Friday, August 05, 2016

Is it time for governments to extend digital security protections to all parliamentary candidates & parties?

Over the last few years we've seen increasing attention on the use of personal technology by politicians.

From our current Prime Minister, Malcolm Turnbull, who uses Wickr, to Hilary Clinton's use of a personal email server, and even the struggle President Barack Obama faced to use an iPhone, politicians - like the rest of us - are increasingly using a diverse range of technologies to conduct both personal and official business.

Not all of these technologies are officially approved or secured. Many are newer technologies with both known and unknown security concerns.

However politicians, like the rest of us, continue to use them either because we perceived the benefits (convenience, flexibility, speed, utility) far outweigh the risks we accept, or because the risks are not clearly understood by non-technical people.

This becomes a particular issue for politicians, political parties and individual candidates for parliament when state-sponsored agents, organised crime or unscrupulous businesses attempt to access their information.

There's many motivations for 'political hacking' - commercial advantage where particular information or decisions are obtained before the market knows, political advantage, blackmail or an improved capability to 'groom' politicians to a given perspective supportive of a particular desired goal or outlook, or opposing an undesired reform or initiative.

In fact I think it can be said that political power doesn't only originate from the muzzle of guns, but now political power also emerges from the keyboard.

Information is power, and the best source for information about an individual's views and decisions can be their private email and social accounts.

With the revelations of Russian state-sponsored hackers penetrating the Democratic National Convention and Clinton's Presidential campaign data stores, it's clear that state-sponsored and other organised hackers are increasingly seeing unelected potential parliamentarians as targets.

This is a logical development. It's in the interest of foreign nations to understand the views and decision-making approaches of powerful national leaders. Combine this with the likelihood that the security deployed by a political party is far easier to penetrate than the security deployed by a national government, and the fallout if caught is far less and it becomes a no-brainer for nations and large commercial interests to conduct hacking before an election locks away leaders behind tighter firewalls.

So, now we know that there's a reasonable to high risk that electoral candidates and parties will be hacked - particularly if they have a good chance at election - there's a question for governments to consider.

Should governments extend their security expertise and protections to all electoral candidates, placing them behind state-supported firewalls and security provisions, as soon as candidates nominate for electoral roles? And should this protection be extended to all political parties as well?

Given that even medium-sized governments, such as Australia's, secure hundreds of thousands of devices and people through their security regime, extending this to a few hundred more would be a technically manageable exercise.

The approach would help protect more of Australia's governance institutions from foreign and commercial influence, though likely would only be a partial measure as traditional intelligence gathering and governance influencing methods (background research, infiltrators, electoral donations and hosted trips and tours) would still be available to interest groups and countries.

Individual politicians and candidates would still have personal digital accounts vulnerable to hacking, with which they may engage with the public, the media, each other, business partners, friends, family and, occasionally and hopefully discreetly, with potential sexual partners.

So perhaps the step would provide partial protection - avoiding situations like the one the US Democrats have found themselves in, where the long-term ramifications are as yet unclear.

However even government systems are not totally impervious to cyberattacks, and the limitations of working within a government firewalled system might be too invasive or restrictive for some in the political world.

Also in a world where no security is perfect, partial protection can provide an illusion of security where none should be assumed, with the potential that protecting candidate correspondence could lead to more significant information theft or leaks from either hacking or internal disgruntled staff - or the misuse of candidate data by a future unscrupulous government to influence an electoral result.

On balance I think we're going to have to take our changes over whether political parties and individual candidates are hacked by foreign or corporate interests.

No security solution will ever be perfect and so Australia, and other nations, need to focus less on hiding potentially damaging information and focus more on developing transparent and fair agendas, with individual candidates and politicians being as honest and forthright as they claim their opponents should be.

Read full post...

Wednesday, August 03, 2016

The consequences of dropping the ball in digital engagement - The ABS and Australian Census 2016

Next week Australia will be holding its 17th national census (since 1911), led by the Australian Bureau of Statistics, which is itself celebrating its 110th anniversary as an agency (albeit with a name change midway).

