Tuesday, November 15, 2016

Asking 'what should be the limits on how public servants engage in social media' is the wrong question

The Australian Public Service Commission (APSC) has just released a consultation paper asking for feedback regarding how public servants may be able to 'Make Public Comment' specifically focused on social media.

It's great to see the APSC consulting on this area. It is subject to rapid change, both in the nature of the approaches and tools available for public servants to comment online, and in regards the evolution of thinking and expectations within the public service itself.

For example, Gov 2.0 and the current follow-on push for digital transformation has continued to attract new groups of potential employees and partners to the APS. These are groups with their own established (generally active, transparent and outspoken) approaches to online engagement - creating challenges for existing public sector hierarchies in both recruitment and management of these cohorts and acculturalising them to current APS norms.

Equally the blurring of the lines between private and professional continues to grow. With government policy now essentially touching on every aspect of life, existing public servants can feel constrained and muted by current requirements to not comment negatively on any policy area.

This is whether it be a public servant/parent dealing with schooling challenges, a public servant/carer dealing with NDIS challenges, a public servant/driver dealing with road infrastructure challenges, a public servant/patient dealing with health challenges, or a public servant/former immigrant dealing with family unification challenges. In all of these cases, even if their career is in a totally unrelated area of the public service, it is unwise for them to share even privately via their social media channels comments critical of the policies which are impacting their lives in a real and significant manner - just in case their public service friends report them and their public service bosses decide to define their comments as less than appropriate.

At the same time with the increasing normalisation of social media as the primary 'town square' for civil discussions (though not always so 'civil'), younger people, former APS staff (such as myself) and others who might at some point work in or to governments, are more enabled and likely to debate or share contentious political and policy issues via social networks without full consideration of the likely views of older-fashioned agency management and the impact on potential employment or contracts.

Similar to the lament of police and other security services ten years ago, who found it increasingly hard to hire individuals able to conduct important undercover work, due to the widespread adoption of social media (forcing a shift to profile cleansing from profile hiding), it's rare for any young person to not have an active social presence online, potentially touching on a range of politically sensitive topics - if not crossing professional lines with beach and party shots.

Similar to the debate over whether children should be seen and not heard, I've witnessed a number of older senior APS managers express their ongoing views that public servants should neither be seen nor heard in public debate - despite this going further than even the existing guidance for how public servants may engage in public discourse.

Moving on to the current consultation process, there's a few assumptions in the approach which could significant impact the outcomes.

Benefits vs Risks

Firstly the entire consultation, while nominally appearing to aim to be neutral, overwhelmingly concentrates on the negative impacts of public comments by public servants.

The approach largely overlooks the benefits of having an engaged workforce, interested and knowledgeable about a policy area, able to engage effectively in online debates - providing facts, busting myths and communicating compassion and concern for the communities impacted by policy decisions.

Some organisations outside the public sector have realised the value of staff as advocates for an organisation - that every staff member is connected to hundreds of peers, friends and family members who are potential customers or clients. However it seems only rare public sector organisations have recognised the same potential.

Imagine the impact of having 4,000 Health Department staff sharing the latest PBS drug additions, or carefully explaining government policy to communities who haven't been on the same journey to recognise why alternate approaches look fine on the surface, but have significant long-term negative impacts.

Imagine having over 30,000 Human Services staff sharing the latest information on changes to welfare programs, the release of new apps, or helping parents considering separation to understand their potential financial obligations to their children in a divorce.

The upside of having staff engaging socially is immense where staff are provided with the right access to tools, advice and potentially training - more effective than spending millions on 'shouting at' communities via traditional media, or even online communication campaigns.

However taking this positive approach to staff social engagement relies on a critical factor that increasingly appears in short supply in the public service - trust. Senior executives in the public sector have long been shown to be significantly disconnected from their staff - with regular APSC studies showing enormous differences in perceptions as to how well senior managers communicate and with work satisfaction levels.

