Showing posts with label communication. Show all posts
Showing posts with label communication. Show all posts

Thursday, February 02, 2023

It's time for Australian government to take artificial intelligence (AI) seriously

Over the last two and a half years I've been deep in a startup using generative artificial intelligence (AI that writes text) to help solve the challenge organisations face in producing and consuming useful content.

This has given me practical insights into the state of the AI industry and how AI technologies can be successfully - or unsuccessfully - implemented within organisations to solve common challenges in the production, repurposing and reuse of content.

So, with a little prompting from the formidable Pia Andrews, I'm taking up blogging again at eGovAU to share some of my experience and insights for government use of AI.

I realise that Australian governments are not new to AI. Many agencies have been using various forms of AI technologies, directly or indirectly, to assist in understanding data or make decisions. 

Some may even include RPA (Robotic Process Automation) and chatbots - which in my humble opinion are not true AI, as they both are designed programmatically and cannot offer insights or resolve problems outside their programmed parameters and intents.

When I talk about AI, my focus is on systems based on machine-learning, where the AI was built from a body of training, evolving its own understanding of context, patterns and relationships.

These 'thinking' machines are capable of leaps of logic (and illogic) beyond any programmed system, which makes them ideal in situations where there are many edge cases, some of which can't be easily predicted or prepared for. It also places them much closer to being general intelligences, and they often exhibit valuable emergent talents alongside their original reasons for being. 

At the same time machine-learning is unsuitable for situations where a decision must be completely explainable. Like humans it is very hard to fully understand how a machine-learning algorithm came to a given conclusion or decision.

As such their utility is not in the realm of automated decision-making, but rather is assistive by encapsulating an evidence base or surfacing details in large datasets that humans might overlook.

As such machine-learning has vast utility for government. 

For example,

  • summarizing reports, 
  • converting complex language into plain, 
  • writing draft minutes from an intended purpose and evidence-base, 
  • extracting insights and conclusions from large research/consultation sets, 
  • crafting hundreds of variants to a message for different audiences and mediums,
  • developing structured strategy and communication plans from unstructured notes,
  • writing and updating policies and tender requests, 
  • semantically mapping and summarizing consultation responses,
  • developing programming code, and
  • assisting in all forms of unstructured engagement and information summarization/repurposing.

As such machine-learning is as an assistive and augmentation tool. Extending the capabilities of humans by doing the heavy lifting, rather than fully automating processes.

It's also critical to recognise that AI of this type isn't the sole purview of IT professionals and data scientists. Working with natural language AIs, as I do, is better supported by a strong business and communications skillset than by programming expertise. 

Designing prompts for an AI (the statements and questions that tell the AI what you want) requires an excellent grasp of language nuances and an extensive vocabulary.

Finetuning these AIs requires a strong understanding of the context of information and what constitutes bias, so that an AI is not inadvertently trained to form unwanted patterns and derive irrelevant or unneeded insights.

These are skills that 'business' folks in government agencies often possess to a far greater degree than most IT teams.


So through my eGovAU blog, I'm going to be regularly covering some of the opportunities and challenges I see for governments in Australia seeking to adopt AI (the machine-learning kind), and initiatives I see other governments adopting.

I will also blog occasionally on other eGov (or digital government) topics, however as this is now well-embedded in government, I'll only do so when there's something new I have to add.

Read full post...

Thursday, October 31, 2019

Digital is boring - it's time for purpose-based transformation

One reason I've posted less frequently in this blog over the last few years is that, frankly, digital in government has become boring.

Digital is now well-embedded in virtually every agency and council at every level of government in Australia and New Zealand, and mobile & online have now been the primary channels for citizens to engage governments for almost ten years.

My predictions back in 2006 that all government communicators would have to understand digital tools as part of their engagement mix have largely been realised, with social being well integrated into agency communications. Albeit this is still far too outbound only for my taste in many organisations & there's continuing overly restrictive social media rules in place for public servants via the APSC which I know are causing a number of quality candidates to avoid applying for government roles.

Cloud is widespread, if not fully understood or embraced and open source and open data are part of the landscape - although there's not been the full value yet realised in my humble opinion.

Digital as a profession has splintered into a range of specialist roles, with clear career paths and their own conference circuits and communities of practice. Meanwhile digital savvy senior executives are no longer as rare as hen's teeth, albeit not yet as common as Canberra taxi drivers with political opinions to share.

Design Thinking and Innovation are everywhere (even buzzwords), and Agile has climbed out of ICT into policy and service delivery spaces, adding value in most places it touches.

It's true that many agencies are still in the throes of Digital Transformation - but this has moved largely on from updating foundational systems to true value creation.

In sum government has advanced in how it understands and uses digital to improve governance and service delivery while reducing costs,  however similar to the old tale of King Midas, Digital has become more Bureaucratised - something government does to everything it touches - fit into the hierarchy and tamed, rather than transforming the basis of how agencies govern.

As such I think it is time to stop talking 'digital transformation' and start talking 'purpose-based transformation'.

Previous Digital Transformation often (incorrectly) put the emphasis on the Digital rather than the Transformation, being more of a lift & shift approach where governments supplemented or replaced physical transactions and locations with digital equivalents.

There was some service transformation undertaken, with each process looked at individually, or even within the context of specific personas and life events, to redesign them to be slightly easier to use.  However there haven't been the mechanisms in place (structure, financing, capabilities or legal frameworks) to reinvent the relationship between government and citizen, or government and stakeholder, or government and supplier.

As a result, despite shiny new online transactional services, supporting systems and growth in their use, there's still overall a lack of clarity in many agencies about how these transactions meet or support the overall purpose of the agency itself. While the transaction might be seamless and secure, what is the 'price signal' it gives to citizens using it?

Are citizens nudged to be good auto-shoppers, self-servicing their needs, or is there a bigger purpose being met in how these digital services help citizens to meet their actual needs, rather than complete a form and press a button?

Purpose-based Transformation, which I raised in a conversation over lunch with Pia Andrews this week, is all about getting back to understanding the roots of why an organisation exists and what is is trying to achieve. It is then about testing whether the current organisational design has a laser sharp focus on fulfilling that purpose through their every interaction - whether with citizens, organisations or other agencies.

Revisiting, and restating that underlying purpose and validating whether the organisation is currently fit for it becomes the first step in a transformation approach that builds on everything we've learn through digital and focuses it on the value proposition of the organisation, rather than the value stream from a specific service or process.

Taking a purpose-based approach allows an agency to think about all its procedures, processes, services and systems from a different perspective. One that is ultimately user centric through a focus on why the organisation exists and expressly seeks to achieve.

In this Purpose-based transformation context, Digital becomes an enabler of the approach and new experiences, rather than an end in its own right.

The goal is measured based on how well the purpose is delivered, rather than on the take-up and cost-savings from transactions.

The outcome of such a Purpose-based Transformation is a redesign of the structure and organisational procedures, systems and services - root and branch - leveraging digital to rethink the entire organisation from the ground up, not simply for specific processes or systems.

Imagine what could be achieved with a purpose-based transformation to address some of the underlying challenges that digital transformations have sometimes simply wallpapered over.


Read full post...

Tuesday, May 15, 2018

If exposure to social media messages can affect human moods & more, what responsibility do digital marketers & organisations hold?

There's a lot of evidence available now that the emotional tone of the messaging that people are exposed to on social media goes on to affect their mood, posting behaviour, and aspects of their health and actions.

