Tuesday, October 29, 2013

How do we solve falling trust in online services before it becomes critical?

A few days ago LinkedIn launched its latest IOS app, Intro.

The app promises to integrate LinkedIn profile content directly into emails, allowing more rapid connections and helping give email recipients access to a range of relevant information about the sender.

Given both Apple and LinkedIn are well-known brands, many people are likely to trust that this app is safe for them to use, that these two global companies have taken every step to ensure that users are not exposed to privacy risks.

It's also not a big decision. Intro is free and installing the app is a two-click process, done in under 30 seconds. People are unlikely to spend the time to look at the usage policy in detail, or consider the impact of such a simple decision when they trust the brands.

However, in this case, trusting LinkedIn and Apple may not be wise. Global Security Consultancy Bishop Fox released a very compelling post outlining serious concerns with how LinkedIn's new app works.

According to Bishop Fox, the app works in the same way as a 'man in the middle' hacking attack, by sending all of a user's emails through LinkedIn's mail servers. Here they could be read by LinkedIn or, if encrypted, this process could stop the final recipient from ever receiving the email.

LinkedIn states that it will keep information from the emails it captures - and while it states that LinkedIn “will never sell, rent, or give away private data about you or your contacts.” there's no clarification of what data LinkedIn might consider private, nor any solid information on how LinkedIn has mitigated against the type of security breach it suffered in 2012.

This is just a single instance of a situation where the public are being asked to trust a company to do the right thing online, while there's no guarantee they will, and often there's few ways for an individual, organisation or even a government to hold a company to account when they fail to keep their end of the trust bargain.

So the conundrum for the public has become, who can they trust online?

Clearly there must be a level of trust to use online systems, with banks and government clear cases of where trust relationships are critical for transactions and service provision. With no trust in online systems, online banking and egovernment could not exist.

Social networks are also important. As places where people store personal information and share more and more of it over time, there's a clear requirement for companies to appear trustworthy and safe.

Even search engines, which have become the front door to most websites (with Google the dominant player), have a huge trail of data on their users - what you search for helps define who you are, particularly when people use search for medical and personal matters.

The public must implicitly trust all these organisations to both play nice with their personal information and to secure it such that nefarious groups or individuals don't get it. However it has become very clear that they simply can't.

Whether it is commercial providers, who primarily use this data to identify more effective ways to sell, or governments and banks who require this data to validate individuals, the number of reported data breaches is rising - in a global environment where few governments legally require companies to report breaches to the people potentially impacted.

On top of this comes revelations of data surveillance operations by government agencies, such as the NSA, commercial entities such as the example from LinkedIn above, where the data helps them productise their users, or organised crime, who use hackers and insider sources to secure valuable data for use and resale.

However despite increasing concern over how data is secured, who can access it and how it will be used, individuals continue to use many of these online services, either because they simply cannot live their normal lives, or conduct business, without using them, or because of the "it won't happen to me" principle.

If public trust disappears, what does that mean for every organisation using the internet to build its business or to provide more convenient and cost-efficient services?

What impact would it have on government, where a shift to electronic transactions means less investment in other channels and, over time, less capability to meet citizen needs should a collapse in online trust occur?

I don't know how this situation can be resolved, particularly with the low attention paid to ensuring organisations report and rectify data breaches and be clear on how they will secure and use data.

While it is a global issue, individual governments can have an impact, by establishing a robust privacy framework for their citizens and recognising that people own their own data and any organisation allowed access to it should be held accountable for not securing or using it appropriately.

Do we have such a regime in Australia today?

I wanted to finish with an extract from the response I received from the Australian Privacy Commissioner when I reported the LinkedIn app using their email form:

Dear Craig  
Thank you for your enquiry.  
The Office of the Australian Information Commissioner (OAIC) receives a large quantity of written enquiries each day. An representative will be assigned to your enquiry and will be in contact soon. 
We aim to respond to all written enquiries within ten working days. 
If your enquiry is urgent and requires an immediate response, please telephone us on 1300 363 992 and quote your reference number. More complex phone enquiries may require a written response and may still take some time.

A response within 10 working days (14 actual days).