This is an auspicious occasion for another reason. While it has been possible to complete the census online in both 2011 and 2006, when the ABS first trialled an online completion system - 2016 will mark the first occasion when the ABS expects a majority of households to complete their census surveys online.

In fact, Duncan Young, head of the 2016 Census process, is on record stating that the ABS expect 65% - two-thirds - of households to complete the Australian Census online, rather than in paper form.

This is a fantastic achievement and speaks highly to the ABS's commitment to quality data collection and maintaining a forward-facing approach to trialling and adopting new technologies.

This commitment has also been typified by the ABS BetaWorks Blog (sadly now defunct), ABS CodePlay (sadly not repeated) and the work the ABS has done to expose data in open and machine-readable formats, including ABS.Stat and APIs such as for the Population Clock.

Data collected by the ABS, particularly via the Australian Census, underpins an enormous amount of evidence-based decisions made by all levels of Australian government, as well as by companies who access the information to guide their commercial decisions.

The census is also an enormous undertaking. To quote Wikipedia quoting the 2011 Census site, "the 2011 Census was the largest logistical peacetime operation ever undertaken in Australia, employing over 43,000 field staff to ensure approximately 14.2 million forms were delivered to 9.8 million households." The cost was $440 million.

That makes the census a prime target for budget cuts - with the idea of reducing the frequency of the Australian Census to every ten years, or reducing its complexity, thrown around last year before being dropped.

The impact of not having regularly collected census data, collected in a compulsory manner from all households, can be hard for Australians to imagine.

However in countries like Lebanon, which hasn't had a census since 1932, the lack of accurate data leads to opinion-based government decision-making, which is generally viewed as a poor alternative to fact-based policy decisions.

The need for compulsory collection of census data was highlighted by the decision by the former Canadian government to make their long-form census voluntary in 2011, resulting in a massive drop in participation and corresponding degradation of data quality.

Called "a disaster for policy makers", unfortunately it suited the Canadian government of the day to not have accurate data in order to provide them greater room for making ideological decisions, rather than decisions that were based on facts. The net result was a drop in participation from 95% to 68%, a more expensive Census process (due to increased mailout of forms to prompt engagement), the resignation of several of the most experienced and competent senior officers in Canada's statistical agency, ongoing issues for national, provincial and local Canadian governments in identifying disadvantage, population numbers, statistical population changes and reduced capability for companies to make appropriate commercial decisions without investing in further expensive research.

The current Canadian government reinstated the compulsory long-form census, which completed collection in May this year.

So regular compulsory censuses are a BIG DEAL for a nation, and Australia has a very strong statistical foundation to build on.

The ABS has also demonstrated leadership in how it has marketed and communicated past Australian Censuses. In particular in 2011 the ABS demonstrated global leadership in the use of digital channels and tools to promote the importance of the Census and lift participation.

Through quirky best practice engagement on Twitter and Facebook, which made the Australian Census front-page news for all the right reasons, the development of an interactive online service allowing people to 'place' themselves within Australia, and a mobile game which allowed people (particularly kids) to see how census data was used in civic decision-making, the ABS knocked it out of the park in terms of its communication strategy and implementation.

That's a fantastic base for the ABS to build from. I think a number of people were expecting the same, or better, engagement from the ABS in 2016.

Alas, it was not to be. In 2016 little of the previous engagement brilliance is evident from the ABS.

While the ABS has repeated a level of their communication via Twitter, it's basically a shadowy repeat of their 2011 strategy - as though new management said "repeat the good stuff from five years ago, but don't update anything or take any risks".

The ABS is also remaining stalwart and largely silent in the face of several decisions which have left census collection exposed.

Their online service has been exposed as using an older and less secure security standard in order to support older browsers, rather than taking an approach which warns people and encourages them to upgrade to a more secure technology.

For non-technical people, an analogy would be the police waving past someone without headlights on a dark night onto a crowded and unlit highway in order to not slow down the traffic flow.

