Showing posts with label risk. Show all posts
Showing posts with label risk. Show all posts

Tuesday, April 04, 2023

TikTok banned on Australian government devices

The Australian government has finally banned the installation and use of TikTok on government devices.

This has been a long-time coming, with a number of other nations having already banned the use of TikTok on government devices.

With TikTok owned by a Chinese company with very close ties to Chinese government, this has long been an area I've been concerned about, and I'm glad they've finally made this decision.

While the vast majority of social networking tools used by Australians are owned overseas, most are domiciled in nations that have long-term alignments with Australian interests, such as the USA. While there's a similar risk that the US government through legislation could access information that Australia's public servants put on these networks, or weight what our government officials see when they use these platforms, this risk is generally considered low due to the alignments.

With TikTok this alignment was far weaker. Chinese hackers are constantly launching cyberattacks against Australian government agencies and companies, seeking commercial and political advantage.

As such, the risk and consequences of an Australian public servant being compromised or hacked, and information from government systems exposed, were significantly greater with TikTok than other services.

Read full post...

Thursday, October 10, 2013

The road to public sector IT hell may not be paved with intentions at all

Something that scares me enormously is the house of cards that many (if not most) governments have built with their IT systems.

It can be witnessed every time government agencies get 'MOGed' - Machinery of Government changes where parts of agencies are shifted to other agencies to meet the latest political whim.

In these cases it's not simply a matter of moving tens, hundreds or even thousands of public servants to new offices - in fact in many cases they may not move at all - it is about extracting them from the secure environment, software and network systems of one agency and connecting them (including all their historical records, emails and files) to the network and software of another.

This is a hugely complex and increasingly expensive exercise that can have an enormous productivity and cost hit each time it occurs.

Why is it complex and expensive? Because every agency uses different systems - or different versions of systems - and agencies are now so wedded to these systems after a purchase decision many years earlier that, even though senior bureaucrats recognise the issue, they can not address it without a complete (expensive and time-consuming) overhaul of how government runs its information technology.

Another example is eTax. While I have a great deal of praise for eTax, and it has been very successful by most measures, when the system was originally procured and built it was done in such a way that limited it to the IBM-PC platform. Certainly no-one can blame the ATO for not foreseeing the rise of Apple or the arrival of smartphones and tablets - however the decisions made at the time locked the system into a single platform, which has caused significant pain over the years.

Other examples include the Department of Finance and Deregulation's choice of a document management system as a Web Content Management System for www.australia.gov.au, an entirely appropriate decision at the time based on their well-governed procurement approach, but which led to delays and cost blowouts, constraining the site from what it could have become.

A better known example would be the failure of the Queensland Health payroll system several years ago, where an enquiry is still ongoing. It even has its own website - www.healthpayrollinquiry.qld.gov.au

Indeed, there are hundreds of examples both big and small, where this has occurred - a decision has been taken with the best possible knowledge at the time, or small incremental decisions have been taken over time - all for the right reasons - which have inadvertantly led into blind alleys or very expensive remedial work years later.

And lest you think this is an issue only for the public sector, consider the disaster that was Telstra's bill payment system, the issues our largest banks have had keeping their systems operating, or Virgin's booking system.

With the pace of change accelerating and the increasing limits on public sector employment, the likelihood is that these types of issue will continue to grow and plague IT, becoming even more widespread and expensive.

Agencies could increasingly find themselves trapped into slow and inefficient systems, restricting staff productivity and absorbing more and more of their resources to maintain, with no funds to 'jump tracks' to more future-proofed solutions.

This can even affect the performance of elected governments - who may be forced to change their policies to fit IT limitations. I am already aware of government initiatives that have had to be abandoned (never having seen the light of day) not because they were bad ideas but because the IT constraints in government make them impossible to cost-effectively deliver.

This isn't the fault of public servants or of politicians - seeing that far into the future simply isn't possible anymore. Technology isn't progress linearly and the accelerating rate of change means left-field technologies can appear and radically transform peoples' expectations and strain existing IT systems within a few years (remember the iPhone).

There's many more of these technologies emerging around us. For example 3D printers, capable of printing anything from kitchen utensils to medical devices to firearms, disintermediating physical manufacturers, opening a new front in the ownership of intellectual property and providing access to deadly weapons. There's also unmanned aerial vehicles (UAVs), drones that are capable of live-streaming video, or even carrying weapons, that can be bought online for a few hundred dollars and flown with limited chance of detection by individuals or corporations.

Many others technologies from Google Goggles to driverless cars are in development and could, in increasingly shorter timeframes, radically transform societies.

So when government agencies are still struggling to manage and maintain their legacy green-screen mainframe systems, out-dated (insecure and unsupported) web browsers, where they are locked into increasingly expensive proprietary technologies (due to the cost and resourcing required to migrate - even changing email systems can cost our largest agencies $100 million or more), what are they to do?

There's little time for innovation or for thinking of consequences - the majority of resources in an agency's IT team are committed to maintenance and quick patches on existing solutions.

The likely outcome over time is that we'll start to see more catastrophic IT failures - particularly across the most complex and most essential systems - such as welfare, payroll and grants management.

So how do we fix this? How do we break the cycle before the cycle breaks us?

There's no simply solution, but there's fortunately some trends which work for government agencies facing this challenge - if they're prepared to consider them.

A big area is open source software, which is increasingly being used by agencies in a variety of ways. While open source can run into the same issues as proprietary software, a platform with a large and diverse group of users can combine their IT assets to ensure the system is more useful to agencies and more rapidly updated as the world around it changes.

Another area is cloud-based solutions, which allow a government to more rapidly reconfigure itself to meet the needs of political masters. When software is independent from computer systems and there's a government-wide secure environment which can host software approved for use it can be far faster and cheaper for people moving agencies to retain the files and applications they require.

There's open data - which when made available in machine-readable formats liberates the data from proprietary systems and simplifies how it may be discovered and reused by other agencies (as well as the public).

These trends do not allow governments to replace all their existing systems - however they allow agencies to contain the problem to critical systems, which allowing all other services to be done 'in the cloud'. Imagine, a single email system and intranet across government. A web-based suite of office tools, graphic design tools, finance and HR tools - which can be managed centrally within a government, leaving agency IT teams to focus on the unique systems they can't share.

What does this vision take? Intention, planning and choice.

Governments that fail to proactively and intentionally plan their futures, who simply live on autopilot, will inevitable crash - not today, not tomorrow, maybe not in five years, but eventually - and the damage that their crashes will cause may take decades to recover from.

So for agencies who see themselves as being a continuous entity, with an existence that will exist as long as the state they serve, it is imperative that they plan intentionally, that they engage their Ministers and all their staff in understanding and addressing this issue.

It is not good intentions that will cause agency IT to fail, it is the lack of intention, and that is highly addressable.

CORRECTION: I have been advised by John Sheridan, the Australian Government CTO, there was no cost-overrun on australia.gov.au, it was a fixed price contract.


Read full post...

Tuesday, October 08, 2013

Where's Australia's back-up for governments shutting down access to open data?

On a regular basis, around the world, governments rise and fall.

We see this most commonly at local levels - with councils merging and demerging, however it also occurs at a slower rate at state and national levels, with new nations created out of the ruins of older states on a regular basis.

I've been thinking a great deal about this over the last week. Ever since the US Government, the richest and most powerful state in history, told 800,000 staff - about a third of their public service - to stay at home until further notice.

The result of this shutdown hasn't been limited to the shuttering of national parks and monuments, or a reduction in services to the public.

Significant online data sources have also been shutdown, including data.gov and even Census.gov, which can have a major flow-on impact to businesses and the public.

