Thursday, March 31, 2011

Gov 2.0 Canberra lunch with Alison Michalk on Community management - 13 April 2011

At the next Gov 2.0 Canberra lunch we're taking a look at a topic rapidly growing in importance for government agencies - managing and moderating online communities.

Quiip Director and Community Manager, Alison Michalk, will provide her insights into online community management, user-generated-content moderation and risk mitigation within the Web 2.0 space.

The presentation will draw on Alison’s experience with a range of private & public sector clients; demonstrating the various roles within community management along with strategies to enhance peer-to-peer dialogue and foster campaign support.

Alison Michalk is a respected practitioner in the online community management field. Based in Sydney, Alison has been working with online communities for over eight years. Her specific areas of interest include community governance and engagement, user behaviour and user-generated content moderation. Her experience building and managing online communities extends from start-ups through to large corporations, where she has managed a team of 30 moderators on Australia’s largest parenting website, Essential Baby (Fairfax Digital).

Alison has been featured in the ReadWriteWeb Guide to Community Management and Communities of Purpose white paper, and is a respected blogger on community management issues. Alison Michalk and Vanessa Paech (Lonely Planet/BBC Community Strategist) co-convene the Australian Community Management Roundtables, founded in 2008.

In mid-2010 Alison launched Quiip, an Australian-based community management and moderation business where she works with private and public sector clients including the Department of FaHCSIA’s youth initiative ‘The Line’.

When is the Gov 2.0 Canberra lunch?
13 April from 11.45 to 2pm.

Where is it being held?
The Gov 2.0 Canberra lunch in April is back at the Members' and Guests Dining room at (new) Parliament House hosted by Minister Gary Gray, Australia's Special Minister of State. Please note the special instructions in the event page.

How to register: Go to the Eventbrite page and request a ticket.

Read full post...

Monday, March 28, 2011

A cartoon history of social media (via PeopleBrowsr)

Many people I encounter consider social media as Twitter & Facebook - which is pretty much all that gets reported on via traditional media.

However the scope and history of social media is much richer and deeper than this.

PeopleBrowsr recently commissioned a cartoon history of social media, which starts with the first robot messageboard - in 1930.

Even this cartoon merely skims the surface and doesn't go further back to pre-digital social media channels that existed before the 'big three' traditional medias grew up during the 20th century (newspapers, radio and television).

However it does go deeper than the Twitter/Facebook view of the social media universe.

For a commentary on the cartoons, visit the PeopleBrowsr blog

Read full post...

Friday, March 25, 2011

Is it practical for government agencies to block web-based mail?

The Australian National Audit Office has just released a report 'The Protection and Security of Electronic Information Held by Australian Government Agencies' based on a review of the approaches to information security by four agencies, the Office of Financial Management, ComSuper, Medicare Australia, and the Department of the Prime Minister and Cabinet.

Amongst other recommendations was one which has been much discussed on Twitter this morning, "emails using public Web-based email services should be blocked on agency ICT systems, as these can provide an easily accessible point of entry for an external attack and subject the agency to the potential for intended or unintended information disclosure."

This reflects the recommendation in the Defense Signal Directorate's Information Security Manual, the 'bible' for Australian Government agencies when it comes to ICT security, which states on page 100 that:
Agencies should not allow personnel to send and receive emails using public web-based email services.

The concerns are very clear and relevant - web-based email systems can easily be used, inadvertently or deliberately, to distribute large quantities of citizen's personal information, or an agency's In Confidence or other classified information rapidly and to large numbers of people, making it impossible to contain the spread of the information.

Web-based email is also a potential source of attacks against an agency, through viruses, worms and trojans in email attachments (which may not be able to be scanned at the same level as Departmental email can be) and through web-links in emails to compromised websites.

I don't dispute these real concerns. They are concerns for corporations as well.

However, I do ask - what is 'web-based email'?

Most people are aware of the classic web-based email services, Windows Live Hotmail, Yahoo mail and Gmail amongst many, many, many similar services (here's a list of 18 web-based email services - and that's just a start!)

These services follow a standard email model - an inbox, outbox, capability to send and receive email, with attachments and some ability to organise and file emails into folders. Most have automated spam-checkers too, some exceptionally good.

However while they LOOK like email software, they aren't really email software. They are simply web pages providing access to text, links, file upload/download and some buttons.

Any webpage can be designed the same way. In fact it would be hard to find any webpage without at least two of the same features.

In other words, while they look like email and act like email, they're really no different from going to any website which allows people to click on a link or download a file.

Regarding the risk of downloading or clicking on a link with a malicious payload (virus, trojan, etc), web-based email web pages provide no additional risk to standard web pages except, perhaps, that they have content targeted to an individual with a government email address.

There may actually be less risk in using popular and widespread web-based email services as they do employ sophisticated scanning techniques to limit spam and malicious payloads. It is in their interest to not allow their users to become infected with viruses as their business would suffer as a result.

In fact, in some cases the large web-based email providers may offer more security in preventing spam and viruses than a corporation or government agency can offer to its staff using official email accounts. The large web-based email providers have hundreds of millions of users and their business is providing web-based email, meaning they hire the best talent, employ leading edge solutions and invest far more into their email security than most corporations or government agencies can afford.


I've only talked about the identifiable web-based email systems so far, there's also several broader considerations.

