Monday, January 30, 2017

Governments need to think about productivity in society-wide terms, not just in terms of the public service

There's been enormous coverage of the new Centrelink debt letters process, whereby the Department of Human Services has automated the process of matching data from the ATO and Centrelink to try to find overpayments (but not underpayments) in welfare benefits to Australia.

The automation has involved removing human quality assurance steps, which has led to the number of debt checking letters growing from 20,000 per year to 20,000 per week. Over 260,000 of these letters have been sent out to-date.

Now automated data-matching can be a fantastic thing when used well. It can reduce duplication in identification processes, find patterns and trends that inform polices and service delivery, and even identify inaccurate payments - as was the intention with this approach.

However for a data-matching process to work well, the system rules need to be well-designed and tested, and the data needs to be comparable so as to be matchable.

The widespread issues that are being reported by former and current Centrelink payment recipients and the enormous (more than 350 articles over the last month) of media coverage suggest that the system that Centrelink put in place meet neither of these conditions.

Without going into the apparent system issues, which have been covered widely, the reason Centrelink and other agencies introduce automated systems is to allow them to achieve the same, or better, outcomes with fewer staff - something that in economic terms lifts the productivity of the agency.

Centrelink has reduced its workforce by around 5,000 staff over the last five years, and moved to have a larger casual workforce with fewer permanent staff. These types of changes are occurring across many large public sector organisations as governments tighten their belts.

However it seems that when governments today act to (hopefully) bring about productivity gains and cost cuts, they focus primarily on a subset of the economy, the public service.

They appear to overlook the potential impacts on other sectors, or the overall productivity or cost dividend to the community they serve.

Let's use the Centrelink situation as an example. By cutting a human quality assurance step, and using a purely automated approach for identifying potential overpayments, Centrelink has transferred the cost of checking that their data is accurate from internal staff to welfare recipients.

Now while it may be appropriate for the people receiving the payments to be responsible for justifying why they receive them, there is a significant productivity cost when passing the task of quality assuring claims from trained and experienced staff with strong systems supporting them to low income, sometimes low education, citizens.

This productivity cost is exacerbated when these citizens are expected to re-prove their eligibility for past welfare payments, dating back as far as six years. The citizens now must track down former employers, landlords and education providers to source the materials that Centrelink has decided it now requires (often for a second or third time) to revalidate past payments.

So not only are individual citizens required to spend significant time checking the documentation Centrelink holds on them (which is subject to errors from mistaken entry by Centrelink staff and algorithmic mistakes, such as averaging a citizen's part-time or sporadic pay over 26 fortnightly periods), but must also involve the time of a range of former employers and landlords.

Now I've been going through an employment process (you'll hear more about this shortly), which required me to source a range of documents from 4-6 years ago from former employers - both public and private sector. While not the same as the process welfare recipients are facing, it required similar information such as old payslips and employment dates.

All the organisations were very prompt in responding (thanks to you all), taking no more than two weeks to pull together what was required - however I estimate that the combined time they spent on this one matter for me exceeded ten hours work time, just for one person in one clearcut situation.

For the 260,000 welfare recipients who may have to re-source material from employers and others, this time adds up to potentially millions of hours of lost productivity for the companies involved - that's outside the time spent by the welfare recipients themselves to 'prove' they were not overpaid, or not as much as Centrelink claims they were.

The Minister for Human Services suggested before Christmas that around $300 million in debt had been recovered, this was later revised to being debt identified, with neither the Minister nor Department able to conclusively say how much had actually been paid to the Commonwealth.

Now let's look at a few estimates.

Welfare recipients are reporting that they are spending up to dozens of hours resolving this matter with Centrelink. That includes pulling together documents, dealing with former employers. waiting on the phone with Centrelink for up to four hours, with multiple call-backs for dropped lines, managing difficulties with MyGov and other associated activities.

For past recipients (who may have spent a few months or years on welfare when studying or during gaps in employment) who are currently employed, this can require non-productive time in business hours while at work (the only time Centrelink takes calls) and cutting into other job-related or educational activities outside hours.