A study by Facebook and Cornell University in 2012 (published in 2014) that involved modifying the emotional valance of posts on 689,003 users' Facebook News Feeds, putting aside the ethics of experimenting unknowingly on their users, evidenced a strong link between what people saw in their Feed and the emotional valance of what they posted afterwards.

The study postulated that 'emotional contagion' was very strong in social media channels, with the capability for peoples' moods and behaviours to be significantly altered through exposure to messaging that expressed certain tones or viewpoints.

Other research has validated connections between the emotional tone of the social and digital media we consume and the behaviours we exhibit - which really should not come as a surprise as it is the basis of the advertising, propaganda and marketing industries (using emotional triggers to stimulate behaviour change) and is readily visible in the mood swings evident in forum, Facebook and Twitter conversations over time.

So if we can be fairly confident that emotional tone is 'contagious', and that emotions then influence behaviours, what is the responsibility of communicators and marketers when using digital and social media to engage audiences at scale to 'set' the right tone?

I've long been a proponent of having clear community guidelines for communities that government agencies and companies establish in order to set the appropriate context and tone for conversations up front. Failing to do this can lead to communities rapidly moving beyond the influence of the establishing organisation and having conversational tone going to places that are undesirable or damaging.

However even when posting or promoting material through general digital channels there can be a significant impact on audience mood and behaviour depending on the approach taken by the organisation - even for 'emotionless' statements of fact that could be perceived in negative or positive ways.

Simply stating the facts and taking no responsibility for the audience's emotional reaction is a common, but flawed strategy, when it is used as a way to justify that the organisation is blameless as to how others react (and I have to admit that I've used this to 'excuse' myself in personal conversations as well).

While it isn't always possible to predict how a group, or particularly how an individual, will react to a given message, we can design and test our messaging to bias toward a particular emotional and behavioural response.

This could be seen as manipulative, but arguably is no more manipulative than dropping unpleasant information in a factual manner and then blaming the negative reaction on the 'receivers'. Whenever we communicate we are aim to have an impact, so it only behooves us to strive to minimise any harm that could come from our communications as far as is possible.

So when participating or advertising online, digital marketers need to develop a sound understanding of their audiences and be mindful of the impacts of our communications - much as how newspapers now provide support line contact details at the end of disturbing articles.

When emotional contagion takes hold and amplifies an emotional or behavioural response - whether for good or ill, the impacts can be enormous - and digital marketers and communicators need to own their contribution in these cases.

Read full post...

Thursday, November 24, 2016

Census 2016 Senate Inquiry report - what's been recommended to avoid another #CensusFail

Both the Senate Inquiry report on Census 2016 and the Review of the Events Surrounding the 2016 eCensus (by Alastair MacGibbon, Special Adviser to the Prime Minister on Cyber Security) have just been released - I've embedded both reports below (so they appear in one place).

They are a good read with some useful recommendations for the future.

Reflecting on what has become known as #CensusFail, in comparison to other technical issues experienced by government, the Census 2016 experience probably rates as the most significant public ICT issue experienced by the Australian Government so far this century.

While in the last 15 years the Australian Government has had other incidents, these have been relatively minor, with limited public visibility or impact.

This includes incidents such as the 15 year delay in creating an Apple version of e-Tax (now rectified), launch issues with sites such as MySchool, challenges with access and security within the MyGov system, data breaches from the PCEHR (personally controlled electronic health records) eHealth system and the accidental exposure of private data for asylum seekers.

In contrast, the issues experienced during the 2016 Census have been far more widespread in their public visibility, impact and long-term ramifications for trust in government.

However, to put "the most significant public ICT issue experienced by the Australian Government this so far this century" into perspective - no-one died, no-one was hurt and no-one even lost control of their personal data.

At worst a number of government and IBM staff experienced unhealthy levels of anxiety for several days.

Given the struggles that developing countries have had to get their egovernment ICT working in the first place (with a reported 15% success rate); or the challenges advanced countries like the US have had with national systems (such as ObamaCare); or the experience of states like Queensland, which could not pay some of its Health staff for some time when its new payroll system failed, CensusFail just doesn't rate as an ICT disaster.

The actual operational impact of the 2016 Census problems was merely a short delay for people attempting to fill in the Census online.

Ultimately the ABS still exceeded the desired Census response rate, will still be releasing Census data much faster than ever before, and the agency still saved over $70 million dollars by moving more of the Census online.

However despite not actually rating as a ICT disaster, there was still a real cost to CensusFail - the perceptual and reputational damage from the ABS publicly failing to deliver on its Census Night promise, exacerbated by poor crisis engagement.

As a net result the real impact of CensusFail is on long-term governance in Australian, due to a reduction in trust in public institutions to 'do the job right the first time'.

I'm aware of other agencies now being regularly questioned by their Ministerial offices on whether they have any systems or projects which pose a similar reputational risk to the Australian Government. I've watched as the term 'CensusFail' has become the 'go to' term raised whenever a new government ICT issue is reported.

As a result the trust in government agencies to deliver complex technical solutions has been diminished, and it will take years to recover.

I hope that the recommendations in this Senate report, the lessons from Census 2016, will be top-of-mind for every public servant and Minister engaged in a significant government ICT project for years to come.

Hopefully the right lessons will be learnt - that managing your communications and public engagement well when the ICT gets wonky is critical.

In fact you can even transform a technical failure into an engagement success, if you get your messaging and timing right - strengthening, rather than weakening, trust in government.

Census 2016 Senate Inquiry Report as redistributed by Craig Thomler on Scribd


Read full post...

Monday, October 24, 2016

For how long should we judge people by a few intemperate comments?

Over the last few weeks we've seen several prime examples of individuals being judged and convicted by comments they made at some point in the past.

Most would now be aware of the leaked tape of Donald Trump and Billy Bush, whose 'locker room talk' recorded in 2005 has led to an exodus of support and new sexual harassment claims against the US Presidential Candidate, and Bush's exit as a NBC News anchor. Trump has said that 'no-one respects women more than him' and apologised for his words, stating they were merely words and that he'd never act in such a way (prompting a number of women to come forward with examples of a pattern of behaviour).

Some may also be aware that last week Twitter fired Greg Gopman after a month, when TechCrunch republished one of Gopman's Facebook comments from 2013, in which he called homeless people 'trash'. Subsequently to his comment, and before the Twitter firing, Gopman had quickly apologised and taken a number of actions to help the homeless community in his city.

Without commenting on the merits of either sequence of events, I believe that society, and organisations, need to seriously consider how to manage intemperate comments by individuals and their ongoing impact on lives.

We now live in a world where almost any comment may be recorded and kept indefinitely - and can resurface at anytime.

These comments may be said in the heat of the moment and later repented, or may form part of a long-term pattern of behaviour that defines an individual's approach and thinking.

However in the hothouse of modern media, context is quickly lost. The distinction between a pattern of abuse or bad character and an occasional momentary weakness or bad behaviour rarely survives a media and social media scrum.

Even positive or neutral comments, or a moment in time video, recording or photo , when used out of context, can have a devastating impact on an individual's future prospects, their ability to contribute to society, as well as on their family, friends and employer.

With teenagers experimenting with social norms in public social channels, and fast-shifting social norms catching older people out for unwise comments made decades ago, few of us can truly say that none of our past comments cannot, and will never, be used against us.

Moving forward do we want to be a society where we drag everyone down to the worst versions of ourselves - where we glory in ripping and tearing others apart for momentary lapses of judgement, fast regretted?

