Showing posts with label law. Show all posts
Showing posts with label law. Show all posts

Wednesday, March 12, 2014

Are you prepared for Australia's new privacy law?

Today Australia's new Privacy law comes into force, affecting Australian Government agencies, businesses with a turnover of more than $3 million or trading in personal information and all private health service providers.

As the first major change in Australian privacy law in 25 years, there's been numerous changes and updates to reflect the major changes in society over this period.

Since the last Privacy Act was introduced in the late 1980s we've seen the digitalisation of most records, the introduction of the world wide web, the rise of Web 2.0, the spread of mobile devices and the greatest increase in public expression by Australians in history.

The notion of privacy has also changed. I've always considered privacy as a transaction rather than an absolute - people trade aspects of their privacy in return for services, benefits or convenience. This has become far more widespread as an approach as organisations increasingly use personal information to shape peoples' experience of products and services, particularly online.

Generationally we've seen very different views of privacy take hold. Younger people are far more willing to share information that their elders consider 'private' and have new concerns around information that their elders share without a thought.

The new Privacy law (Privacy Amendment (Enhancing Privacy Protection) Act 2012) contains a number of stronger provisions on organisations to protect and communicate how they protect the privacy of individuals, as well as more ability for individuals to ask organisations what they know about them.

It also does a great deal to revalue personal privacy. Whereas Telstra was recently fined about $10,000 for accidentally releasing private information on about 12,000 people - valuing their privacy at 0.83c each, under the new law the penalties may be much higher - up to around $1.7 million.

If you're unfamiliar with the new privacy law, you're probably in the majority.

There's been little promotion of the change and limited information available for the public or organisations to test their current privacy approach.

There is a media release on the Office of the Australian Information Commissioner's (OAIC) site and the OAIC has done what it can - without a significant budget - to get the word out to those affected by the changes.

Unfortunately the changes haven't been promoted by any Ministers or the Prime Minister - the law was changed under the last government and the ownership may not be there.

However regardless of the promotion or not of the new law, it is now in effect. Every Australian has new rights and many organisations have new obligations they must meet in collecting, holding, sharing and protecting the private information of Australians.

To learn more about the new Australian Privacy law, visit the OAIC's guidance on the reforms at the following pages:

Read full post...

Friday, September 14, 2012

Can foreign digital gatekeepers unduly influence democracy?

One of the perils of the digital age, as traditional media goes digital or goes downhill and more and more people rely on the internet for their daily news, is that countries such as Australia are losing 'editorial' control over what news is promoted as the 'top stories' each day or what links appear at the top of search results.

Most of Australia's most trafficked websites are not Australian-owned and run. Some do not even have a legal entity or physical presence in the country, making it extremely difficult for Australian interests to get any kind of traction in decision-making processes or ensure that Australian values and perspectives are reflected.

Even more worrying, we've already begun to see digital 'gatekeepers' - the largest and most influential websites - begin to impose conditions which may distort elections or inappropriately influence democratic processes.

Let me give you an example. You're probably aware that Google is the most trafficked website in Australia, followed by Facebook. In fact for the week of 8 September 2012, Experian Hitwise reported that Google Australia received 149.5 million visits from Australians, and Facebook received 96.8 million visits. These were followed by Youtube at 47 million, Windows Live Mail at 23 million and Google.com which received 21.7 million Australian visits.

The top locally operated website, NineMSN received only 20 million visits. Yahoo7 received only 11 million visits from Australians.

In fact, if you add Google's top 10 sites (218.2 million visits) and Facebook, the total visits these two organisations receive from Australians, each week, is about 315 million. That's ten times the combined weekly traffic of NineMSN and Yahoo7 at 31 million.

With that level of traffic, being refused the right to advertise in Google or Facebook could have serious repercussions for a brand. In some cases it could destroy companies.

So what could it do to democracy?

What would happen if Google and/or Facebook decided, for whatever reason, to reject all the advertising from a particular political party in Australia, banning ads for that party in their sites during an election?


Well, actually, we don't need to speculate about this scenario. It's already happened.

Some of you might be aware that during the last Commonwealth election that Google refused to run any advertising for one of Australia's legal political parties - the Sex Party.

Following this, Google again refused to run any Sex Party ads during the recent Victorian byelection.

Facebook joined in by rejecting Sex Party ads during the recent Sydney City Council election.

Now whether you support or oppose the Sex Party's views, they are a legitimate Australian political party and field legitimate candidates in elections. However both Facebook and Google decided, citing different reasons, that they would not accept any advertising from the Sex Party during election campaigns.

Facebook said its reason was that the Sex Party was "promoting adult products or services".

Google claimed that the Sex Party was being deceptive by having a "donate" button on its site which "breached its rules which prevent solicitation of donations by a website that did not display tax exempt status.". 

When it was pointed out that the Greens, Family First and Labor all did the same thing, Google stuck to their guns. Even when the Sex Party adjusted their site's content to include the tax exempt status, Google continued to refuse to run ads - contrary to their own policies. Only when the Sex Party went to the media did Google relent, on the eve of the election when the opportunity to influence votes had been lost.

In this case the party was a minor one and potentially the events didn't change the outcome, although the Sex Party has taken Google to court over the matter alleging unlawful interference in the election.

This example highlight a risk democracy is facing. 

When 'media' providers control such a large chunk of the online market, when these are domiciled overseas in state that wish to influence Australian politics, and when they can thumb their noses at local concerns without significant legal or financial cost, democracy has a problem.

It doesn't have to be a full-out blocking of ads or comments - as happened in the example above. Instead it could be more subtle techniques. 

Such as placing ads lower down on the page than their competing parties, thereby reducing the probability of a click, it could involve adjusting search results to keep certain ideas at the top, or the bottom. It could even involve 'reporting errors' which would convince people that they'd received the impressions they'd paid for when they hadn't.

There's many other subtle ways to influence behaviour online, and you can be assured that companies like Google and Facebook have built a strong understanding of how to do this. It is their bread and butter and they are testing, trialling and learning more all the time.

So can digital gatekeepers unduly influence the outcomes of democracy processes? 

I think yes. And, intentionally or not, the big players have already demonstrated that they are capable of taking this step. 

But maybe not quite yet, while nations still have robust national media and competing theatres for ideas.

In the future we are likely to see the balance of power unfold in new ways, and learn through practice whether democracy will survive technology intact, enhanced or destroyed.

However it is already clear that democracy will not survive unchanged.

Read full post...

Thursday, August 09, 2012

What the Facebook ruling from the Advertising Standards Board (that comments are ads) means for agencies

There's been a lot of commentary this week in the media around the decision by the Australian Advertising Board (ASB) to rule that the comments of fans published on an brand's Facebook page are actually advertisements and must comply with industry self-regulation and consumer protection laws.

In face the ruling states that Facebook, and other social media tools, are advertising platforms - which may come as a surprise to long-term users of these services.

The ASB ruling is available as a PDF here. It involved Smirnoff Vodka and stated that content (comments and photos specifically) appearing on the company’s brand Facebook page constituted advertising, regardless of whether the company or members of the public posted it.

That's right - the ASB ruling states that all user comments in social media may be advertising.

The basis for this ruling was a recent legal decision:
The view that brands are responsible for consumer created content on their social media  pages has been supported by a recent decision of an Australian Federal Court (Australian  Competition and Consumer Commission v Allergy Pathway Pty Ltd (No 2) [2011] FCA 74)1  that a health company was responsible for Facebook and Twitter comments by fans on its  account in defiance of a court order that the company not make misleading claims about its  allergy treatments  The Federal Court concluded that Allergy Pathway was responsible for third-party comments where it knew of them and made a  decision not to remove them from its Facebook page 
Therefore as Smirnoff had the technical capability to moderate user comments on its Facebook page, it had an obligation to do so. If it did not moderate user comments which made untrue claims about the company or its brands (as well as sexist, racist or otherwise unlawful statements) it was guilty of false advertising.

