts to lift productivity and/or cut costs by transferring the work done by staff back onto citizens.

While I understand the importance of cost management in government, and the ongoing desire to lift productivity, looking at these metrics based on public sector inputs rather than society-wide outputs does risk governments making decisions that harm economy-wide productivity in the long-term when chasing short-term productivity gains for a specific government agency.

Governments who wish to see long-term economic gains need to carefully consider how they shift effort from experienced staff to inexperienced citizens in order to not increase burdens that reduce overall productivity and wipe out the public sector savings through lower tax receipts or large pushback costs.

Digital transformation is a key tool in this process, but must be used wisely, not simply to automate steps to remove humans, but to simultaneously cut errors and improve success-rates.

The current Centrelink debt issue is a clear example of what happens when a good automation idea is executed poorly, becoming an overall loss to government rather than a win.

Tuesday, January 24, 2017

You've Been Hacked - how far should governments go to protect against the influence of foreign states?

Like most people with a broad digital footprint I've been hacked multiple times, usually in fairly minor ways.

Around ten years ago I had my PayPal account hacked through malware in the Amazon site, costing me $300.

PayPal staff insisted this was a legitimate payment for goods (which I hadn't ordered) being delivered to my legitimate address in Norway (despite having provably never visited the country). I've been very cautious & limited in my PayPal use since, and never recommend them.

Over Christmas last year my Social Media Planner site was hacked and seeded with malware. Fortunately my IT team was able to identify, isolate and address the matter, without affecting visitors, but costing me financially (two weeks downtime). It's fine now BTW, with extra protections in place.

I've had a Skype account taken over by someone in Eastern Europe, who used it for phishing before I could reclaim it, had basic account details stolen in Yahoo, LinkedInDropBox and a range of other large-scale hacks of commercial services over the last five years - excluding the Ashley Madison hack (I've never been a member).

I'm not the only one affected by any means, well over 10 billion accounts were hacked in 2016 alone, with Australian politicians, police and judges outed as affected in at least one of these hacks (and a few in this one too).

Much of this widespread hacking results in the theft of limited personal information. On the surface it may appear to pose little risk to individuals or organisations. 

However the individual reuse of passwords and usernames can turn these hacks into a jackpot. This allows hackers, and clients they sell hacked data to, to access a wider range of accounts for individuals, potentially uncovering richer information that is useful for identity theft, economic theft, intelligence gathering or for influencing decisions and behaviour.

Despite all the reports of hacking, it seems many people still treat this lightly - the world's most popular password remains '123456'.

Most governments, however, do not. Securing their networks is a major challenge and a significant expense item. The data agencies hold has enormous political and economic value that could be easily misused to the detriment of the state if it falls into the wrong hands, or into the right hands at the wrong time.

It's not simply about troop movements or secret deals - early access to economic or employment data, access to the 'negotiables' and 'non-negotiables' for a trade deal, or even to the locations and movements of senior political figures (to know who they meet and for how long) can be used for the financial and political advantage of foreign interests at the expense of a state's own interests.

For the most part, Australia's government is decent at managing its own network security. This isn't perfect by any means, but there's a good awareness of the importance of security across senior bureaucrats and largely effective ongoing efforts by agencies to protect the secure data they hold.

However in today's connected world national interest goes far beyond the networks directly controlled and managed by governments. As we've seen from the US (and now Germany), political parties and individual politicians have also become hacking targets for foreign interests,

This isn't surprising. Politicians, potential politicians and even academics have long been targets for funding assistance and free or subsidised study trips to nations hoping to cultivate influence in various ways. In fact these approaches provide some positive benefits as well - by creating personal relationships between powerful people that can lead to improved national relationships, trade deals and even avert wars.

Hacking, however, has few of these positives, as we saw in the release of Democratic National Congress emails by Wikileaks, which were most likely obtained through Russian state-sponsored hacking and likely was designed to influence the US's election outcome.

Whether you believe the cumulative findings of the US intelligence community or not, it is certain that foreign states, and potentially large multi-nationals corporations, will continue to target political parties, and individual politicians, seeking insights into how they think and levers of overt and covert influence for economic and political gain.

Hacking will continue to grow as one of the major tools in this work.

The Australian Government is taking this seriously - and kudos to them for this.

However even this focus on political parties neglects a wide range of channels for influencing current and potential future politicians. What about their other memberships and personal accounts?

Politicians and potential politician are well-advised to position themselves in various community and business groups to improve their networks, build relationships and future support. They are also just as likely as other Australians to use the internet - for work and personal reasons.

This means they're likely to have numerous online accounts with both domestic and foreign-owned services, with varying levels of security and access control. 

On top of this, it's not simply politicians who may be the targets of influence. Political advisors and activists often shape and write party policy positions, despite never being publicly elected. Influence an advisor and you can influence policy, as the many registered lobbyists know only too well.

Equally bureaucrats across government often are exposed to material that could, if shared with foreign interests, cause some form of harm to a state. We've seen this in insider trading by an ABS staff member, where the economic gain to the individual public servant outweighed his good judgement and public duty.