Or do we wish to be a society that glories in redemption, that allows people to make mistakes, correct them and move forward and upwards to their best selves - provided they actually do.

Organisations need to decide when they will they stand behind individuals who make a few mistakes and correct themselves, even in the face of a media storm. They need to decide where to draw the line between intemperate mistakes and intolerable character flaws and patterns.

Otherwise we're heading toward a society where there's no second chances, no room to grow and improve from one's 17 year old self. A society where those of truly bad character conceal themselves and thrive (even into high office) by claiming that everyone who has ever made a mistake is just as bad as them.

The first step required is to have that conversation - in the media and in organisations. We should not 'walk past' a discussion and simply seek to control information in the hope of protecting otherwise good people from the mistakes of their past.

The standard you walk past is the standard you accept.

Read full post...

Friday, August 26, 2016

How to shut down the easiest path for hackers into your organisation

In the news today is a story about how the Department of Prime Minister and Cabinet has issued guidance to staff on how to manage their personal profiles on Facebook.

According to the The Age's article, 'Nanny state!' New crackdown on public servants' Facebook the department "now insists its public servants lock their personal Facebook accounts with the tightest possible privacy settings and tells them how to configure their passwords".

Based on The Age's article the policy states that "Profiles must use a robust and secure password to protect the account from brute-force hacking attempts".

"This password must be at least seven characters long and contain a mixture of punctuation and alpha-numeric characters".

The policy apparently threatens disciplinary action and even dismissal for non-compliance for both staff and contractors.

I've not yet read the policy so can't comment on the details, and there's also apparently some other parts of the policy dealing with what public servants can comment on, which I don't expect to agree with.

However, I find the advice on security and passwords as fair, long overdue, and something that all organisations should consider providing to their staff.

Hacking is fast emerging as one of the most significant commercial risks for corporations and public agencies, with organised crime and nation-states mobilising sophisticated teams of computer hackers in the search for commercial and political advantage.

Few weeks go by without a major international company or online service being hacked for data, and alongside this the growth of ransomware - where hackers lock organisations out of their own systems and demand money for access - is proving to be a challenge worldwide.

Many large organisations have extensive security provisions in place to protect their data and services against hackers and security advisors are working as hard to keep their system protected as hackers are to find new ways in, in a cyber cold war.

However IT systems are not the only way into an organisation's data heart. 'Social engineering', a term referring to coercing staff to create a chink in an organisation's security armour, is increasingly one of the easiest ways for hackers to sidestep security professionals.

Social engineering takes many forms.

Leaving USBs with malware at a location where staff might pick them up and unsuspectingly put them into an organisational system, sending them email attachments supposedly containing cute kittens (with a cyberworm inside), fooling them with a fake email from security into believing they need to reset a system password by clicking on a link - which gives a hacker access.

There are many many ways in which employees can be fooled, even the most highly intelligent people, and used to evade or break their organisation's security.

Even if people can't be fooled, there's ways to get critical information about them which can provide clues to passwords, or provide blackmail opportunities.

For example, many people still use memorable passwords - children's names and dates of birth, anniversaries, pet and street names, achievements and more. With a little digging through publicly available information, or even information compromised from a weaker external service, hackers can quickly create a potential password list which might give them a route into a more secure system.

Unfortunately many organisations have been slow to address this threat by educating and supporting staff on protecting ALL their information online - from their secure employee logins, to their Facebook accounts and random mailing lists they sign up to.

This education is important not simply for the organisation's security, but for the personal security of individual staff members, who are also at risk from hackers who simply want to steal from them.

In fact there's every reason to believe that well constructed advice to an organisation's staff on protecting themselves online will be well received. It not only protects the organisation, it protects each individual staff member and often their families as well.

So what PM&C is doing with suggestions on passwords and locking down Facebook isn't a 'Nanny State' act - it's a sensible step that every organisation should be doing to protect their commercial information and client data, and to protect their employees.

Now a 'policy' may not be the best structure for this education - I strongly recommend that every organisation should have a 'security awareness' module in their induction program, and ensure that all existing staff receive regular training on how to protect themselves and the organisation they work for from external hacking threats.

This needs to be regular, not once-off, because of the rapid evolution of hacking and IT systems. New threats emerge regularly, as do new social engineering attacks.

Training all staff on how to secure ALL their online accounts is becoming vital for organisations that are serious about security.

In fact I believe that organisations who lose control of personal, private or confidential client, staff or government data should be penalised more harshly if they've not taken steps to guard against social engineering through staff training.

So if your organisation wants to continue to improve your security, don't simply invest in new IT systems and security advisors. Regularly train your staff on how to protect themselves online and they'll help you protect your organisation.

Read full post...

Friday, August 12, 2016

What follows #CensusFail

I think it is now safe to say that, technically at least, #CensusFail has peaked, with the ABS and IBM successfully restoring most access for the Census 2016 site.

While there are still scattered reports of failures, not recognizing JavaScript is turned on, issues in some browsers and variable levels of access for people with VPNs, by and large the site is limping home.

Increasingly it appears that there was no large denial of service attack on the ABS, just a cascading series of issues which made the census service vulnerable to demand peaks, with perhaps a small attack being sufficient to drive it over the edge.

The repercussions and fallout for the incident will occur for a long time. Several official reviews are already in motion, all of IBM's advertising in Australia remains offline, and the ABS has not changed its engagement and communications course in any perceivable respect.

The ABS is likely to be feeling the initial impacts of the next demand spike - not of census traffic, but of Freedom of Information requests, with journalists, privacy advocates, IT experts and others all interested in understanding what decisions were made, where and by whom.

Hopefully the ABS will scale its capability effectively, unlike the Census experience, or take the high road and proactively release information, including server logs (anonymised of course) that allow external parties to understand the progression of events and clarify what occurred and the good work the ABS did to protect the data of Australians (their key commitment) throughout the incident.

The real risk now is that politicians and ABS management will try to switch back to business as usual too quickly, answering to official enquiries about the incident but refusing to answer to their real owners - Australian citizens. There's a tendency in most organisations to spring back into normal operations to quickly after a crisis, forgetting that the collective external memory is often longer than insiders expect.

The consequences of #CensusFail are likely to have ripples affecting every major government IT project, significantly reducing political and public trust in digital initiatives by many federal agencies, as well as impacting on state and local government initiatives.

In many other digital projects politicians and citizens will ask for additional safeguards to protect against a potential #CensusFail, no matter how unlikely it may be. This will add cost and time to these projects, pushing up IT expenditures at a time when budgets are being cut, causing agencies to delay and defer the more expensive or ambitious projects and attempt to keep limping along on existing infrastructure for just a year or two more.

In extreme cases this may increase risk, with already old systems pushed beyond their commercial lifespans, in broader cases it will harm innovation and cause governments to fall further behind their peers elsewhere in the world.

This seems a bleak picture, but I don't blame the ABS for this. It is a consequence of the lack of political IT expertise we continue to see across many Australian governments and of the risk-averse cultures that continue to flourish across governments despite the increasing downside risk of this stance.

It takes a long time to turn a big ship, and in this instance the ship is Australia. We are not educating our children or adults adequately to master a digital world and we do not have the level of IT knowledge or capabilities we need as yet to sustain a first-world infrastructure.

This flows through our corporations, our public service and our political leadership and it cannot be solved by the import or outsourcing of expertise.

I wish the ABS well in rebuilding their reputation following #CensusFail. In five years when the next Census is held the organisation will still be dealing with the fallout from 2016.