In Australia, where it has been difficult for a hostile opposition to block the Australian Government's budget supply since the events of 1975, we're not really familiar with the notion of governments abruptly shutting down - although we do see frequent mergers and demergers at council level and the appearance and disappearance of agencies at state and federal levels on a regular basis (we lost at least four Australian Government agencies following the last election).

Some of these decisions are taken very quickly, and can have major impacts on businesses reliant on government programs or data.


As the open data revolution progresses more and more companies will come to rely on government data to power their activities with the public. At the same time the public will also come to rely on this data, and the hackers and companies that make use of it, for the services that they use in their normal lives.

So where's the back-up to government if it suddenly shuts down access to its data?

This view appears to be shared by the Sunlight Foundation, whose Eric Mills recently wrote a great post on the topic, Government APIs Aren't A Backup Plan.

In the US not-for-profit civic groups are beginning to replicate data released by government as a risk-mitigation step - such as this great list of non-government government data sources compiled by Code for America: http://forever.codeforamerica.org/Census-API/shutdown-2013.html

In Australia this hasn't happened as yet - but it could, relatively easily.

All it would require is a couple of different cloud-based data storage environments (for redundancy), a good front-end data catalogue and appropriate crawlers and volunteers who source and update data as it is released.

We're already part-way there with the creation of GovPond during the last GovHack. Developed in Perth, originally as a way to locate open data for state-level GovHack participants (from the dark and dusty corners of the internet), GovPond has become a fantastic resource for finding data across the plethora of Australian government data catalogues, without the incredibly messy business of checking each site.

GovPond provides the front-end data catalogue for Australian government - without all the messy politics between and within jurisdictions who each feel the need to have their own 'central' data catalogues and then undermine them by storing open data on agency sites and not listing it centrally.

The second part, cloud-based storage, is already cheaply available and is already used by some government open data sites. For example Data.gov.au made the sensible step of storing data on Amazon's system - overcoming all the security concerns with the simple fact that the data is designed to be publicly accessible.

Other agencies and states have employed a range of approaches - with much of their data still stored on servers they pay significant amounts of money to own (now that's a real waste of government funds where the data is supposed to be publicly available) - however the ability to access low-cost and high resilience cloud storage is definitely there.

The final step is the tough one - coordinating the volunteers and designing the scrapers that find, copy, file and maintain government data from the thousands of government websites across Australia.

Some of this work has been done. Volunteers compiled GovPond and adding tools that check currency is very possible within the context of the site. Many government open data sites have moved to standard platforms like CKAN, which simplify copying and maintenance of data (although the vast bulk of available government data still sits outside these platforms).

Much remains to be done. There needs to be some structure or organisation that commits itself to recruiting, supporting and empowering these volunteers, sourcing the funds necessary to pay for data storage and some technical tools to maintain data.

There needs to be leadership from within the open data community - beyond the leadership that already exists (and is largely committed to other goals).

Finally there needs to be the interest and willingness within the broader Australian public and business community to support this approach. This interest will grow as government data becomes more mission-critical for certain businesses and for the public, making it logical for them to invest in ensuring that the data remains available to them when they need it.

When it comes to open data, the public, companies and even government agencies need access to the data - they don't need the data to necessarily be held in government hands.

As we move through the process of releasing more data and it becomes more valuable to the community, the ability for a single public servant, politician or party to suddenly cut-off access to a dataset, series or service, becomes more of a risk for the community.

As a result there will be a rising interest in having an Australian back-up to government holding open data - possibly many back-ups, stored in a peer-based approach across many servers redundantly to prevent its destruction or loss of access.

In the US they're there now - seeking to build alternatives to government data storage, as governments are no longer stable and reliable custodians of data. In Australia it's unlikely to be far away.

Read full post...

Tuesday, March 19, 2013

How government in Australia is (and can) use social media

This is a presentation I gave on Monday to NSW Health, including a review of Australian social media adoption, how agencies have been using social media, risks to watch out for and some examples of good public sector social media execution.

I'm happy to come chat to any government agency or council on these topics if it adds value to what you're trying to do.



Read full post...

Monday, February 11, 2013

How to build a smart and innovative government agency - abandon 19th century organisational principles

NetFlix has released its 'manifesto' detailing how they operate and why, a document that Facebook's COO has described as "the most important document to ever come out of Silicon Valley" and that has attracted well over three million views on Slideshare.

It is the best document I've ever seen on building a smart and innovative organisation and has many lessons for government agencies, as well as for businesses, on how to set organisational goals, develop policy and select and manage staff - which I hope senior government leaders take on-board.

I equate this to the organisational equivalent of the NBN, compared to 1960s fax machines.

Organisations that learn from Netflix's approach will be well-placed to address the challenges of modern society, being far more productive, effective and attractive to staff.

Whereas organisations that persist in applying a 19th Century organisational model designed for managing itinerant and illiterate workers undertaking repetitive manual tasks to 21st Century highly-education staff undertaking knowledge-focused outcomes will struggle to compete for talent and survival.



Read full post...

Wednesday, July 18, 2012

How Facebook has become a risk for public servants, and what you can do about it

If you are one of the majority of public servants with a Facebook account, then it may be time to reconsider how you use the service.

As discussed in ZDNet's post, Is Facebook damaging your reputation with sneaky political posts?, Facebook is now posting messages in your timeline and saying you 'Like' the messages simply because you once 'Liked' the Facebook Page that posted them.

So what does this mean, and how is it a risk to public servants?  Here's how it works.

When you 'Like' a Page in Facebook, Facebook assumes this means you also like all the content, status updates, images and other material, that may be posted on that Page by its administrators.

To be 'helpful' Facebook will automatically place some of the Page's content in the newsfeeds of your Facebook friends, with a notice that you 'Like' the content.

Facebook calls this a feature, as quoted in the ZDNet article,

To help people find new Pages, events, and other interesting information, people may now see posts from a Page a friend likes. These posts will include the social context from your friends who like the Page and will respect all existing settings.

This may sound innocent enough, but what it means in practice is that if you ever 'Liked' a Facebook Page for any reason, any new content posted in that Page may now appear to your friends as explicitly 'Liked' by you.

As Pages can change administrator, content and focus, that innocuous Facebook Page on pet rabbits you liked two years ago may now start spewing controversial, obnoxious or otherwise inappropriate content into your Facebook friends' newsfeeds - with each piece of content indicating that you 'Liked' it.

This could merely be embarassing, or it could put your career at risk.

Say you 'Liked' a Facebook Page for a charity you support that works in a policy area covered by your agency. Due to a change in government policy, that charity loses funding and, as a result, begins posting messages on its Facebook Page which are strongly critical of the government's new policy to galvanise their supporters to write to the Minister. Even worse, one of the Page's administrators has been radicalised and frames some of these messages in very strong, almost abusive, language.

These messages begin appearing in the newsfeeds of your friends, complete with a notice that YOU 'Liked' them. Incidentally, you don't see them yourself because Facebook doesn't notify you that they're doing this and these messages don't appear in your own newsfeed.

One of your friends (a colleague at your agency) is horrified that you'd act so unprofessionally and sends screenshots of the messages with your 'Like' to HR, notifying them that you've broken the public service code of conduct by publicly criticising your agency and the government.

You get called in for a discussion with your manager and a HR representative, who shows you the screenshot and asks you to explain your conduct...

Will they believe you when you claim ignorance?


Now compound this issue by thinking about every single Facebook Page that you've every Liked.

Any of them could begin posting messages which could embarrass you, or threaten your job and, thanks to this Facebook feature, indicate automatically that you 'Liked' each message.

Even worse you don't even know when they're doing it because you don't see these messages in your own newsfeed.


So what should you do to deal with this?