The apparent consequence of the ruling, for organisations who participate in the ASB's self-regulation scheme, is that they are now required to moderate all comments by individuals on their brand and corporate Facebook pages, other social networks, blogs, wikis, forums and social media channels in which they have the technical ability to do so.

This requirement may even potentially extend to platforms outside their direct control but where they can identify and request untrue (or otherwise uncompliant) comments about their company or brand to be removed - such as on Facebook pages or forums moderated by people outside the organisation (such as members of the public).

Some facts

The Australian Advertising Board is the directing group over the Advertising Standards Bureau body appointed to oversee the self-regulation of advertising in Australia by the members of the Australian Association of National Advertisers (AANA).

It is a body independent of government and independent of advertisers. It is not underpinned by any government legislation or policy and it is a voluntary organisation which participating associations, corporations, advertising agencies and other bodies agree to abide by.

Decisions by the Board are neither legally binding nor, necessarily, reflective of government policy.

Where a participating advertiser does not abide by an ASB ruling (which is apparently very rare), the ASB can "liaise with industry and media bodies such as FreeTV, and the Outdoor Media Association which will either negotiate with the advertiser directly for the removal of the advertisement or in specific cases, take action to remove the advertisement."

The ASB may also refer advertisers to an appropriate government body and recommend a course of action.

However the ASB and its secretariat - the Advertising Standards Bureau - has no direct enforcement power, nor any ability to force other parties (such as industry bodies or government agencies) to take action.

Putting the ruling in perspective

This ruling needs to be considered seriously by ASB participants - corporations and advertising agencies in particular.

They need to have a long hard look at whether they can afford to maintain social media channels with the risk that anyone in the community who comments in a channels they can technically control - including, potentially, their competitors - can cause them a world of pain by posting untrue things about them.

I'm not sure if governments participate directly in the self-regulation scheme, however it would be bad form for agencies to ignore direct rulings against their advertising by the ASB.

Is it 'right'?

This is my opinion, but the ASB's position doesn't stand up to scrutiny in a technical, practical or fair sense.

It is based on 20th Century thinking whereby organisations control the channels, and therefore the conversations, with audiences.

In reality this control has slipped almost totally out of the hands of organisations due to the internet and particularly due to social media. Organisations can (and should) control their direct statements, however they can't control the statements of other entities and individuals, beyond having some influence and oversight based on Australia's legal framework around defamation, slander and copyright.

Redefining individual comments as 'advertising' is highly problematic and is a disservice to the already weak freedom of speech provisions in Australia.

If I say on my blog that the Honda Jazz is the best car ever made, it is reasonable to assume that this is my opinion, not an advertisement. If I made the same statement on Honda's company Facebook page this remains my opinion - I am simply directing it at the people who made the car, in tribute to them.

Of course there is an exception if Honda has given me money, privileges, or a Honda Jazz - in which case my comments are advertising and need to be treated as such. (Note that Honda has not given me anything and I've never driven a Honda Jazz, nor wanted to)

Of course this is just about a car - a product. How about if I say on a government Facebook page that, for example, "I think the Fair Work Act is the best workplace relations bill in the world". Would this have to be moderated and removed as, despite it being a potentially heartfelt personal opinion, it is considered advertising (aka - has no facts to back it up)?

Isn't 'opinion' by definition a personal view which may, or may not, be supported by facts?

Apparently not. It's advertising. Hmmm...


Let's take practicality. On a Facebook page with 15,000 fans, 1% being active any week, that's 150 posts to moderate. Assuming it takes 3 minutes on average to assess each, it will take 450 minutes, or 7.5 hours, solid work to moderate all content.

That's possible with a single part-time, trained, moderation officer.

Now let's consider the Tourism Australia Facebook page. It has 3,375,675 fans. If 1% are active in any week, that's over 37,500 posts to moderate. Based on 3 minutes per post, it takes 112,500 minutes, 1,875 hours, or 250 person-days (based on a 7.5 hr work day) to moderate. Each week.

On that basis, Tourism Australia would require at least 50 people (plus extras to cover for leave) to moderate the page to get rid of user 'advertisement' comments which are not evidentially statements of fact, such as these real comments on the page right now:
  • "A very blessed country. It has almost all the best things in life. I love Australia"
  • "Australia the land of grace and tranquility"
  • "Best country in the world"
  • "better hurry to this Whitsunday resort before it too is closed like so many of the others"

What have others said?

Generally industry bodies have come out cautiously and indicated that companies need to digest the ruling and consider its implications.

Those experienced in social media have been less cautious and mostly said the idea won't work (though a minority have said it just reinforces what brands already had to do).

Here's a few articles on the topic as a reference:

Read full post...

Friday, May 04, 2012

Is it theft if you personalise & retain an official social media account when you leave an organisation?

One of the legal and ethical dilemmas organisations are beginning to struggle with is the ownership of social media accounts.

When a staff member creates and uses a social media account solely or mainly for official organisational purposes they can build a large following over months or years based entirely on their paid work activities.

However are they entitled to take that account, and the accumulated goodwill it holds, with them when they leave?


This might seem like a trivial question, however the followers and reputation built by a social media account may be no different to the brand name value that organisations such as Google and Coca-Cola count on their balance sheets.

Almost every organisation that deals with the public values its name and reputation with the public as an asset alongside the physical property of the business.

Whether you think of Starbucks, Microsoft, Ford or Joe's Mowing Service, the name and reputation of the business, as well as its contact list (like followers or Likes), has an asset value.

I believe this is also true for digital accounts, and there are cases going to court at the moment around the world where individuals who took an official social media account with them are being sued for the asset value by their employers.

One such case last year, as reported in Sean Clark's blog, involved a company called Phonedog, where a former employee, Noah Kravitz, tried to take a Twitter account with him by changing the name of the account from @Phonedog_Noah to @NoahKravitz.

The account had 17,000 followers and Phonedog took him to court for the value of $2.50 per follower per month ($42,500/mth), calling the followers a customer list, with the value attributed to the cost associated with growing and maintaining the list.

You can read more about this at What's a Twitter follower really worth.


So let's consider this in an Australian context. There are several senior public servants who use Twitter for official purposes - using their actual name in the account.

In particular Hank Jongen (@HankJongen) from the Department of Human Services and Sandi Logan (@Sandihlogan) from the Department of Immigration, whose accounts were primarily established and are operated as official communications channels for their agencies.

Besides these is another senior public servant, John Sheridan from AGIMO in the Department of Finance, whose Twitter account (@sherro58) is used for official purposes, but also for personal use - it was not primarily established or is operated mainly as an official communications channel.

My view would be that both Hank and Sandi's accounts are organisational assets, whereas John's account is his personal asset that he lends to the agency - similar to how, when I worked in government, I occasionally retweeted official agency tweets to bring them to the attention of a wider audience (my larger follower base), but my account was never an official agency channel.

Based on the model used by PhoneDog ($2.50 per follower per month), the value of Hank and Sandi's accounts are as follows:

Account Followers Value/month Value/year
@HankJongen 807 $2,017 $24,210
@SandiHLogan 3,912 $9,780 $117,360

Now the values are based on the number of followers remaining static, which is unlikely, and the actual value of a follower may vary based on the customer relationship. However there is a real value for these relationships, which is a real asset for their organisations - particularly when trying to communicate or defend complex positions.

In all the cases I've illustrated above the public servants behave very ethically, and I would not expect this to change, so I don't see them as risks to their organisations of leaving and taking their followers with them.

However this will not always be the case for all social media accounts.


In fact there is a recent example I can think of where I think the ethics are much grayer and which may even require an investigation.

This is in relation to the former QLD Labor Premier, Anna Bligh.

Anna was an enthusiastic adopter of social media for engaging citizens - and I applaud her for this - however I don't know if there has been much consideration of the asset value of the account she used to Tweet as the QLD Premier, or whether she had the right to rename this as '@AnnaMBligh' and take it with her when she resigned from politics.

Let's run through the history....

