Friday, November 01, 2013

Social media policies from across Australian governments

I've been compiling a list of social media policies released by government agencies and councils across Australia as a central resource bank for organisations who are either still in the process of creating their policies, or are interested in reviewing and improving them.

Thus far I've identified just over 70 policies - a small number considering Australia has over 550 councils, 100 state departments and 18 federal departments, plus all of the independent agencies and statutory bodies across the nation.

This is even smaller when considering that I took a broad view and included policies written for the public as well as those written for agency staff or as models for other agencies to adopt.

Based on previous research I conducted in 2012 (which will be repeated next year), many Australian Government agencies claimed to have or be developing a social media policy, but hadn't considered whether to publish it as yet.

I consider staff social media policies as one of the standard documents that agencies should disclose proactively, and it will be interesting to see when I ask them next year whether agencies feel the same way about this.

Anyway, below's the spreadsheet of social media policies - please comment if you have more to add (I'm not ready to open it up to general editing as yet).

Read full post...

Tuesday, October 29, 2013

How do we solve falling trust in online services before it becomes critical?

A few days ago LinkedIn launched its latest IOS app, Intro.

The app promises to integrate LinkedIn profile content directly into emails, allowing more rapid connections and helping give email recipients access to a range of relevant information about the sender.

Given both Apple and LinkedIn are well-known brands, many people are likely to trust that this app is safe for them to use, that these two global companies have taken every step to ensure that users are not exposed to privacy risks.

It's also not a big decision. Intro is free and installing the app is a two-click process, done in under 30 seconds. People are unlikely to spend the time to look at the usage policy in detail, or consider the impact of such a simple decision when they trust the brands.

However, in this case, trusting LinkedIn and Apple may not be wise. Global Security Consultancy Bishop Fox released a very compelling post outlining serious concerns with how LinkedIn's new app works.

According to Bishop Fox, the app works in the same way as a 'man in the middle' hacking attack, by sending all of a user's emails through LinkedIn's mail servers. Here they could be read by LinkedIn or, if encrypted, this process could stop the final recipient from ever receiving the email.

LinkedIn states that it will keep information from the emails it captures - and while it states that LinkedIn “will never sell, rent, or give away private data about you or your contacts.” there's no clarification of what data LinkedIn might consider private, nor any solid information on how LinkedIn has mitigated against the type of security breach it suffered in 2012.

This is just a single instance of a situation where the public are being asked to trust a company to do the right thing online, while there's no guarantee they will, and often there's few ways for an individual, organisation or even a government to hold a company to account when they fail to keep their end of the trust bargain.

So the conundrum for the public has become, who can they trust online?

Clearly there must be a level of trust to use online systems, with banks and government clear cases of where trust relationships are critical for transactions and service provision. With no trust in online systems, online banking and egovernment could not exist.

Social networks are also important. As places where people store personal information and share more and more of it over time, there's a clear requirement for companies to appear trustworthy and safe.

Even search engines, which have become the front door to most websites (with Google the dominant player), have a huge trail of data on their users - what you search for helps define who you are, particularly when people use search for medical and personal matters.

The public must implicitly trust all these organisations to both play nice with their personal information and to secure it such that nefarious groups or individuals don't get it. However it has become very clear that they simply can't.

Whether it is commercial providers, who primarily use this data to identify more effective ways to sell, or governments and banks who require this data to validate individuals, the number of reported data breaches is rising - in a global environment where few governments legally require companies to report breaches to the people potentially impacted.

On top of this comes revelations of data surveillance operations by government agencies, such as the NSA, commercial entities such as the example from LinkedIn above, where the data helps them productise their users, or organised crime, who use hackers and insider sources to secure valuable data for use and resale.

However despite increasing concern over how data is secured, who can access it and how it will be used, individuals continue to use many of these online services, either because they simply cannot live their normal lives, or conduct business, without using them, or because of the "it won't happen to me" principle.

If public trust disappears, what does that mean for every organisation using the internet to build its business or to provide more convenient and cost-efficient services?

What impact would it have on government, where a shift to electronic transactions means less investment in other channels and, over time, less capability to meet citizen needs should a collapse in online trust occur?