Assuming that you're not prepared to close down your Facebook page or, at least, unLike all pages that you have liked, I recommend that public servants look at their 'Likes' page (accessible from their Favourites page) and cast an eye over the pages they've Liked to see if any are likely to post content that will get them in trouble in their friends' newsfeed.

Then make this a regular habit - check all your pages every month to see what they're saying.

Finally, bring this issue with Facebook to your agency's attention, so you'll not be accused of 'Liking' content you didn't.

Read full post...

Friday, March 23, 2012

Don’t dumb me down! (guest post)

With the permission of Geoff Mason (@grmsn), I've republished his blog post Don’t dumb me down! from 21 March this year below.

I thought this was a very good post on a topic that, as increasing amounts of information and discussion only appear online, is increasingly affecting how effective public servants can be and the policy outcomes across government.

Don’t dumb me down!


There continues to be a fear of the unknown and the misunderstanding across the Australian public service about the internets – which baffles me to be honest.

Agencies continue to block social media websites, cloud based email services, and restrict mobile access during business hours. At the same time the government is pushing for greater innovation, greater mobilisation and capability of staffing, and increased staff performance while seeking to make cost reductions across the breadth of the public service.

The two are one in the same in this modern age. Social media provides the first point of call regardless of the industry for professional development, access to innovation, and in sharing how people work to increase productivity.

As a quick case study, Google + while not a social media site in itself provides a social layer which covers all its services from search through to document sharing and collaboration. The interlinked services include the Google email groups all of which requires access to not just the platform but to a Google account. The service helps tailor search results and improves the breadth of information and opinion provided by adding Web 2.0 functionality. Increasing a person’s ability to undertake a critical analysis of the information being provided.

For example, Tim O’Rielly a prominent person in many ways, including a leader in facilitating discussion, direction, and promotion of modern communications, and open and transparent government uses Google + as a key communication channel for engaging and sharing ideas of the many through an established community which actively engages in frank discussion on the merits and disadvantages of many key concepts attached a public servants work life.

Restricting access to this type of discussion during working hours means federal employees are required to actively engage in these environments during their down time - all the while trying to manage their families, their dogs, the gardening, and everything else which comes from having a life outside of the office. While I think that’s fine for myself, I don’t believe it should be expected of everyone.

As more and more key representatives access similar services as their communication channel of choice it will be fundamental for public servants to not only have access to but be encouraged to be a part of and monitor the discussions on these platforms as a cheap and effectively method for self-development and idea generation for not only their team but for their agency as a whole.

Beats the hell out of spending $2,500 to send staff along to a workshop to hear other public servants talking about something that they could be getting for free online don’t ya thunk?

In short, government agencies need soundly assess the short term risks which access to these systems pose in comparison to long term benefits which being a part of a global community could provide.

Read full post...

Thursday, March 22, 2012

Letting the cat out of the bag - I've joined Delib Australia

I've finally been able to let the cat out of the bag today and publicly announce my primary post public sector project.

I have been officially appointed the Managing Director for Delib Australia (and are a shareholder too). So, effective immediately, I will be working full-time with Delib in the UK and with associates and partners in Australia and New Zealand to grow and support Delib's footprint in our region.

For those who don't know them, Delib is a digital democracy company that builts online tools to help governments and other organisations consult and engage their citizens, communities and stakeholders.

The UK company has been operating for over ten years and has worked closely with both the UK and US governments.

More information is available in our media release at the Delib blog.

Delib has a strong commitment to digital democracy and is committed to supporting the Gov 2.0 and open government community, which aligns neatly with my own goals in this area.

As such you can expect my blog to continue to be commercial free, focused on Gov 2.0, social media and open government musings from me and selected guest bloggers.

In fact, I'm about to start a project of redeveloping my blog to better expose some of the resources and tools it contains - with the support of Pia Waugh.

Hopefully this will improve my blog's usefulness and provide more opportunities for me to demonstrate how to walk the Gov 2.0 walk.

Read full post...

Tuesday, February 28, 2012

What may geolocational services mean for your organisation's security?

The US Army has released a very interesting - and frightening - presentation looking at the risks of geolocational services on smartphones and some social media services in relation to national security.


Essentially it raises (and addresses) the issues of what can happen when people share photos or content tagged with their physical location (whether they realise they are sharing or not).

If someone knows where you live and work and has insights into your schedule, activities and home life there are risks that some of this information may be used against you, or your employer, for political or commercial gain.


I have embedded the presentation below, but wanted to flag that the risks - and mitigations - highlighted are not limited to armed forces.

They apply for anyone with a secure or sensitive role, that access commercially or politically important information or that may be at risk of blackmail - which covers a LOT of people, both in the public and private sectors.

The recommendations from the US army are to be alert, not alarmed, and to take appropriate steps to understand the devices and services that you use, ensuring that the only information you share is what you are choosing to share.

This, of course, doesn't even touch on the risks of facial recognition (for identifying undercover police officers or simply identifying staff for a particular agency) or of location recognition - recognising the location of a photo which has no geotagged information from other publicly available photos that do.

We are moving into a time where, even without widespread CCTV, it is becoming possible to track people's movements and activities through facial recognition in publicly available photos, with time and location (geotag) data providing a picture of what they do, when and with whom.

Does your organisation have a high level officer tasked with monitoring, understanding, educating staff (at all levels) and providing advice on mitigation of these types of risks?

Does your organisation have a policy on taking photos at the office, in your carpark or at office functions?

Does it advise you of the risks you might be taking when you become the public FourSquare 'Major' or equivalent of your local coffee shop - publicly highlighting the times and places you'll be and, potentially, your office's location (if secure) and what you look like?

Have you advised or educated your organisaton on risks they are unaware of?

Frankly I think that these risks - real risks - with digital and social media services often get neglected through lack of awareness and understanding. Often executives focus on popularised fears and myths reported in the media, which may be less damaging, more easily mitigated or simply not a risk at all, such as staff time wasting via social media, inappropriate behaviour online and negative citizen comments.

What do you think?

Read full post...

Friday, February 03, 2012

How should agencies moderate their online channels?

While government agencies often have limited options in the approaches they choose to use for moderating third-party social media channels, there's a number of ways they can choose to moderate channels under their control, including blogs, forums and wikis.

There's limited official guidance, and no real mandates or instructions for particular moderation approaches available across Australian government (no my knowledge). This is partially a good thing, as agencies need to consider what works for their goals and the sensitivity of their engagements, not merely follow a central line.

I have been asked a number of times by various people about the best approaches to moderation and how other agencies choose to moderate, however I only recently put together a quick review, based on a request in my job.

As this is public information - something that can be observed when visiting any particular blog or forum, and there is widespread interest as agencies look at what each other is doing and why to help inform their own decisions, I thought it worth publishing the list and allowing other agencies to add to it, so government agencies can both share this important information and collectively learn from it.

The spreadsheet, Australian agency moderation of online social channels, is available for viewing and editing here.


I also thought it worthwhile to provide some basics on moderation, what is it, how it can work and why it's done.

In my mind moderation differs from censorship or approval, it is a conversation management technique based on used to influence conversations to keep them on track and at a 'Goldilocks' temperature - not too hot (for example people yelling at the top of their voices) nor too cold (for example people speaking in icy tones).

Other purposes for moderation include risk management, particularly around legal considerations of defamation, copyright and the publication of inappropriate/offensive material and guiding the culture of an online space. Just as organisations develop cultures, so do online spaces. These may be positive, supportive, respectful and engaging or abusive and demeaning, depending on the management approach.

Where an owner or manager of an online space fails to have mechanisms like moderation and community guidelines in place upfront to help shape and underpin the culture they wish to support, there is significant risk of the culture developing in unintended directions and being difficult to manage once a given audience moves in.