However the real failure and fallout in 2021 will be much greater if Australians have not invested in building our collective digital expertise to the levels we require to continue to grow our national wealth and economy, to sustain our standards of living and maintain our place as a first world democracy.

Read full post...

Wednesday, August 10, 2016

#CensusFail - What the ABS did well, what they didn't & what other agencies should learn from it - PLUS: Who attacked the Census?

I feel sorry for the ABS guys this morning - they've just seen three years of planning and effort effectively blow up in their faces, and I expect many staff are now scrambling to address the issues from overnight in order to move forward.

I know how dedicated and hard working they are, and how committed they've always been to providing a statistically accurate picture of Australia to support good government policy and services.

However I also feel it is appropriate to look at what's happened with the Census 2016 process - the good and the bad - and provide some context and thoughts for others across government on what they can learn from the ABS's experiences.

It is right after Census night, and much remains unclear - I expect a more complete picture of events to emerge over the following days and weeks. However there's still much that can be observed, critiqued and analysed from the events thus far.

Let's look at the facts to start.

This was the ABS's 17th Australian Census and the organisation has a highly enviable international reputation for its capability to effectively collect, securely store and usefully distribute Australian statistics. It is one of the best organisations of its kind globally and has been highly trusted and respected by successive governments and the Australian public for how it has conducted itself over the last 105 years.

Despite this, successive governments have progressively cut the ABS's funding, with the ABS forced to consider making the Census 10 yearly, rather than 5 yearly, due to budget cuts. In fact if not for a $250 million 5-year grant from the Coalition government in 2015 to upgrade ageing (30yr old) computer systems, it is questionable whether the ABS would be positioned to maintain Census timing and reliability.

The 2016 Census was the first in Australian history to be predominantly online. The ABS has had an online capability since the 2006 Census and was moving digital in degrees. For 2016 the ABS estimated it would cost at least $110 million extra to hold the census predominantly in paper, so the move to digital first was both sensible and pragmatic given the ABS's reduced funding.

As a result, the ABS aimed to have at least 65% of Australian households (call it about 6.5 million) complete the Census online.

Around the same time the ABS (not the government) also made a decision to retain names for up to four years (up from 18 months in 2011 and 2006) after the Census and create linking keys which would be retained indefinitely. The purpose was to allow the ABS to connect Census data with other datasets to uncover deeper statistical trends to better inform policy.

The ABS did conduct a form of public engagement over this decision to retain name data and linking keys, however this was quite limited - I wasn't aware when it was held and apparently it only received three public responses indicating concern.

The same proposal was discussed in 2006 and 2011 and rejected due to privacy concerns. I'm not sure how the ABS felt the situation or environment had changed to make this proposal acceptable.

Over the last four months privacy advocates, senior ex-staff of the ABS and non-government politicians have become increasingly vocal over this privacy change - with the discussion coalescing online at #CensusFail over the last two weeks (just prior to 'Census night').

The ABS's response to this has been to largely repeat (in various ways) 'you can trust us', and avoid publicly engaging with the issue or its underlying causes in detail.

Partly as a reaction to not feeling heard or engaged, the voices of opposition have gotten louder and louder, reaching the media and prompting at least seven Federal politicians to publicly announce they would not be providing their names to the ABS in the Census. Alongside this, IT specialists have tested the edges of the ABS's Census systems and highlighted several apparent vulnerabilities - which the ABS has also not engaged with in a public way beyond 'trust us'.

At the same time ABS phone lines for Census were widely reported to be congested - with the ABS in its site saying from 8 August that people should delay calling until the 10th (after Census night on the 9th).

It's worth noting that alongside this slowly rising opposition, the ABS was quite outspoken about how people who did not complete the Census could be charged $180 per day indefinitely until completed and those who provided false information could be charged $1,800 - although they were careful to wrap this stick in a little cotton wool, stating that there were only about 100 fines issued in 2011.

The ABS's Census campaign, similar to past Censuses, focused on 'Census night' - where Australians could take a 'pause' to respond to the Census and inform future policy for Australia. They tried to create a party atmosphere, with the Census being an engaging family experience that could be undertaken on Census night.

In fact people were able to complete the Census up to two weeks earlier (and 2 million households did), as well as complete the Census up to six weeks afterwards without any prospect of a penalty. While some people understood this, the ABS's communications campaign focused very much on that one Census night on 9th August - which was an approach likely to concentrate demand for the online Census system into a 5pm to 10pm period on that one night.

On Census night the Prime Minister and many others commented publicly via social channels on how easy the system was to use and complete - until around 7:15pm when the first issues began being reported online, with failures to submit completed Censuses and the Census site being slow and unresponsive.

From 7:30pm the level of complaints had escalated enormously, and shortly thereafter the ABS reports it took the site offline due to a series of at least four denial of service attacks on the site, one of which exploited a vulnerability in a third party service.

The Australian Signals Directorate (the government agency that other government agencies calls in when foreign interests or organised criminals digitally attack - and manage much of Australia's cyberwarfare capability) said that the attack was malicious and foreign-based.

However the ABS's Twitter account continued to cheerily post about completing the Census, TV and radio ads continued, and the ABS didn't announce the site was down temporarily until 8:38pm - almost an hour later.

The ABS then didn't announce the service would not be restored until 10:59pm - over three hours later.

This morning we learnt officially about the attack and the ABS's response. The ABS shut down the site to protect the data they had already collected, protecting the privacy of the 2 million plus Census forms successfully submitted earlier in the night.

The ABS's chief statistician, David Kalisch, told ABS radio this morning (10 August) that, "after the fourth attack, which took place just after 7.30pm [on Tuesday AEST], the ABS took the precaution of closing down the system to ensure the integrity of the data."

As reported in the Sydney Morning Herald, Mr Kalisch He also described the events that caused the issue: the system's geo-blocking protection was not working effectively, a hardware router failed, and a monitoring system "threw up queries we needed to investigate".

We've also learnt that the Privacy Commissioner is now investigating the matter.

The Minister responsible has said that the "Census [was] not attacked or hacked" - though this is somewhat of a half-truth. A Denial of Service attack is an attack, and can be used to attempt to 'brute force' access underlying data. The ABS successfully defended the site's integrity and prevented data loss (hacking), but it was definitely an attack.

Now there is currently some doubt over whether there was a Denial of Service attack, however for the purposes of this post, I'll take the ABS's word for it.

More details will emerge over the days and weeks to come, but let's look at what went wrong and why.

What went wrong and why

The issues raised prior to Census night may have explicitly focused on privacy and security, but they were really about engagement. Simply speaking, many people in the community felt that they had not been sufficiently engaged about the ABS's decision to change how long it kept personally identifiable data or how it would be linked to other datasets.

The ABS's consultation approach - which I missed entirely - appears to have failed to engage the group who were most likely to be concerned about privacy considerations, and the agency's attitude after privacy concerns were raised was too dismissive and high-handed.

This isn't simply my view - I've seen the same basic concerns raised time and time again about a level of ABS engagement arrogance and refusal to go more deeply into a conversation than 'trust us' and 'those concerned are crackpots'.

So the first thing the ABS did wrong was have an insufficiently long or engaging process of socialising the Census changes and reassuring key voices by demonstrating a very interactive process of addressing potential issues and concerns.

This perhaps speaks to the ABS biting off too much in this Census - both going to a digital-first model and introducing changes which many people felt increased the privacy risks. If the ABS had focused on one of these changes this Census (digital-first), and had then introduced the data retention changes next Census, they would have had a much easier job of it.