I wonder how many individuals may have their privacy breached, or organisations their confidential data exposed, by a single popular mobile app from a well-known company in this period of time.

Read full post...

Thursday, October 24, 2013

What's the digital communication capability of Australian governments?

On the back of the UK Government's second whole-of-government communications plan, the UK Government has been undertaking a Digital Communication Capability review asking (in simple terms), how is digital communication and engagement done, and how could it be improved?

The Review has involved consultation with Communications Directors, digital engagement specialists and senior executives across the UK Government and was led by a team of three independent reviewers with a deep knowledge of digital communications.

The review is still in the closing stages (final due in November), however has been an extremely transparent process, with all comments available online and the draft report already released for final feedback (similar to the process the Australian Gov 2.0 Taskforce used in 2009, but has been rarely used since in Australian government).

Many of the top-line findings would resonate with Australian public sector digital communications professionals, with the headline finding being:

Pockets of good practice notwithstanding, the headline finding is that digital communication in government is developing in silos and not in the mainstream. The consequence is that it is being outpaced by the best of the commercial and NGO worlds. Too much is broadcast and does not seek to engage. And, crucially, it is still treated by many in departmental leadership positions as a specialist area where the risks usually outweigh the benefits.
Underneath this, the review found that there wasn't a natural home for digital within departments - with placement in existing areas such as media relations leading to a biased approach which didn't serve all agency needs.

It also found that;
  • departments were not realising economies of scale, with different agencies separately purchasing the same or different social media management and analytics tools, 
  • communication focused far too much on informing rather than conversations, 
  • objectives were based on easily measurable quantitive scores (such as followers or tweets) rather than on changing outcomes,
  • there was an over-reliance on 'build it and they will come' approaches, 
  • there was a shortage of skills - exacerbated by a lack of confidence and judgement, 
  • there were limitations on access to social media due to IT security considerations - which may be valid but were poorly explained and understood, and
  • there was a lack of trust and overriding pre-occupation with risk.
Unfortunately there's been none of this type of work done in a systemic way in Australia - despite it being possible to take an approach (such as the UK one) and repeat it across every state, territory and the federal government to provide a comparable model (then do a cut-down version for local governments).

This is similar to where I started with the Digital Innovation Review I conducted in Victoria (no other states or territories have been interested in a similar review as yet though).

I'd like to help. Any takers in government?

Read full post...

Tuesday, October 22, 2013

Government as a Social Machine featuring Professor Dame Wendy Hall

I blogged today from the Government as a Social Machine forum hosted by ANZSOG and featuring Professor Dame Wendy Hall from the University of Southampton in the UK.

The discussion involved a diverse group of stakeholders from public and private sector organisations and covered the history of the internet and the challenges organisations, particularly governments, and citizens face in adapting to the new knowledge-rich, engagement-rich worked enabled by global real-time distributed communication systems.

Wendy also presented at a NICTA/OKFN event this afternoon, and is presenting at the Semantic Web Conference in Sydney later this week and in Victoria next week at the first Digital Literacy event being held by the Victorian public service (details of most of these events are in my Gov 2.0 calendar to the left).

Wendy opened with a story from before the web, on how no-one predicted the Internet, despite some earlier thinkers, such as Vannevar Bush, who foresaw a memory device (memex) in his brilliant work 'As we may think' in 1945, which contained many of the elements of modern computing systems.

She also discussed Ted Nelson, who coined the terms hypertext and hyperlinks back in the 1960s and Doug Engelbart, who invented the mouse, windows and much of the user interface that we find familiar today. In fact Doug gave the 'mother of all demos' which foresaw modern computers and the web.

Wendy recalled that when she met Tim Berners-Lee at the Hypertext conference in 1991 (which rejected Tim's paper on the web), she thought it was presumptuous that he had named the hypertext system he had invented the 'World-Wide Web', presuming that people around the world would use it.

At the time she didn't think the web was original or breakthrough - "how wrong you can be", she said.

Wendy said that Tim's strategy was to give away the web, making it an open protocol and standard - universally free to use and not controlled by any organisation. She said that otherwise Tim felt that the web would not grow or thrive, but be locked down by political, academic or commercial interests.