In addition their former employers and educational institutions are spending hours pulling up old payslips from archives - noting that where employers have shut-down this becomes even more difficult and time consuming.

If we assume that the average welfare recipient is spending 6 hours on dealing with their Centrelink debt and that former employers are spending another 4 hours servicing their requests to meet DHS requirements, that's 10 hours productivity lost per debt notice.

Now if we assume that 60% of debt notices require this time investment, based on 260,000 notices issued, that's 156,000 debt notices on which people are spending 10 hours each on resolving - whether or not there is an overpayment at the end of the process.

Let's take a hourly rate of $30 - low for Australia - as the dollar cost of those hours. Based on 156,000 notices at 10 hours effort (1,560,000 hours effort total), at that dollar rate the cost to the economy is $46.8 million dollars.

Now that's the direct productivity cost to citizens and businesses. On top of that there's been extensive involvement by not-for-profit legal and counselling services dealing with an upsurge in complaints and counselling needs and the mental and physical distress people facing large unexpected Centrelink debt notices are currently facing, harming their ongoing productivity and effectiveness.

There's also time spent by citizens on social media engagement, the creation and management of the NotMyDebt website and, finally, the time being spent by Centrelink's own staff sorting out debt issues which could have been easily screened out through a QA process.

I'd estimate from the above that the net productivity cost to Australia of saving Centrelink's QA step is already approaching about $80 million, without considering the longer-term cost of the loss of credibility and potential impact that will have on future productivity.

While the Commonwealth may be able to claw back this amount of money via the debt notices, I think that the situation is already well past the point where the situation has a net productivity loss to Australia as a society.

In other words, the cost of reclaiming this debt in this manner, is significantly outweighed by the overall productivity cost to the country. Sure it might make a good political statement for a 'no-nonsense' approach to welfare (though this appears challenged by poll results), but the economic cost makes the approach very hard to justify from a pragmatic perspective.

Government is likely to face more and more of these types of situations as it attempts to lift productivity and/or cut costs by transferring the work done by staff back onto citizens.

While I understand the importance of cost management in government, and the ongoing desire to lift productivity, looking at these metrics based on public sector inputs rather than society-wide outputs does risk governments making decisions that harm economy-wide productivity in the long-term when chasing short-term productivity gains for a specific government agency.

Governments who wish to see long-term economic gains need to carefully consider how they shift effort from experienced staff to inexperienced citizens in order to not increase burdens that reduce overall productivity and wipe out the public sector savings through lower tax receipts or large pushback costs.

Digital transformation is a key tool in this process, but must be used wisely, not simply to automate steps to remove humans, but to simultaneously cut errors and improve success-rates.

The current Centrelink debt issue is a clear example of what happens when a good automation idea is executed poorly, becoming an overall loss to government rather than a win.

Read full post...

Tuesday, January 24, 2017

You've Been Hacked - how far should governments go to protect against the influence of foreign states?

Like most people with a broad digital footprint I've been hacked multiple times, usually in fairly minor ways.

Around ten years ago I had my PayPal account hacked through malware in the Amazon site, costing me $300.

PayPal staff insisted this was a legitimate payment for goods (which I hadn't ordered) being delivered to my legitimate address in Norway (despite having provably never visited the country). I've been very cautious & limited in my PayPal use since, and never recommend them.

Over Christmas last year my Social Media Planner site was hacked and seeded with malware. Fortunately my IT team was able to identify, isolate and address the matter, without affecting visitors, but costing me financially (two weeks downtime). It's fine now BTW, with extra protections in place.

I've had a Skype account taken over by someone in Eastern Europe, who used it for phishing before I could reclaim it, had basic account details stolen in Yahoo, LinkedInDropBox and a range of other large-scale hacks of commercial services over the last five years - excluding the Ashley Madison hack (I've never been a member).

I'm not the only one affected by any means, well over 10 billion accounts were hacked in 2016 alone, with Australian politicians, police and judges outed as affected in at least one of these hacks (and a few in this one too).

Much of this widespread hacking results in the theft of limited personal information. On the surface it may appear to pose little risk to individuals or organisations. 

