Wednesday, April 25, 2018

Governments are getting serious about innovation capability

The Australian government has been touting the importance of innovation for several years now, with the Coalition's innovation agenda recently conceded to be a political failure due to its lack of resonance with the Australian public.

However underneath the politics, government agencies across Australia and New Zealand have been vigorously expanding their innovation capability, as the The Policy Lab at Melbourne University recently reported.
"A vibrant public sector innovation landscape is emerging in Australia and New Zealand. Public sector innovation (PSI) units are increasingly being established by governments to bring new insights and approaches to policy design and the delivery of public services."
The Mapping Public Sector Innovation Units in Australia and New Zealand 2018 Survey Report identified at least 26 PSI units across Australian and New Zealand government at different levels, across agency-run, agency-led and industry-led units - and that only counts the units the researchers were able to identify, which missed units such as The Garden from Accenture and some deeply embedded innovation teams within certain government organisations.

Notably a number of these units remain new, with a quarter less than 12 months old, and more than half less than two years old, and small, with half employing 5 or less staff. As a result many of these labs relied on consultants and contractors with specialised skills to function effectively.

In Australia all of the agency-owned & led innovation units were focused on a single (funding) agency, whereas New Zealand has established two cross-government units, which work broadly across government.

Interestingly most staff at government-based units were long-term public servants. These units did not draw significantly on external talent from Australia's innovation networks - which raises alarm bells for me in terms of building a blend of talent with broad experience across the innovation ecosystem.

My personal experience with these innovation units has been mixed. Some are still very locked into public sector norms, and find it difficult to produce more than iterative innovations, whereas others have embraced the freedom to innovate and are already providing significant returns. In my experience the more diverse the staff experience, and the more 'liberated' from public sector norms, the more effective these units tend to be.

The areas of policy these units worked in were quite diverse, ranging across 'social issues, housing and welfare’, ‘Public administration and governance’, ‘Education’, ‘Health’, ‘Indigenous and Maori issues’, ‘Transport’ and ‘Policing, crime, and the justice system’ - a good sign that the value and need for innovation is  being recognised broadly across government, if not deeply.

Now while I have had concerns about some of these units turning into 'innovation ghettos' - where agencies tend to look to these units to provide the bulk of innovation within agencies, there are strong signs - particularly in New Zealand - that in many cases these units are functioning more as facilitators and amplifiers for innovation rather than innovation mines.

In my view there's plenty of innovation across government and the long-term challenges to realising this innovation as progressive improvement of government services, effectiveness and efficiency have included hierarchies stifling innovation based on source, poor pitch/amplification skills, limited capability to scale & execute, perceptual fears and budget mismatches.

If government innovation units can address these challenges effectively, then the future for these units looks bright.

Saturday, April 14, 2018

The danger when political parties assimilate the duties of government

While it rarely becomes top of mind for voters, there are times where political parties attempt to take on some of the responsibilities of governments, either because they don’t trust government agencies to perform these duties, or they perceive some form of electoral or financial value in doing so.


Now I can’t speak for their intentions, and it may seem benign that a political organisation ‘helps out’ by conducting the arduous job of encouraging people to provide their views on a complex governance issue, of collecting and collating these responses and then presenting them to the government of the day for consideration, but I’d like to quickly highlight some of the perils in this approach.

Firstly it is important to recognise that governments and political parties are separate organisations. Political parties are privately owned and run for the benefit of their members, whereas government has a responsibility to the entire community and is, in effect, owned by all citizens. As such their motivations and interests can be extremely different at times, even when politicians from these political parties are elected to parliament and serving as the government of the day.

One of the most striking differences is in their financial motivations. Political parties attract funding from donations, investments, events and membership fees and are constantly looking for additional funds to help them build their structures and campaign more effectively during elections. They operate like private companies with limited scrutiny over their books. Governments operate in an environment of much higher public scrutiny and accountability. You have a right to see how your governments is collecting, employing and disbursing its funds - but no such rights of oversight over the political party that your elected officials belong too.