She also said that Tim believed that to make the web scale, it had to be able to fail. While many at the time believed that a system which could dead-end, linking to a non-existent page, would turn away users, Tim strategically introduced the '404 error' (which appears when a web page isn't found) to encourage individuals and organisations to build out the web, rather than limit it.

Wendy asked whether we could have built the web another way. She believes that we may have to at some point as the web is only 23 years old, "barely out of nappies".

Wendy also believes that there's many ways to kill or corrupt the web, such as having specific organisations or governments control it - however we don't really know the outcome of these scenarios as we haven't had those experiences yet.

She did ask about what if the Internet disappeared overnight - how would it impact on individuals, organisations, societies, even countries?

The impact of a one-day shutdown of Wikipedia was immense (she said) during the SOPA protest, and there is an increasing risk in some developed nations that blackouts, caused by inadequate electricity supplies, could cause a blackout of information, with people unable to access the information they need to cope with the situation.

Wendy also said that when Tim created the web he understood that it had to include an easy way to write, as well as read, web pages - leading to the development of his first web browser, which was also an editor.

Wendy said that in 1996-8 while the web was growing, the Internet wasn't sufficiently mature for broader use, due to difficulties with slow modems, finding information (pre-Google) and the cost of computers - making categories such as online shopping inconvenient.

However now the technologies have matured Wendy believes that High Streets will disappear. She said that the UK government's decision to sell off the Royal Mail, which was instituted in the Victorian era, is a sign of this change flowing through the system.

Wendy said that years ago she consulted to the Royal Mail, highlighting to them that the new business they needed to dominate was parcel delivery, based on online sales "however they didn't get it".

Wendy also said that "it is very hard to convince the big juggernauts of industry, including government, to change".

She said that, for example, large organisations seem to believe that people will always read books - Wendy believes that yes they will read, but not necessarily books.

She recalled telling biologists years ago that they would be reading papers online. They retorted that the Internet was so slow and computers so heavy that they would never be able to read their papers on the train. Wendy said, "Now, ten years on, biologists are reading their papers on the train using iPads."

Wendy said that Google was inconceivable before the web, and engineers had 'proven' it wasn't possible to quickly index huge amounts of information.

However she said that since Google, the world has changed - and Google is also no longer just a search engine, they are incredibly diverse, "there are at least 2,000 driverless Google cars driving around San Francisco".

Wendy believes that once an organisation has a majority of people using it on a network it becomes very difficult to dislodge. Google, eBay, Facebook and now Twitter are giants, at least in the English-speaking world - different titans exist in China.

Wendy opined that Google may be the James Bond villain of the future - because it knows what you search for, "everyone has searched for something they would not want to be made public". She believes that if Blofeld took over Google they would have something over every politicians.

However, Wendy said, when used benignly or even for commercial profit, Google is fine. She also believes many other industries are in a similar position of potential control over society.

Wendy also believes that even before the arrival of social networking "we should have known how much people would want to write about themselves, take photos, videos and share, based on what we knew about human psychology and behaviour".

Wendy said there is now an expectation that people can find anything, any knowledge online and if an organisation, product, place or individual doesn't have an online presence "they don't exist." As a result, Wendy believes that the web should be the first way any new entity is introduced or promoted.

Wendy said that while Tim Berners-Lee invented the technology and helps set the standards, we (globally) have created the web. We write the websites, blogs and micro blogs. We make the links and the apps. "The web doesn't have shareholders or owners - we are collectively the creators and custodians of the web."

She said that the web exists because we want it to be there, and it will keep existing as long as we want it to exist, so we all have a responsibility to ensure it is a place we wish to frequent.

When people ask her about issues online, she tells them that we didn't make the streets safer by imposing curfews - similarly we need to create the right culture on the web, not create legal restrictions.

Wendy said that Wikipedia was started as an experiment - even Jimmy Wales didn't believe it would work - however it is now equivalent to 1,900 volumes of an encyclopedia, most of which is very accurate. It has grown its own governance, it wasn't invented ahead of time, a lesson for organisations today.

Wendy also said that YouTube is another giant attractor to the web, the place for storing and sharing videos - now owned by Google.