However the individual reuse of passwords and usernames can turn these hacks into a jackpot. This allows hackers, and clients they sell hacked data to, to access a wider range of accounts for individuals, potentially uncovering richer information that is useful for identity theft, economic theft, intelligence gathering or for influencing decisions and behaviour.

Despite all the reports of hacking, it seems many people still treat this lightly - the world's most popular password remains '123456'.

Most governments, however, do not. Securing their networks is a major challenge and a significant expense item. The data agencies hold has enormous political and economic value that could be easily misused to the detriment of the state if it falls into the wrong hands, or into the right hands at the wrong time.

It's not simply about troop movements or secret deals - early access to economic or employment data, access to the 'negotiables' and 'non-negotiables' for a trade deal, or even to the locations and movements of senior political figures (to know who they meet and for how long) can be used for the financial and political advantage of foreign interests at the expense of a state's own interests.

For the most part, Australia's government is decent at managing its own network security. This isn't perfect by any means, but there's a good awareness of the importance of security across senior bureaucrats and largely effective ongoing efforts by agencies to protect the secure data they hold.

However in today's connected world national interest goes far beyond the networks directly controlled and managed by governments. As we've seen from the US (and now Germany), political parties and individual politicians have also become hacking targets for foreign interests,

This isn't surprising. Politicians, potential politicians and even academics have long been targets for funding assistance and free or subsidised study trips to nations hoping to cultivate influence in various ways. In fact these approaches provide some positive benefits as well - by creating personal relationships between powerful people that can lead to improved national relationships, trade deals and even avert wars.

Hacking, however, has few of these positives, as we saw in the release of Democratic National Congress emails by Wikileaks, which were most likely obtained through Russian state-sponsored hacking and likely was designed to influence the US's election outcome.

Whether you believe the cumulative findings of the US intelligence community or not, it is certain that foreign states, and potentially large multi-nationals corporations, will continue to target political parties, and individual politicians, seeking insights into how they think and levers of overt and covert influence for economic and political gain.

Hacking will continue to grow as one of the major tools in this work.

The Australian Government is taking this seriously - and kudos to them for this.

However even this focus on political parties neglects a wide range of channels for influencing current and potential future politicians. What about their other memberships and personal accounts?

Politicians and potential politician are well-advised to position themselves in various community and business groups to improve their networks, build relationships and future support. They are also just as likely as other Australians to use the internet - for work and personal reasons.

This means they're likely to have numerous online accounts with both domestic and foreign-owned services, with varying levels of security and access control. 

On top of this, it's not simply politicians who may be the targets of influence. Political advisors and activists often shape and write party policy positions, despite never being publicly elected. Influence an advisor and you can influence policy, as the many registered lobbyists know only too well.

Equally bureaucrats across government often are exposed to material that could, if shared with foreign interests, cause some form of harm to a state. We've seen this in insider trading by an ABS staff member, where the economic gain to the individual public servant outweighed his good judgement and public duty.

While bureaucrats are security assessed to a significant degree (unlike our politician) and selection processes are in place, backed by rules and penalties, to screen out the 'bad eggs', the potential for public servants to be influenced through hacking their personal accounts has risen along with their internet use.

Right now we're in an environment where the number of attack vectors on a politician, an advisor and on individual public servants, is much higher than at any past time in history - while our tools for protecting against foreign influences have not kept up.

Of course this goes both ways - our government also has the capacity, and often the desire, to influence decisions or negotiations by other states. We've seen ample evidence of this, although it isn't really a topic our government wants to discuss.

The question for me, and I don't have a solid answer yet, is how far technically should a government go to limit the influence of foreign states.

Should governments merely advise political parties on how to secure themselves better?

Or should governments materially support parties with trained personnel, funding or even take over the operation of their networks (with appropriate Chinese walls in place)?

What type of advice, training or support should agencies provide to their staff and Ministerial advisors to help them keep their entire footprint secure, not just their use of work networks, but all their digital endeavours?

And what can be done to protect future politicians, advisors and bureaucrats, from wide sweeps of commercial services collecting data that could be useful for decades to come?