With rolling pay disputes, increasingly employee concerns around the casualisation of workforces, fewer opportunities for staff to progress and ongoing budget cuts, there's a range of factors already impacting on trust relations within agencies - a largely negatively focused social media policy, designed around preventing bad behaviour rather than enabling and supporting good behaviour, is merely another straw on the back of the increasingly concerned camel.

Policy for the future of the APS

Looking further at the consultation, while it doesn't specifically exclude any group from consulting, the placement and approach strongly favours current APS staff, or the hyper-interested (such as myself).

This means the consultation will largely be biased around current staff and their current expectations, having little consideration of potential staff who increasingly consider their ability to engage freely on social media as a right rather than a privilege restricted by an employer.

This could lead to amended guidance on social media engagement that progressively discourage good people from potentially considering APS roles, particularly in emerging areas related to digital.

Given social media comments are forever, there's an entire group of young, university educated, visionary and innovative people who, under strict APS social comment policies, may never be eligible for APS employment based on their past personal views 'poisoning' their ability to be impartial.

The questions for consideration included within the consultation are quite broad and I've covered each below with my views.

1. Should APS employees be prevented from making public comment on all political issues? Should there be different rules for different groups of APS employees?

Even Ministers only focus on their own portfolio policies and challenges, so it's highly impractical to expect public servants at any level to be sufficiently across all political issues to be able to avoid commentary on topics that affect them personally, but may (to a greater or lessor extent) also touch on significant political issues.

Equally with political policies now touching on most areas of life, even indirectly, there's little that a public servant could say that could not be deemed a public comment on a particular issue, even if via a slightly drawn bow by a hostile outside party.

The impact of this would be similar to the impact of the current APSC policy, to cause many public servants to choose not to engage in public debate at all. Given that public servants are generally well-educated and well-informed and trained to form opinions based on evidence, this presents a significant loss to public debate within Australia and the exclusion of expertise that could otherwise shift and shape national views.

I'm aware of experts who have been effectively silenced in their areas of expertise due to a government engagement for a different set of their skills. This weakens Australia's democracy, rather than protects it.

While it may seem prudent to at minimum limit the scope for public servants to engage publicly at least within their own policy area, the area in which they have greatest experience and expertise, this is also counter-intuitive.

I do believe that public servants should strive to present the positives of current policy positions and effectively communicate set government to the public including, if they so choose, via their own social media accounts - even when respectfully making it clear that their views might differ from the government's, but that their role is to carry out the policies irregardless of personal opinion.

However in areas where policies are under debate, not yet confirmed by government or otherwise not set, public servants should have the right to choose to engage in the public debate and express their views in a respectful manner. Due to their experience in their own policies areas, it would be expected that their views would be well-informed and therefore support the public debate.

In essence I believe that public servants should be exemplars of public engagement in democracy, not simply 'bag carriers' for agencies. Through positive, respectful and evidenced sharing of their views they not only contribute to the content but to the shape and effectiveness of public debates in Australia, fostering effective democratic engagement - thereby supporting Australia's underpinning principles as well as perceptions of the public service and government.

As to the second question, of different rules for different groups, I understand how more senior or personally expert public servants can have a bigger impact on public debates - and this is appropriate, when used sensitively. This is no different from the different regard to voices from across Australia's democracy - different groups will always hold different voices in higher, or lower, regard, based on positional influence, knowledge or celebrity.

Constraining more knowledgeable or senior public servants to keep a debate 'level' makes no practical sense, and while I can see where certain elected or senior appointed officials may have concerns over being 'outshone' or having their decision-processes impacted by senior public servants, or more hierarchically junior celebrity individuals or experts, this is more related to ego than to good policy formulation processes.

Ultimately evidence and outcome effectiveness should drive policy processes - and even when this isn't perfectly the case, agencies should always strive to champion the right approach and leave it to elected officials (who can also be unelected) to make decisions on particular courses. As such allowing public servants to speak in undefined policy areas with respect and evidence is totally appropriate and supports robust and engaged democratic processes (even if this may at times personally annoy Ministers or senior public servants with specific ideological agendas).