The concerns around privacy escalated as people found potential security holes in the Census system - such as this plaintext issue - which the ABS essentially ignored and dismissed.

Whether or not this, and other issues, were merely perceptional or were real issues which the ABS then addressed, acknowledging the concerns and addressing them in a mature and engaging manner would have gone some way to address the concerns and satisfy those raising them. Instead all the community received was government motherhood statements amounting to 'trust us'.

In a time when trust in government is low and people are regularly bombarded with media stories about data breaches, 'trust us' has no meaningful use as a government message. Instead the ABS needed to have a highly flexibly and collaborative approach to communication - inviting privacy advocates to special sessions with Census officials who could explain the technical nuances of what was being done, and policy officials who could explain the benefits of the approach.

With this style of engagement the ABS could have transformed the privacy community into advocates for the Census, rather than opponents, and greatly limited the pre-Census jitters which has resulted in a high profile loss of faith in the ABS and in the government.

A side-effect of the ABS's failure to engage was the creation and growth of the #CensusFail hashtag on Twitter - which then became a lightening rod for the subsequent issues the Census experienced on the night of 9 August.

With the ABS focusing attention through its media campaign on 'Census night' it was inevitable that most people would attempt to complete their Census forms online in a very narrow window - between 5pm and 10pm on August 9th. This was even though it was possible to complete the Census earlier or later.

With the Census being a national event and the high profile of 'Census night' due to both the ABS's positive #MyCensus campaign and the negative #CensusFail campaign, it was highly probably that someone would see the narrow high-volume Census night window as an opportunity to embarrass the Australian Government, make a privacy point or attempt to steal a massive honeypot of data that could have been mined for decades for commercial and political gain.

I'm sure the ABS foresaw this. They'd done extensive loadtesting and everything I'm sure they could to secure the system. However they were also partially responsible for creating the window in which there would be a peak load that could be exploited.

As such, the highly probably happened. Someone (or someones), somewhere in the world attacked the Census process with a series of four brute force Denial of Service attacks (again I'm taking the ABS's word that there were active attacks).

These attacks aim to flood servers with so much traffic that they give up secure information or fall over and stop working.

We know from the Australian Signals Directorate that the attacks were launched primarily from offshore. I'm unsure if the ABS had designed its system to separate known foreign and domestic traffic, which could have helped mitigate part of these attacks - but there are ways for attackers to mask their locations, so this is not a certain way to counter them.

We know that the first three attacks caused little damage other than minor delays and hiccups, but the fourth found a vulnerability in a third-party service and the ABS pulled the Census site down.

This was absolutely the right technical approach to take, but again the ABS made a series of unforced errors in its engagement.

Firstly, in the days before the Census the ABS declared that its system was unsinkable - "It won't crash". Technically this was true - it didn't. However the impact for users was the same as a crash, the system went offline.

The Prime Minister similarly said that ABS Census privacy "was absolute". This, to anyone involved in privacy and security is simply untrue - and the ABS's actions on Census night created a perception that the Prime Minister was lying or poorly informed by the ABS.

Both the actions above created a situation where the ABS over-promised and under-delivered. Rather than making people trust the ABS and Census approach, it has created more fear and uncertainty and made the ABS look, in the words of New Matilda, "like a deer caught in the headlights".

It would have been preferable if the ABS had made it clear that they had taken the advice of security and privacy specialists and taken all the actions within in their power to protect the Census process.

Rather than declaring "It won't crash", they should have said "whatever happens we will safeguard your data to the best of our ability", and highlighted that people could complete the Census over a period of time at their leisure, rather than having to pile in on 'Census night'.

In other words, agencies should underpromise and overdeliver. The ABS, like other government departments, already had a high level of trust and faith from Australians. Making undeliverable claims, as they did, to try to signal they were trustworthy only gave them enormous downside risk and challenged malicious external hackers to try to bring them down.

Next, the ABS did not tell people immediately about their actions by saying something at 7:45pm like "We've detected attempts to access Census data and, in the interests of Australians, taken the decision to take our system offline until we're sure your data will continue to be as safe and secure as possible". Instead there was no real public communication of the ABS's decision (right though it was) until Wednesday morning.

This was a major, major, engagement failure. People were engaged and trying to complete the process the ABS had asked them to complete. Yet the ABS did not have the courtesy to tell them that they could not complete it until hours of frustration afterwards (though the ABS did tell the government).

People had trusted the ABS, given up their evenings to 'take a pause' for Australia - and the ABS then left them hanging and wasting time - unsure if they would be fined.

This did more than damage trust in the ABS and government. It destroyed respect.

To other government agencies - trust and respect must be mutual. They are built slowly over time, but can be destroyed in an instant. The ABS just did that, and the impacts will be felt, by the ABS, by the Turnbull Government and by other agencies for years to come.

The impacts will be subtle. Every major IT project will be met with scepticism. Statements by Ministers and senior public servants will be disregarded and lampooned. What has been lost will take years to recover.

Now the ABS has to pick up the pieces and move forward - so what's the best way to do this?

This is a classic crisis recovery scenario writ large. Transparency is the key. The ABS has to own the issues and be proactive about engaging media and the public on what happened and why the ABS acted as it did.

It did get off to an OK start this morning with David Kalisch's interview on ABC radio. Now the community needs a continuing stream of engagement clarifying the steps the ABS has taken and what will happen next.

The last tweet from @ABSCensus was a 9:53am. it's now 1:51pm. The ABS realistically need to be communicating at least hourly on what is going on while peoples' attention is still focused on #CensusFail.

The ABS should reframe its communications campaign (using any budget it has left) to focus on how it put public interest ahead of its own reputation, pulling the Census site offline until it was certain it could guarantee the security it promised Australians.

The ABS needs to commit to deeper and longer engagement with the community and specifically privacy advocates around any future Census changes - potentially even step back from it's position on linking data, committing to working more closely to communicate the benefits and safeguards and listening to the concerns of the public.

In short the ABS has to eat humble pie.

If the ABS takes these steps it will, over time, recover the trust and respect of the public, rebuild its reputation and regain its position as one of the most respected and trusted government institutions.

However if the government and ABS can't get their story straight (already an issue) senior egos or politics get in the way, the ABS decides to be 'selectively transparent' and only share details it thinks are important to the people it deems important - the strategy will fail.

I have enormous respect and trust in the people who work at the ABS and hope they take the steps necessary to turn this tragedy into a resurgence. The responsibility for their future success is on their shoulders, and I hope they bear it well.


PS: Who attacked the Census and Australia?

I consider that there's four potential groups who may have led the attacks that led the ABS to take the website offline. Note that it's even possible that several groups attacked around the same time - seeing the same opportunity.