We need to have a more robust debate in this country about how foreign states and commercial interests may be seeking to influence our policies, and decide as citizens the level of risk we're prepared to accept.

Until this occurs, in a mature and informed fashion, Australia is hurtling forward into an unknown future. A future where our political system may be under constant siege from those who seek to influence it, in ways that are invisible to citizens but more wide-reaching and dangerous to our national interest than any expense scandal.

If this isn't the future that we want, then it is up to us to define what we want, and work across government and the community to achieve it.

Read full post...

Thursday, January 19, 2017

90% of digital disruption is still to come (podcast)

A few months ago I interviewed with Andrew Ramsden of AlphaTransform, who has spent the last year capturing the thoughts of digital leaders around Australia (he also has a book in the works).

He's now published the interview as Episode 16 in his Alpha Geek Podcast - which is definitely worth checking out.

You can listen to the interview below, in which I suggest that we're still at the start of the digital transformation journey for society, for business and for government...

Read full post...

Thursday, January 05, 2017

Defining and celebrating effective Australian leadership

Victor Perton, former Victorian Parliamentarian, Government Advisor, Advocate, Board Member and one of my mentors founded AustralianLeadership.com in 2016 with the mission to "celebrate, understand and improve Australian leadership."

He interviewed me on the topic of Australian Leadership in late 2016 and recently posted the interview, which I've replicated below.

For other great interviews, visit his AustralianLeadership.com site where he's collected a variety of interesting perspectives on leadership in Australia.

Victor PertonCraig, what do you see as the unique qualities of Australian leadership?

Craig Thomler: One of the most appealing and positive qualities about Australian leaders is their approachability. Australia has much less of a sense of hierarchy than Europe or Asia, and this egalitarian attitude displays itself through a readiness for leaders here to engage with, and listen to, people at all levels of their organisation and to be open to engaging with a wide range of people from outside their organisations.

This leads to an increased willingness to entertain new ideas, as well as an improved understanding of the needs of different groups and results in decisions that are more inclusive and attuned to customer and staff needs.

Another unique quality is how laid-back Australian Leaders commonly are. This allows them to more effectively manage difficult situations without significant apparent strain, simply taking challenges in their stride. This quality isn't universally positive, on occasions, it can lead to a lack of attention to detail, or giving up a level of control over events, which can lead to additional downside risk in certain situations.

Finally, in my experience, Australian Leaders are commonly more collaborative than many other leaders around the world. This exhibits itself more commonly between organisations and in the decision-making processes of leadership teams. Often the ultimate leader in a leadership team is seen as 'first among equals' rather than as a level above others in the group, reflective of Australia's egalitarian outlook.

Victor PertonCraig, what are the qualities that Australians seek from their leaders?

Craig Thomler: I believe that Australians value approachability and 'down-to-earth' practicalities in their leaders. We don't commonly place leaders on pedestals or exalt them. We accept that they are humans, with flaws, and, to a degree, accept those flaws as part of the characteristics that makes them good leaders.

Leaders who see themselves as 'above' others, due to expertise, experience or position, or who portray themselves as flawless, tend to be less credible to Australians and less believable as leaders.

Australians also value honesty and a sense of fairness in their leaders. Leaders who do not exhibit these traits consistently rapidly lose their shine and then their effectiveness.


Victor PertonCraig, what is the finest story of Australian leadership you have experienced or observed?

Craig Thomler: Probably the finest act of leadership I have observed in Australia in the last five years was by Lieutenant General David Morrison AO, whose position on sexism and violence against women, per his video statement in June 2013 (see below) demonstrated clear and effective values-based leadership on a topic that other Australians in leadership positions - both public and private sector - had been unable to grapple with.

His statement, which reverberated around the globe, drew a clear line in the sand on appropriate behaviour not only in the Australian Army but across the Australian community.

Read full post...

Thursday, December 15, 2016

Australian Public Servants want the right to comment respectfully on political and policy matters online

I've been monitoring the Australian Public Service Commission (APSC) public consultation on the current social media guidelines for Australian public servants (APS).

While they clearly aren't interested in comments from former or potential future public servants, having neglected to publish, or even link to, my comments - which I submitted to the APSC four weeks ago - there's been 109 public comments published from current public servants.