Anna became premier in 2007 and continued to use the Twitter account she'd been using up to that point, renaming it ''.

My view is that the language and manner of the launch of this account makes it clear that it was to be the property of the Government of Queensland. An official Twitter account to be used by Anna and all Queensland Premiers following her. It was not to be the personal account of Anna Bligh (who already had one) or the property of the QLD Labor party.

However, following the recent Queensland election, where the Labor party lost government and Anna, while retaining her seat decided to resign from the QLD parliament, Anna did not hand this account over to the incoming Premier, Campbell Newman.

Instead she renamed the account to @AnnaMBligh and has continued to use it as her personal account since the election.

Meanwhile her former personal account (currently named @Premier_Bligh) has remained inactive since May 2009.

The incoming Premier has repeated the initial and, in my view, quite legitimate steps taken by Anna Bligh. His personal account @Campbell_Newman is now inactive, and he created a new Twitter account on March 26, naming it the same as former official QLD Premier account @theqldpremier.

So it all balances out - or does it?

The Twitter account that Anna Bligh designated the "official Queensland Premier's twitter account", that she now operates as a personal Twitter account, currently has 30,773 followers.

The new official Twitter account that Campbell Newman has designated for the Premier has only 4,496 followers.

That's a difference of 26,277 followers that Anna accumulated over three years while tweeting officially on behalf of the government.

Let's go back to the Phonedog case... If we consider these Twitter followers as a 'customer list' (for the purposes of official government engagement), we can attribute a lost value to the QLD Government - and thereby QLD citizens - associated with the costs of growing and maintaining the list.

Let's use that $2.50 value per month again - noting that a court would have to test whether this is the right value for each follower of any particular official Twitter account.

On this basis the difference of 26,277 followers is worth  $65,692 per month to the QLD Government.

Ergo, the cost to Queensland of Anna Bligh taking the official Premier's Twitter account home with her for personal use, and denying its use to the Government of Queensland, is currently running at a rate of $65,692 per month.

The maximum potential cost to Queensland to-date, assuming the official QLD Premier account has had the same level of followers since start of May 2009 to end of April 2012 (36 months), would be $2,364,930.

I estimate a more reasonable cost would be in the $1-$1.5 million range - based on $2.50 per follower per month.

So is this actually theft?

Should it be considered similar to a Minister taking home their office furniture for personal use after they lost office?

That's for governments and courts to decide for certain.

However it is undeniable that the 'official Queensland Premier's twitter account', its followers and their relationship with the Government have been removed from Government control and now reside in the hands of a private citizen, to do with as they will.

Other organisations, both public and private sector organisations really do need to think about this example in their own context:
  • Are your official social media accounts assets?
  • What asset/brand value should you place on them?
  • What should you do if a staff member leaves and takes one, or more, accounts with them?
  • What guidance or policies do you need in place to prevent and manage this?

Read full post...

Thursday, March 22, 2012

Who is watching the watchers? Civilian surveillance of government

With the widespread availability of phones in cameras and tablet devices - in fact it is hard to buy one today that doesn't include a camera - it is inevitable that people will take them out and take a snap of their most - or least favourite - public figures.

These photos and video get shared, usually online, and generally contain metadata detailing when and where they were taken.

So what is the outcome when citizens, concerned at the actions of politicians or public servant officials, begin photoing and filming their movements for accountability purposes?

David Eade (from Qld's Gov 2.0 community) has written a fabulous blog post on this topic in Govloop, Citizen Surveillance and the Coming Challenge for Public Institutions.

In this post David specifically highlights citizen surveillance of law enforcement officials and agencies - something of intense interest to anyone following cases such as the recent death of a Brazilian student after being tasered by Sydney police (by the way, for more on the rise of non-lethal law enforcement devices, watch this great TEDx Canberra video from Stephen Coleman).


What if a group of citizens, frustrated at the conduct or decisions by a government official (that is any public official - elected or appointed), took it upon themselves to organise round-the-clock surveillance of that person's movements and activities, using a group of people armed with phone-based cameras, filming only from public property (as is legal)?


What if they uploaded all these images, with commentary, to social networking sites for discussion and debate?

What if there was an organised movement, perhaps by someone like Get-Up, to release 'mug shots' of key government decision-makers in a controversial department or matter, and then invite people to photo them and report what they were doing wherever they went?

There could even be a new phenomenon known as 'public servant spotters' - people who take, publish and even trade photos of particularly rare breeds of public servants (such as Secretaries). Imagine the kudos in that community for photographing the entire SES!

This is an interesting new area for citizen power that we haven't yet seen explored very far.

In many places around the world law enforcement agents now have the legal right to detain or arrested people for photoing or videoing their activities - a course that may be increasingly hard for citizens in liberal democracies to swallow and, given the growing use of CCTV and difficulties in identifying bystanders filming a public occurance, very hard to control. Of course, in more restrictive nations people are routinely beaten or killed for filming police activities.


Is it justifiable or appropriate for governments to broaden these legal powers to all public servants?


Should these legal powers exist at all?


In a society where everyone is a journalist, able to to record and distribute video, photos, opinions and facts, how does a government and its citizens agree on what is appropriate surveillance of the activities of government officials - particularly when activities occur in public on public property at the public's expense?


I can see this becoming a growing issue for governments around the world. It is a small and simple step from reporting police activities, filming road workers or snapping photos of elected officials flirting with someone who is not their spouse to photoing and using public facial recognition tools to identify every person entering and leaving a public office.

It is then a simple matter to use social networks or Gold.gov.au to identify their responsibilities and activities. Another simple step to film or photo or text record their public activities wherever they go. Another simple step to publish their activities online, and another to use the pressure to influence their judgement and decisions.


Note this may not be the world we want, however it is the world we already have, it has just been slightly hidden behind private investigators and paparazzi.

When every citizen has a camera with them all the time, what will it mean to governments if they choose to use them?

Read full post...

Friday, March 09, 2012

The challenge of using Freedom of Information for good

I'm a big supporter of Freedom of Information (FOI) laws and the rights of citizens to access information from their government to better understand the processes and data considered around how decisions are made and policies formed.

I am also a big supporter of FOI as a tool for public good - including for sharing information that is useful within government and for businesses seeking to engage government agencies on a commercial basis.

As such, I put in an FOI request yesterday to the full list of FOI contacts for the Australian Government I collated for the following information:
  • The web browsers approved and used across department hardware (desktop, laptop, tablets and mobile).
  • Whether the agency had a staff social media policy and what it contained.
  • Whether the agency provided additional guidance and training for staff on social media and what these contained.
  • What social media channels were blocked by the agency.
  • What plans the agency had approved to change any of the above.

This information is enormously useful for businesses seeking to engage with government.

Companies seeking to do business with government need their websites to be visible and usable to agencies - hence they must support the web browser technologies that agencies are using. For those that sell online services it is even more crucial that their apps and systems are accessible to agencies, otherwise they can't do business. Equally web developers seeking to sell to government need to understand the browsers their websites will need to support before quoting as older web browsers can add significant cost to a website's development.

Many companies today use social media channels to inform audiences, promote their products and provide support and assistance - a video walk-through, a support forum or product roadmap blog. They need to know whether government agencies block these channels so they can make specific arrangements to ensure they are able to competitively service and support agencies that do.

A number of government agencies are currently in the process of developing social media policies, guidelines and training. I have received many requests over the last few years from people in all parts of government asking if I am aware of other similar policies and guidelines they can borrow from and build on.

I provide what I can, however there's no central repository for this information in Australian government (though there is an international site, the Online Database of Social Media Policies). A central place to find this information would greatly reduce the time and resourcing cost for sourcing models to build from and greatly improve the initial quality of the efforts of agencies.

I also plan on publishing all the correspondence I have with agencies on a new website (foiaustralia.net.au - not yet in place), to help open up the process of making FOI requests, which is still foreign to many people across the community, despite the improvements made in recent revisions of the law.