On another front, the ABS is confronting a surge of privacy concerns around its decision to keep names and other personal details connected to census data for at least four years. Taken without consultation with the public, this decision has raised alarm bells with privacy advocates and organisations such as Electronic Frontiers Australia, as well as with former senior officials of the ABS.

While the ABS has been fighting back to some degree, they've not really addressed the concerns in an effective way.

#Censusfail is continuing to grow as a hashtag, with a number of people considering ways to circumvent responding to the census, avoiding providing personal information or considering providing false information.

Should enough people take one of these steps it would reduce the value of the census to Australia.

I must admit that I've also become concerned about the ABS's approach, and unconvinced by the ABS's engagement on this front to-date.

I totally support and value the ABS as an organisation, and all the people that work there - however they are burning much of the goodwill they established in 2011 and potentially devaluing the census, and hurting all Australian governments through their lack of effective engagement on the issues above.

The worst thing for me is that the ABS has been a shining light in Australian government. The organisation has consistently been a leader in open data and the use of digital and social media to engage with the public.

This is important not simply for the egos of the leadership at the ABS, but is essential for good governance and effective commercial decision-making in Australia. The ABS's success serves all of us - and its failure would hurt us all.

I hope the ABS recovers from this and Australia continues to be well-served by the statistics the organisation collects.

However it would have been far better for the ABS, and all Australia, if the ABS hadn't put itself in this position of needing to recover at all.

Read full post...

Monday, August 01, 2016

Congratulations to GovHack for another fantastic year

The weekend just past featured the 6th GovHack event, involving over 2,000 participants in 280 teams across 41 locations in Australia and New Zealand working on 439 registered projects.

Effectively the world's biggest government hackathon, GovHack includes some amazing ideas on how to solve public challenges, using open data from agencies in innovative ways.

Whether you've previously heard of the GovHack event or not, visiting the Hackerspace (2016.hackerspace.govhack.org/projects), where all the registered projects are listed, is an inspiring way to start the morning and get some innovative ideas on how to address some of the pressing challenges facing your agency or organisation.

I wasn't actively involved in GovHack this year, due to family commitments, so don't have any insights from the ground on how the event went.

However from the social correspondence and general mood online, the event maintained the heights it attained in past years, while maturing further with better systems and challenge structures.

With GovHack managed by a second generation team (with the founder and key past organisers moving on or otherwise engaged), this year marked a major transition for the event.

The success of this year proves that GovHack isn't just a passion-play, but is a solid, sustainable, professional event that can become an important ongoing part of the open data movement, and tool for governments to foster citizen engagement, for a long time into the future.

Congrats to all of the organisers this year, who have made this possible.

Here's some stats from the event, based on the current information in the Hackerspace.

Total projects registered: 439
Total projects submitted: 351 (80%)

(Projects must be submitted to be eligible for judging)

The tables below show the number and percentage of submissions (Sub.) by territory, as well as submissions by 2015 population estimates.

As I measure it, the smaller the population per submission, the greater the level of engagement with GovHack within that territory - leaving ACT the most engaged, followed by South Australia, Tasmania, Queensland, New Zealand and then Western Australia, with Victoria and NSW at the end.

Projects by Country

CountryReg.Sub.% Sub.
Population
Sub./Pop.
Australia
373
291
78.0%
23,781,200
81,722
New Zealand
66
60
90.9%
4,596,700
76,612

Projects by Australian State/Territory

State/Territory
Reg.
Sub.
% Sub.
Population
Sub./Pop.
Australian Capital Territory
51
44
86.3%
390,800
8,882
New South Wales
70
45
64.3%
7,618,200
169,293
Queensland
84
70
83.3%
4,779,400
68,277
South Australia
60
49
81.7%
1,698,600
34,665
Tasmania
13
11
84.6%
516,600
46,964
Victoria
69
48
69.6%
5,938,100
123,710
West Australia
26
24
92.3%
2,591,600
107,983