While there may be private responses to the consultation, or other public comments as yet unpublished, I've analysed the comments available and the viewpoint points consistently to one conclusion.

Australian Public Servants overwhelmingly want the right to comment respectfully on policy and political matters via the social media channels of their choice.

It's clear from the responses that social media is increasingly seen as a normal way to communicate - like chatting at a barbeque or on the phone - and public servants increasingly feel the medium should be treated in the same way, with an emphasis on the 'social' rather than the 'media'.

Only nine of the publicly published responses supported the current guidelines for public servants, which state (in part) that:

6.2.7 When employees make public comment in an unofficial capacity, it is not appropriate for them to make comment that is, or could be reasonably perceived to be:
  1. being made on behalf of their agency or the Government, rather than an expression of a personal view
  2. compromising the employee's capacity to fulfil their duties in an unbiased manner—this applies particularly where comment is made about policies and programs of the employee's agency
  3. so harsh or extreme in its criticism of the Government, a Member of Parliament from another political party, or their respective policies, that it raises questions about the employee's capacity to work professionally, efficiently or impartially
  4. so strong in its criticism of an agency's administration that it could seriously disrupt the workplace—APS employees are encouraged instead to resolve concerns by informal discussion with a manager or by using internal dispute resolution mechanisms
  5. a gratuitous personal attack that might reasonably be perceived to be connected with their employment
  6. compromising public confidence in the agency or the APS.

 Whereas 90 of the published responses stated that, to quote from one respondent,
It is important to recognise that, as citizens, public servants should have the right to express an opinion on key political issues providing they do this respectfully and that the issues they are commenting on do not not relate directly to their area of employment.
This view was represented many times, using different words and phrasing...

I can see that there is an argument that there should be more caution about what is said about the area in which you work, but why should I be prohibited from making comment publicly about immigration policy or environment policy if I don't even work in that area?

...if I want to make a comment about the work of my department in my position as a customer of that department, or as a taxpayer who has an interest in the direction of government programs generally, I ought to be able to do so.

Remaining a-political should not preclude someone from criticising an individual's performance in government… Questioning obviously wrong policy is not straying from the APS code of conduct.

People should not be persecuted or railroaded for making public comment in their own personal time on any social media platform regardless of what the posting is about or responding to that is not work/employment related.

If the APS are censored from making any criticism of the government of the day and their policies, it's going to be even harder to encourage good people to want to work with us. 

As an employee of the APS I am 100% committed to upholding the Values and Code of Conduct whilst at work, and in situations that are in connection with my employment. As a citizen I have my own set of values and beliefs and shouldn't be forced to remove myself from public debate on social media platforms just because I am a public servant. 

Having the right to vote, by default, forces you to have a political opinion. While public servants retain the right to vote, they should also be able to voice that opinion.

We should have freedom of speech, so long as we speak respectfully about issues

Public servants should be allowed to say anything on social media during their unpaid time.

If it does not relate directly to the programs administrated by their agency, preventing APS employees from engaging in public discourse as private citizens is excessive and oppressive.

No matter how distasteful, racist, sexist, or whatever an opinion is, a person should have the right to express that opinion, provided it is not obviously linked to an organisation.

Public servants should have the same rights as any other Australian to comment on the government of the day and political matters.

Some were even more blunt,

Every vote counts. So EVERY voice should have the ability to be heard… Why is the government so afraid of the people?

It's unfair and oppressive to expect that because someone works in the public service that they can't be affected by political and social issues and therefore have opinions about the issues which may affect them and the people who are important in their lives. 

Why pretend we agree with everything we're told to do? It's like an atheist praying in Church to make their religious parents happy. As long as expression is respectful, it should be permitted.

When a politician says something stupid (which many of them do) I should be allowed to comment that they said something stupid.

While others questioned whether the government's current policy suggested that public servants were not trustworthy or that Australian democracy was broken,

In 10 years of working in Government I have only ever seen fantastic, impartial and evidence based decision making, and this is despite the fact that as humans, Public Servants naturally hold opinions. To imply that they cannot be trusted to comment responsibly on social media is to imply they cannot be trusted anywhere. Why does the medium change things? I.e. if we're questioning the integrity and trustworthiness of the Public Service; why should it be limited to social media? Either we are trustworthy everywhere, or we are not.