I attempted to structure my FOI request in a format which would make it easier for agencies to respond - and easier for me to collate and publish the information at a central online location - saving time and money all round... or so I thought. (see my request here)

Unfortunately there's a stricture in FOI law where the information requested needs to be stored in 'documents'.

Although I did specify the documents I requested, this wasn't in a particularly overt fashion and appears to be being overlooked or misunderstood by agencies, some of who are (very rapidly) beginning to respond to my request.

These documents included:
  • Their Standard Operating Environment documentation, which should specify the web browsers officially supported and deployed by platform and the filtering technologies used, including the social media platforms blocked and coached.
  • Their social media policy and associated guidelines for staff. 
  • A register of the social media channels operated by their agency.
  • Internal briefs and strategies related to the use of social media channels by their agency and staff.
I also asked informational questions about the official plans of the agency, such as whether they planned on updating their web browers in the next twelve months, whether they planned to create a social media policy when they had none, whether they planned on unblocking or blocking additional social media channels and how they used their official social media channels.

I have encountered a few minor issues, that I will be progressively sharing with the Office of the Australian Information Commissioner and publishing in due course - a major agency whose published FOI email address is not working, a major and several minor agencies that do not provide electronic FOI contacts at all on their site, spelling mistakes and poor grammar in automated FOI responses.


However the overwhelming issue I am encountering is that it appears that much of the information I am requesting is not stored in 'documents'. It is known and shared within the agency, but is not FOIable if not recorded in the appropriate format.

The flaw I see is in the use and interpretation of the word 'document' - a discrete, paper-like format which doesn't describe much of the information and data stored and distributed within organisations today.

In the future we're likely to see even less information in 'documents' - a thousands of years old archaic mode of information storage - and more information stored in fragments and tables, shared electronically via transient communication tools.

While I totally appreciate agencies sticking to the letter of FOI - that information must be in a structured document, which an FOI requester must specifically request - the opaqueness of public agencies to the public (in knowing which document to request), the increasing range of information in forms other than documents and the danger that agencies, following poor business practice, do not create documents with some important information in order to avoid being FOIed, risks undermining the spirit of Freedom of Information.

I appreciate governments applauding their own successes at openness and transparency - at legislation where the only excuses remaining for not releasing information are privacy, commercial confidentiality and national security.

However they are still overlooking the major and persistant barriers to real freedom of information - the implied need for the requester to already know precisely what documents to ask for and the explicit requirement for that information to be stored in one specific format, a 'document'.

Read full post...

Wednesday, February 08, 2012

Many national laws are increasingly irrelevant - how will governments adapt?

Facebook decides whether photos of nursing mothers are allowed to be displayed in its site (including in Australia and other nations where such photos are legal).

Google leaves China to avoid complying with its national censorship laws.

Gaming and gambling websites base themselves in jurisdictions where they are legal while attracting most of their customers from nations where such services are regulated or illegal.

Shoppers flock to buy online from countries where prices are cheap and the range is good, incidentally avoiding paying GST or sales taxes on goods and, to compete, retailers, such as Harvey Norman, open online stores based in foreign jurisdictions to avoid charging GST.

People at home use proxies to bypass copyright restrictions on viewing certain content on services like Hulu and establish overseas postal addresses with mail forwarding services to avoid copyright restrictions that only allow certain physical products to be sold in some jurisdictions.

Online pharmacies sell cheap drugs from Canada or Mexico to the US and pornography distributors sell their wares to consenting adults anywhere in the world, regardless of local laws.

Optus in Australia is legally allowed to distribute free coverage of sports events, provided they are received by customers' televisions, delayed 90 seconds and rebroadcast to customer mobile phones - meaning that mobile sports rights have almost become worthless overnight.

Electronic games, books and movies banned in Australia are available for purchase online.

People in countries with restrictive media laws use online proxies and software freely distributed by the US government to learn what is happening in their own country and the world.

Movements even work together globally to circumvent government ordered internet shut-downs or strong censorship in nations, such as Egypt and Burma to allow protesters to organise and citizens to remain informed and inform the world.


Around the world many laws created by governments are under pressure from the growth of the internet.

Laws were originally designed by societies as formal codes to guide, manage or restrict the behaviour of people, conduct of organisations and disposition of assets attached to a particular geographic location.

These 'laws of the land' worked well in a world where the majority of people lived, worked and played in a geographically limited area, where movement between areas was tightly controlled and where assets were easy to recognise and tax but hard to transport.

This remains true in many respects. Minerals, animals and offices are found in geographic locations and can be difficult, if not impossible, to relocate. We largely live and work in geographically defined areas, allowing geographically based laws to be implemented and enforced.

However with the arrival of the internet and mobile technologies certain assets, cultural values and behaviours began to drift beyond the control of any geographic nation.

Any content that can be digitalised or product that can be transacted online may fall outside of national borders, or cross many nations between creation and consumption.

Content that was previously scarce and controlled by national interests, such as news, education and research, can now be made freely available online for anyone anywhere in the world. Products that were previously shipped enmasse by a relatively small number of agents (import/exporters) are now transported by millions of individuals in much smaller quantities, making taxation and border control checkpoints difficult to enforce.

Movies, music, books and electronic games are easy and cheap to replicate, transport and share, despite the wish of copyright owners to lock them in vaults and dole them out to keep prices artificially high, as deBeers has managed diamonds.

Governments and courts are struggling to understand and re-interpret old laws in light of new technologies. Some laws and precedents date back hundreds of year, before the creation of the internet, television, radio, planes, cars or trains - all of the technologies that shape modern life.

Some of these laws and precedents remain influential in legal decisions, square blocks twisted and jammed into round holes to band-aid the legal system in the face of modern technology.

How should government and society reconcile discrepancies between new technologies, modern life and law-makers, law enforcers and laws that have demonstrably not kept up with the pace of change?

Should policy makers ignore reality in favour of legislation shaped to favour aspirational ideals? Should police forces consider all citizens guilty of crime unless they can prove their innocence?

This struggle keep broadening, from copyright, to retail, to gambling and human rights.

To attempt to retain control, governments have filled their streets with cameras to watch for criminal activity, legislated for ISPs retain an online history of website visits for their customers (just in case law enforcement agencies might need it, regardless of privacy risks), maintained secret blacklists of content that their citizens are not entitled to see, or even know what is on the list and secretly develop legislation to protect corporate copyright owners at the expense of citizens.

All of these steps have occurred in liberal western democracies. Autocratic regimes have gone even further to harass and arrest online commentators and shut down parts of the internet.

Many nations appear to have become obsessed with watching their own citizens to catch the slightest infringements at the behest of the fearful, the political and the corporate interests.

I have not yet seen discussions over the relevancy and enforceability of national and state laws in the face of new technology occurring broadly in Australian society or public service in a measured and thoughtful way. There are hall corridors and conferences but little research and mixed knowledge.

The question of how to reconcile the geography of the physical world with the expanding frontiers of limitless and jurisdictionally challenged cyberspace should be integral to many policy conversations. Even seemingly unaffected industries and people are touched, subtly, but profoundly, by modern technologies as their impact continues to ripple outwards.

Just as we require the human rights of citizens and the needs of Australia's region to be considered in legislation, we need to begin considering the workability of geographical laws in the face of modern technology.

In some cases our police and courts will need to work closely with other jurisdictions, even those with diametrically opposed views, in order to detect crimes and detain criminals

In other cases we need to debate how far legislation needs to restrict our own citizens in order to protect corporate non-citizens.

We need to review all of our laws in the face of modern technology to decide which remain workable, cost-effective and practical and determine which require improvement, international agreements or are just plain unenforceable.

And we need to do this regularly as technology keeps moving.

For any geographic state to retain pre-eminent in meeting the needs and wants of its citizens, constraining behaviours that society does not wish propagated and protecting the body, person and interests of individuals, governments need to move to the front-foot regarding modern technology, to stop treating it as the 'other' or a special case.