Wendy believes that if an alien had came to earth a hundred years ago and then returned today they would find everything had changed - except possibly education, which is now being transformed by MOOCs. The first platform for MOOCs has also been bought by Google, which is developing it as an open source platform. She asked "who will be the university of the future? Google."

After the break Wendy took questions, giving a view that while cybersecurity is a risk to society, it is not a risk to the web. She commented that it was an area of high expenditure for the UK government.

She also said, in response to comments at morning tea about people being advised not to trust Wikipedia as a reference, that Wikipedia is at least as trustworthy and accurate as printed encyclopedias, plus it has a faster error correction rate. Plus, she said, we create Wikipedia, so it is what we wish to make it.

Wendy also believes that privacy won't kill the web, young people are growing up with different concepts of privacy and will adapt their approach and the web to suit their values.

However she believes that blackouts, siloisation and/or the end of a level playing field for creating and publishing content would end the web. Wendy said that net neutrality is also important. Without it we would lose the level playing field and commercial or ideological interests could control publishing and access to the web.

One of the crowd has commented that probably government is the biggest risk to the Internet, and Wendy says that she has concerns over legislators making decisions about an ecosystem they do not understand, which can lead to all kinds of unforeseen and undesirable consequences.

Wendy said it is hard to dictate in the web, to get people to use something they don't want to use. To get the network effect requires co-creation, meaning that government must work with communities collaboratively to develop platforms which benefit both.

An ABS representative said that they are now opening up a lot of data through APIs and unleashing developers through GovHacks to co-create new tools and services, however it is still a not insignificant challenge to get people within government to just agree on a common definition for Australia or Sydney, to allow datasets to correlate across agency.

Wendy next talked about Twitter, and how its real-time nature can support, even drive, community movements, "the way bad news spreads now is via Twitter. It is a mechanism for warning people to get out."

She said the interesting thing about Twitter is that it is being co-created, with functions like RT, MT and hashtags invented by the community.

Wendy believes co-creation is critical for the web, not only codesigning systems, but using systems which allow people to add value as they go about their daily interactions, such as via ReCAPTCH and Duolingo.

Wendy then talked about the semantic web, a web of data, saying it was in Tim Berners-Lee's original vision for the Web. However without sufficient data online (she said) we cannot experiment to find out what this will become or create the network effect, where people share and reshape data and create services or new visualisations with it.

She wrote a paper with Tim in 1996 which identified four principles for the Semantic Web, however says that the commercial sector still didn't get open data, hugging it tight.

Then governments began opening data based on discussions with Tim and others, leading to President Obama's declaration and a cascade of open data releases by governments around the world and initiatives like the Open Data Institute.

Wendy used an example of UK prescribing data, how open data allowed the NHS to identify 200 million pounds in savings each year.

Wendy said that while engineers and scientists often think of the web as a technological byproduct of a set of simple standards, it is a socio-technical construct, effectively a 'social machine' co-created through interactions between technology and millions of humans.

The technologies that underpin the web didn't create the web - people did, providing the content, linkages and developing, sharing and using the apps and websites that sit on it. However without the technology the web could also not exist.

Wendy said that social machines start with an incomplete specification that evolves and grows to cover more of the problem via interactions. They achieve participation through local incentives and the network effect, eventually succeeding through a process of rapid trial and error involving subsets of participants.

Wendy is working on understanding social machines through a 'web observatory' at Southhampton University that observes, monitors and classifies social machines as they evolve. She said this will also become an early warning system for detecting new disruptive social machines and identifying the 'tipping points' where they become ubiquitous.

Her group is studying Twitter networks, as well as Wikipedia and YouTube, amongst other services, to understand 'activity pulses' and how they help explain social movements and trends. For example, Wikipedia was a better indicator of a trend around 'Gangnam style' than Google with the trend occurring a month earlier on Wikipedia.

She asked how does Government, potentially the original social machine (as one audience member commented), transform itself to take advantage of digital channels to be a better social machine?

How do governments employ gamification, the network effect and web observatories to develop and deliver better policies and services?

How do we address the challenges of the 24-hr news cycle, election cycles and other factors which make developing and maintaining social machines difficult?