2. Should APS employees be prevented explicitly from making critical public comment about services or programs administered by their agencies?

While this question appears reasonable on the surface, it overlooks the sheer scale and extent of some agencies, and the absence of effective internal processes to manage programmatic issues or failures.

Firstly, certain programs and services are frequently moved between agencies due to machinery of government changes or due to agreements between agencies where one may deliver services for another. This means that a public servant having issues with a program one week, and commenting about this publicly, could suddenly find themselves under investigation after a Minister or senior public servant decides to move the service into their agency.

Secondly, the scale of agencies, and the lack of communication of their range of activities, can mean that public servants may be unaware that a particular program or service is actually administered by their agency, particularly if delivered by external contractors or other agencies. Again this could easily catch out public servants who are not omnipotent - an expectation that is unrealistic when even Ministers can often be unaware of all the activities in the nooks and crannies of agencies within their remit.

Finally, agencies must commit to having effective internal dispute resolution processes for staff having issues with specific programs or services administered by their agencies. These are in place in some, but not all cases - leaving some public servants with no internal avenue to resolve disputes and thereby driving some to speak out publicly. Agencies would eliminate a significant amount of the potential for this risk by instituting effective internal dispute resolution processes.

If public servants are using and finding concerns with certain services or programs from their agency it is highly likely that members of the community will be as well, meaning that staff concerns should be treated like a canary in a coal mine - an early indicator of an issue that the agency needs to address and solve.

Essentially APS employees should not be prevented (if that were even possible) from making critical public comment about services or programs administered by their agencies. However they should be held to a high standard of providing evidence, of engaging respectfully and making it clear that these are their personal views only. Few programs will achieve 100% happiness rates amongst the communities affected by them, and recognising and acknowledging alternate views, even from within the organisation delivering them, is a sign of a mature and secure organisation committed to continual improvement and the engagement of staff who will act to improve outcomes, not merely remain silent about poor ones.

3. Should senior public servants have specific limitations about making public comments?

Per my response to the first question - no. However they should be held to a high standard of evidenced and considered responses, and selective engagement.

It is still relatively rare for senior public servants to actively engage in public discourse, particularly via social media channels - and this is a significant loss of role models who could help set a respectful tone for engagement across the community. If senior public servants fear criticism, or fear criticising their Ministers publicly this helps reinforce a status quo where their expertise, knowledge and experience is subordinated to snap decisions, supporting the gradual degradation of trust and respect in government and agencies.

Where senior executives strategically engage in public debates as 'eminent Australians' they both enrich the conversations and model a form of democratic engagement that others across the community are influenced to follow.

That said, this engagement should be respectful and carefully timed, rather than proliferate. They must also ensure that they demonstrate that they can work effectively with Ministers' offices even when disagreeing with policy. This can be a delicate high wire to walk and many current senior public servants may not have the depth of experience with social channels to carry this out effectively. This will change over time.

Currently few senior public servants engage at all via social channels, and I believe this is a significant loss to public discourse in Australia.

4. Should public servants posting in a private capacity be able to say anything as long as it includes a clear disclaimer stating that the opinion they have expressed is purely a statement of their own opinion and not that of their employer and is otherwise lawful?

Looking at this realistically, any public servant, or individual, can set up a pseudonymous account and say anything they want with limited chance of detection or identification (due to the large number of such accounts). Indeed it is likely that a number of public servants already do this in order to be part of the groups they wish to associate with online.

I believe that public servants, by way of their employment, should be held to a higher standard of engagement than general citizens, therefore should be expected to remain fair in their comments and criticisms, obey all laws regarding abusive or otherwise inappropriate behaviour on social media channels (as suggested in the question) and is evidenced where feasible - noting that not all areas of opinion lend themselves to evidence.

Public servants should model the digital engagement behaviour that a democratic society should aspire to, helping to foster productive and insightful debate, dispel misinformation and accurately direct people to where they can receive the help they require.