Governments need to recognise and internalise that our civilisation is technological by its nature. Our culture, values and behaviour are continually shaped by what is possible with technology and what technology has unlocked. 

Read full post...

Saturday, February 04, 2012

How easy is it really to source information from Australian governments?

On behalf of a friend I've been looking into the contact information for Freedom of Information (FOI) requests across Australia's Commonwealth and state/territory governments.

While I believe that Australia has good Freedom of Information laws (though I know some would disagree), the real tests of this are whether people are aware of their rights and how difficult it is to identify the right FOI contacts and the complexity of the processes to release information.

Working in government, I have contributed to FOI processes from the inside and studied the legislation and processes of some agencies, however I've personally never asked a government agency for information.

From my brief look into sourcing information, and from my friend's perspective, while legislation is in place and even recognising the internal cost and resourcing challenges of FOI, there's a lot still to be done to create a standard and usable framework for people to find out about FOI and contact agencies at both state and federal levels.

For example, only two states or territories (WA and VIC) have an obvious central FOI site for their governments. foi.wa.gov.au and foi.vic.gov.au.

Queensland has a similar site, at www.rti.qld.gov.au reflecting their 'Right To Information' legislation. While this is internally logical, it doesn't make sense in a broader usability context. At least if you do try to go to foi.qld.gov.au it does redirect you to the site.

The other states and territories hide their central FOI sites away behind strange and convoluted web addresses in agencies that make administrative sense within government, but may not be as obvious to the public.

For example, the site that appeared to be the central FOI information source for NSW has the web address of: http://www.ombo.nsw.gov.au/complaints/freedominfo.html (though I could be wrong - which also points to an issue) and Tasmania appears to uses http://www.ombudsman.tas.gov.au/right_to_information2/rti_process

None of these sites is actually the central repository of information released by these governments - which would also be immensely useful. Instead they are informational sites which push people to contact individual agencies for specific FOI requests.

If I were asked I would recommend that all state and territory governments - and the Australian Government - use a standard FOI website address, and cross-link them for people who end up at the wrong one. Regardless of legislation name or the organisation which centrally administers FOI legislation, these sites should be found at foi..gov.au (or for the Commonwealth at foi.gov.au).

These sites should also become the central release points for FOI information, using modern web technologies such as APIs, or even ATOM/RSS to aggregate FOIed information from all agencies. The information could be retained by agencies, but have the central FOI site as a searchable directory of FOI releases pointing to individual agencies - like data.gov.au's role for public sector information (open data).

From there I'd also advocate that agencies similarly apply a standard approach to FOI, using foi..gov.au and foi...gov.au for state and territory agencies.

This consistency would, at least, mean that people could be educated consistently on where to go to find out their rights and exercise them.

Moving on to individual agency contact information, I've looked into whether there is a single list at Commonwealth level for all FOI contacts across all agencies.

I did find that the Department of Prime Minister and Cabinet maintained a list of agencies with FOI Contact Officer phone numbers - an excellent start. However as it was last updated in September 2011 it had not yet captured the machinery of government changes in the last Ministerial reshuffle.

The list did not, however, provide website or email addresses - channels most people today prefer to find government information (as AGIMO's latest report on Interacting with Government ‑ Australians’ use and satisfaction with e-Government Services 2011 will tell you).

Fortunately, via Twitter, @Maxious let me know that OpenAustralia had compiled a spreadsheet of Australian Government FOI contacts based on the agencies and Ministers subject to FOI from the Office of the Information Commissioner FOI Annual Report for 2010-11 (released in July 2011) and updated for the machinery of government changes last December.

This spreadsheet contained 12% more agencies and Ministers than the list provided on the website of the Department of Prime Minister and Cabinet. However while it contained email and website addresses, the OpenAustralia spreadsheet didn't containcontact phone numbers.

So I spent about an hour matching the two lists and have released the combined information as a Google spreadsheet, FOI contacts for Australian government agencies.

This spreadsheet contains FOI contact details for 355 Australian Government agencies with varying levels of details (phone numbers for 86%, email addresses for 66% and FOI web pages for 60%).

It also contains information for state and territory central FOI agencies.

If anyone out there is interested in FOI I would appreciate if you added to the list, filling in any gaps :)

Looking at the list, there is enormous variability in the email addresses and web addresses used for FOI contacts. Surely the Australian Government could mandate for a standard foi@.gov.au for email and foi..gov.au for websites.

Also agencies could ensure they have appropriate search strategies in place to make this information easily findable in their sites - creating a google site map (which has many other agency benefits) and adding rules in their site's internal search engine to ensure that searches for 'FOI', 'Freedom of Information', 'Information', 'My Information', 'Right to Information' and similar terms (drawing from internal search reports) have the FOI page as their top or preferred result.

These steps would be far more useful in helping Australians locate and access FOI information than many more expensive and difficult activities.

Also, surely someone in government (perhaps the Office of the Information Commissioner) could maintain a public list of FOI contacts - set-up in such a way that agencies could maintain their own information and receive regular automated emails every six months or so to confirm their information remains correct.

This could even draw from the list I've compiled from the Department of Prime Minister and Cabinet and OpenAustralia lists to start it off.

State and territory governments could do likewise - and perhaps link their lists to the Australian Government's list, so that the public - who often have no idea whether they need to go to a state/territory or Commonwealth agency for certain information - have a better chance of figuring out who they should first contact.

Freedom of Information is important and necessary for any democratic society. However simply having the legislation in place is not enough.

Governments need to take steps, such as I've suggested above, to make it easy to discover who to contact and explaining the process of how to contact them and what information may be released.

Without these steps, 'Freedom of Information' or 'Right to Information' become meaningless catchcries.

Read full post...

Monday, January 23, 2012

New Inside Story policy: provide your full name for publication or your comment won't be published

I have had a great deal of respect for the Australian Policy Online (APO), produced by the Australian National University and University of Swinburne.

For several years the site has been a fantastic venue for serious discussions of public policy options, and a very useful source for policy resources and research. The site also, without prompting from me, republished several posts from this blog.

However, after commenting on an article in the Inside Story section of APO late last week, I received an email from the editor pointing out a change in their commenting policy.

Now anyone who submits a comment to Inside Story, as part of APO, must provide, and be prepared to have published, their full name. This new policy is detailed following their full articles using the text as below (highlight is mine):

Send us a comment

We welcome contributions about the issues covered in articles in Inside Story. Well-argued and clearly written comments are more likely to be published, and we’re now asking all contributors to provide their full name for publication. Because all comments are moderated, they will not appear immediately. Your email address is never published or shared. Required fields are marked *.
Now while I appreciate the sentiment of an editor who wishes to avoid spurious comments from people using pseudonyms or commenting anonymously, I found myself uncomfortable with the prospect of a website that forces anyone who comments to publicly reveal their real name in full.

I wrote a piece about this very topic a few months ago for Mumbrella, Toughen up - we need online anonymity, which discussed the various pitfalls involved in forcing people to reveal their real identity.

While I am sure it isn't the intent of this policy, one major risk - particularly relevant to a policy discussion site - is that of excluding certain groups from the conversation.

This includes people who, if their identity is published, may face physical or financial risk, those in witness protection programs, people who fear online attack if their views are taken the wrong way, those involved with policy making who have suggestions or questions, those under the age of 18 and more.

In many policy areas there are people who need to be cautious about revealing their real names publicly for legitimate reasons - whether the topic be health, law and order, immigration, development, gambling, climate change or something else.

While it is the right of each publication or website to define its own moderation and publication policies, the effect of this policy may be to silence people who have valid and important contributions to make, reducing the richness, robustness and usefulness of discussions.

If the primary concerns of Inside Story's editor and publisher are inappropriate comments, defamation, personal attacks and the like, these can be handled through pre-moderation (which they do already), backed up by a public moderation policy and community guidelines (which I cannot find in their site).

Alternatively Inside Story could require people to register and provide their real name in their account details, then publish comments under a name or pseudonym that the user selects. This would ensure they had real names if needed and allows regular contributors to maintain a consistent identity while still providing them with sufficient room to make valuable comments that otherwise they may not feel comfortable doing.