I don't know how this situation can be resolved, particularly with the low attention paid to ensuring organisations report and rectify data breaches and be clear on how they will secure and use data.

While it is a global issue, individual governments can have an impact, by establishing a robust privacy framework for their citizens and recognising that people own their own data and any organisation allowed access to it should be held accountable for not securing or using it appropriately.

Do we have such a regime in Australia today?

I wanted to finish with an extract from the response I received from the Australian Privacy Commissioner when I reported the LinkedIn app using their email form:

Dear Craig  
Thank you for your enquiry.  
The Office of the Australian Information Commissioner (OAIC) receives a large quantity of written enquiries each day. An representative will be assigned to your enquiry and will be in contact soon. 
We aim to respond to all written enquiries within ten working days. 
If your enquiry is urgent and requires an immediate response, please telephone us on 1300 363 992 and quote your reference number. More complex phone enquiries may require a written response and may still take some time.

A response within 10 working days (14 actual days).

I wonder how many individuals may have their privacy breached, or organisations their confidential data exposed, by a single popular mobile app from a well-known company in this period of time.

Read full post...

Thursday, October 24, 2013

What's the digital communication capability of Australian governments?

On the back of the UK Government's second whole-of-government communications plan, the UK Government has been undertaking a Digital Communication Capability review asking (in simple terms), how is digital communication and engagement done, and how could it be improved?

The Review has involved consultation with Communications Directors, digital engagement specialists and senior executives across the UK Government and was led by a team of three independent reviewers with a deep knowledge of digital communications.

The review is still in the closing stages (final due in November), however has been an extremely transparent process, with all comments available online and the draft report already released for final feedback (similar to the process the Australian Gov 2.0 Taskforce used in 2009, but has been rarely used since in Australian government).

Many of the top-line findings would resonate with Australian public sector digital communications professionals, with the headline finding being:

Pockets of good practice notwithstanding, the headline finding is that digital communication in government is developing in silos and not in the mainstream. The consequence is that it is being outpaced by the best of the commercial and NGO worlds. Too much is broadcast and does not seek to engage. And, crucially, it is still treated by many in departmental leadership positions as a specialist area where the risks usually outweigh the benefits.
Underneath this, the review found that there wasn't a natural home for digital within departments - with placement in existing areas such as media relations leading to a biased approach which didn't serve all agency needs.

It also found that;
  • departments were not realising economies of scale, with different agencies separately purchasing the same or different social media management and analytics tools, 
  • communication focused far too much on informing rather than conversations, 
  • objectives were based on easily measurable quantitive scores (such as followers or tweets) rather than on changing outcomes,
  • there was an over-reliance on 'build it and they will come' approaches, 
  • there was a shortage of skills - exacerbated by a lack of confidence and judgement, 
  • there were limitations on access to social media due to IT security considerations - which may be valid but were poorly explained and understood, and
  • there was a lack of trust and overriding pre-occupation with risk.
Unfortunately there's been none of this type of work done in a systemic way in Australia - despite it being possible to take an approach (such as the UK one) and repeat it across every state, territory and the federal government to provide a comparable model (then do a cut-down version for local governments).

This is similar to where I started with the Digital Innovation Review I conducted in Victoria (no other states or territories have been interested in a similar review as yet though).

I'd like to help. Any takers in government?

Read full post...

Tuesday, October 22, 2013

Government as a Social Machine featuring Professor Dame Wendy Hall

I blogged today from the Government as a Social Machine forum hosted by ANZSOG and featuring Professor Dame Wendy Hall from the University of Southampton in the UK.

The discussion involved a diverse group of stakeholders from public and private sector organisations and covered the history of the internet and the challenges organisations, particularly governments, and citizens face in adapting to the new knowledge-rich, engagement-rich worked enabled by global real-time distributed communication systems.

Wendy also presented at a NICTA/OKFN event this afternoon, and is presenting at the Semantic Web Conference in Sydney later this week and in Victoria next week at the first Digital Literacy event being held by the Victorian public service (details of most of these events are in my Gov 2.0 calendar to the left).

Wendy opened with a story from before the web, on how no-one predicted the Internet, despite some earlier thinkers, such as Vannevar Bush, who foresaw a memory device (memex) in his brilliant work 'As we may think' in 1945, which contained many of the elements of modern computing systems.

