Wednesday, June 29, 2011

Public Sector Innovation Toolkit released

Tonight the Department of Innovation, Industry, Science and Research has released the Public Sector Innovation Toolkit website.

The website is part of the APS-wide innovation agenda, designed to help public servants develop and apply innovative solutions.

Published under a Creative Commons Attribution license, the Innovation Toolkit is being used to,
  • provide information about the innovation process, tools and approaches that can support innovation in public sector organisations
  • provide updates on developments in APS innovation
  • provide links to relevant information and research
  • discuss issues relating to public sector innovation
  • ask for input
  • highlight examples of innovation in the public sector.
 As a living resource I expect to see the toolkit growing and maturing based on the feedback of its users as a world-class tool for public servants.

Read full post...

Are telephones a natural medium for internet natives?

I wanted to share this interesting post discussing the challenges faced by people used to online communications technologies when attempting to use old technologies like the telephone.

Technology’s Child: Why 21st-Century Teens Can’t Talk On the Phone discusses how phones conversations are "both too slow and too fast" and don't provide mechanisms for thinking about and carefully editing what is said.

Will telephone ettiquette become a victim of the internet revolution, replaced by new skills?

Time will tell.

Read full post...

Tuesday, June 28, 2011

European Union requires websites to make users 'opt-in' to website cookies

The EU Government's 2009 Directive banning "unnecessary" cookies in websites (if the site doesn't ask users to accept the cookie first) has just begun coming into effect - causing havoc and distress amongst European webmasters.

Cookies are small text files that websites store on a user's computer in order to reduce the need for users to enter information again and again. They are used in ecommerce sites to 'remember' what is in your shopping trolley, in social media sites to remember that you're logged in, to personalise content or advertisements based on your preferences and by many sites to provide anonymous website reports.

It is estimated that around 92% of websites use cookies. In fact it is hard to imagine the modern web without them.

However in 2009 the European Union decided as part of a 2009 amendment to their Privacy and Electronic Communications Directive that even though all modern web browsers allow users to choose to accept or refuse cookies, cookies may pose a privacy threat to individuals.

While the Directive doesn't explain why they may pose a threat, it states that cookies can be a useful tool and,
their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using. Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment.

In other words, when cookies are used for a legitimate purpose (though 'legitimate' is not clearly defined in the Directive), they can be used by websites provided that users are provided with an up-front method to view what each cookie is for and 'opt-out' of each cookie.

This directive was to be interpreted into law by European states by May 2011. So far only three countries have complied, Denmark, Estonia and the United Kingdom. The UK has also given webmasters twelve months to introduce appropriate opt-out controls on their websites, recognising the impact of their law. Other countries in the EU will introduce their cookie laws soon.

So OK, European websites using cookies now must have an opt-out provision for UK, Denmark and Estonian users and soon for all Europeans in the EU.

So where is the sting in the tail?

Firstly, these laws may apply to all websites that are viewable in European countries, as existing European privacy laws already require. This would mean that Google, Facebook, Twitter and other social media sites hosted in the UK, Asia or anywhere else in the world would need to change how they functioned due to European-only laws.

Under this interpretation (yet to be tested in court), all (hundred million plus) websites, whether ecommerce, news, information or government would have to comply.

That includes Australian government websites using cookies, including any using Google Analytics, 'share' tools, shopping carts or otherwise using cookies to store (even non-identifiable) information on users - even for a single session.

There is an alternative. Non-European websites could simply block Europeans from viewing their sites and therefore would not need to comply with the European law. That would present a very interesting geographic freedom-of-information ban, as well as damaging the businesses of many organisations and governments who want Europeans to access their websites.

The second concern is around how the opt-in approach to cookies must work.

There's no clear approach in the Directive and plenty of confusion on how the opt-in control should work. The suggested approaches in the UK are to use pop-ups (which most modern browsers automatically block) or to use an 'accordion' that appears at the top of all webpages, as is used by the UK's Information Commissioner's Office (ICO) - the ugly block of text at the top of the website.

A more humorous implementation of a pop-up opt-in control is used on David Naylor's website - read the text.

The BBC has introduced an opt-in approach that accidentally managed to break the law while implementing it - by using a cookie to hide the message asking you to opt-in for cookies. Oops - they needed to have an opt-in for that too.

The third issue with this European directive is the impact on useful things websites do. It will become much harder to personalise content for users or report on websites. Indeed the impact of people opting out of cookies, therefore rendering all cookie-based reporting significantly more inaccurate, is already being tracked. The ICO's website has itself seen a 90% fall in recorded (tracked) traffic. This indicates that the ICO will no longer know what site users are doing and cannot as effectively optimise and improve their website. Magnify this across millions of websites.

For those who wish to learn more about European Cookie Laws, check out the short video below or read the The definitive guide to the Cookie law.