Censorship and approval, on the other hand, are control techniques used to enforce the owner's views and beliefs over those of the community. Both provide broader control over conversations, not simply influencing them but actively constraining them to what the online space's owner feels is appropriate.

In these regimes often the reasons behind why comments are not published are highly subjective or based on the internal beliefs of the online space's owner rather than on objective guidelines for conversation. Censorship in particular is about prohibition of content, which can limit conversations to politically correct lines of thought - not good for a robust discussion or the debate of 'left field' ideas - whereas approval of content risks enshrining a user's views as being somehow being endorsed or supported officially by the space's owner, which may not be the case.

As the owner or manager of an online space, when moderating you have to allow views that disagree with you be published, provided they are not abusive or defamatory. However when censoring or approving you may choose to only selectively publish views which disagree with you or not publish them at all.

Obviously moderation can be more uncomfortable, particularly in political environments, as you can be more readily challenged. However the outcome is far more inclusive, encourages a broader level of participation and provides opportunities to influence and be influenced.

When it comes to how organisations moderate, there are several different approach to choose from.


Pre-moderation
The first place people commonly go is pre-moderation. This means that, as the manager or owner of an online space, you read and review every comment as it comes in against your moderation guidelines before you allow it to be published. As this process suggests, it becomes resource intensive in active communities and doesn't scale well, hence it is not used by the owners of services such as YouTube, Facebook, TripAdvisor or other large community or social sites.

Pre-moderation offers the illusion of greater control and lower risk, as you check everything, however there are often legal factors at play which mean that a court could hold the online space's owner to a higher standard and consider therefore that, by pre-moderating, they are more responsible for the comments from users than if they explicitly did not pre-moderate.

Therefore unless you have highly trained moderators (with an in-depth understanding of defamation, copyright, discrimination and other applicable laws) pre-moderation can risk greater legal liability for an organisation. However don't take my word as a non-lawyer on this (I am not offering legal advice), please consult your lawyers regarding your agency's circumstances.

Pre-moderation has another major negative - it kills conversations. While it may be a suitable technique for a blog, where comments are usually in reaction to the original post, in forums, wikis, social networks and other conversational online spaces, pre-moderation is usually the kiss of death for a community. It is simply not possible to have a timely or coherent conversation when a minder at your shoulder is screening each of your words before they are heard.

I like to compare this to the process for holding town hall meetings. Sure you may vet who is allowed in the door and manage the flow of conversation in the room by laying down ground rules and limiting time per statement or question, even closing down or ejecting abusive or defamatory speakers. However you cannot effectively have a spontaneous open discussion if each speaker is required to pre submit all of their questions or comments for moderation - why hold the town hall at all?

Post-moderation
The other main approach to moderation is post-moderation. This involves establishing a clear and publicly available set of moderation guidelines (which should be public even when pre-moderating) and reviewing comments after they are published and publicly visible within your online space.

While this may sounds risky, it hasn't proven to be in practice where a community is well-managed and it is made clear that at times comments will appear which may be inappropriate, but they will be removed once detected or reported. If necessary risks can be further reduced by pre-registering users and holding their first comment for pre-moderation (which is also a spam control approach - more on that later).

Post-moderation is used by the vast majority of large community sites, often with mechanisms for users to report content they feel is inappropriate so that the owner can take any appropriate steps.

The benefits of this approach include reduced resourcing and the ability to scale quickly to any size community, important for organisations who don't know ahead of time how large a community may become. Post-moderation also offers support for free flowing conversations, meaning that forums and wikis actually work and may deliver the outcomes you seek - provided you have built and promoted the community effectively and the topic is of interest to your audience.

Post-moderation can also reduce- but not totally avoid - potential legal risks that pre-moderated communities face. However it remains important to have a level of trained moderation capability on hand to respond to reports of inappropriate commenting quickly.

Best moderation approach
In my view in most cases post-moderation is the preferable approach, however organisations need to be ready to shift temporarily to pre-moderation where events dictate. Pre-moderating the first post of new users, where users register or otherwise have a persistent identity, is a useful additional technique where it is not likely to alienate users enmasse and having clear methods for participants to report poor behaviour is a must.

There are cases where it is better to pre-moderate, such as for highly emotive topics or where there is significant risk of politically motivated groups deciding to enmasse invade and take control of a space for their own goals.

Government agencies do have special circumstances that can require pre-moderation to be used at certain times, such as during caretaker period before an election, during a national emergency or when significant machinery of government changes are taking place. Public companies may also need to consider it during share freezes or prior to major public announcements.

If you establish your system effectively, switching from a post-moderation to a pre-moderation environment ( or vice versa) should take no more than a few minutes to achieve technically - provided any changes in community guidelines or moderation policy are prepared ahead of time. In fact if you are running a post-moderated space I would strongly suggest that it is worth pre-preparing the guidance for pre-moderation just in case you ever need it.

Spam management
Another area worth touching on is spam - the bane of all system administrators. It is estimated that up to 90% of all email transmitted over the Internet is spam, unsolicited commercial messages designed to make people buy, or sometimes carrying malicious code with the hope of infecting systems for use in bot armies (for sending more spam or hacking secure systems).

Spam is also a persistent issue for online communities, though increasingly a manageable one. I recommend using one of the global anti-spam filters such as Akismet or Mollom, which are rated at over 95% effective at preventing spam from being published (that's at least blocking 95 of every 100 spam messages).

Other techniques also assist in spam management such as using honey traps on registration or submission (forms that spam bots - automated systems - see but human users do not and using the first post pre-moderation approach. Tools such as CAPTCHA can also help (where you must read and type in letters or phrases from an image), however there are techniques to circumvent these in use and they tend to frustrate some users as often up to 20 percent of legitimate human users cannot successfully complete a CAPTCHA challenge - I sometimes struggle with reading them myself.

One thing I strongly advise against is using pre-moderation as an anti-spam technique. Generally the goal of preventing spam should not outweigh the goal of having an effective and flowing conversation. Stopping the community's discussion in order to protect against unsolicited commercial messages is a very big trade-off, similar to requiring all car drivers to submit to breath analysis EVERY TIME before they can drive on a public road. Sure this approach would reduce drink driving (though heavy offenders would find a way around it), but it would unduly punish the majority of drivers doing the right thing.

In conclusion...
With no clear guidance or mandated approach for moderation from any Australian government (that I am aware of when writing this), agencies all have a choice on how they wish to moderate online spaces they manage.

I think this is a good thing as moderation will always be horses for courses. However I strongly recommend that agencies seek legal advice and consider the choices and reasoning of other agencies before striking out in a particular direction.

I also strongly recommend that you share your approach and moderation guidance with other organisations so, collectively, agencies improve by building on each others' experience and expertise.

One way you can do this is by adding your moderation approach to this spreadsheetAustralian agency moderation of online social channels.
.

Read full post...

Monday, January 23, 2012

New Inside Story policy: provide your full name for publication or your comment won't be published

I have had a great deal of respect for the Australian Policy Online (APO), produced by the Australian National University and University of Swinburne.

For several years the site has been a fantastic venue for serious discussions of public policy options, and a very useful source for policy resources and research. The site also, without prompting from me, republished several posts from this blog.

However, after commenting on an article in the Inside Story section of APO late last week, I received an email from the editor pointing out a change in their commenting policy.

