Tuesday, March 08, 2011

Doing good while improving security with ReCAPTCHA

There's still many government online forms and consultation systems that don't make use of 'human recognition' tools such as CAPTCHA to help verify that the people filling in the forms are humans and reduce the attractiveness of online government forms to large-scale automated attacks by bot-armies.

However, even where government has added CAPTCHA security, I've yet to see an instance where this has been used for good, as well as security.

CAPTCHA, for those unfamiliar, is a technology whereby, when completing an online form, the user is asked to type in one or more words or calculate the product of a sum before submitting their response. The words or sum are presented in an image with 'background static' designed to make it hard for a computer to read.

In most cases, humans are able to decipher and type in the correct response whereas automated form completion systems, often used for spamming, are not.

Many CAPTCHA systems are also enhanced with audio CAPTCHA (where words are read out, amidst static and background noises), supporting vision-impaired people.

These systems are not perfect, however they do increase the barriers to hackers, reducing the prospect for spam submissions or attacks.

They also add a little time to each submission attempt - possibly ten seconds. This is negligible to an individual (in most circumstances), however as millions of people complete CAPTCHA forms each day, this adds up to a lot of time overall.

Initially CAPTCHA tools just presented random words, however a system supported by Google is supporting organisations to 'do good' as well as improve their security.

Named ReCAPTCHA, the system has integrated the work being done to digitalise books and documents. Rather than using random words, users are presented with words that computers could not understand during the document digitalisation process.

Each time a user completes a ReCAPTCHA, they are helping to decipher and digitalise the world's literature and records - preserving it into the digital age.

Assuming an average of two words per ReCAPTCHA, and each being repeated many times in order to validate the entry, there's a miniscule contribution by any particular individual.

However if, for example, 50 million people each verify themselves using ReCAPTCHA each day, with each set of two words presented ten times on average, a total of 10 million words in old documents and books that have been deciphered and correctly digitalised. Each day. That's 3.6 billion words per year.

So if your organisation isn't using CAPTCHA security on forms, or even if you are using a custom CAPTCHA technology, you might wish to consider exploring the use of ReCAPTCHA - which is free to reuse from Google.

Alternatively, of course, Australian institutions could develop their own type of CAPTCHA approach (for old newspapers, for example - or archival records). It would be a meaningful extension to the work the National Library of Australia is already doing.

Below is a video on the work being done with ReCAPTCHA.

Learn more about ReCAPTCHA.

Read full post...

Monday, March 07, 2011

Organisations should really, really stop using Internet Explorer 6 (says Microsoft)

Microsoft has launched a website specifically designed to get organisations to stop using Internet Explorer 6 (IE6) and upgrade to newer browsers.

The Internet Explorer 6 Countdown website has the stated goal of watching global use of IE6 drop below one percent, stating that,

10 years ago a browser was born.
Its name was Internet Explorer 6. Now that we’re in 2011, in an era of modern web standards, it’s time to say goodbye.

The site indicates that only 3.2 percent of Australia's internet users still use IE6 while global usage remains about twelve percent.

Finland and Norway are highlighted as leading nations, with only 0.7 and 0.8 percent usage respectively.

Some nations are still heavy users of IE6, including China where a massive 34.5 percent of internet users are still on the web browser, and in South Korea where usage is at 24.8 percent.

Internet Explorer 6 usage around the world from the Internet Explorer 6 Countdown website

I've spoken to many web developers who estimate that developing for IE6 adds around 20 percent to the development time and cost of websites - so there are sound productivity and cost reasons for upgrading, besides the security and access benefits. In fact organisations still using IE6 are already unable to fully use many popular and important websites.

If your agency remains on Internet Explorer 6, this website might be worth bringing to the attention of your senior management.

After all, as Microsoft states in this site, "Friends don't let friends use IE6".

Read full post...

Thursday, March 03, 2011

What is muting Australian public servants online?

Over the last two years we've seen a concerted effort by governments across Australia to increase the level of online engagement, debate and discussion involving public agencies.