Projects by Region and Local event - Australia

RegionLocal SiteReg.Sub.% Sub.
ACTCanberra
45
39
86.7%
ACTCanberra Heritage Hack
6
5
83.3%
NSW
Camperdown Games for Learning
4
4
100.0%
NSWParramatta
6
5
83.3%
NSWSydney Official
55
32
58.2%
NSWTyro Fintech Hub
5
4
80.0%
QLDBrisbane Maker Node
11
7
63.6%
QLDBrisbane Official
42
35
83.3%
QLDBrisbane Youth Node
1
1
100.0%
QLDFar North Queensland
1
1
100.0%
QLDGold Coast
6
4
66.7%
QLD
Ipswich
4
4
100.0%
QLDLogan
6
6
100.0%
QLDRockhampton
3
3
100.0%
QLDSunshine Coast
6
5
83.3%
QLDToowoomba
4
4
100.0%
SAAdelaide
36
31
86.1%
SA
Adelaide Maker
2
1
50.0%
SA
Mount Gambier
9
9
100.0%
SAOnkaparinga
5
2
40.0%
SAPlayford
7
5
71.4%
SA
Port Adelaide Enfield
1
1
100.0%
TasHobart
7
5
71.4%
TasLaunceston
6
6
100.0%
VicBallarat
9
8
88.9%
VicGeelong
5
4
80.0%
VicHack for Wyndham
5
5
100.0%
VicMelbourne
36
20
55.6%
VicMelbourne Mapspace
14
11
78.6%
WAGeraldton
3
2
66.7%
WAPerth
23
22
95.7%

Projects by Region and Local event - New Zealand

RegionLocal SiteReg.Sub.% Sub.
NZAuckland
16
15
93.8%
NZChristchurch
15
12
80%
NZDunedin
1
1
100%
NZHamilton
10
9
90%
NZNapier, Hawkes Bay
2
2
100%
NZNorthland
1
1
100%
NZQueenstown
3
3
100%
NZWellington
14
13
92.9%
NZWhanganui
4
4
100%

Read full post...

Thursday, July 07, 2016

There's no silver bullets, but there's silver toolkits

During this Public Sector Innovation Month, I thought I should focus my eGovAU posts a little more closely on the topic of innovation.

I've commented previously on the 'shiny new thing' issue - whereby humans place unrealistic expectations on a new device or approach to solve a long-standing existing issue.

It's an issue that occurs regularly - and is even supported and encouraged commercially, where new products are regularly released with a 'unique' ingredient (not always unique), or a 'new' approach (not always new) promoted as solving a 'problem'.

Of course sometimes these unique ingredients aren't unique, the new approaches may not be new - and the problem may not be one that has kept people awake at night.

As a marketer I was trained on how to do this at university - either find an existing problem, or make people aware of a problem they hadn't thought about, so that it could then be fixed with a specific product or approach.

Products that are examples of this approach include 'Permeate-free' milk and many toothpaste additives advertised as promoting 'advanced whitening' or 'tartar control'.

Examples of approaches that fit into this basket include 'Nudge theory' (Behavioural Economics), 'TQM' (Total Quality Management) and Lean Methodology. All have positive applications, but none is a 'silver bullet' in all circumstances, and they can sometimes be applied to solve the wrong problems.

The same psychology applies in many human pursuits - from health care to the battlefield to management and government policy development.

New approaches are regularly discovered (or rediscovered) and promoted as silver bullets.

In most cases they aren't scams - they genuinely work, but only deliver measurable improvements within certain circumstances. This leads to case studies and advocates, even when they deliver limited or no value - it can be hard for senior leadership to say that the approach they supported and endorsed didn't lead to any significant positive impact on an organisation.

However over time it can often become clear that the success of these approaches applies only in a narrow set of circumstances or is based on factors that aren't related to the approaches themselves. At this stage another new approach often takes off.

This cycle may take years, or occur in a few months - what is traditionally called a 'fad'.

There can even be several new approaches at the same time, producing quite a heady environment where people and organisations fall into competing camps and can often expend more resources and energy on justifying why their new approach is better than on actual execution.

In reality there are a few situations where there are silver bullets. For example vaccines have been a silver bullet for population disease control.