Now anyone who submits a comment to Inside Story, as part of APO, must provide, and be prepared to have published, their full name. This new policy is detailed following their full articles using the text as below (highlight is mine):

Send us a comment

We welcome contributions about the issues covered in articles in Inside Story. Well-argued and clearly written comments are more likely to be published, and we’re now asking all contributors to provide their full name for publication. Because all comments are moderated, they will not appear immediately. Your email address is never published or shared. Required fields are marked *.
Now while I appreciate the sentiment of an editor who wishes to avoid spurious comments from people using pseudonyms or commenting anonymously, I found myself uncomfortable with the prospect of a website that forces anyone who comments to publicly reveal their real name in full.

I wrote a piece about this very topic a few months ago for Mumbrella, Toughen up - we need online anonymity, which discussed the various pitfalls involved in forcing people to reveal their real identity.

While I am sure it isn't the intent of this policy, one major risk - particularly relevant to a policy discussion site - is that of excluding certain groups from the conversation.

This includes people who, if their identity is published, may face physical or financial risk, those in witness protection programs, people who fear online attack if their views are taken the wrong way, those involved with policy making who have suggestions or questions, those under the age of 18 and more.

In many policy areas there are people who need to be cautious about revealing their real names publicly for legitimate reasons - whether the topic be health, law and order, immigration, development, gambling, climate change or something else.

While it is the right of each publication or website to define its own moderation and publication policies, the effect of this policy may be to silence people who have valid and important contributions to make, reducing the richness, robustness and usefulness of discussions.

If the primary concerns of Inside Story's editor and publisher are inappropriate comments, defamation, personal attacks and the like, these can be handled through pre-moderation (which they do already), backed up by a public moderation policy and community guidelines (which I cannot find in their site).

Alternatively Inside Story could require people to register and provide their real name in their account details, then publish comments under a name or pseudonym that the user selects. This would ensure they had real names if needed and allows regular contributors to maintain a consistent identity while still providing them with sufficient room to make valuable comments that otherwise they may not feel comfortable doing.

When Inside Story's editor, Peter Browne, (also credited as the Commentary Editor of Australian Policy Online) emailed me last week to ask if I was happy to have my comment published under my full name I thought about it for a few minutes and then decided that while I didn't mind my name being connected to my comments, it was time to take a stand, the damage to the public conversation could be too great. So I said no.

I won't be commenting further on Inside Story or Australian Policy Online while their current policy is in force, nor will I spend as much time reading the site. They remain welcome to republish my blog posts (which are licensed under Creative Commons, so I can't really stop them even if I had wanted to).

This decision may make me slightly poorer, however I believe Inside Story's decision significantly weakens their effectiveness and inclusiveness. The unintended consequence of forcing people to have their full name published alongside their comments is to make all of Australia poorer by stifling public policy discussion, particularly amongst those whose views most need to be heard.

I hope government agencies do not follow the same course on fulll names. It would severely restrict the value of the online channel to collect input on policy consultations and thereby make good policy harder to develop.

For the record, I've included a copy of my email exchange with Peter Browne, Commentary Editor of Australian Policy Online and Editor of Inside Story:
From: Peter Browne
Dear Craig, 
I’m not sure whether you noticed, but we now ask people commenting on articles to provide their full name for publication. Are you happy for your full name to appear with this comment? 
Cheers,
Peter Browne
Editor
From: Craig Thomler

Hi Peter, 
I didn't notice this policy change. I have now looked through your 'about' pages and see no mention of this - nor of your moderation policy. 
I would normally be happy for my full name to appear on my comment, and all my comments online are made on the basis that people can track down and find out who I am if they wanted to. 
However I'm not comfortable with a site that forces people to provide their full name publicly. This requirement prevents many people from commenting - those in witness protection programs, minors (such as 17yr olds), those concerned about stalkers, bullying, identity theft, privacy and so on. 
I see your policy as reducing the potential for open public dialogue without providing any safeguards. A backward step that only damages your reputation. 
It is also impossible to enforce anyway - people can use fake names and email accounts, thereby making your policy useless.
If your concern is around identity, have people register and use a unique username (which may or may not be their full name) - you still have their full name in the background, however they are not exposed publicly. 
If your concern is around inappropriate content, this should be managed through anti-spam and moderation techniques, potentially using the registration process above to allow you to identify and manage persistent offenders (where IP address isn't enough). Your moderation policy should be published so that commenters understand the basis on which they will be assessed. This is simply a matter of respect and setting the context of a discussion - similar approaches are used in face-to-face meetings. 
So in this case, I decline the publication of my comment and will not comment further on APO until your policy is adjusted to not require the publication of full names and is made easily accessible in your site along with your moderation guidelines. 
I will also be publishing this email in my blog to show the perils of requiring full names and linking to my post for Mumbrella: Toughen up - we need online anonymity (http://mumbrella.com.au/toughen-up-we-need-online-anonymity-58441). 
Cheers,
Craig
From: Peter Browne

Dear Craig,
My view is that if writers use their own names then responders should too. The policy is at the bottom of each article, just above the comment field. 
Cheers, Peter

From: Craig Thomler
Hi Peter,
Thanks for pointing this out. I had looked for dedicated 'Community guidelines' 'Comments policy' or 'Moderation policy' pages and looked at your summary articles, where I can still register or log-in to comment, but do not see the same message.
I now have looked at a full article and can see the text. It remains unclear on what basis you moderate.
Here's an example of what I mean by a moderation policy: http://myregion.gov.au/moderation-policy
I appreciate you believe that writers and commenters should have the same rights - although writers are often contributing for different reasons and have different agendas for expressing their views, some are even paid to do so, directly or indirectly (aka not necessarily by you). 
It will certainly be interesting to see how you decide to represent the writer when you receive an article from someone in a witness protection program or a whistleblower, and how you will treat comments. 
Cheers,
Craig

Read full post...

Friday, December 23, 2011

Is inappropriate social media use really an issue for government?

With some of the concerns and processes I've witnessed in government it would be easy to draw the conclusion that hundreds or even thousands of public servants are using social media daily in ways that damage the reputations of their departments and the government.

Fortunately, a couple of articles I saw yesterday have given me a place to start to look at the realised level of risk of inappropriate social media use by trained and well-governed public servants.

The Australian reported Public servants' pay docked over Facebook comments and SmartCompany followed up with Bureaucrats disciplined over work-related comments on Facebook made on home computers.

Both articles referred to information from the Commonwealth Department of Human Services (DHS). Over the 2010-2011 year four DHS employees had been investigated and found to have made inappropriate use of social media (well, one case referred to private email use, but let's let that one go).

I was intrigued by these articles as, to my knowledge, they represent the first time that inappropriate social media use by public servants at a Commonwealth level has been reported in the media.

To quote the Smart Company article,

The Department of Human Services says there were four code of conduct cases involving the inappropriate use of social media in 2010-11 - three related to work-related comments posted on Facebook from the individuals’ private computers. 
The other case was about material sent from the employee’s private email account.
“The incidents all involved work-related misconduct that contravened their Australian Public Service obligations,” the department said.
 
According to The Australian, one worker had had their job classification cut, the second was given a 5% pay cut over 12 months, and the third was reprimanded.
The fourth employee no longer works for the department.
I am very glad to see that this inappropriate conduct was managed effectively using existing business policies in government - noting that the DHS has made great steps forward in the social media space, establishing a social media policy and working to ensure staff are aware of it and how it aligns with the APS Code of Conduct.

I am not quite sure what the staff concerned did, this wasn't explained, however as there's been no major media blow-outs from the actual incidents, I'm going to assume that the transgressions were relatively minor - bullying, inappropriate language about work colleagues or similar breach activities, rather than leaks of Cabinet-In-Confidence documents, naked photos of colleagues released online or similar major public indiscretions.

Given we now have a public incident at Commonwealth level, I decided to use it to do some evidence-based analysis on the actual risk of inappropriate use of social media to agencies.

Let's start from the top.