These are:
  • Random opportunity hackers - people who saw an opportunity to bignote themselves by claiming the Australian Census as a 'scalp'. With the ABS touting themselves as totally secure and a five hour window with maximised traffic, it wouldn't take much for an individual or group of hackers to decide to take down the Census for LOLs and credibility.
  • Organised crime - groups who systematically hack organisations for data they sell or use for fraudulent activities. These groups would see the Census as an enormous honeypot of data they can sell and resell for years to come, containing all the vital information for identity and credit card fraud. Again these groups would easily be able to pick the best time to hack the data as the ABS flagged it in their advertising, Census night when millions of households attempted to use the service. 
  • Privacy groups - 'organisations' like Anonymous often go after organisations they see as crossing the line on privacy - as the ABS was seen to be doing by a number of people. Their goal would simply be to disrupt the process as a political awareness tool.
  • State-sponsored hackers - a number of governments (China and Russia chief amongst them) use state-sponsored hackers to attack foreign governments, companies and other organisations that oppose their perspectives, embarrass them or as a tool in geopolitical positioning. In this case the Census was a high profile event for Australia, with a new one-seat majority government in place. Disrupting the Census would cause political damage and fallout, potentially even causing the government to fall, but at minimum reducing the trust Australians have in their government and creating distrust that could be exploited later. Given than Australia has been considered by China as embarrassing China on several recent occasions - over China's East China Sea installations and at the Olympics, an attack disrupting the Census might be considered proportionate retribution to 'teach Australia its place'. China has been known to perform similar acts against Australian non-government organisations, such as film festivals showing politically sensitive films - attacking the Census would be a bold escalation, but a plausible one. These hackers may also look to access data on individuals as a secondary bonus - as a foreign government could use it for years to come for commercial and political gain.
My view on the above scenarios - random hackers are least likely. Australia isn't that significant and the Census, while a public target, isn't a 'hard' one by international standards. Military targets are more often targets for credibility.

Privacy groups would have flagged the attack. Their gain is in public exposure and ridicule and, while there's been plenty of that for the ABS, they'd want to clearly own the hack and make their point.

Organised crime is more likely, but attacking on Census night is potentially too early as not all the data is in. It would be more probable these groups would target the ABS once the data is collected, or would attempt a social attack (paying an IBM or ABS staff member) as this is likely easier and less of a public signal than a brute force attack. These groups don't want public attention, so this form of public attack is rare.

In my view the most likely scenario is that state-sponsored hackers targeted the Census to embarrass the Australian Government in return for a perceived slight. I reckon the Chinese have the most reason right now to do so, although the Russians, when annoyed at Tony Abbott's 'shirtfront' comments, did send a significant navy force to Australia's coast using a G20 meeting to signal their disapproval and defiance.

There's few other nations that publicly have an issue with Australia (and the capacity to carry out this attack) - but very remote possibilities are North Korea, or the failing IS (though IS would have taken credit right away).

Read full post...

Friday, August 05, 2016

Is it time for governments to extend digital security protections to all parliamentary candidates & parties?

Over the last few years we've seen increasing attention on the use of personal technology by politicians.

From our current Prime Minister, Malcolm Turnbull, who uses Wickr, to Hilary Clinton's use of a personal email server, and even the struggle President Barack Obama faced to use an iPhone, politicians - like the rest of us - are increasingly using a diverse range of technologies to conduct both personal and official business.

Not all of these technologies are officially approved or secured. Many are newer technologies with both known and unknown security concerns.

However politicians, like the rest of us, continue to use them either because we perceived the benefits (convenience, flexibility, speed, utility) far outweigh the risks we accept, or because the risks are not clearly understood by non-technical people.

This becomes a particular issue for politicians, political parties and individual candidates for parliament when state-sponsored agents, organised crime or unscrupulous businesses attempt to access their information.

There's many motivations for 'political hacking' - commercial advantage where particular information or decisions are obtained before the market knows, political advantage, blackmail or an improved capability to 'groom' politicians to a given perspective supportive of a particular desired goal or outlook, or opposing an undesired reform or initiative.

In fact I think it can be said that political power doesn't only originate from the muzzle of guns, but now political power also emerges from the keyboard.

Information is power, and the best source for information about an individual's views and decisions can be their private email and social accounts.

With the revelations of Russian state-sponsored hackers penetrating the Democratic National Convention and Clinton's Presidential campaign data stores, it's clear that state-sponsored and other organised hackers are increasingly seeing unelected potential parliamentarians as targets.

This is a logical development. It's in the interest of foreign nations to understand the views and decision-making approaches of powerful national leaders. Combine this with the likelihood that the security deployed by a political party is far easier to penetrate than the security deployed by a national government, and the fallout if caught is far less and it becomes a no-brainer for nations and large commercial interests to conduct hacking before an election locks away leaders behind tighter firewalls.

So, now we know that there's a reasonable to high risk that electoral candidates and parties will be hacked - particularly if they have a good chance at election - there's a question for governments to consider.

Should governments extend their security expertise and protections to all electoral candidates, placing them behind state-supported firewalls and security provisions, as soon as candidates nominate for electoral roles? And should this protection be extended to all political parties as well?

Given that even medium-sized governments, such as Australia's, secure hundreds of thousands of devices and people through their security regime, extending this to a few hundred more would be a technically manageable exercise.

The approach would help protect more of Australia's governance institutions from foreign and commercial influence, though likely would only be a partial measure as traditional intelligence gathering and governance influencing methods (background research, infiltrators, electoral donations and hosted trips and tours) would still be available to interest groups and countries.

Individual politicians and candidates would still have personal digital accounts vulnerable to hacking, with which they may engage with the public, the media, each other, business partners, friends, family and, occasionally and hopefully discreetly, with potential sexual partners.

So perhaps the step would provide partial protection - avoiding situations like the one the US Democrats have found themselves in, where the long-term ramifications are as yet unclear.

However even government systems are not totally impervious to cyberattacks, and the limitations of working within a government firewalled system might be too invasive or restrictive for some in the political world.

Also in a world where no security is perfect, partial protection can provide an illusion of security where none should be assumed, with the potential that protecting candidate correspondence could lead to more significant information theft or leaks from either hacking or internal disgruntled staff - or the misuse of candidate data by a future unscrupulous government to influence an electoral result.

On balance I think we're going to have to take our changes over whether political parties and individual candidates are hacked by foreign or corporate interests.

No security solution will ever be perfect and so Australia, and other nations, need to focus less on hiding potentially damaging information and focus more on developing transparent and fair agendas, with individual candidates and politicians being as honest and forthright as they claim their opponents should be.

Read full post...

Wednesday, August 03, 2016

The consequences of dropping the ball in digital engagement - The ABS and Australian Census 2016

Next week Australia will be holding its 17th national census (since 1911), led by the Australian Bureau of Statistics, which is itself celebrating its 110th anniversary as an agency (albeit with a name change midway).

This is an auspicious occasion for another reason. While it has been possible to complete the census online in both 2011 and 2006, when the ABS first trialled an online completion system - 2016 will mark the first occasion when the ABS expects a majority of households to complete their census surveys online.

In fact, Duncan Young, head of the 2016 Census process, is on record stating that the ABS expect 65% - two-thirds - of households to complete the Australian Census online, rather than in paper form.

This is a fantastic achievement and speaks highly to the ABS's commitment to quality data collection and maintaining a forward-facing approach to trialling and adopting new technologies.

This commitment has also been typified by the ABS BetaWorks Blog (sadly now defunct), ABS CodePlay (sadly not repeated) and the work the ABS has done to expose data in open and machine-readable formats, including ABS.Stat and APIs such as for the Population Clock.

Data collected by the ABS, particularly via the Australian Census, underpins an enormous amount of evidence-based decisions made by all levels of Australian government, as well as by companies who access the information to guide their commercial decisions.

The census is also an enormous undertaking. To quote Wikipedia quoting the 2011 Census site, "the 2011 Census was the largest logistical peacetime operation ever undertaken in Australia, employing over 43,000 field staff to ensure approximately 14.2 million forms were delivered to 9.8 million households." The cost was $440 million.

That makes the census a prime target for budget cuts - with the idea of reducing the frequency of the Australian Census to every ten years, or reducing its complexity, thrown around last year before being dropped.