She also discussed Ted Nelson, who coined the terms hypertext and hyperlinks back in the 1960s and Doug Engelbart, who invented the mouse, windows and much of the user interface that we find familiar today. In fact Doug gave the 'mother of all demos' which foresaw modern computers and the web.

Wendy recalled that when she met Tim Berners-Lee at the Hypertext conference in 1991 (which rejected Tim's paper on the web), she thought it was presumptuous that he had named the hypertext system he had invented the 'World-Wide Web', presuming that people around the world would use it.

At the time she didn't think the web was original or breakthrough - "how wrong you can be", she said.

Wendy said that Tim's strategy was to give away the web, making it an open protocol and standard - universally free to use and not controlled by any organisation. She said that otherwise Tim felt that the web would not grow or thrive, but be locked down by political, academic or commercial interests.

She also said that Tim believed that to make the web scale, it had to be able to fail. While many at the time believed that a system which could dead-end, linking to a non-existent page, would turn away users, Tim strategically introduced the '404 error' (which appears when a web page isn't found) to encourage individuals and organisations to build out the web, rather than limit it.

Wendy asked whether we could have built the web another way. She believes that we may have to at some point as the web is only 23 years old, "barely out of nappies".

Wendy also believes that there's many ways to kill or corrupt the web, such as having specific organisations or governments control it - however we don't really know the outcome of these scenarios as we haven't had those experiences yet.

She did ask about what if the Internet disappeared overnight - how would it impact on individuals, organisations, societies, even countries?

The impact of a one-day shutdown of Wikipedia was immense (she said) during the SOPA protest, and there is an increasing risk in some developed nations that blackouts, caused by inadequate electricity supplies, could cause a blackout of information, with people unable to access the information they need to cope with the situation.

Wendy also said that when Tim created the web he understood that it had to include an easy way to write, as well as read, web pages - leading to the development of his first web browser, which was also an editor.

Wendy said that in 1996-8 while the web was growing, the Internet wasn't sufficiently mature for broader use, due to difficulties with slow modems, finding information (pre-Google) and the cost of computers - making categories such as online shopping inconvenient.

However now the technologies have matured Wendy believes that High Streets will disappear. She said that the UK government's decision to sell off the Royal Mail, which was instituted in the Victorian era, is a sign of this change flowing through the system.

Wendy said that years ago she consulted to the Royal Mail, highlighting to them that the new business they needed to dominate was parcel delivery, based on online sales "however they didn't get it".

Wendy also said that "it is very hard to convince the big juggernauts of industry, including government, to change".

She said that, for example, large organisations seem to believe that people will always read books - Wendy believes that yes they will read, but not necessarily books.

She recalled telling biologists years ago that they would be reading papers online. They retorted that the Internet was so slow and computers so heavy that they would never be able to read their papers on the train. Wendy said, "Now, ten years on, biologists are reading their papers on the train using iPads."

Wendy said that Google was inconceivable before the web, and engineers had 'proven' it wasn't possible to quickly index huge amounts of information.

However she said that since Google, the world has changed - and Google is also no longer just a search engine, they are incredibly diverse, "there are at least 2,000 driverless Google cars driving around San Francisco".

Wendy believes that once an organisation has a majority of people using it on a network it becomes very difficult to dislodge. Google, eBay, Facebook and now Twitter are giants, at least in the English-speaking world - different titans exist in China.

Wendy opined that Google may be the James Bond villain of the future - because it knows what you search for, "everyone has searched for something they would not want to be made public". She believes that if Blofeld took over Google they would have something over every politicians.

However, Wendy said, when used benignly or even for commercial profit, Google is fine. She also believes many other industries are in a similar position of potential control over society.

Wendy also believes that even before the arrival of social networking "we should have known how much people would want to write about themselves, take photos, videos and share, based on what we knew about human psychology and behaviour".

Wendy said there is now an expectation that people can find anything, any knowledge online and if an organisation, product, place or individual doesn't have an online presence "they don't exist." As a result, Wendy believes that the web should be the first way any new entity is introduced or promoted.