Wendy said she can't help reflecting back on governments from Victorian times, the 19th century, that created amazing long-lasting infrastructure in Britain that still serves the population today. She believes they were amazing social machines and still have lessons to teach us today on how to transform government to address the challenges of the 21st century.

Read full post...

Friday, October 18, 2013

Suggestions for governments stepping into open data

I've been completing a survey for the Spatial Industries Business Association (SIBA) related to the Queensland Government's open data initiative, where one of the questions asked Can you list or describe any learnings that would be useful in Queensland?

I've provided a number of my thoughts on this topic, having closely observed open data initiatives by government over the last five years, and written periodically on the topic myself, such as:


To share the thoughts I placed in the survey more broadly - for any value they have for other jurisdictions - I've included them below:

  • Data released in unusable formats is less useful - it is important to mandate standards within government to define what is open data and how it should be released and educate broadly within agencies that collect and release data.
  • Need to transform end-to-end data process. Often data is unusable due to poor collection or collation methods or due to contractual terms which limit use. To ensure data can be released in an open format, the entire process may require reinvention.
  • Open data is a tool, not a solution and is only a starting point. Much data remains difficult to use, even when open, as communities and organisations don't have the skills to extract value from it. There needs to be an ongoing focus on demonstrating and facilitating how value can be derived from data, involving hack events, case studies and the integration of easy-to-use analysis tools into the data store to broaden the user pool and the economic and social value. Some consideration should be given to integrating the use and analysis of open data into school work within curriculum frameworks.
  • Data needs to be publicly organised in ways which make sense to its users, rather than to the government agencies releasing it. There is a tendency for governments to organise data like they organise their websites - into a hierarchy that reflects their organisational structures, rather than how users interact with government. Note that the 'behind the scenes' hierarchy can still reflect organisational bias, but the public hierarchy should work for the users over the contributors.
  • Provide methods for the community to improve and supplement the open data, not simply request it. There are many ways in which communities can add value to government data, through independent data sets and correcting erroneous information. This needs to be supported in a managed way.
  • Integrate local with state based data - aka include council and independent data into the data store, don't keep it state only. There's a lot of value in integrating datasets, however this can be difficult for non-programmers when last datasets are stored in different formats in different systems.
  • Mandate data champions in every agency, or via a centre of expertise, who are responsible for educating and supporting agency senior and line management to adapt their end-to-end data processes to favour and support open release.
  • Coordinate data efforts across jurisdictions (starting with states and working upwards), using the approach as a way to standardise on methods of data collection, analysis and reporting so that it becomes possible to compare open data apples with apples. Many data sets are far more valuable across jurisdictions and comparisons help both agencies and the public understand which approaches are working better and why - helping improve policy over time.
  • Legislate to prevent politicians or agencies withholding or delaying data releases due to fear of embarrassment. It is better to be embarrassed and improve outcomes than for it to come out later that government withheld data to protect itself while harming citizen interests - this does long-term damage to the reputation of governments and politicians.
  • Involve industry and the community from the beginning of the open data journey. This involves educating them on open data, what it is and the value it can create, as well as in an ongoing oversight role so they share ownership of the process and are more inclined to actively use data.
  • Maintain an active schedule of data release and activities. Open data sites can become graveyards of old data and declining use without constant injections of content to prompt re-engagement. Different data is valuable to different groups, so having a release schedule (publicly published if possible) provides opportunities to re-engage groups as data valuable to them is released.

Read full post...

Thursday, October 17, 2013

A look into the mind of John Miri

Yesterday I had the opportunity to catch up with John Miri, the former Deputy to the State CTO for Texas, following his presentation at Sitecore's Digital Citizen Engagement event in Canberra.

John is also presenting in Melbourne today, and in Perth next week.

The first thing that struck me about John is how different he is from the stereotype of a government IT professional.

Personable, approachable and possibly the only tea drinker left in the US, John was trained in physics but pursued a career in IT after it was pointed out to him that there were more career opportunities in IT than science.

He came late to government, spending a number of years founding and working in early-stage start-ups before making the leap to public service in 2005, as Director of E-Government and Web Services for the State of Texas, reporting directly to the State CTO.