It has been reported that DHS had four employees go through a formal code of conduct investigation based on their personal social media activities in 2010-2010 (and again we're letting go that one of these four was actually related to email use - not social media).

Now I happened to have been able to find out from IT News that the DHS conducted 197 formal code of conduct investigations in 2010-11. These four social media-related investigations accounted for 2% of these investigations by the DHS in that year.

Broadening this out, DHS has about 37,000 employees, so the four employees who were investigated equals 0.0108% of their staff. Note that's not 1% of staff, that's one-hundredth of one percent.

In Australia around 59% of people use social media personally in some form (62% of internet users, with internet users being 95% of the population). Let's be conservative and estimate that only 40% of DHS staff use social media personally - well below the average for all Australians.

On this basis there are about 14,800 DHS staff members using social media personally. Of these, four were reported to be using it inappropriately and investigated. That's 0.027% of the staff at DHS using social media personally. Again, that's not 2.7%, it's 27 thousandths of one percent.

So  27 thousandths of one percent of DHS staff estimated to be using social media personally during 2010-11 were investigated for code of conduct breaches.

That's not many, but let's go deeper...

Nielsen has reported that Australians are the most prolific users of social media out of all the countries they measure. We spend, on average, 7 hours and 17 minutes using social media each month.

Let's assume, again, that DHS staff are below average for Australians, that those DHS staff using social media are only spending 5 hours using it each month. On this basis, with an estimated 14,800 DHS staff using social media, their personal use for 2010-2011 would be 888,000 hours (37,000 days or just over 101 year of continuous use).

In those 888,000 hours there were four reported code of conduct investigations - that's 0.00045% of the time spent online through the entire 2010-11 year, assuming they each were an hour in duration.

If you assume DHS staff are average Australians, the percentages shrink dramatically further.

To sum up, the information from the DHS suggests that the risk of social media misuse by public servants is extremely low.

There were no indications of significant impact due to the four incidents, therefore I assume that the consequences were minor.

So on the basis of an extremely low risk and minor consequences, the risk of social media to a government Department (such as DHS) is negligible - and easily mitigated through appropriate management procedures (a policy, guidance and education).

So for any agencies still hanging back from social media, consider the evidence, the mitigations you can put in place, the potential benefits of engagement AND the risks of not using social media (reduced capability to monitor key stakeholders/audience views, inability to engage citizens in the places they are gathering, no ability to counter incorrect information or perceptions and so on).

You might find that your current strategy of non-engagement is far more risky.

Read full post...

Friday, November 25, 2011

This week's social media score - Public: 3 Organisations: 0

This has been an insightful week for organisations using, or considering using, social media with three successive events demonstrating how far power has shifted to the public and illustrating how Australians companies are struggling to engage effectively online.

First up was Qantas with its poorly timed "Qantas luxury" promotion. Qantas launched the Twitter competition by inviting the public to tweet their idea of travel luxury using the hashtag #qantasluxury.

However Qantas appears to not have recognized that the tens of thousands of negative comments levied against the organisation since their shutdown represented a deep seated frustration and disillusionment with the company. Even though Qantas had hired four additional staff focused on monitoring social media the week before.

Within minutes of Qantas's tweet announcing the competition the public hijacked the hashtag and turned it against the company, using it to vent their concerns and frustrations at the airline.

This was picked up by traditional media and covered widely, turning a small ($1,500 in prizes) competition into what was called a national PR disaster for Qantas.

Next was Nissan, whose online competition, managed through their Facebook page, went pear-shaped when the winner of the competition turned out to be good friends with one of Nissan's staff running their social media presence.

While the competition was totally above board, with the winner selected objectively by finding the most car graphics on websites, unfortunately the winner's friendship with the Nissan staff member made it appear otherwise.

Nissan themselves were very upfront about it - indicating that while they congratulated the winner they'd have preferred if he hadn't won, but he'd done so fair and square without breaching any competition terms.

In this situation Nissan's approach did a lot to mute the concern, however it demonstrated the issue of friendship networks. If you're a staff member operating social media channels for an organisation it is highly likely you have many friends online. So what do you tell when a new company competition launches? You let your friends know online so they can spread the word and increase the competition's reach. Entirely above board, however risking a backfire if your friends can gain advantage by being first into a competition.

Third, and most significant, has been the social media backlash against the Kyle and Jackie O show following the comments of Kyle Sandilands regarding the deputy editor of news.com.au after her article about the reaction to Kyle and Jackie's TV special (which rated extremely poorly).

The backlash, much of it under the hashtag #vilekyle, has led to around a dozen companies deciding to withdraw their advertising from 2DayFM and sponsorship from the Kyle and Jackie O show - even the Federal government has now withdrawn all advertising from any show hosted by Kyle Sandilands.

Over 15,000 people have signed an online petition calling for advertisers to drop support for Sandilands and a number of people (myself included) have called for Southern Cross Austereo to let Sandilands go. Whether they will or not remains to be seen, however the loss of significant sponsors and advertisers will place significant pressure on the company to reconsider Sandiland's contract and on air presence.

All three examples above this week demonstrate different risks in social media.

Qantas failed to monitor and accurately assess the public view, selecting the wrong social media approach to attempt to rebuild its brand. Nissan made an easy misstep, selecting a competition mechanism that raised the risk of someone close to a staff member winning a prize, however by handling the situation in a proactive and robust way minimized the damage and emerged largely unscathed despite initial public concerns.

The Sandilands incident (which remains ongoing) demonstrates how public outrage can translate into the need for rapid organisational action, both through advertiser withdrawal and the attempts by Sandilands and Austereo to apologies for his behaviour (albeit fairly weak apologies that have not satisfied many online). In this case even though Sandiland's comments were made on radio, not on social media, the backlash occurred online and neither Kyle nor Jackie O, nor their employer Southern Cross Austereo, were prepared to engage with the public online response, whereas many of the sponsors and advertisers did, helping to minimize damage to their own brands.

None of these events impacted the government or public service - and in fact there's never been a significant social media disaster due to online engagement by public servants or agencies in Australia (I don't include media attacks on public servants such as by News Ltd on Greg Jericho) - however they all have lessons for government agencies to learn.

It is important to recognize that being absent or unresponsive online and in social media is no protection against public outrage (as the Sandilands incident shows), and failing to monitor online sentiment is a recipe for PR disaster (as Qantas demonstrated). However if organisations act with good faith, communicate and engage actively (as Nissan and several advertisers from the Sandilands issue did), they can minimize the impact of social media gaffes and build strong online relationships with their customers.

Read full post...

Friday, October 14, 2011

Treating bloggers right

Many organisations still haven't cottoned on to the influence of a number of blogs or how to appropriately approach and engage with them - including PR and advertising agencies who should know better.

I was reading an excellent example of this the other week, from The Bloggess, where a PR agency not only approached with an inappropriately targeted form letter, which indicated the agency hadn't even read her blog, but responded to her (relatively) polite reply with an annoyed response.

The situation really escalated, however, when a VP in the PR agency, in an internal email, called her a "F**king bitch" (without the asterisks). This email was accidentally (by the VP) also CCed to The Bloggess.

The Bloggess took a deep breath, and responded politely, however then received a torrent of abuse from the PR agency.

At this point she published the entire exchange on her blog - in a post that has already received 1,240 comments, has been shared on Facebook 8,397 times and via Twitter 5,328 times.

Her comments have also been shared widely and her post read by many of her 164,000 Twitter followers.

The Bloggess's post is a good read - particularly for government agencies and their PR representatives - on how to behave appropriately when engaging bloggers, and the potential fallout when they don't.

I'm also keeping a link handy to 'Here's a picture of Wil Wheaton collating papers' for those PR and advertising agencies who send me form emails asking me to post about their product or brand promotions on my blog (and yes there's been a few in the last six months - all Australian agencies).