Wendy said that while Tim Berners-Lee invented the technology and helps set the standards, we (globally) have created the web. We write the websites, blogs and micro blogs. We make the links and the apps. "The web doesn't have shareholders or owners - we are collectively the creators and custodians of the web."

She said that the web exists because we want it to be there, and it will keep existing as long as we want it to exist, so we all have a responsibility to ensure it is a place we wish to frequent.

When people ask her about issues online, she tells them that we didn't make the streets safer by imposing curfews - similarly we need to create the right culture on the web, not create legal restrictions.

Wendy said that Wikipedia was started as an experiment - even Jimmy Wales didn't believe it would work - however it is now equivalent to 1,900 volumes of an encyclopedia, most of which is very accurate. It has grown its own governance, it wasn't invented ahead of time, a lesson for organisations today.

Wendy also said that YouTube is another giant attractor to the web, the place for storing and sharing videos - now owned by Google.

Wendy believes that if an alien had came to earth a hundred years ago and then returned today they would find everything had changed - except possibly education, which is now being transformed by MOOCs. The first platform for MOOCs has also been bought by Google, which is developing it as an open source platform. She asked "who will be the university of the future? Google."

After the break Wendy took questions, giving a view that while cybersecurity is a risk to society, it is not a risk to the web. She commented that it was an area of high expenditure for the UK government.

She also said, in response to comments at morning tea about people being advised not to trust Wikipedia as a reference, that Wikipedia is at least as trustworthy and accurate as printed encyclopedias, plus it has a faster error correction rate. Plus, she said, we create Wikipedia, so it is what we wish to make it.

Wendy also believes that privacy won't kill the web, young people are growing up with different concepts of privacy and will adapt their approach and the web to suit their values.

However she believes that blackouts, siloisation and/or the end of a level playing field for creating and publishing content would end the web. Wendy said that net neutrality is also important. Without it we would lose the level playing field and commercial or ideological interests could control publishing and access to the web.

One of the crowd has commented that probably government is the biggest risk to the Internet, and Wendy says that she has concerns over legislators making decisions about an ecosystem they do not understand, which can lead to all kinds of unforeseen and undesirable consequences.

Wendy said it is hard to dictate in the web, to get people to use something they don't want to use. To get the network effect requires co-creation, meaning that government must work with communities collaboratively to develop platforms which benefit both.

An ABS representative said that they are now opening up a lot of data through APIs and unleashing developers through GovHacks to co-create new tools and services, however it is still a not insignificant challenge to get people within government to just agree on a common definition for Australia or Sydney, to allow datasets to correlate across agency.

Wendy next talked about Twitter, and how its real-time nature can support, even drive, community movements, "the way bad news spreads now is via Twitter. It is a mechanism for warning people to get out."

She said the interesting thing about Twitter is that it is being co-created, with functions like RT, MT and hashtags invented by the community.

Wendy believes co-creation is critical for the web, not only codesigning systems, but using systems which allow people to add value as they go about their daily interactions, such as via ReCAPTCH and Duolingo.

Wendy then talked about the semantic web, a web of data, saying it was in Tim Berners-Lee's original vision for the Web. However without sufficient data online (she said) we cannot experiment to find out what this will become or create the network effect, where people share and reshape data and create services or new visualisations with it.

She wrote a paper with Tim in 1996 which identified four principles for the Semantic Web, however says that the commercial sector still didn't get open data, hugging it tight.

Then governments began opening data based on discussions with Tim and others, leading to President Obama's declaration and a cascade of open data releases by governments around the world and initiatives like the Open Data Institute.

Wendy used an example of UK prescribing data, how open data allowed the NHS to identify 200 million pounds in savings each year.

Wendy said that while engineers and scientists often think of the web as a technological byproduct of a set of simple standards, it is a socio-technical construct, effectively a 'social machine' co-created through interactions between technology and millions of humans.

The technologies that underpin the web didn't create the web - people did, providing the content, linkages and developing, sharing and using the apps and websites that sit on it. However without the technology the web could also not exist.

Wendy said that social machines start with an incomplete specification that evolves and grows to cover more of the problem via interactions. They achieve participation through local incentives and the network effect, eventually succeeding through a process of rapid trial and error involving subsets of participants.