The impact of not having regularly collected census data, collected in a compulsory manner from all households, can be hard for Australians to imagine.

However in countries like Lebanon, which hasn't had a census since 1932, the lack of accurate data leads to opinion-based government decision-making, which is generally viewed as a poor alternative to fact-based policy decisions.

The need for compulsory collection of census data was highlighted by the decision by the former Canadian government to make their long-form census voluntary in 2011, resulting in a massive drop in participation and corresponding degradation of data quality.

Called "a disaster for policy makers", unfortunately it suited the Canadian government of the day to not have accurate data in order to provide them greater room for making ideological decisions, rather than decisions that were based on facts. The net result was a drop in participation from 95% to 68%, a more expensive Census process (due to increased mailout of forms to prompt engagement), the resignation of several of the most experienced and competent senior officers in Canada's statistical agency, ongoing issues for national, provincial and local Canadian governments in identifying disadvantage, population numbers, statistical population changes and reduced capability for companies to make appropriate commercial decisions without investing in further expensive research.

The current Canadian government reinstated the compulsory long-form census, which completed collection in May this year.

So regular compulsory censuses are a BIG DEAL for a nation, and Australia has a very strong statistical foundation to build on.

The ABS has also demonstrated leadership in how it has marketed and communicated past Australian Censuses. In particular in 2011 the ABS demonstrated global leadership in the use of digital channels and tools to promote the importance of the Census and lift participation.

Through quirky best practice engagement on Twitter and Facebook, which made the Australian Census front-page news for all the right reasons, the development of an interactive online service allowing people to 'place' themselves within Australia, and a mobile game which allowed people (particularly kids) to see how census data was used in civic decision-making, the ABS knocked it out of the park in terms of its communication strategy and implementation.

That's a fantastic base for the ABS to build from. I think a number of people were expecting the same, or better, engagement from the ABS in 2016.

Alas, it was not to be. In 2016 little of the previous engagement brilliance is evident from the ABS.

While the ABS has repeated a level of their communication via Twitter, it's basically a shadowy repeat of their 2011 strategy - as though new management said "repeat the good stuff from five years ago, but don't update anything or take any risks".

The ABS is also remaining stalwart and largely silent in the face of several decisions which have left census collection exposed.

Their online service has been exposed as using an older and less secure security standard in order to support older browsers, rather than taking an approach which warns people and encourages them to upgrade to a more secure technology.

For non-technical people, an analogy would be the police waving past someone without headlights on a dark night onto a crowded and unlit highway in order to not slow down the traffic flow.

On another front, the ABS is confronting a surge of privacy concerns around its decision to keep names and other personal details connected to census data for at least four years. Taken without consultation with the public, this decision has raised alarm bells with privacy advocates and organisations such as Electronic Frontiers Australia, as well as with former senior officials of the ABS.

While the ABS has been fighting back to some degree, they've not really addressed the concerns in an effective way.

#Censusfail is continuing to grow as a hashtag, with a number of people considering ways to circumvent responding to the census, avoiding providing personal information or considering providing false information.

Should enough people take one of these steps it would reduce the value of the census to Australia.

I must admit that I've also become concerned about the ABS's approach, and unconvinced by the ABS's engagement on this front to-date.

I totally support and value the ABS as an organisation, and all the people that work there - however they are burning much of the goodwill they established in 2011 and potentially devaluing the census, and hurting all Australian governments through their lack of effective engagement on the issues above.

The worst thing for me is that the ABS has been a shining light in Australian government. The organisation has consistently been a leader in open data and the use of digital and social media to engage with the public.

This is important not simply for the egos of the leadership at the ABS, but is essential for good governance and effective commercial decision-making in Australia. The ABS's success serves all of us - and its failure would hurt us all.

I hope the ABS recovers from this and Australia continues to be well-served by the statistics the organisation collects.

However it would have been far better for the ABS, and all Australia, if the ABS hadn't put itself in this position of needing to recover at all.

Read full post...

Friday, July 01, 2016

The awesome finalists in the Public Sector Innovation Awards

It's tough to be innovative in many organisations - there's systems that try to regulate and direct change, managing its pace and impact, there's personalities and politics at play competing over limited resources and there's the inherent tendency for most to build cultures focused on stability and continuity over change, uncertainty and risk taking.

It's even tougher in environments with the level of governance, public scrutiny and bureaucratic overheads that is seen across much of the public sector.

However the Australian Public Service has been taking steps for a number of years to shake off the shackles and support and foster innovative behaviour, with some very clear successes along the way.

One such success has been Innovation Month - designed several years ago by a bunch of mid-level bureaucrats with senior support and approval) who were passionate about sharing the innovation in their workplaces, and connecting the many innovators and intrapreneurs, and those aspiring to innovate, across the public service.

Fostered and supported by the Public Sector Innovation Network (PSIN), and the Secretaries Board, the month has gone from strength to strength each year.

Another emerging success is this year's inaugural Public Service Innovation Awards, also supported by the Secretaries Board and PSIN and managed by IPAA ACT as an addition to their annual public sector awards.

I've had a very small role as an assessor for the Awards, and was proud to see the level of innovation on display by a number of the applicants.

Most of the entries featured innovations that have had little or no public exposure - the media just isn't interested in public sector successes (or learning experiences that don't result in a big 'bang') and agencies remain poor at promoting their achievements (where the credit is often appropriated by politicians who just happen to be in the right Ministry at the time).

These are all real achievements by real public servants - and they deserve to be recognised, lauded and pestered with questions (on how others can achieve similar great outcomes), for the work they have done.

The finalists have now been selected and have pitched to the judges (armed with training from some of Australia's top pitch professionals) - with the winners to be selected in a few weeks.

I've included the list of the finalists below, and images of the teams are over at the IPAA ACT website.

Keep an eye out for the winners later this month.

Finalists in the Public Sector Innovation Awards

  1. Australian Charities and Not-for-profits Commission - Charity Portal
  2. Department of Defence - REDWING Project
  3. Department of Foreign Affairs and Trade - The establishment and operation of the innovationXchange
  4. Geoscience Australia - Mineral Potential Mapper
  5. Department of Finance - govCMS
  6. Tourism Australia - The World's Biggest Social Media Team
  7. Australian Taxation Office - Small Business Fix-It Squads
  8. Department of Defence - PyroFilm
  9. IP Australia - Patent Analytics Hub
  10. Australian Financial Security Authority - Quick Motor Vehicle Search
  11. Department of the Prime Minister and Cabinet - Changing Recruitment in PM&C
  12. Australian Taxation Office - Cloud software authentication and authorisation


Read full post...

Monday, May 16, 2016

Digital skills now essential across most government communications roles

Back in 2009 I predicted that government communications professionals only had about 10 years to gain social media skills or become unemployable.

At the time I received quite a bit of scoffing and pushback from senior communications professionals in government. They believed that digital wouldn't grow very fast and would remain a minor component in agency communications. I was told that I was "overblowing the value of social to government" and that their non-digital skills would remain valued for decades into the future.

I reiterated my prediction in 2014 - giving government communications professionals only five more years and broadening the prediction to digital communications skills.

This time the pushback was a lot less, though I still received comments from a few communications specialists. They told me that digital would remain a specialist area and that there would continue to be places across government for professional communicators who neither touched nor understood digital channels.

Recently I've been speaking with several recruiters in the government communications space and they're telling me my prediction was wrong - the change has happened faster than I had predicted.