Yes there's still a few cases of diseases we've vaccinated against, but the widespread suffering and death, long-term health issues and economic dislocation that accompanied mass outbreaks of major diseases, has been alleviated to the point where few have a living memory of these issues - leading to the present-day pushback we're seeing from people who have never experienced a mass vaccination-free world.

However in most cases new approaches are not silver bullets. They may provide an incremental improvement in the delivery of solutions to problems, or provide a solution within a limited set of circumstances, but do not have the widespread paradigm-shifting impact that the notion of a silver bullet encompasses.

Instead organisations should consider developing what I term 'silver toolkits' - collections of both new tools and approaches and existing methods applied in new ways that collectively provide development and delivery improvements to outcomes.

The notion of a 'silver toolkit' moves organisations away from any reliance on a single approach to achieve universal results - the equivalent of having only a screwdriver to solve any mechanical problem.

The approach also provides greater license to customise approaches and tools to specific situations, allowing for ongoing evolution in the adoption of new approaches rather than adherence to a rigid, unalterable formula for success that doesn't adapt to the specific attributes of an organisation.

So next time your organisation is considering a new approach or tool that its advocates claim is a 'silver bullet' for any or all problems you're seeking to solve, consider instead whether you can add it to your 'silver toolkit' - a non-exclusive set of new approaches and tools that your organisation can flexibly apply as appropriate to address emerging challenges.

Read full post...

Friday, July 01, 2016

The awesome finalists in the Public Sector Innovation Awards

It's tough to be innovative in many organisations - there's systems that try to regulate and direct change, managing its pace and impact, there's personalities and politics at play competing over limited resources and there's the inherent tendency for most to build cultures focused on stability and continuity over change, uncertainty and risk taking.

It's even tougher in environments with the level of governance, public scrutiny and bureaucratic overheads that is seen across much of the public sector.

However the Australian Public Service has been taking steps for a number of years to shake off the shackles and support and foster innovative behaviour, with some very clear successes along the way.

One such success has been Innovation Month - designed several years ago by a bunch of mid-level bureaucrats with senior support and approval) who were passionate about sharing the innovation in their workplaces, and connecting the many innovators and intrapreneurs, and those aspiring to innovate, across the public service.

Fostered and supported by the Public Sector Innovation Network (PSIN), and the Secretaries Board, the month has gone from strength to strength each year.

Another emerging success is this year's inaugural Public Service Innovation Awards, also supported by the Secretaries Board and PSIN and managed by IPAA ACT as an addition to their annual public sector awards.

I've had a very small role as an assessor for the Awards, and was proud to see the level of innovation on display by a number of the applicants.

Most of the entries featured innovations that have had little or no public exposure - the media just isn't interested in public sector successes (or learning experiences that don't result in a big 'bang') and agencies remain poor at promoting their achievements (where the credit is often appropriated by politicians who just happen to be in the right Ministry at the time).

These are all real achievements by real public servants - and they deserve to be recognised, lauded and pestered with questions (on how others can achieve similar great outcomes), for the work they have done.

The finalists have now been selected and have pitched to the judges (armed with training from some of Australia's top pitch professionals) - with the winners to be selected in a few weeks.

I've included the list of the finalists below, and images of the teams are over at the IPAA ACT website.

Keep an eye out for the winners later this month.

Finalists in the Public Sector Innovation Awards

  1. Australian Charities and Not-for-profits Commission - Charity Portal
  2. Department of Defence - REDWING Project
  3. Department of Foreign Affairs and Trade - The establishment and operation of the innovationXchange
  4. Geoscience Australia - Mineral Potential Mapper
  5. Department of Finance - govCMS
  6. Tourism Australia - The World's Biggest Social Media Team
  7. Australian Taxation Office - Small Business Fix-It Squads
  8. Department of Defence - PyroFilm
  9. IP Australia - Patent Analytics Hub
  10. Australian Financial Security Authority - Quick Motor Vehicle Search
  11. Department of the Prime Minister and Cabinet - Changing Recruitment in PM&C
  12. Australian Taxation Office - Cloud software authentication and authorisation


Read full post...

Bookmark and Share