Similarly governments have certain obligations around privacy designed to protect individuals from undue government interference (noting people may debate whether these go far enough or are equitably enforced), whereas political parties, through the machinations of their elected parliamentarians, excluded themselves from the provisions of Australia’s privacy law. This means they can collect and combine data about any citizen without scrutiny or oversight and citizens have no right to ask what private information political parties hold on them, let alone to correct this information should it be incorrect.

These two areas of difference in combination, financial and privacy, lead to very different motivations and approaches between political parties and governments. For example as there is no requirement for a political party to act in an unbiased manner, it may favour engagements with citizens who pay them more money, via ‘donations’, or who they feel, from the information they hold on them, are more receptive and likely to vote for that party’s candidates to form government.

Governments are not allowed to show such bias, and there can be significant consequences when they do, creating a constant tug of war for elected politicians whose loyalties are divided between their party, serving their big donors and supporters, and the state, serving all citizens on an equitable basis. 

This tension can be managed to some extent in governments, where the public accountability requirements reveal inequitable activities by politicians and provide methods for injecting more balance, or censure - although most politicians do skim as close to the line as they can.

The tension cannot be managed however, when political parties take on roles that government usually performs. Instantly that public accountability disappears and politicians and their parties have a different set of motivations in play, based on party gain rather than public good.

Even when politicians are public minded and seeking to do the right thing, that’s no guarantee that their party machinery, which answers only to itself, not the public, will not use these opportunities to just bias the process a little in their favour.

This is where I come to the example of the ACT Liberals and their role in a public consultation process.

Any individual or organisation can choose to promote a public consultation (I regularly do this myself) or provide a free service where it provides forms for collecting responses, aggregating and submitting them to governments. There’s some notable groups doing this today - including activist and lobby groups like GetUp and the Australian Christian Lobby, retailers like EB Games which provided a response and submission mechanism during the consultation on R-rated games, and industry bodies such as the Australian Mining Council which regularly collects and submits the aggregate views of its members in relevant consultations. Change.org and similar services allow individuals to undertake this appproach in a similar manner - though more linked to petitions than consultation responses.

These groups are all entitled to take these steps, and generally do so in order to promote their ‘side’ of views. The extent to which they will entertain and pass on divergent views differs by organisation, but if you wish to take the chance they will not pass on your response, that’s your decision to make.

Political parties differ slightly when doing this. Firstly they exist outside the privacy act,  are expected entitled to keep everything you say and add it to their file on you, helping them decide down the track whether you are someone they wish to cultivate for donations or would consider helping in a governance matter. As they are exempt from privacy law and  privately owned, there isn’t no scrutiny on whether they modify your submission, aggregate it with others in deceptive ways to push their point or simply withhold it from government altogether.

At the same time the public expectationsof political parties are much higher. If your local member asks you to provide feedback on an issue via their website it can convey the appearance that you are directly responding to the government and thus have the public probity rights you should expect when responding on an agency website, even though you don’t.

This can easily mislead voters with a more limited understanding of our political processes, who trust their elected representative to behave according to government requirements.

In the case of the ACT Liberals there was also the matter of 19 misplaced responses which were caught in a spam filter. 

Tragic to say this has happened at government agencies as well, and I have direct experience of helping agencies resolve this technical problem. 

While it is the headline of the Canberra  Times article, I regard this as less of a concern than the ability of the party to select or reinterpret the responses it passes to government, while keeping all the details of every response in their citizen database for future electoral advantage.

This is a single example of the risks of political parties taking on government responsibilities but serves to illustrate the broader issue. When duties move out of government to party machines we love the ability for public accountability, the tasks are performed by individuals without a contractual and cultural commitment to be apolitical and the motivations change to be less equitable and more ideologically driven.

Whether it is collating consultation responses, negotiating trade agreements, advising the Minister on complex matters, making purchases, providing services or otherwise transferring a government process to a political party team, or some other task, we lose as a democracy when political parties absorb or deliver more of the functions of government.

Even when the intentions are good, corrupting the approach is far easier and less accountable and it undermines our nation when this occurs.