And, as always, I'd appreciate your thoughts - particularly on the questions below.

Has Europe become the Cookie Monster? Or is this a reasonable and appropriate step to improve user privacy?

Should Europe have the right to impose laws in their jurisdiction on the rest of the world? If not, should the rest of the world stop Europeans visiting our sites?

Read full post...

Monday, June 27, 2011

Turning open government petitions into policies in Latvia, using online banking to authenticate citizens

It can be difficult to get a perspective on the Government 2.0 activities in non-English speaking countries.

However thanks to Francis Irving, who posted an account in the My Society email list in the UK, forwarded to the OpenAustralia Community list in Australia, here's a very interesting mini case-study on one initiative in Latvia.

In this case the initiative was created outside of government, however has become part of their parliamentary and law-making process.

It involves using online banking accounts to identify users, in partnership with the major local banks. This is an approach I've not seen used anywhere else in the world.

It is a well-structured open government initiative and one that I think Australia could do well to model similar activities on.

I've quoted Francis' email below. To learn more, join the OpenAustralia Community list.

Francis Irving (posted 24/6/2011):
I just met Kristofs Blaus, who spent a year researching petition / online initiative projects across the world. i.e. things where citizens propose and vote on new laws.

He launched ManaBalss.lv (Eurosay.com) in Latvia two weeks ago. Already two laws are going into force entirely because of the site.

Six things you ought to know about it:
  1. 2 days after launch, the president of Latvia promoted an initiative on the site because 20,000 people had signed it. It is to open the owners of offshore companies. Within 1 week of launch (i.e. last week!) it was passed in to law.  http://eurosay.com/atveram-of-orus/show

    You can watch for future ones being signed into law on this page: http://eurosay.com/initiatives/signed

    (What self respecting e-democracy site doesn't have a specific, high profile page, just showing things it has got passed into law!) 

  2. Within 2 weeks, a second initiative got enough support that both major groups in Parliament now support it (it'll become law after the recess in September). It's a meta-law - it makes the platform itself mandatory, so if any petition gets 10,000 authorised signatures, then the creator gets 5 minutes in Parliament to present it.
    http://eurosay.com/atveram-saeimu-/show

  3. There is a workflow process for making sure the initiatives that get through are sensible (rather than tabloidy stuff that tends to be popular on the UK's no. 10 petition site)
    1. You write an original draft
    2. Comments by skilled volunteers tell you what is wrong with it.
    3. You can fix it up.
    4. Then you gather support. You get a URL. The initiative doesn't appear in an index on the site, you have to promote it yourself.
    5. When you get 100 people (they're going to up it to 1000 due to popularity)
    6. Some real volunteer lawyers make it into a proper, viable legal text in a PDF on the initiative page.
    7. It goes on the public site, where large numbers of people can back it.

  4. That process ensures that:
    - It is a real proposal rather than aspirational
    - It can regulated by legislation
    - Technical details, such as if it requies a constitutional change it is written in the right form

  5. It's social. The GroupOn/PledgeBank nature of gathering support, and then later the petition nature of getting people to back finalised initiatives, both encourage spread. It links to your Facebook/Twitter so the initiatives can have a montage

  6. To ensure it can't be gamed, you authenticate yourself to the site using your online bank account (via your social security numebr). It launched (undemocratically!) with just one bank, but the others were then deseparate to be added.

  7. The site is now wildly popular. It trends all the time on Latvian Twitter. Politicians fall over themselves to back it. The media love it, as articles they publish about it get traffic from the site.
An article in English about it, but rare. Nobody has heard of this thing yet. Except you for being smart enough to be on this list ;) http://bnn-news.com/latvia%E2%80%99s-society-enormous-power-30587

Notably the two people who made it are businessmen rather than programmers. The coding was done by staff at Kristofs's company.

Kristofs Blaus - business strategy, inventing new products
Jānis Erts - marketing (he made this fake metorite http://news.bbc.co.uk/2/hi/8326483.stm)
 
Obviously, the above formulae is easy to critique in the UK. But I'm not really interested in that kind of stop energy.

What is extraordinary is that the right combination done in the right way can be wildly successful. That is almost certainly true here.

If anyone on the list wants to help Kristofs do that, please email me privately.

Francis

Read full post...

Sunday, June 26, 2011

How much risk is really attached to cybercrime and hacking?

As a follow-up to my post last week Familiarity trumps understanding (dealing with Neophobiacs), John Sheridan has made me aware of a Sydney Morning Herald article by Chris Berg on One hack of a crime wave, or so they say.

The article argues that while claims have been made that online hacking and cybercrime industries are up to the size of Germany's economy (US$3 trillion per year), these are often made by consultants and, as a Microsoft report discovered, "the bulk of what we know comes from tiny surveys. The authors found at least 75 per cent of losses were extrapolated from just one or two unverified, cases."

Read full post...

Bookmark and Share