In 2009 the Government 2.0 Taskforce, commissioned by then Finance Minister Lindsay Tanner and chaired by Dr Nicholas Gruen, conducted a six month process of engaging public servants via online channels, pioneering the use of blogs, Twitter and Facebook to demonstrate how it was possible for the public service to effectively communicate, engage, consult and be consulted online.

Late in the same year the Australian Public Service Commission replaced its Interim Protocols for Online Media Engagement (originally released in late 2008, with the updated Circular 2009/6: Protocols for online media participation.

Early in 2010 the Australian Government released its response to the Government 2.0 Taskforce's final report, agreeing with all except one of its recommendations (and simply deferring the remaining recommendation to after another related review was completed).

Since then we've seen the MAC innovation report, Empowering change: Fostering innovation in the Australian Public and the Ahead of the Game report from the Department of Prime Minister and Cabinet, outlining steps to reform the public service.

There's been the Declaration of Open Government, the initiation of the Government 2.0 Steering Committee, the launch of GovSpace (a blogging platform operated by the Government and open to all agencies to use).

We've seen more than 260 government agencies and councils join Twitter, wide ranging activity on Facebook and a proliferation of social media policies at local, state and Commonwealth level.

Agencies in Australia are using social media in ways that would have been unacceptable and unachievable even two years ago, some demonstrating world class engagement online. Some states have comprehensive action plans in place and official usage of social media by agencies in some places is approaching one hundred percent.

I don't have the same level of information about Commonwealth agencies (there is no central register of activity or survey results, as there are for some states), however most have established some form of social media beachhead in support of campaign or corporate needs.


With all this official usage you might expect to see vibrant and active online communities of public servants discussing shared issues and best practice, or to see public servants listening to and contributing actively to online policy discussions.

Many groups set up for public servants seem to have reasonable memberships - several hundred people at least - however most of these members are silent, with at most 10% carrying on a halting conversation.

Blogs and forums established to discuss public issues are dominated by the same regular contributors, providing valid and thoughtful views for the most part, however still representing a fraction of the more than 100,000-strong Australian public service.


So what is going on? If over 75% of the Australian online public are actively using social media (as Neilsen has reported), what makes public servants different, what is muting Australian public servants from participating online?


There are a large number of public servants who keep their personal lives very separate from their work lives. They happily connect to their families and friends via social media channels, but don't perceive them as professional development or business tools.

I also still encounter public servants unaware of the Australian Government's Government 2.0 program. They either have never learnt about it through their usual newsgathering channels, dismiss it as an IT initiative, or are simply uninterested as they don't perceive Government 2.0 as having any direct relevance to their work or career.

There's also a number of institutional barrier in place. Despite the growing official adoption of social media in government, the 2009-2010 State of the Service report indicated that only 31 percent of APS staff and 28 percent of service delivery employees have access to social media and networking tools in the workplace.

Where there was access to social media and networking tools, the report indicated that the tools are being under-utilised for various reasons, including lack of staff awareness or interest (similar to my point above), or there was a lack of resources and agency policy restrictions.

In addition, only 10% of agencies reported that they had technical guidance available to employees on how to use social media and networking tools. Staff may not always feel they have the permission or the education required to use social media in a professional manner at work.

This is compounded by the use of adaptive filtering tools which do a fantastic job of blocking inappropriate websites, however may also block appropriate and important websites and social media channels used actively in agency business. As these tools work on the basis of blocking categories rather than individual sites, a simple misclassification by a vendor can limit a department's access to key sites for days or weeks. Social media channels - with a wide range of fast changing material - are often prone to being blocked.

There's also pressure on staff due to workload. There's limited time to innovate, experiment or improve work practices via social media and Government 2.0 approaches when staff are flat-out getting their jobs done the 'old' way.


So where does this leave Government 2.0 and social media adoption?

We have a strong and growing core of activity, with a small number of engaged participants and a wider group adopting these tools as their agencies recognise that the changes in Australian society preclude them continuing to use old approaches.

In many cases public servants engaged in communications and consultation activities simply have to include social media in their mix to generate effective outcomes.