Monday, April 09, 2018

How modern democracies face destruction if they can't stop building digital Maginot Lines

The recent revelations in the media about the collection of personal information from up to 87 million Facebook users by Cambridge Analytica and its use to influence political outcomes (successful or not), should be sending chills down the spines of everyone involved in information security, privacy and governance.

That people's data can be appropriated and used to manipulate democratic processes is a clear threat to the basis of democracies around the world - and governments appear to be flailing on what to do about this.

Now certainly corporations, such as Facebook and Google, have both legislative and business reasons to protect personal data. It's their lifeblood for making profits and without a sufficient level of public trust to keep people using these services these companies would largely disappear overnight.

However governments also have a responsibility to safeguard their citizens, and their own institutions, from external manipulations of their democratic systems - whether this come from foreign states, corporations or even particularly influential groups in society.

While Facebook is responsible for allowing a researcher to create an app that could such down the personal data of many people, even without their consent, it may not have been illegal for Cambridge Analytica to do this (although their subsequent use of this data for electoral manipulation may have been), and while Facebook may be investigated for privacy breaches, the consequences to Facebook and Cambridge Analytica appear to be more social than official to-date.

For me the spotlight is more on governments than the corporations involved. Laws exists to provide a legal basis for managing anti-social behaviour and power imbalances (such as between large organisations and individuals) such that the basic unit of the state, the individual citizen, has their personal rights protected and has clarity about their obligations as a citizen.

In this case governments did not have the laws and frameworks in place to detect, limit or even rapidly prosecute massive breaches of personal privacy or attacks on their own institutional validity.

Governments that cannot protect themselves or their citizens from external influences - whether these be physical or digital - do not remain governments for long.

I see the Cambridge Analytics scandals as another in a long series of examples as to how modern democratic governments have failed to put appropriate mechanisms in place to protect citizens and themselves from modern threats.

Like the Maginot Line built by France in the 1930s, governments are investing in expensive, unwieldy and inflexible infrastructures for past threats. And, like the Maginot Line in 1940, these infrastructures have proven again and again that they fail in the face of modern agile opponents.

Thus far the reaction by governments has largely been to acknowledge failure, promise to do better and then return to investing in legacy infrastructure, attempting to modify it as cheaply and as little as possible to address modern threats.

From the cascading series of security breaches at scale, rising digital interference in western elections and undermining of democratic institutions - I think the evidence is clear that the strategy is failing.

So what are governments to do? How do they adapt their approaches to address a threat that can come at any time, through any channel and often targets civilian infrastructure rather than state-controlled infrastructure?

The first step is to recognise that their current approach is not working. The political and commercial opponents seeking to weaken, influence, manipulate and destroy western states do not limit themselves to playing by western rules.

The second step is to recognise that this isn't a problem that governments can solve alone. Protecting government infrastructure is pointless if power grids and financial sectors are manipulated or destroyed. If a hacker wants to shut down a government office it is often easiest to cut their power or payroll than attack the government's servers directly. In the longer-term the public can be turned against a government through social media engagement using fake news and slanted reports.

The third step is to redefine what constitutes the state and what it values. Government is a tool used to govern a population. It is a component, but not the only, or even the most essential, in defining a nation's character or values.

Then, we need to rebuild our thinking from first principles. What do we value, and what do we not value? What conduct is appropriate, and by whom? How do we protect freedoms for citizens while defining their responsibilities? How do we educate citizens to understand that they have an active ongoing role and responsibility to help maintain our freedoms - that their obligation doesn't stop at a ballot box every few years? How do we redefine the role of corporations and other organisations (including government agencies) as good organisational citizens in a society? What are their rights and obligations towards citizens, stakeholders and shareholders?

This doesn't mean turning western democracy into security states. In my view the growth of state security apparatuses is a poor solution, part of the Maginot Line of centralised control that is failing so badly to protect democracy from a swarm of diverse threats. Indeed, the idea of decentralising security in favour of emphasising personal responsibility through education is, in my view, the best course to protect our nations' values.

We need an inclusive approach, backed by sound principles and collective values, that preserves what is important to our societies and inoculates us from unwanted external influences.

Without this we will lose who we are in protecting what we want - turning us into authoritarian states, the mirror of our enemies.