Read full post...

Tuesday, September 27, 2011

Identifying the existence and impact of transformational leadership in the Australian public sector

Steve Davies over at OzLoop has just published a thesis by Dr Derek Ambrose that looks at the topic of leadership in the Australian public sector.

It is a fascinating read (particularly from pages 68-80 and 113-185 including the conclusion from pp160), and provides insights into challenges the public sector has experienced in encouraging new approaches to public sector management, innovation, appropriate risk-taking, in modernising systems and processes and in embedding Government 2.0 as business-as-usual.

I commend Derek's paper, Identifying the existence and impact of transformational leadership in the Australian public sector as an excellent and thought-provoking read.



Read full post...

Thursday, May 19, 2011

21st Century society vs 19th Century laws and policing

Laws have always struggled to keep up with society, however rarely in such a vivid and public way as in Wednesday's arrest of Sydney Morning Herald journalist, Ben Grubb, and the confiscation of his iPad.

The incident, well reported in the SMH, occurred when Queensland Police responded to a complaint regarding a photo hacked from one security expert's private Facebook page and displayed in a presentation at the AusCERT conference in Brisbane as an example of a major security hole in Facebook's system.

Grubb was attending the conference and received a briefing about the security hole. Seeing the public interest in telling the community that their supposedly private Facebook photos could be easily accessed, Grubb reported the matter in an article featuring the image, which I can no longer find on the SMH site.

The following day police questioned Grubb about the matter and then demanded he hand over his iPad on the basis that police wanted to 'search' it for evidence of a crime. When he was unwilling to do so, he was arrested and his iPad confiscated for a complete image of its content to be taken and analysed by police (let's not even explore the potential conflict with Australia's Shield laws, which incidentally also cover bloggers and tweeters).

The basis of police concern was that the image retrieved by the security expert and used in the SMH article was 'tainted material', stolen from a Facebook account and then passed on to others.

What is more worrying is that the Queensland police, in a press conference, then equated receiving an email containing a stolen image as 'like taking stolen TVs'. To quote:

Detective Superintendent Hay used an analogy to describe why Grubb was targeted.

"Someone breaks into your house and they steal a TV and they give that TV to you and you know that TV is stolen," he said.

"The reality is the online environment is now an extension of our real community and if we go into that environment we have responsibilities to behave in a certain way."

Let's think about this for a moment.

Firstly, when someone 'steals' an image - or music, movies, books or other online content - it isn't stealing if the content remains at the point of origin for the original owner to continue using. It may be a copyright infringement or privacy breach, but unlike stealing a television, where the owner of the television is left without it, there is no theft, simply replication.

On that basis any laws around theft simply don't apply online. You can copy my idea, my words, my images. However unless if you somehow delete the originals, you are not stealing them, you are breaching my copyright.

Secondly, when an email is sent to our email address it gets delivered regardless of the legality of its contents. We have no say in whether we receive legal or illegal messages and images. Sure there's spam blockers and the like, however these automated tools can't tell if content is legal or not, only if it violates certain rules, such as containing certain four letter words or phrases.

However, according to the QLD Police, if someone sends you an email containing a 'stolen' image, you are breaking the law. This is even though there is no way possible for you to refrain from receiving the email in the first place. You don't even have to open the email. If it has been stored on your device, based on the QLD Police's interpretation of Commonwealth law, you are a potential criminal.

This has enormous ramifications for society. Anyone can frame someone else by sending them an email. As it is relatively easy to set up a disposal email account, you can do so anonymously. This could be used against business rivals, political opponents, or even against the police themselves simply by sending them an anonymous email and then making an anonymous complaint.

Equally, if the person receiving the email is a potential criminal, then what about all the organisations whose mail servers were used to transmit the message?

When an email is sent from one person to another it can pass through a number of different systems on its journey. At each stop, a mail server copies and saves the email, checks the route then sends the email on.

In most cases these mail servers delete these emails again for storage reasons, however at a point in time each of them has received the email, making the organisations and individuals who own them liable, again, under the QLD Police's interpretation of the law.

Given the number of emails sent each day in Australia it's clear from the QLD Police's legal interpretation that most ISPs must be operated by criminals, receiving, storing and transmitting illegal content all day and night.

Applying this type of 19th Century policing and legal approach clearly isn't going to work in the 21st Century.

When everyone can publish and illegal content can be received without your consent or knowledge, laws need to change, as does police training and practice.

Without these changes government bodies will become more removed from the society they are meant to serve, unable to function effectively and efficiently in today's world.

By the way, the security analyst who originally 'stole' the Facebook images hasn't been questioned, arrested or charged. And Ben Grubb still hasn't received his iPad back.

Read full post...

Monday, February 21, 2011

Don't let failure be the enemy of success

Votaire said, "Don't let the perfect be the enemy of the good".

This is often quoted in politics where the acts of creating, selling, passing, implementing and maintaining complex policies can result in challenging decisions between perfect, yet practically impossible and practical but only good outcomes.

I'd like to suggest a similar saying for bureaucrats, "Don't let failure be the enemy of success"

There are many situations in life when people have to choose between trying something difficult, risky or new and staying with the 'tried and true' approach.

This is often portrayed as choosing between risking failure or accepting a lessor level of success. Indeed many people often see their choice as between failure and success - one outcome seen as negative and the other positive.

However failure and success are not opposites, are not opposed to each other and both can be useful steps on a path to better outcomes.

Every success is born from a range of failures, every failure occurs on the back of successes. The two are locked in a continuous dance of possibilities, risks and choices.

When we remember successful inventors, we often overlook the failures on their path to success. When we remember failures, we often downplay the successes that were achieved and often had longer-term implications. We also forget how that failure helped us shape our thinking, abandoned an approach or otherwise consider more variables in order to improve future success.

It is rare to find an individual, organisation or nation that has not had a share of, learnt from and built on both their failures and successes.

So what does this mean in practical terms for public servants and government agencies?

It means take a risk from time to time. Try something new or different - you may produce a new or different outcome.

Even if the new approach fails it may trigger further ideas worth exploring, potential successes your organisation may not have otherwise considered. It can help your staff deal with future (inevitable) failures, test your organisation's systems and otherwise help you tune activities for the better.

At worst you have new information and can justify not trying that approach again, given a particular set of circumstances. This can help you avoid larger, longer, more costly or more devastating failures in the future (fail small and fast as start-up wisdom goes)

Failure is almost always a type of success, even if it is merely used to disprove an approach and help you focus on more productive channels.

So remember, don't let failure be the enemy of success.

Read full post...

Monday, December 06, 2010

What's the risk for government agencies of NOT engaging via social media?

If you do not embrace social media soon, the digital divide in your country will be dwarfed by the divide between your country and the rest of the world.
Chris Moore, the CIO of Edmonton Canada, as reported in FutureGov Magazine.

When people ask me to consider the risks of government agencies engaging with audiences via social media, I often respond by asking them if they've considered the risks of not engaging.

This often gets blank looks; many people don't often consider the risks of not doing things, even though it is a normal part of life.

For example, who today doesn't understand the risks of not wearing seat belts? However, only 15 years ago there were plenty of concerns still raised about the risk of wearing them.