More and more online services are implementing systems like web-based email for sending and receiving messages within a web browser.

This includes services like Facebook, LinkedIn, YouTube, Slideshare, Ning, Amazon, all forum systems and micro-blogging services like Twitter (allowing direct messages). Most ISPs offer web-based access to home email accounts. Even your bank probably does it.

In all cases these services provide you with the ability to send and receive messages, including links and sometimes also attachments.

They effectively act like web-based email services, without having the same name.

To block web-based email systems can be tricky without blocking access to the provider's other services, such as Google's analytics and webmaster systems. However it is (mostly) possible.

To block these other pseudo-web-based email services without blocking their service is most probably impossible in most cases. That would mean blocking staff from being able to monitor or interact (officially) over social media services, or even from accessing their bank accounts from work.


Another consideration is the vast array of services that could not remotely be described as having web-based email qualities but still allow people to share information online.

These services, like YouSendIt, DropBox, Scribd and a host of others (including web-based FTP services provided by ISPs and others) allow people to upload a file, or often many files, and share them widely. There are also services for making comments - every newspaper has one - and many services for anonymising where the data is coming from to prevent detection.


Now all of this may still be manageable if it were only defined organisations who provided all these services. However the barrier to setting up a new service that looks and performs like web-based mail, or allow files to be transferred is almost invisible.

Open source software exists to allow any person to create their own service in a matter of hours. Web-based systems allow you to create a web-based email facsimile in a matter of minutes. These services are widespread, easily discoverable and cheap.

People can set one up from home, or any public access computer and then access it at work. That's if they are not amongst the nearly 40% of Australians with personal smartphones, or the millions of others with laptops, netbooks and tablets and 3G connections to the internet. Personal internet connections at the office, every day.

I don't envy the job of ICT Security Advisors.


If an agency wished to prevent staff from sending files and information online to unauthorised recipients, or prevent the possibility of staff clicking on links or downloading files from the web that may carry viruses, there are only three solutions.
  • Whitelist a bare minimum number of sites that staff can access,
  • turn off internet access completely, or
  • establish effective policy guidance and education for staff, have managers monitor use and ICT Security advisers provide support and training.
While it may be easier for organisations to pick one of the first two options, they will experience staff backlashes, have difficulty recruiting younger people (now including people in their 40s) and be unable to effectively engage and respond to changing global and national events.

These approaches won't necessarily limit the use of personal internet-connected devices at work, many more staff might bring them in to get around the security settings (so they can do their banking and respond to critical personal events). These approaches may even increase the incident of information leakage as disgruntled staff use the fax or photocopy and walk out the door.


The third option, which requires extensive senior leadership and support, is more effective in the long-run, however a harder sell due to the time and ongoing education commitment. However it is, in my view, the only approach to managing the use of web-based email and all similar services - in effect the entire internet - which serves the long-term interests of governments, agencies and staff.

Read full post...

Tuesday, March 22, 2011

Attorney-General's Department supports research into social media use during disasters

As reported in Mumbrella, the Attorney-General's Department is supporting research by the University of Western Sydney into how the public seeks and shares information via social media during natural disasters.

To complete the survey go here.

Read full post...

Monday, March 21, 2011

Why don't advertising budgets match audience behaviour?

For a very, very long time (more than ten years) I've been asking marketers and communicators in commercial and public sectors why they invest so heavily in producing and showing advertisements for channels which fewer and fewer people are watching and invest so little in the newer channels emerging.

In most advertising budgets there's still a massive amount for free-to-air television, moderate for radio and newspapers, a comparative small amount for online, cable or mobile advertising and virtually nothing for social media engagement.

Of course there's price differences - the cost of producing and screening a single television advertisement is far greater than that to produce and screen a web video for a month.

There's also a difference in how advertisements are developed. Television and radio are one-way mediums, with the focus on gaining attention and communicating a simple message in 1 minute or less - whereas cable advertising can be more interactive and online even more so (except for display advertising online, which doesn't have a good record of success in Australia).

The last few years of research on Australians have demonstrated that the internet is our number one medium, particularly for under 35s, however advertisers are still focusing their efforts on television - perhaps because that's what the older decision-makers watch.

This discrepancy has been brought home to me again by the Mumbrella piece, Natalie Tran: Bigger than free TV, on Natalie Tran, a 24 year old student on YouTube who, in the second week of March, received 876,106 views.

As Mumbrella pointed out,

If she’d been on free TV, she’d have been the 42nd biggest show of that week, based on OzTam’s data.

She had more viewers than Nine’s Customs (876,000), Sunday’s edition of ABC News (872,000), RPA (868,000), The Mentalist (863,000), RBT (856,000). And indeed Top Gear (818,000).

A couple more interesting figures comparing Top Gear's channel on YouTube with Natalie's Community Channel:
Top Gear’s YouTube channel uploads have delivered 193m views. Natalie Tran’s Community Channel channel 357m.

To Gear’s direct channel views – 15m; Community Channel, 47m.

Top Gear’s channel’s most viewed clip – 5.9m; Community Channel’s 34m. And no, I haven’t got the decimal point in the wrong place.
Surely it is time to begin shifting the budget a little further, and trialing out more interactive initiatives than Simply. More. Display. Advertising.

Read full post...

Bookmark and Share