Cost pressures are also taking their toll. As budgets tighten, public servants look for more cost-effective means to engage. I've often seem the most enthusiastic adoption of social media channels when budgets have been cut or in crisis situations where traditional media channels aren't responsive. Albeit this is sometimes constrained by a lack of expertise or shortages in manpower.

However many public servants still haven't made the link between social media and their jobs. They haven't had the time to reflect or consider - nor been presented with compelling cases of why they should adopt new tools - particularly where old ones continue to work reasonably well.

We haven't yet reached a tipping point, where the argument for and knowledge of the new approaches now available has overcome the resistance and systems geared towards more traditional approaches.

So in my view it is simply a matter of education, example, clear political and senior will and time - but how much time? No-one can really say.

Read full post...

Wednesday, March 02, 2011

It's time to register for BarCamp Canberra - coming on 19 March

On Saturday 19 March Canberra is hosting the 4th BarCamp Canberra, a free one-day user-generated not-for-profit 'unconference' covering topics ranging from social innovation, Gov 2.0, web, technical development, science communication, critical thinking, sustainability and the environment.


If you've attended previous BarCamps you'll know how exciting and fun they can be, packed full of interesting and unique presentations and sessions and a great opportunity to network. It's well worth giving up a day of your weekend to attend.

New to BarCamps?
If you've not been to a BarCamp before and are a little concerned about the lack of an agenda, free attendance, or the expectations that attendees all participate - don't be.

There have been over 800 BarCamps run in more than 350 cities around the world over the last five years. The format is well-tested and delivers consistent outcomes - good speakers on interesting topics and a very engaged group of attendees who benefit from each others' knowledge.

BarCamp Canberra is now in its 4th year and regularly attracts 100-150 attendees.

This year will be even more exciting as the event is being held in the ANU's brand new College of Business and Economics, which allows for more attendees and more simultaneous presentations.

How are speakers 'selected'?
As an unconference, BarCamp Canberra doesn't have set speakers or an agenda. On the morning of the event attendees nominate to speak and, usually, write their presentation and name on notes and stick them to a schedule on butcher's paper.

Others attendees can choose which presentations they attend.

This bottom-up approach is what makes BarCamps unique, as anyone can speak on any topic, allowing for wide-ranging discussions and unique presentations.

You don't have to speak and you don't have to come all day - and both attendance and lunch is free.

To learn more about BarCamp Canberra, visit http://barcampcanberra.org/ and http://barcampcanberra.org/profile/

To register, go to http://bcc2011.eventbrite.com/

To learn more about the global BarCamp movement visit www.barcamp.org

Note: I am one of the 'unorganisers' for BarCamp Canberra.

Read full post...

Tuesday, March 01, 2011

Should an employer ever require your social media passwords as an employment condition?

At least one state agency in the US, Maryland Division of Correction, recently started requiring employees to provide their personal Facebook password and allow their employer to scrutinise their account as a condition of continued employment.

Apparently this request wasn't illegal - although it breaches Facebook's usage policy (which could mean the employee loses their account).

The rationale given by the employer was that they needed to review the contents of the account as part of the employment contract.

A video of one staff member asked to provide his personal Facebook password is below.




Now this isn't the first time an employer has required their employees to provide personal passwords as a condition of employment. The city of Bozeman, Montana might live in history as the first government to ask all of its staff to provide all their social media passwords - although they quickly dropped the policy when media scrutiny became too high, on the basis that the community "wasn't ready yet".

A number of law enforcement agencies have also apparently begun requesting this information as part of their recruitment process, as reported by USANow in the article, Police recruits screened for digital dirt on Facebook, etc.

There are also stories of financial services companies and other organisations similarly requesting access to personal social media accounts before hiring new staff.

Should employers be allowed to request your passwords?
So are there situations where an employer should be able to access their employee's private social media accounts?

Is this a breach of privacy, or an appropriate step forward for background checks, given how much background people today store in their social media accounts?

Often, for security clearances or in highly sensitive roles, staff in both public and private sector organisations are asked for all kinds of personal information as a requirement of employment. Are requiring your social media accounts details - and passwords - much of a stretch?


Here's some articles discussing the topic:

Read full post...

Bookmark and Share