In that role John was responsible for shepherding the TexasOnline.com program (now texas.gov), implementing 829 new online services, and leading to 83 million citizen financial transactions, with more than $5 billion online revenue.

John is now Editor-In-Chief for the Center for Digital Government and principle of Bluewater Technology Services, a technology consulting company.

John believes that government is at an interesting crossroads - still applying governance principles from the 19th and 20th centuries, while trying to rapidly adapt to the 21st.

He talked to me about the vision that the founders of the US had for their nation, a participatory democracy where citizen involvement in governance didn't end with their vote, where citizens were empowered and supported to contribute to civic life.

John says that with today's technologies it is now possible for societies to realise this kind of vision - to reshape governments to be more participatory without losing the strong institutions and traditions that make democracy possible.

We discussed how government institutions are designed to maintain the status quo, the value of bureaucratic processes in maintaining stable, safe and secure societies, however these strengths can also become weaknesses when politicians and public servants stop asking 'what is the goal of government' and focus on repeating the processes in government - resisting change from within or without.

John asked the question 'what is the role of citizens in delivering government services?' saying that governments need to begin considering citizens as stakeholders and engaging them in the same way agencies engage expert panels, companies and lobby groups.

He also commented on how government's tendency to silo problems and attempt to solve them individually is failing - today's problems are complex and multifaceted, crossing traditional ministerial portfolios and requiring complex and collaborative solutions.

John argued that the current structures in government are poorly suited to solving these problems, and our reliance on subject matter experts - rather than problem solving experts - meant that many problems are being seen through specific lenses and perspectives that made them difficult, if not impossible to solve.

He gave the example of US state road taxes on petrol - designed to cover the cost of maintaining roads. As cars have improved their efficiency, travelling far further - and doing more road damage - on the same amount of petrol, the gap between the funds the tax raise and the maintenance cost has been growing.

John asked a group of road policy experts in government about this issue, and their response was that the solution was simple - raise road taxes. His comment to me was that while the experts may think this was simple to do, it wasn't simple to get tax increases through political processes or sell their value to the public - more participatory processes and more innovative solutions were needed for the long-term.

He said that the increasing size of many of the complex problems that face government today mean that the odds are in the favour of those who advocate for more participative government and Government 2.0.

As traditional approaches to problem solving fail, due to agency silos, expert bias and limited community involvement, governments will be forced to look towards more innovative solutions - involving citizens and reshaping bureaucratic processes.

John also said that digital was an opportunity for governments to do more than simply replicate their business processes online. Rather than mimicing or tweaking paper-based workflows and forms for online use, agencies should use the opportunity to reinvent their business processes.

This involves questioning every assumption - what information is needed, when and how is it needed, how should it be stored, actioned and how should citizens be informed and engaged throughout the entire process.

John says that agencies that simply replicate existing processes online are unlikely to realise the full benefits in cost-savings, accurate completion and citizen satisfaction - an automated mess is still a mess.

He says there are no shortage of example of how technology has transformed business processes and the situation is no different in government. If agencies and politicians can focus on the goals and outcomes they are working towards, rather than bury themselves in repeating the same processes they've used for decades.

John also suggested that a reinvention approach allows room for innovations in how government services are delivered. For example as train timetables become digitalised, why should trains runs at the same time every day?

Would it be possible to adjust train schedules on a flexible basis, managing it like an electricity grid, based on the number of travellers and communicated via electronic messaging boards.

He also asked whether child protection services could be radically reinvented to provide 24/7 access to case workers for children in need. Could a single contact phone number, SMS and email address be used to route case workers to where they are needed most, using GPS and mobile devices to ensure they had the information they needed at all times to maximise their efficiency and protect more children from harm.

In conclusion John was of the view that egovernment, Government 2.0 and the rise of digital citizens who wish greater participation in the democratic process, should not be seen as a threat to traditional democratic institutions - we're not trying to add a third house of parliament.

Instead he said that these movements and emerging technologies should be embraced as a way to realise the original intent and goals of government - to represent, serve and involve citizens. 

Read full post...

Bookmark and Share