Here's a list of some of the risks highlighted by the US anti-seatbelt movement:
  • Wouldn't you rather be thrown through the windshield of your car to safety than trapped in a rolling vehicle? And after you are thrown through the windshield, how can you jump out of the way of your rolling car if you're all tangled in a seatbelt?
  • As much as one tenth of one percent of auto accidents involve sudden fire or plunging into water. If everyone in the United States takes part in an annual auto accident, that's 23,000 people who run the risk of being trapped and fatally killed by a seatbelt each year!
  • Psychiatrists say that exposing young children to practices such as bondage from an early age can cause confusion during puberty.
  • A section on seatbelts in the National Highway Traffic Safety Administration Web site's FAQ says (when edited for clarity): "Wear ... a seatbelt ... and ... you will ... died."
  • Even the statistics of the pro-seatbelt Automotive Coalition for Restraint of Freedom proves the case of their opposition. The Coalition says that seatbelts cut the risk of serious or fatal injury by 40% to 55%, but even if this number is believed, it means that seatbelts are potentially deadly in the remaining 60% to 45% of cases!
  • Seatbelting is related to the hideous ancient Chinese practice of foot binding.

I expect, over time, that many of the risks of using social media will become normalised and accepted or explained away as myths, whereas the risks of not using social media will become more acute.

A good case in point is an article from The Australian published on Thursday 2 December, DFAT the dinosaur needs to find Facebook friends.

Besides the actual article appearing, which could be seen as reducing faith in the capability of DFAT to effectively carry out its duties, the article highlights the level of online activity by foreign services in countries like the US and UK, compared to the level of activity from DFAT.

For example, the article states that:
The [US] State Department operates 230 Facebook accounts, 80 Twitter feeds and 55 YouTube channels and has 40 Flickr sites. And the story of e-diplomacy doesn't end here. Other governments are experimenting with dozens of other innovations and the pace of change is rapid.
Notwithstanding the need to run quite so many accounts, the US State Department is becoming an astute user of social media to reinforce US foreign (and domestic) policy goals. This supports the US government to project its power globally and influence world opinion in its favour.

The expertise the State Department is building puts it far ahead of other nations, although the UK is doing an exemplary job with its diplomatic blog network. For example:
Digital tools would also allow DFAT to play in spaces it is cut off from at present. Take the blogosphere, for example. The US, Britain and Canada have all entered this space. The US maintains nine full-time Arabic-language bloggers, two Farsi bloggers and two Urdu bloggers while the British Foreign Office also has two full-time Farsi bloggers.

So, what is the risk to Australian government of not using social media, or of entering the space late (a position some Departments already face)?

Departments may become less effective at informing or influencing public opinion, locally and abroad. Our governments will be less able to compete diplomatically, both overseas and locally against social media savvy interest groups, corporations or even individuals.

As other nations continue to develop and exercise their public sector social media 'muscles', by institutionally blocking Australian public servants from using social media in their jobs we could be allowing our own government's 'muscles' to become increasingly flabby and weak.

Therefore, if public servants are not able to learn how to effectively communicate via social media now, we will be at an increasing disadvantage as others pull further ahead of us.

This loss of effectiveness could take a very, very long time to redress.

Next time you consider the risks of social media engagement by your department, consider the risks of not engaging for yourself (your career), your department, the government and Australia as a nation.

You might find that the risks of not engaging vastly outweigh the risks of engaging.

Read full post...

Tuesday, August 24, 2010

Legal benefits of social media use

I've been speaking with a few lawyers and solicitors lately regarding the risks of various social media initiatives and tools.

Today, over lunch, it struck me that lawyers rarely - if ever - speak about the legal benefits of social media, the ways in which the use of social media can provide better outcomes for organisation, in a legal sense, than 'traditional' approaches to listening, communication, consultation and engagement.

So I've made a stab below at identifying some of the legal benefits of social media - please feel free to add your own, or debate my views, in comments.


Identifying potential legal risks early
The first legal benefit is the capability to monitor social media to identify any emerging concerns or issues that could lead to future legal risks for an organisation.

People often speak openly online about their concerns and frustrations. A trend of similar issues can represent an emerging issue with a policy, system or service delivery function that could eventuate as a court case or even a class action.

Social media provides an avenue to identify these trending issues quickly and gives organisations an opportunity to address them before they 'blow up' into the media and legal action.


Audit trails
One of the major benefits of the online channel is the capability to capture and track user behaviour - particularly when a user is registered and signs into a service. This can provide legal benefits through a clear audit trail of an individual's online activities to either verify their story, or prove it untrue.

Where an individual claims to not have viewed particular material, or to not have agreed to certain terms and conditions, a digital trail can provide veracity - for example when signing up to a particular online service, changing contact details or revealing personal information.

I have seen cases in government where an individual has claimed that their online account had been fraudulently modified by another party however, through auditing the digital records, it became possible to prove that it was a relative authorised to use the account who had made the changes, preventing any type of legal action against the agency providing the service.

In a case unrelated to government, recently an iPhone log was used to prove that an individual was being falsely accused of rape and in other cases email records and the logs from websites have been used to prove or disprove an individual's involvement in particular matters.

Where government employs social media tools for activities such as stakeholder or community engagement or consultation and some form of log-in or other way to recognise users (such as through a Facebook or Twitter identity) is in use, it becomes much harder for individuals to falsely claim that they were unaware of certain information or otherwise prove statements that could lead to agency legal liability.


Accessibility
The internet can be a cost-effective way to provide documents and discussions during a consultation process in an accessible manner, avoiding the legal risk of breaching the Disabilities Act.

Rather than holding a consultation by mail, where mailed submissions are scanned in and either not provided online at all, or presented as images - totally inaccessible to screen readers - government can hold online consultations where every submission is typed directly into the consultation site.

These submissions can be reviewed and published online in a manner accessible to all internet users. They can also be printed (maybe in braille) or read out by a machine over a phone line for non-users.

This use of the internet for consultations is a very cost-effective way for organisations to meet their obligations under the Disabilities Act and avoid legal action for providing submissions in a non-accessible manner.


Inclusion (equalising access)
Using the internet in engagement activities, alongside other approaches, allows a much broader range of people to participate - minimising the legal risks of decisions where some audiences claim they were not consulted.

Often those who work nights, have day jobs, young children, are physically less mobile, geographically distant or otherwise have commitments are less able to participate in face-to-face discussion with a government agency or its representatives.

Where these people are affected by the outcomes of a face-to-face engagement process these people could feel excluded and unheard. In some situations, could lead to legal action against certain policies or decisions.

By using the internet alongside other approaches within an engagement process - via a forum, blog, facebook page, or similar means - a government agency can ensure that audiences unable to attend a physical event are heard and their views considered.

This increases their feeling of inclusion and lessens the risk of developing poor policy, reducing the risk of policy failures which could lead to legal action.


So there you are - four legal benefits from using social media that can reduce an organisation's legal risks (versus not using social media).

Can you think of any others?

Read full post...

Thursday, July 01, 2010

Still on the Internet Explorer 6 web browser? Microsoft tells organisations to ditch it

Microsoft has just released a beta version of Internet Explorer 9, however is still having to ask organisations to stop using Internet Explorer 6 (IE6).

Despite lacking the ability to fully view the modern web IE6, released nine years ago, is still used by a number of Australian organisations, including some government agencies.

The Sydney Morning Herald, in the article Microsoft begs users to ditch IE6 quotes Microsoft Australia's chief security officer, Stuart Strathdee as saying “IE6 has a lifecycle. We’re well beyond its expiry date”.

The article also stated that,

Strathdee said corporate users who haven’t yet upgraded to IE8 fearing the loss of customised ERP and CRM systems were probably running outdated versions of those and should look to upgrade them all. He said the company would be happy to help customers do so.

“It’s only a very small number of queries on those systems that would be locked to IE6,” he said.

“For us security and privacy are closely related. We’re really pleading with people to upgrade.”

Is your agency still using IE6?

If so the question becomes, are your senior management aware of the security and reputation risks they are taking by doing so?

Read full post...

Bookmark and Share