In Australia we have a liberal democracy. Public servants are part of that democracy. As such the boundaries on political and social commentary should be set quite generously for all, public servants included. In our history we have fought totalitarian regimes that have sought to inhibit free speech, my father and grandfather both fought for freedom and democracy. I see the curtailing of free speech that all citizens currently have as a huge infringement on hard-fought and won rights.

People who work for the public service have just as much right to question the Government in a democratic society as the next person. If they don't, then how democratic a society is it?

 Any democracy that cannot deal with criticism, regardless of the source, is no longer a democracy.

Only a few believed the current limitations were fair,

To protect public servants from any erosion of trust now or in the future, I believe they should not be posting anything critical.

I have worked for three federal government agencies in my working life and am proud to have done so; I believe in what these agencies stand for and deliver to the Australian community. I am not about to bite the hand that feeds me. If I find a significant shift in agency policy and practice which would be at odds with my own belief system and make being a-political in a professional role impossible I wouldn't hang on for any length of time I would simply leave.

No matter who your employer is, whilst you are in their employ, I believe you should respect that bond and not do or say anything that would damage that company's reputation.

A minority (14) suggested that public servants should conceal their connection to the public service while posting, to prevent an obvious link to their employer, while a few others pointed out that this wasn't really a protection at all.

My suggestion would be that APS employees should not list their Department or Agency as their employer on social media sites. They should not divulge any information that is not already available on public record and should not publically denegrate their employer. Ooutside these restrictions, I should be able to have the same rights as Australians who work in the private sector.

A more effective result could be achieved by instructing PS employees to remove any identification as a PS employee on their personal social media accounts and to not permit comments which identify their opinion as being related to their employment. Without any identification to the person's employment, it's difficult to see how someone can perceive an employee as making comment on behalf of their employer.

On the topic of whether public servants should be able to comment on their department and work, opinions were split. 36 respondents clearly indicated they believed that public servants should not comment on their own work and agency, whereas 14 directly stated that they should and a number of others were ambivalent.

The arguments were fairly clear on both sides.

Those opposed to talking about their work and agency said it could compromise their ability to do their job impartially, and potentially release information that shouldn't be public.

Those that supported talking about their work and agency pointed out that they were the best informed about their areas and could provide critical facts and information into the public domain in ways that could enrich and improve the public conversation. They also noted that at times they were also customers of their own departments, and as such should have the same rights as other customers.

...if I want to make a comment about the work of my department in my position as a customer of that department, or as a taxpayer who has an interest in the direction of government programs generally, I ought to be able to do so.

I should be able to comment on policies and topics in the public spotlight that affect me, my family or my field without fear of reprisal from my employer - particularly where the discussion is not at all related to my employer.

It is said that Qantas staff can't publicly criticise their employer, so nor should public servants. But Qantas doesn't confiscate 20% of my income. Qantas doesn't tell me what I can and can't buy, sell, import or smoke. Qantas doesn't tell me who I can and can't marry. Qantas can't send armed men into my house to arrest me. Qantas doesn't decide what my children are taught at school... Public servants have a duty as citizens to participate fully in political debate, including in relation to the programs they administer. 

A few believed the existing policy was clear,

I do believe the social media stance is perfect as it stands.

Yes they are clear. They do not appear to require revising.

But most respondents felt otherwise,
...this area is extremely grey and needs not only definitive clarification, but absolute determination as to what can and can't be said on political issues without fear of reprisals or recriminations.

Overall all respondents agreed on one point - that public servants should be respectful when they engaged.

Hi, I think that we should have the same rights and rules of every Australian Citizen. We should be able to speak our mind, even to the point of a difference of opinion with a Government Minister, providing we do not denegrate our department, our managers or colleagues.

It is now up to the APSC as to what they do with this information and how it affects the next iteration of the APS's social media guidelines.

Read full post...

Bookmark and Share