While bureaucrats are security assessed to a significant degree (unlike our politician) and selection processes are in place, backed by rules and penalties, to screen out the 'bad eggs', the potential for public servants to be influenced through hacking their personal accounts has risen along with their internet use.

Right now we're in an environment where the number of attack vectors on a politician, an advisor and on individual public servants, is much higher than at any past time in history - while our tools for protecting against foreign influences have not kept up.

Of course this goes both ways - our government also has the capacity, and often the desire, to influence decisions or negotiations by other states. We've seen ample evidence of this, although it isn't really a topic our government wants to discuss.

The question for me, and I don't have a solid answer yet, is how far technically should a government go to limit the influence of foreign states.

Should governments merely advise political parties on how to secure themselves better?

Or should governments materially support parties with trained personnel, funding or even take over the operation of their networks (with appropriate Chinese walls in place)?

What type of advice, training or support should agencies provide to their staff and Ministerial advisors to help them keep their entire footprint secure, not just their use of work networks, but all their digital endeavours?

And what can be done to protect future politicians, advisors and bureaucrats, from wide sweeps of commercial services collecting data that could be useful for decades to come?

We need to have a more robust debate in this country about how foreign states and commercial interests may be seeking to influence our policies, and decide as citizens the level of risk we're prepared to accept.

Until this occurs, in a mature and informed fashion, Australia is hurtling forward into an unknown future. A future where our political system may be under constant siege from those who seek to influence it, in ways that are invisible to citizens but more wide-reaching and dangerous to our national interest than any expense scandal.

If this isn't the future that we want, then it is up to us to define what we want, and work across government and the community to achieve it.

Thursday, January 19, 2017

90% of digital disruption is still to come (podcast)

A few months ago I interviewed with Andrew Ramsden of AlphaTransform, who has spent the last year capturing the thoughts of digital leaders around Australia (he also has a book in the works).

He's now published the interview as Episode 16 in his Alpha Geek Podcast - which is definitely worth checking out.

You can listen to the interview below, in which I suggest that we're still at the start of the digital transformation journey for society, for business and for government...

Thursday, January 05, 2017

Defining and celebrating effective Australian leadership

Victor Perton, former Victorian Parliamentarian, Government Advisor, Advocate, Board Member and one of my mentors founded AustralianLeadership.com in 2016 with the mission to "celebrate, understand and improve Australian leadership."

He interviewed me on the topic of Australian Leadership in late 2016 and recently posted the interview, which I've replicated below.

For other great interviews, visit his AustralianLeadership.com site where he's collected a variety of interesting perspectives on leadership in Australia.

Victor PertonCraig, what do you see as the unique qualities of Australian leadership?

Craig Thomler: One of the most appealing and positive qualities about Australian leaders is their approachability. Australia has much less of a sense of hierarchy than Europe or Asia, and this egalitarian attitude displays itself through a readiness for leaders here to engage with, and listen to, people at all levels of their organisation and to be open to engaging with a wide range of people from outside their organisations.

This leads to an increased willingness to entertain new ideas, as well as an improved understanding of the needs of different groups and results in decisions that are more inclusive and attuned to customer and staff needs.

Another unique quality is how laid-back Australian Leaders commonly are. This allows them to more effectively manage difficult situations without significant apparent strain, simply taking challenges in their stride. This quality isn't universally positive, on occasions, it can lead to a lack of attention to detail, or giving up a level of control over events, which can lead to additional downside risk in certain situations.

Finally, in my experience, Australian Leaders are commonly more collaborative than many other leaders around the world. This exhibits itself more commonly between organisations and in the decision-making processes of leadership teams. Often the ultimate leader in a leadership team is seen as 'first among equals' rather than as a level above others in the group, reflective of Australia's egalitarian outlook.

Victor PertonCraig, what are the qualities that Australians seek from their leaders?

Craig Thomler: I believe that Australians value approachability and 'down-to-earth' practicalities in their leaders. We don't commonly place leaders on pedestals or exalt them. We accept that they are humans, with flaws, and, to a degree, accept those flaws as part of the characteristics that makes them good leaders.

Leaders who see themselves as 'above' others, due to expertise, experience or position, or who portray themselves as flawless, tend to be less credible to Australians and less believable as leaders.

Australians also value honesty and a sense of fairness in their leaders. Leaders who do not exhibit these traits consistently rapidly lose their shine and then their effectiveness.


Victor PertonCraig, what is the finest story of Australian leadership you have experienced or observed?

Craig Thomler: Probably the finest act of leadership I have observed in Australia in the last five years was by Lieutenant General David Morrison AO, whose position on sexism and violence against women, per his video statement in June 2013 (see below) demonstrated clear and effective values-based leadership on a topic that other Australians in leadership positions - both public and private sector - had been unable to grapple with.

His statement, which reverberated around the globe, drew a clear line in the sand on appropriate behaviour not only in the Australian Army but across the Australian community.