When Inside Story's editor, Peter Browne, (also credited as the Commentary Editor of Australian Policy Online) emailed me last week to ask if I was happy to have my comment published under my full name I thought about it for a few minutes and then decided that while I didn't mind my name being connected to my comments, it was time to take a stand, the damage to the public conversation could be too great. So I said no.

I won't be commenting further on Inside Story or Australian Policy Online while their current policy is in force, nor will I spend as much time reading the site. They remain welcome to republish my blog posts (which are licensed under Creative Commons, so I can't really stop them even if I had wanted to).

This decision may make me slightly poorer, however I believe Inside Story's decision significantly weakens their effectiveness and inclusiveness. The unintended consequence of forcing people to have their full name published alongside their comments is to make all of Australia poorer by stifling public policy discussion, particularly amongst those whose views most need to be heard.

I hope government agencies do not follow the same course on fulll names. It would severely restrict the value of the online channel to collect input on policy consultations and thereby make good policy harder to develop.

For the record, I've included a copy of my email exchange with Peter Browne, Commentary Editor of Australian Policy Online and Editor of Inside Story:
From: Peter Browne
Dear Craig, 
I’m not sure whether you noticed, but we now ask people commenting on articles to provide their full name for publication. Are you happy for your full name to appear with this comment? 
Cheers,
Peter Browne
Editor
From: Craig Thomler

Hi Peter, 
I didn't notice this policy change. I have now looked through your 'about' pages and see no mention of this - nor of your moderation policy. 
I would normally be happy for my full name to appear on my comment, and all my comments online are made on the basis that people can track down and find out who I am if they wanted to. 
However I'm not comfortable with a site that forces people to provide their full name publicly. This requirement prevents many people from commenting - those in witness protection programs, minors (such as 17yr olds), those concerned about stalkers, bullying, identity theft, privacy and so on. 
I see your policy as reducing the potential for open public dialogue without providing any safeguards. A backward step that only damages your reputation. 
It is also impossible to enforce anyway - people can use fake names and email accounts, thereby making your policy useless.
If your concern is around identity, have people register and use a unique username (which may or may not be their full name) - you still have their full name in the background, however they are not exposed publicly. 
If your concern is around inappropriate content, this should be managed through anti-spam and moderation techniques, potentially using the registration process above to allow you to identify and manage persistent offenders (where IP address isn't enough). Your moderation policy should be published so that commenters understand the basis on which they will be assessed. This is simply a matter of respect and setting the context of a discussion - similar approaches are used in face-to-face meetings. 
So in this case, I decline the publication of my comment and will not comment further on APO until your policy is adjusted to not require the publication of full names and is made easily accessible in your site along with your moderation guidelines. 
I will also be publishing this email in my blog to show the perils of requiring full names and linking to my post for Mumbrella: Toughen up - we need online anonymity (http://mumbrella.com.au/toughen-up-we-need-online-anonymity-58441). 
Cheers,
Craig
From: Peter Browne

Dear Craig,
My view is that if writers use their own names then responders should too. The policy is at the bottom of each article, just above the comment field. 
Cheers, Peter

From: Craig Thomler
Hi Peter,
Thanks for pointing this out. I had looked for dedicated 'Community guidelines' 'Comments policy' or 'Moderation policy' pages and looked at your summary articles, where I can still register or log-in to comment, but do not see the same message.
I now have looked at a full article and can see the text. It remains unclear on what basis you moderate.
Here's an example of what I mean by a moderation policy: http://myregion.gov.au/moderation-policy
I appreciate you believe that writers and commenters should have the same rights - although writers are often contributing for different reasons and have different agendas for expressing their views, some are even paid to do so, directly or indirectly (aka not necessarily by you). 
It will certainly be interesting to see how you decide to represent the writer when you receive an article from someone in a witness protection program or a whistleblower, and how you will treat comments. 
Cheers,
Craig

Read full post...

Monday, October 24, 2011

Cannot defame with a hyperlink - Canadian Supreme Court ruling

In the spirit of actually being in Canada, I learnt last Thursday that in a groundbreaking case the Canadian Supreme Court has supported two lower courts in ruling unanimously that hyperlinking to defamatory information is not the same as defaming someone, unless the information is replicated in the link or on the hyperlinker's site or page.

Learn more about the ruling (in a case originally brought in a British Columbia court by a Vancouver business person and political volunteer against a local website) in this BBC article, Canada Supreme Court: hyperlinks cannot libel. Yes there is a certain irony about reporting in Vancouver on a Vancouver case by referring to a British website - however I read the original story in a local (paper) newspaper.

This ruling may have flow-on influence to Australian courts, who do take some note of rulings in other Westminster jurisdictions, particularly in Common Law areas where precedents are important in clarifying grey areas in law.

The Canadian ruling, where the Court considered hyperlinks as "content neutral" (as hyperlinkers have no control over the content they link to), may even extend further to cases where links point to prohibited, but not necessarily illegal content, such as some Refused Classification (RC) content under Australia's classification for content deemed offensive but not necessarily illegal under Australian law.

Currently it is an offense to link to RC-rated content, or even to know what is rated RC - which poses a challenge for all individuals and organisations who may not realize that content they are linking to is prohibited in Australia. There has been at least one case where an Australian government agency has inadvertently linked to RC content (in a published user submission to a consultation) - which was certainly not the agency's fault.

Also as the destination content of links can change rapidly, or even appear different to users from different IP addresses, there is an ongoing risk under current Australian regulation that individuals or organisations might in good faith link to valuable relevant content which is later changed. I have seen this happen myself in a book on kids' websites with links where after publication several kids' sites were sold to adult content organisations who changed the content significantly. This could affect both defamation and RC related situations.

While I am drawing a bit of a long bow from a Canadian Supreme Court ruling to other manifestations of hyperlink-related law in Australia, it is an area that requires ongoing careful consideration and adaptation to reflect what is sound and practicable, not simply what may be popular or reflect an ideal state without recourse to technical facts.

Read full post...

Thursday, September 22, 2011

Toughen up - we need online anonymity

Rather than posting in my blog today, I am breaking one of the rules of blogging (always pull people back to your own blog) by pointing people to an opinion piece in Mumbrella that I wrote recently after reading a couple of other opinion pieces attacking the basis for allowing anonymous commentary online.

Toughen up - we need online anonymity

Please comment in Mumbrella (anonymously if you prefer) to continue the discussion.

Note that I wasn't paid for my opinion :)

Read full post...

Monday, September 05, 2011

What impact will cyborgs have on government?

"We are all cyborgs now" claims Amber Case in her January 2011 TED Director Talk (see her video below).

The concept of humans as purely biological beings ended long ago, potentially 3,000 years ago, with the first documented prosthetic limb on an Egyptian Mummy.

However the widespread use of mechanical or electronic devices to aid or control certain human physiological processes didn't become commonplace until the last century, when progress in devices such as eye-glasses and contact lenses, prosthetic limbs and even artificial organs really took off.



In 1979 the CDC reported (PDF) that 51% of US adults wore corrective glasses. I could not find any more recent statistics, either for the US or Australia, however I doubt the figure has declined.

Add to this those using prosthetic limbs and orthotics (devices which apply external forces to the body for the purpose of support and alignment, reducing pain or enhancing mobility), hearing aids, dialysis, artificial organs and so on, and I estimate that a majority of the population of developed western countries are cyborgs, of one type or another.

We've long been doing this with mechanical devices - cars, bulletproof vests, jetpacks, binoculars and more. In the future this enhancement might be more firmly integrated into human physiology - glasses and contact lenses containing heads-up displays and power-assisted prosthetic limbs are already in use in prototype forms.

We've also been busy enhancing our mental and conversational powers, as Amber also discusses. Most adults in Australia carry an external memory and communication device with them most of the time - a mobile phone - that allows them to instantly connect and communicate with people around the world, store information and receive alerts when required or research in a global library for facts or views that they no longer store in 'meat' memory.