Wendy is working on understanding social machines through a 'web observatory' at Southhampton University that observes, monitors and classifies social machines as they evolve. She said this will also become an early warning system for detecting new disruptive social machines and identifying the 'tipping points' where they become ubiquitous.

Her group is studying Twitter networks, as well as Wikipedia and YouTube, amongst other services, to understand 'activity pulses' and how they help explain social movements and trends. For example, Wikipedia was a better indicator of a trend around 'Gangnam style' than Google with the trend occurring a month earlier on Wikipedia.

She asked how does Government, potentially the original social machine (as one audience member commented), transform itself to take advantage of digital channels to be a better social machine?

How do governments employ gamification, the network effect and web observatories to develop and deliver better policies and services?

How do we address the challenges of the 24-hr news cycle, election cycles and other factors which make developing and maintaining social machines difficult?

Wendy said she can't help reflecting back on governments from Victorian times, the 19th century, that created amazing long-lasting infrastructure in Britain that still serves the population today. She believes they were amazing social machines and still have lessons to teach us today on how to transform government to address the challenges of the 21st century.

Read full post...

Friday, October 18, 2013

Suggestions for governments stepping into open data

I've been completing a survey for the Spatial Industries Business Association (SIBA) related to the Queensland Government's open data initiative, where one of the questions asked Can you list or describe any learnings that would be useful in Queensland?

I've provided a number of my thoughts on this topic, having closely observed open data initiatives by government over the last five years, and written periodically on the topic myself, such as:


To share the thoughts I placed in the survey more broadly - for any value they have for other jurisdictions - I've included them below:

  • Data released in unusable formats is less useful - it is important to mandate standards within government to define what is open data and how it should be released and educate broadly within agencies that collect and release data.
  • Need to transform end-to-end data process. Often data is unusable due to poor collection or collation methods or due to contractual terms which limit use. To ensure data can be released in an open format, the entire process may require reinvention.
  • Open data is a tool, not a solution and is only a starting point. Much data remains difficult to use, even when open, as communities and organisations don't have the skills to extract value from it. There needs to be an ongoing focus on demonstrating and facilitating how value can be derived from data, involving hack events, case studies and the integration of easy-to-use analysis tools into the data store to broaden the user pool and the economic and social value. Some consideration should be given to integrating the use and analysis of open data into school work within curriculum frameworks.
  • Data needs to be publicly organised in ways which make sense to its users, rather than to the government agencies releasing it. There is a tendency for governments to organise data like they organise their websites - into a hierarchy that reflects their organisational structures, rather than how users interact with government. Note that the 'behind the scenes' hierarchy can still reflect organisational bias, but the public hierarchy should work for the users over the contributors.
  • Provide methods for the community to improve and supplement the open data, not simply request it. There are many ways in which communities can add value to government data, through independent data sets and correcting erroneous information. This needs to be supported in a managed way.
  • Integrate local with state based data - aka include council and independent data into the data store, don't keep it state only. There's a lot of value in integrating datasets, however this can be difficult for non-programmers when last datasets are stored in different formats in different systems.
  • Mandate data champions in every agency, or via a centre of expertise, who are responsible for educating and supporting agency senior and line management to adapt their end-to-end data processes to favour and support open release.
  • Coordinate data efforts across jurisdictions (starting with states and working upwards), using the approach as a way to standardise on methods of data collection, analysis and reporting so that it becomes possible to compare open data apples with apples. Many data sets are far more valuable across jurisdictions and comparisons help both agencies and the public understand which approaches are working better and why - helping improve policy over time.
  • Legislate to prevent politicians or agencies withholding or delaying data releases due to fear of embarrassment. It is better to be embarrassed and improve outcomes than for it to come out later that government withheld data to protect itself while harming citizen interests - this does long-term damage to the reputation of governments and politicians.
  • Involve industry and the community from the beginning of the open data journey. This involves educating them on open data, what it is and the value it can create, as well as in an ongoing oversight role so they share ownership of the process and are more inclined to actively use data.
  • Maintain an active schedule of data release and activities. Open data sites can become graveyards of old data and declining use without constant injections of content to prompt re-engagement. Different data is valuable to different groups, so having a release schedule (publicly published if possible) provides opportunities to re-engage groups as data valuable to them is released.

Read full post...

Bookmark and Share