Currently I believe that APSC gudiance is more directed at an outdated view of 'impartial', which includes 'passionless' and 'unemotional'. Public servants should be free to be excited and passionate about their work and about principles that matter in democracy. This positively enhances their perceived capacity to be effective in service to the public, whereas emotionless engagement only serves to diminish effective debate.


5. Are the requirements of the APSC guidelines expressed clearly? Can they be made simpler and easier to understand?

I have never been a fan of the current APSC guidelines for public comment via social media.

They leave too many gray areas for senior management discretion around what is meant by 'harsh or extreme', 'strong criticism' or 'disrupt the workplace' - which I have seen used negatively against exceptional people by jealous bosses, to the loss of the public sector.

They are too broad, effectively covering every policy from every parliamentary party or independent - leaving public servants in a live minefield where, at any time, additional mines can be placed under their feet.

Overall they are negatively focused - looking at the downside risk of social media engagement without fully embracing the potential benefits of effective involvement by public servants in public discourse.

As an ex-public servant this blog, which touches on various policy areas, programs and initiatives - often in a critical but constructive manner, would never have been started under this APSC policy. Given my readership and the level of positive engagement it's had, I can't see how this would have been a better outcome for the public service.

Equally I've not been prepared to work directly for a government with this level of restrictive social media policy, and have spoken to many other people from the private world who ceased considering a public service career after seeing the draconic provisions in the current guidelines.

Of course the majority of the public service have continued to work productively under the current guidelines, however I saw an 80% reduction in public servant engagement online in the twelve months after its introduction - with many people closing down social accounts, going silent or shifting to pseudonyms to protect themselves.

This has had a negative impact on the online public policy debate in Australia and these personal accounts cannot be replaced by departmental accounts, which do not have the peer-to-peer engagement or influence of individuals online.

Looking at the international perspective, there's now far deeper and more constructive engagement by US, UK and NZ public servants on social channels then by Australians.

Ultimately, under the current APSC guidelines, any Australian public servants who wish to participate in public democracy online must weigh the negative impact if they ever stray, in their management's opinion, over a wide gray line, even only once within thousands of posts.

This makes the risk to the individual simply not worth it - but the cost to Australian democracy of the silencing of these voices is immense.

Read full post...

Monday, November 07, 2016

It's time to provide feedback on Australia's Open Government Plan

Last week the government released Australia's draft Open Government National Action Plan, a requirement to join the international Open Government Partnership, for community consultation.

Australians have until the 18th November (Edit: extended from 14th based on community feedback) to comment on the plan, at which stage the government intends to move to rapidly endorse it via Cabinet and begin implementation.

The plan is available as a PDF download from the government's Open Government Partnership website (ogpau.govspace.gov.au) as well as in web format (much easier to read) at the civil society Open Government Partnership Network site (opengovernment.org.au).

I've included the 14 commitments proposed below in brief - for more detail click through to the sites. (Edit: thanks to Asher for corrected number).

Transparency and accountability in business

The Government will enhance Australia’s strong reputation for responsible, transparent and accountable business practice. 

Open data and digital transformation 

The Government will advance our commitments to make government data open by default and to digitally transform government services. 

Integrity in the public sector  

The Government will improve transparency and integrity in public sector activities to build public confidence and trust in government. 

Public Participation and Engagement

The Government will improve the way the Australian Government consults and engages with the Australian public.

Read full post...

Wednesday, October 26, 2016

It's past time for governments to mandate security levels for all internet-connected devices

On the tail of the 2016's Census issues dealing with four relatively small distributed denial of service (DDOS) attacks, the US East Coast was recently hit by a massive DDOS attack that succeeded in taking offline, or at least slowing down, major sites - from Amazon, Twitter and Spotify to PayPal and Netflix.

This major attack, involving millions of devices, had global impacts - including impacting the websites of range of Australian companies - retailers, banks, media services, insurance companies and hotels.

This type of attack isn't new - for years organisations have had to harden their computers and networks to fend off DDOS and more focused hacking attempts.

In fact a DDOS attack is often considered one of the most unsophisticated approaches - simply flooding a network with an unmanageable number of requests from hundreds, thousands or millions of hijacked devices until the routers and web servers collapse under the pressure.