They've told me that senior communications roles that don't require an understanding of digital or how to integrate digital with traditional communications channels in strategic ways, are now rare.

While digital specialists are still often grouped together in a specific 'Online' or 'Digital' team as a vertical area in communications, an understanding of digital is essential across all government communications officers - whether senior or junior.

As such I'm now calling it on this prediction - I was right about digital becoming an essential skill for communicators, but wrong about the timeframe, being too conservative in how long it would take agencies to embed digital at the heart of their communications. Rather than ten years, it took seven.

This clears the field for me to make a few new predictions.

For example, how long until other government professionals need to have strong digital skills to remain employable. For example I give HR officers two years, policy officers five years at most.

I also expect to see the slow death of dedicated Digital or Online Communications teams. These teams were originally created because digital was 'foreign' to most communicators. These teams required specialist skills and knowledge and, when originally created, worked at a different tempo to traditional communications teams.

However as digital skills become both universally held and required, Digital communication teams become unwanted bottlenecks, as they are split serving every other Comms team in an agency.

Also these teams remain unusual in that they are organised around a channel (online or digital) rather than around a functional goal - such as Corporate, Campaign or Internal communications. We saw the death of 'Television' and 'Radio' teams decades ago (yes they really existed). Even 'Print Publications' teams have disappeared in many agencies.

Therefore I expect to see the number of Digital communication teams slowly fall over the next ten years. They will be reabsorbed back into functional communications teams who now all possess the skills and knowledge that formerly was the domain of a few. Some specialist 'digital' roles will remain, but these will be connected to function, not channel - such as Engagement, Production, Analytics and Design.

So what does this mean if you are a digital communications specialist in government?

In my view you will have two choices.

Either become a hyperspecialist in a particular area of digital, such as analytics, engagement or crisis management, where specialist skills and experience will continue to be valued. You may end up becoming a freelancer, consultant or contractor, providing your expertise on-demand to agencies and other organisations where needed, or retain a role at a larger agency with limited opportunities for growth without stepping beyond your specialisation.

Or broaden your skills to become a strategic communications generalist, who can work across all communications mediums with a high degree of expertise and skill. These are the people who will be promoted in agencies and attract the best contracting and consulting rates, but there will be fierce competition as communications professionals from backgrounds other than digital compete for the same roles.

Time will tell if my new predictions are accurate, or if these changes occur faster or slower than I expect. What you can be sure of is that the communications landscape will continue to change.

Building skill in new mediums and platforms will not be wasted effort. Whereas standing still in the face of rapid change is always a risky proposition.

Read full post...

Friday, April 15, 2016

Senior public servants need counselling, not coddling if they fear to provide frank and fearless advice under the public's gaze

This week several of Australia’s highest ranking public servants, including the Secretary of Prime Minister and Cabinet and the head of the Australian Public Service Commission, publicly endorsed the position that Australia’s current Freedom of Information laws were restricting public servants from providing frank and fearless advice to government.

To put this in context, the initial comments from theSecretary of the Department of Prime Minister and Cabinet were made on the same day that the Department was hosting civic sector leaders to cocreate the development of actions for improving Australian government transparency.

As an attendee working on the Prime Minister’s Open Government Partnership commitment (read about the OGP day here), it was unsettling and disturbing to hear the Secretary effectively undermine the work of his own excellent team, as well as the Prime Minister’s personal initiative.

The argument from the Secretaries was that public servants are being cowed by public and media scrutiny of advice they provide, and therefore either delivered their advice on potential decisions to government via routes that could not be easily FOIed (such as verbally), or were failing to be as frank and fearless as they should be.

When I worked in the public service and various Freedom of Information Law changes were underway, I did hear other public servants talk about writing less down, to protect themselves, their agency and the government (generally in that order) from the eyes of the public.

Operationally the Secretaries may have a point, some current public servants may fear public disclosure of the advice and input they provide, whether due to fears of embarrassment should the advice be incomplete or poorly considered, or due to the wide, and sometimes extreme, scenarios explored when governments are considering decisions across a broad range of controversial topics.

However this is a poor argument - any fears of embarrassment, exposure or publicity that public servants have are a failure of public sector culture, not a failure of effective governance. There's no evidence that openness has restricted the ability of public servants to give frank and fearless advice - it's only a culture of fear and secrecy that appears to prompt self-censoring behaviours.

Equally claiming that requests from media for information under FOI are a nuisance makes me seriously question the commitment to good governance of any senior public servant making this claim.

In my view any senior public servant espousing that public servants need to be coddled and protected from scrutiny in order to provide the frank and fearless advice expected in their roles needs to be counselled, rather than supported in their cultural groupthink.

The public service works for Australia, serving citizens by way of parliament and has a contractual and moral obligation to provide the best advice it can to the government of the day.

There is no caveat in this obligation for ‘the best advice that doesn’t make a public servant feel embarrassed or uncomfortable’, nor is there a caveat for ‘being inconvenienced’.

Frank and fearless advice can, and should, be given in an open environment. 

The public service should, by default, make its advice public in order to both allow the public to understand the thinking behind why certain decisions are made, or not made, and to provide the scrutiny required to ensure that the public service’s advice to parliament is comprehensive and complete.

It is possible to place systems in place to reduce the FOI burden, something that departments appear to have repeatedly preferred not to do, in favour of making it as hard as possible to identify and request information in order to discourage citizens from daring to question their public sector ‘betters’. Taking an open by default approach, and redesigning systems appropriately, would likely significantly reduce the cost and time currently spent on keeping information unnecessarily hidden.

We live in a time when it is no longer possible for an organisation to hold all the wisdom needed in decision-making. Between limits to the expertise available within an organisation, the lack of time available to busy staff to research emerging innovation ideas, staff at any large organisation will find it hard to provide a comprehensive view of a situation or the available options without external assistance.

With less scrutiny of public sector advice there’s an even lower chance than now (with current restrictions on scrutiny) that the public service will be able to effectively advise government comprehensively, leading inevitably to worse policy outcome.

This is particularly the case when innovative solutions or on-the-ground insights are required.

Nor should frank and fearless advice be career limiting when made public, or for that matter when delivered privately. Shooting the messenger is a human trait and with limited public scrutiny it can be easier for politicians or senior public servants to punish public servants who, in being frank and fearless, step beyond what is considered within an agency or portfolio as ‘acceptable options’.

Concealing decision-making processes in the shadows can easily lead to good and well-evidenced options being buried by ideologues or those who feel these options may not support their public sector empire building.

Of course more openly providing frank and fearless advice can – and will – lead to greater public and media scrutiny. There will be more brickbats than bouquets and the public service will need resilient as it shifts its culture from a fear of embarrassment to embracing public debates that enrich government decision processes.

Given the comments by Secretaries and the leadership of the APSC, such a shift to a bias to open will require a reversal of their attitudes and the culture prevalent at that level.

This culture, a remnant of these individuals’ journeys through the public service over the last twenty to forty years, may have served Australia in the past, but has now become detrimental to an effective future for the Australian Public Service and for Australia as a nation.

It will do Australia no good to have the current crop of Secretaries appoint and promote public servants sharing their views. This will only perpetuate the cultural belief that frank and fearless advice can only be provided in the dark, hidden from the citizens on whose behalf it is being made.


So it appears that for Australia to make a clean break from the ‘protect and coddle public servants’ perspective, to embrace whole-of-society governance, where decisions are made in sunlight, significant guidance and culture change counselling is required for the leadership of Australia's public service.

Read full post...

Bookmark and Share