In this arena we've begun to see devices for direct control of external devices via mechanical telepathy - with products already in the market.

Thus far cyborgs have generally used devices to attempt to match the biological human norm, to see, hear, move and live as closely as possible to unenhanced humans.

However we are increasingly heading towards a world that will see more widespread use of devices to enhance our capabilities. Moving from breast implants to heads-up displays, nightvision, hearing amplifiers and devices that otherwise increase our versatility, physical strength, speed, precision or stamina. An early example is Aimee Mullins, a double leg amputee who has turned her legs into art and can change her height, speed and capabilities through her selection of prosthetic limbs (see the video below).



Another example is 'Eyeborg', Rob Spence, who lost an eye and replaced it with a wifi camera. Rob has now made a short documentary, in conjunction with the new game 'Deus Ex: Human Revolution' (which features a cyborg hero) asking the question of where human augmentation may lead (video below).



At some point, as highlighted in Rob's video, we may even begin to face the ethical question of people choosing to be enhanced to increase their capabilities. This could involve medical interventions, even limb replacement.

So where does this impact on government and the process of governing?

Government policies, legislation and enforcement mechanisms have been designed for people who fit a particular range of capabilities and characteristics.

If cybernetic enhancements expand an individual's capabilities outside of this range, some laws may struggle to address the needs or issues this may bring.

We've seen the same challenges as other technologies were introduced. Some technologies had no impact on our legal framework, others have forced us to rethink entire policies.

Human augmentation technology is likely to be similar. For example, someone with camera eyes - who can record everything they see - might inadvertently record inappropriate material, or film in restricted venues. Someone with a brain enhanced with a direct wi-fi connection to the internet may use that collective knowledge in closed examinations or any type of competitive challenge or job where access to knowledge provides advantage. Someone with enhanced leg or arm strength may have an advantage in any type of competitive or commercial activity involving bodily strength, speed or stamina.

As a society we will have to debate issues such as,
  • should augmented humans be allowed to compete for the same jobs, sports or competitions as unaugmented humans?
  • should we create new approaches, policies or laws to govern individuals who can run faster, jump higher, grip harder or think faster than 'normal' humans?
  • at what level of augmentation would any changes kick in. With an artificial retina (with a heads-up display), with power-assisted limbs, with a direct neural interface to the internet?
Fortunately we still have time to consider these questions and there's likely to be opportunities to adapt our governance approaches.

However with the growing number and acceptance of cyborgs and the rate at which technology is advancing, we may not have that much time to reflect.

Note: Excluding the use of an external memory enhancement and communication tool, I don't yet qualify as a cyborg.

Read full post...

Tuesday, June 28, 2011

European Union requires websites to make users 'opt-in' to website cookies

The EU Government's 2009 Directive banning "unnecessary" cookies in websites (if the site doesn't ask users to accept the cookie first) has just begun coming into effect - causing havoc and distress amongst European webmasters.

Cookies are small text files that websites store on a user's computer in order to reduce the need for users to enter information again and again. They are used in ecommerce sites to 'remember' what is in your shopping trolley, in social media sites to remember that you're logged in, to personalise content or advertisements based on your preferences and by many sites to provide anonymous website reports.

It is estimated that around 92% of websites use cookies. In fact it is hard to imagine the modern web without them.

However in 2009 the European Union decided as part of a 2009 amendment to their Privacy and Electronic Communications Directive that even though all modern web browsers allow users to choose to accept or refuse cookies, cookies may pose a privacy threat to individuals.

While the Directive doesn't explain why they may pose a threat, it states that cookies can be a useful tool and,
their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using. Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment.

In other words, when cookies are used for a legitimate purpose (though 'legitimate' is not clearly defined in the Directive), they can be used by websites provided that users are provided with an up-front method to view what each cookie is for and 'opt-out' of each cookie.

This directive was to be interpreted into law by European states by May 2011. So far only three countries have complied, Denmark, Estonia and the United Kingdom. The UK has also given webmasters twelve months to introduce appropriate opt-out controls on their websites, recognising the impact of their law. Other countries in the EU will introduce their cookie laws soon.

So OK, European websites using cookies now must have an opt-out provision for UK, Denmark and Estonian users and soon for all Europeans in the EU.

So where is the sting in the tail?

Firstly, these laws may apply to all websites that are viewable in European countries, as existing European privacy laws already require. This would mean that Google, Facebook, Twitter and other social media sites hosted in the UK, Asia or anywhere else in the world would need to change how they functioned due to European-only laws.

Under this interpretation (yet to be tested in court), all (hundred million plus) websites, whether ecommerce, news, information or government would have to comply.

That includes Australian government websites using cookies, including any using Google Analytics, 'share' tools, shopping carts or otherwise using cookies to store (even non-identifiable) information on users - even for a single session.

There is an alternative. Non-European websites could simply block Europeans from viewing their sites and therefore would not need to comply with the European law. That would present a very interesting geographic freedom-of-information ban, as well as damaging the businesses of many organisations and governments who want Europeans to access their websites.

The second concern is around how the opt-in approach to cookies must work.

There's no clear approach in the Directive and plenty of confusion on how the opt-in control should work. The suggested approaches in the UK are to use pop-ups (which most modern browsers automatically block) or to use an 'accordion' that appears at the top of all webpages, as is used by the UK's Information Commissioner's Office (ICO) - the ugly block of text at the top of the website.

A more humorous implementation of a pop-up opt-in control is used on David Naylor's website - read the text.

The BBC has introduced an opt-in approach that accidentally managed to break the law while implementing it - by using a cookie to hide the message asking you to opt-in for cookies. Oops - they needed to have an opt-in for that too.

The third issue with this European directive is the impact on useful things websites do. It will become much harder to personalise content for users or report on websites. Indeed the impact of people opting out of cookies, therefore rendering all cookie-based reporting significantly more inaccurate, is already being tracked. The ICO's website has itself seen a 90% fall in recorded (tracked) traffic. This indicates that the ICO will no longer know what site users are doing and cannot as effectively optimise and improve their website. Magnify this across millions of websites.

For those who wish to learn more about European Cookie Laws, check out the short video below or read the The definitive guide to the Cookie law.

And, as always, I'd appreciate your thoughts - particularly on the questions below.

Has Europe become the Cookie Monster? Or is this a reasonable and appropriate step to improve user privacy?

Should Europe have the right to impose laws in their jurisdiction on the rest of the world? If not, should the rest of the world stop Europeans visiting our sites?

Read full post...

Monday, June 27, 2011

Turning open government petitions into policies in Latvia, using online banking to authenticate citizens

It can be difficult to get a perspective on the Government 2.0 activities in non-English speaking countries.

However thanks to Francis Irving, who posted an account in the My Society email list in the UK, forwarded to the OpenAustralia Community list in Australia, here's a very interesting mini case-study on one initiative in Latvia.

In this case the initiative was created outside of government, however has become part of their parliamentary and law-making process.

It involves using online banking accounts to identify users, in partnership with the major local banks. This is an approach I've not seen used anywhere else in the world.

It is a well-structured open government initiative and one that I think Australia could do well to model similar activities on.

I've quoted Francis' email below. To learn more, join the OpenAustralia Community list.

Francis Irving (posted 24/6/2011):
I just met Kristofs Blaus, who spent a year researching petition / online initiative projects across the world. i.e. things where citizens propose and vote on new laws.

He launched ManaBalss.lv (Eurosay.com) in Latvia two weeks ago. Already two laws are going into force entirely because of the site.

Six things you ought to know about it:
  1. 2 days after launch, the president of Latvia promoted an initiative on the site because 20,000 people had signed it. It is to open the owners of offshore companies. Within 1 week of launch (i.e. last week!) it was passed in to law.  http://eurosay.com/atveram-of-orus/show

    You can watch for future ones being signed into law on this page: http://eurosay.com/initiatives/signed

    (What self respecting e-democracy site doesn't have a specific, high profile page, just showing things it has got passed into law!) 