However this latest attack was different in several regards to what organisations now should plan for.

Firstly it was on a scale that few had imagined. The company targeted, Dyn, provides backbone services for the internet and was well prepared for massive DDOS attacks. However this attack was at a scale that even such a service was unable to fend off without significant disruption for hours.

Secondly, the approach didn't use the normal range of compromised and poorly patched internet-connected devices to launch and sustain the DDOS attack. Normally hackers conscript or buy access to 'botnets' made up of hundreds or thousands of poorly maintained computers on insecure networks, using malware on these PCs to launch an attack.

In this case, however, the people responsible used open source hacking software to tap into a network of devices connected to the internet - security cameras,  Digital Video Recorders and web cameras, amongst other types.

The majority of these devices were older, with many were linked to one specific Chinese manufacturer who develops white-label products for others to brand and sell. Most relevant, these devices had little if any security in place to prevent hijacking. They are also unpatchable - they can never be secured in ways that make it hard, if not impossible, for hackers to take them over.

In other words, these non-computing insecure devices are a permanent threat to the internet. They can easily be used in malicious or military cyberattacks by anyone with the inclination to do so.

While the manufacturer has issued a recall for these permanently insecure devices (though its unknown how many devices will be returned as part of this process), the growth of the 'internet of things', where DVRs, smart fridges, air conditioners, cars and all kinds of household and work appliances are linked to the internet for monitoring and management purposes, poses a growing threat to the ongoing viability of the internet.

With billions of devices progressively being connected to the internet, there's little in the way of mandated or legislated requirements for devices to be secure to a given standard at a point in time, or have their software regularly upgraded to ensure that known security risks are patched.

While most countries specifically regulate and test products designed for health use, power use and radio spectrum to verify they won't cause harm, few nations have similar requirements for security.

Largely this remains in the general 'fit for purpose' terms in relevant trade practice legislation, which is effectively useless when a device, such as a baby monitor or smart fridge, can remain fit for purpose and be used in a economic or politically inspired cyberattack at the same time.

This isn't a future issue. I can name six types of non-computing devices in my home which are, right now, internet capable - DVRs, TVs, web cameras, security cameras, air conditioners and light globes.

Households across Australia, and the world, are rapidly adopting or upgrading to these devices for convenience and improved management purposes - but security requirements are lagging badly.

This is an area where it's not sufficient for governments to trust that manufacturers and retailers will 'do the right thing' on an ongoing basis.

Some manufacturers and supplies  might cut corners in their software, or not realise the significance of how their devices could be remotely accessed and used maliciously. Others may discontinue products or go bankrupt, leaving devices unsupported.

The end result is not necessarily a risk to the consumer who bought the product, but rather a broader risk to society that these devices are used in an attack that damages companies or governments.

There's also a risk that companies or unscrupulous governments may use these 'smart' connected devices themselves to spy on citizens. Indeed this may already be happening.


Now some governments, such as the Australian Government have begun offering advice to citizens on how to secure their personal networks. A good home firewall will, currently, help keep many potentially insecure devices protected against external risks.

However this is merely a stopgap. Firewalls have flaws, can be bypassed and are not consistently installed or maintained by households.

With internet-connected devices already proliferating, many already in households and businesses may be impossible to secure, as were many of those used in the recent US cyberattack.

For governments to protect societies against cyberintrusions - economic loss, political damage and inconvenience, there needs to be far more consideration of the potential risks around internet-connected devices - and fast.

Extra: I've just read a post that sums up this issue very eloquently, so have embedded it below...

Read full post...

Monday, October 24, 2016

For how long should we judge people by a few intemperate comments?

Over the last few weeks we've seen several prime examples of individuals being judged and convicted by comments they made at some point in the past.

Most would now be aware of the leaked tape of Donald Trump and Billy Bush, whose 'locker room talk' recorded in 2005 has led to an exodus of support and new sexual harassment claims against the US Presidential Candidate, and Bush's exit as a NBC News anchor. Trump has said that 'no-one respects women more than him' and apologised for his words, stating they were merely words and that he'd never act in such a way (prompting a number of women to come forward with examples of a pattern of behaviour).

Some may also be aware that last week Twitter fired Greg Gopman after a month, when TechCrunch republished one of Gopman's Facebook comments from 2013, in which he called homeless people 'trash'. Subsequently to his comment, and before the Twitter firing, Gopman had quickly apologised and taken a number of actions to help the homeless community in his city.

Without commenting on the merits of either sequence of events, I believe that society, and organisations, need to seriously consider how to manage intemperate comments by individuals and their ongoing impact on lives.

We now live in a world where almost any comment may be recorded and kept indefinitely - and can resurface at anytime.

These comments may be said in the heat of the moment and later repented, or may form part of a long-term pattern of behaviour that defines an individual's approach and thinking.

However in the hothouse of modern media, context is quickly lost. The distinction between a pattern of abuse or bad character and an occasional momentary weakness or bad behaviour rarely survives a media and social media scrum.

Even positive or neutral comments, or a moment in time video, recording or photo , when used out of context, can have a devastating impact on an individual's future prospects, their ability to contribute to society, as well as on their family, friends and employer.

With teenagers experimenting with social norms in public social channels, and fast-shifting social norms catching older people out for unwise comments made decades ago, few of us can truly say that none of our past comments cannot, and will never, be used against us.

Moving forward do we want to be a society where we drag everyone down to the worst versions of ourselves - where we glory in ripping and tearing others apart for momentary lapses of judgement, fast regretted?

Or do we wish to be a society that glories in redemption, that allows people to make mistakes, correct them and move forward and upwards to their best selves - provided they actually do.

Organisations need to decide when they will they stand behind individuals who make a few mistakes and correct themselves, even in the face of a media storm. They need to decide where to draw the line between intemperate mistakes and intolerable character flaws and patterns.

Otherwise we're heading toward a society where there's no second chances, no room to grow and improve from one's 17 year old self. A society where those of truly bad character conceal themselves and thrive (even into high office) by claiming that everyone who has ever made a mistake is just as bad as them.

The first step required is to have that conversation - in the media and in organisations. We should not 'walk past' a discussion and simply seek to control information in the hope of protecting otherwise good people from the mistakes of their past.

The standard you walk past is the standard you accept.

Read full post...

Wednesday, October 19, 2016

Support my ePetition for a better Australian ePetition site

Openness in government is supported by low barriers to engagement between citizens, agencies and politicians.

For example, making the House of Members' Register of Interests available publicly is great - but not THAT great if it is only available for viewing in hardcopy in one location in Canberra between the hours of 9-5pm (which used to be the case).

Recently the Australian Government launched its ePetitions site, designed to make it easier for citizens to petition government on specific issues or goals.

You probably didn't see any media headlines about it, or even government announcements - nor is the site easy to find via search or within the Parliament House's website.

If you do find it - the approach is uninspired and basic. I reviewed it compared to three other ePetitions sites internationally, and it just didn't stack up on usability, accessibility, attractiveness or tone. Read my comparison here.

There's ePetition platforms available that are far more developed and inviting, and there's lessons from international ePetition sites that clearly weren't learnt.

The cost to us, to Australia, is that people won't engage with Parliament and the Government in the ways they could, reducing the openness and effectiveness of the process.

So... I created an ePetition to Parliament. It ask them to mandate the Department to work with the broader community to implement a true Web 2.0 ePetitions platform.

This platform should be equivalent to the best of breed internationally and embed best practice design principles (such as from the Digital Transformation Office).

Slightly to my surprise, they've published my ePetition, though without actually telling me - another issue with the Aussie process.

Therefore I'd appreciate if you could sign my ePetition at: http://www.aph.gov.au/Parliamentary_Business/Petitions/House_of_Representatives_Petitions/Petitions_General/Petitions_List?id=EN0028

And then please share this ePetition with your networks.

Read full post...

Bookmark and Share