  2. Within 2 weeks, a second initiative got enough support that both major groups in Parliament now support it (it'll become law after the recess in September). It's a meta-law - it makes the platform itself mandatory, so if any petition gets 10,000 authorised signatures, then the creator gets 5 minutes in Parliament to present it.
    http://eurosay.com/atveram-saeimu-/show

  3. There is a workflow process for making sure the initiatives that get through are sensible (rather than tabloidy stuff that tends to be popular on the UK's no. 10 petition site)
    1. You write an original draft
    2. Comments by skilled volunteers tell you what is wrong with it.
    3. You can fix it up.
    4. Then you gather support. You get a URL. The initiative doesn't appear in an index on the site, you have to promote it yourself.
    5. When you get 100 people (they're going to up it to 1000 due to popularity)
    6. Some real volunteer lawyers make it into a proper, viable legal text in a PDF on the initiative page.
    7. It goes on the public site, where large numbers of people can back it.

  4. That process ensures that:
    - It is a real proposal rather than aspirational
    - It can regulated by legislation
    - Technical details, such as if it requies a constitutional change it is written in the right form

  5. It's social. The GroupOn/PledgeBank nature of gathering support, and then later the petition nature of getting people to back finalised initiatives, both encourage spread. It links to your Facebook/Twitter so the initiatives can have a montage

  6. To ensure it can't be gamed, you authenticate yourself to the site using your online bank account (via your social security numebr). It launched (undemocratically!) with just one bank, but the others were then deseparate to be added.

  7. The site is now wildly popular. It trends all the time on Latvian Twitter. Politicians fall over themselves to back it. The media love it, as articles they publish about it get traffic from the site.
An article in English about it, but rare. Nobody has heard of this thing yet. Except you for being smart enough to be on this list ;) http://bnn-news.com/latvia%E2%80%99s-society-enormous-power-30587

Notably the two people who made it are businessmen rather than programmers. The coding was done by staff at Kristofs's company.

Kristofs Blaus - business strategy, inventing new products
Jānis Erts - marketing (he made this fake metorite http://news.bbc.co.uk/2/hi/8326483.stm)
 
Obviously, the above formulae is easy to critique in the UK. But I'm not really interested in that kind of stop energy.

What is extraordinary is that the right combination done in the right way can be wildly successful. That is almost certainly true here.

If anyone on the list wants to help Kristofs do that, please email me privately.

Francis

Read full post...

Monday, April 18, 2011

Advertising agencies, digital agencies, web developers & printers - you need to understand government's online requirements

It has been an interesting experience working with advertising and digital agencies, web developers and printers while in government - particularly having been on the other side myself for more than ten years.

While some are very good, others definitely 'need development' - particularly in the web delivery space.

Government has a number of requirements for websites and other online properties, however it sometimes appears that these are not always well understood by service providers - or maybe it is simply that some may occasionally seek to 'cut corners' on quality to increase profit margins.
 Service providers are expect to know the mandatory government web requirements when responding to government tenders. As AGIMO states in the WebGuide:
Service providers should be familiar with the Mandatory Requirements and the other guidance provided by the Web Guide when responding to Australian Government tender processes for relevant services.
Below is a list of things that service providers really, really need to know when building Australian Government websites:
  • Complying with WCAG's accessibility minimums is a mandatory requirement for government
    I've been told by supposedly experienced (private sector) web developers that the Disability Discrimination Act 1992 doesn't apply to government, and that it is optional for governments to meet WCAG requirements as it is a 'non binding international agreement'.
    I've also been told by web developers that they won't implement some accessibility features because they 'believe the site is accessible enough already' - despite not meeting WCAG standards.
  • A scanned document turned into a PDF isn't accessible under WCAG 2.0
    Telling me that a scanned document - essentially an image - is accessible to screenreaders if it is converted to PDF doesn't communicate that you're a 'web professional with more than 10 years experience'.
    A Microsoft Word document or InDesign file converted to a PDF also won't meet the Australian Government's minimum standards.
    When you provide PDFs to government, if you are not also providing the content in an alternative accessible format, you will often not meet your contractual requirements.
  • You must include a privacy statement, disclaimer and appropriate copyright notices on government websites
    Telling government staff that a 'Website privacy policy is only necessary if you're collecting email addresses or other information online' is incorrect and creates significant risk for your client.

  • Government Departments can use social media channels
    There is no stricture forbidding Government agencies from using social media channels for communication or engagement activities. In fact many already do - and often in more advanced ways than the private sector.
    There's also no 'conclusive study showing that Australians don't want to associate with agencies or government campaigns via social media channels'.
    There's also limited need for government to engage 'social media experts' who don't understand how to use social media services - such as having a Twitter account that doesn't use hashtags or retweet others or writing a Facebook strategy that just lists the standard Tabs and doesn't provide evidence of expertise in using 3rd party applications or iframes to customise a Page.

    Having an account illustrates you're aware of a channel, using the account well demonstrates your expertise.
  • Building a fake persona on a social media channel then revealing it as fake and a government promotion can be considered false and misleading practice
    Suggesting to a government agency that they should create fake personas and interact as though they were real, build a following or trusting friends and then unveiling the activity as a campaign at the end isn't good advice to provide any organisation.
    Sure there's LonelyGirl and the Jacket Girl, and several other instances of actors used to create fake personas - but never by government agencies. Providing the truth is important in government campaigns and being authentic is important to build trust and respect online. Creating fake personas usually isn't conducive to these and can also break the acceptable usage terms of services such as Facebook (which you should read).
Finally here's some tips - collected from discussions with my peers across a range of government agencies and jurisdictions:
  • We don't need you to build us a CMS and we don't want to finance the creation of your own 'you-beaut' in-house CMS and then pay you every time we need it upgraded. Consider building expertise in an off-the-shelf product - particularly an open source platform with global support.
  • Frontpage doesn't qualifies as a modern web development tool used by experienced professionals. It also leaves code in your pages if you don't edit it out (caught!)
  • We do often notice when you copy code and leave the original author's name and credentials in the (web page) source without appropriately compensating or crediting them.
  • Everyone knows that designers love arty fonts, but if the government agency doesn't own the rights to them they can't use them. 
  • Making all the text links in a website into images isn't a good idea - it makes them inaccessible!
  • Audience usability testing should almost always be a required step in web design. Even if your random sample of three staff really liked the design and could use the functionality, what does the website's audience think?
  • Background music is never acceptable in a website. Self-playing video is only acceptable where there's accessible alternatives and the video can be controlled by the user.
  • Government agencies don't want to pay for your custom reporting system that only you can access so you can give us interpreted results for web traffic. Use a standard web-based platform and give the agency access to the reports.
  • Don't tell agencies it will cost $5,000 per month to host a small government website via your ISP. Particularly when their website lists their prices (up to $30 per month) - oops!
  • When a government agency asks for an email newsletter system with double opt-in subscription, bounce detection, automated unsubscribe, open and click-through reporting, simply using a web-form to collect email addresses and sending emails via Outlook is not a quality outcome.
  • When asked to design a website for an agency to implement in-house, don't provide code or custom functionality that can't be used or build on the agency's platform.
  • It doesn't cost $10,000 to add a share button / reporting system / embed a YouTube video into the website - particularly when the agency is providing all the code for you.
  • You're not a 'Government 2.0 pioneer' if you've never heard of the Gov 2.0 Taskforce, the eGovernment Resource Centre or this blog. Knowing Obama used social media in his first Presidential campaign no longer earns brownie points.
  • Even if this is 'the first time' a government agency has asked you to make a website or PDF accessible to WCAG 2.0 standards, that doesn't mean that your previous standard will meet current government needs.
  • Just because your contact in government hasn't had previous experience developing websites doesn't mean they aren't supported by people who have a lot of experience.
Any other gems out there that people are prepared to share?

Read full post...

Bookmark and Share