Month: March 2011

March 31, 2011

Is it practical for government agencies to block web-based mail?

The Australian National Audit Office has just released a report ‘The Protection and Security of Electronic Information Held by Australian Government Agencies‘ based on a review of the approaches to information security by four agencies, the Office of Financial Management, ComSuper, Medicare Australia, and the Department of the Prime Minister and Cabinet.

Amongst other recommendations was one which has been much discussed on Twitter this morning, “emails using public Web-based email services should be blocked on agency ICT systems, as these can provide an easily accessible point of entry for an external attack and subject the agency to the potential for intended or unintended information disclosure.”

This reflects the recommendation in the Defense Signal Directorate’s Information Security Manual, the ‘bible’ for Australian Government agencies when it comes to ICT security, which states on page 100 that:

Agencies should not allow personnel to send and receive emails using public web-based email services.

The concerns are very clear and relevant – web-based email systems can easily be used, inadvertently or deliberately, to distribute large quantities of citizen’s personal information, or an agency’s In Confidence or other classified information rapidly and to large numbers of people, making it impossible to contain the spread of the information.

Web-based email is also a potential source of attacks against an agency, through viruses, worms and trojans in email attachments (which may not be able to be scanned at the same level as Departmental email can be) and through web-links in emails to compromised websites.

I don’t dispute these real concerns. They are concerns for corporations as well.

However, I do ask – what is ‘web-based email’?

March 30, 2011

GoC Web 2.0 wish list for 2011 (Part 1)

This is part 1 of a 3-part series.

A year and a half ago I posted “GoC Web 2.0 wish list“. The responses from the post were awesome, especially responses I received in person. Although I’m reluctant to look at that list again, fearing many of the wishes hadn’t come true, I think it’s still a very relevant post. I’m happy that some of the items did come true (DFAIT is on Twitter!), others half-true (Privy Council Office is starting to come around on Web 2.0), while others remain still a wish (Natural Resources Canada lost their pioneering collaborating Deputy Minister Cassie Doyle and the Canada School of Public Service still doesn’t offer Web 2.0 courses).

Part 1: Departments at the center

#1: Treasury Board Secretariat (TBS): make a choice: either Control OR Measure.

As the Government of Canada’s program reviewer and accountability guard of government departments, it plays both roles as coach and judge. If departments are playing hockey, TBS sets the rules and policies on the very ice that they themselves created (through the Management Accountability Frameworks). But the world of public administration is a complex one, and the game continually changes. While TBS can change the rules and adjust the boundaries, they’re also keeping track of the score. Unfortunately they are left with narrower options to both pull departments into compliance and push them into accountability. The usual options are rejecting proposals, reducing options, lowering budgets and limiting discretionary decision-making authority, evident with TBS’ attempts to both control and measure Web 2.0/Social media adoption by departments.

Government departments face tough choices to make on Web 2.0: adopt it and face consequences, or [continue] to wait for policies (and blessings) from TBS, all the while facing ever-increasing criticisms from the cynical populace and hits from TBS on program implementation. TBS both controls and measures departments, and departments either push the barriers, abide and wait, or take risks, venture forth and face the consequences.This pattern risks repeating itself with the next wave of change facing the public service.

What’s the solution? For TBS to make a strategic choice, between control or measurement of departments.

If the choice is to control, then they need to walk quietly but carry a big stick, as the long administrative arm of the Privy Council Office. Penalise non-compliance, reward compliance. Departments didn’t understand the rules? Ask for clarification. Unsure? Ask for clarification. Can’t comply? Ask for permission. Don’t comply? Program is under review next year. Not much different.

If the choice is measure (a better choice, in my opinion), then promote understanding of the policies, promote departments to organically organise to discuss policies, adopt those that are common among the departments, and always encourage collaboration among the departments. Understand that measurement is not a means of control, but a verification of the effectiveness of the policy (under the agreeable presumption that the department seeks to abide by the policies- a much larger discussion). Beyond that, the sky’s the limit, and departments can aspire to do what they can to achieve their mandate for the benefit of the government as a whole and for the Canadian citizens they serve.

Another benefit includes line departments directors in being less stressed when they get a call from TBS.

March 22, 2011

The coming open data battle – government versus commercial interests

case study, data, gov2.0, information architecture, information management, leadership, legal, open data

March 6, 2011

Ten Principles for Designing Open Government Institutions

The below tweets are @ThomKearney‘s attempt to share part of @BethNoveck‘s testimony to Cdn Parliament http://ow.ly/48GeM #w2p #goc on March 2nd, 2011

1. Go Open – Government should work in the open. contracts, grants, legislation, regulation and policies should be transparent #w2p #goc

2. Open Gov Includes Open Access – After the public has paid once, it shouldn’t have to pay again. #w2p #goc

3. Make Open Gov Productive Not Adversarial –Gov”t shld invest in providing the data that people really want and will use. #w2p #goc

4. Be Collaborative – Rulemaking should be open to public early to allow for constructive alternative proposals. #w2p #goc

5. Love Data – Design policies informed by real-time data. Release data for economic benefit. See http://ow.ly/48Ga7 for more #w2p #goc

6. Be Nimble – Forcing organizations to act quickly discourages bureaucracy and encourages creative brainstorming and innovation. #goc #w2p

7. Do More, Spend Less – Design solutions that do more with less. Instead of cutting… ask if there is another way…#w2p #goc

8. Invest in Platforms – … Focus on going forward practices of creating raw data and real engagement. #w2p #goc

9. Invest in People – Changing the culture of government will not happen through statements of policy alone…. #w2p #goc

10. Design for Democracy..ask if legislation enables engagement that uses people’s abilities and enthusiasm for the collective. #w2p #goc

Ten Principles from Beth Noveck @BethNoveck related via Twitter by @ThomKearney

March 2, 2011

What is muting Australian public servants online?

Over the last two years we’ve seen a concerted effort by governments across Australia to increase the level of online engagement, debate and discussion involving public agencies.

In 2009 the Government 2.0 Taskforce, commissioned by then Finance Minister Lindsay Tanner and chaired by Dr Nicholas Gruen, conducted a six month process of engaging public servants via online channels, pioneering the use of blogs, Twitter and Facebook to demonstrate how it was possible for the public service to effectively communicate, engage, consult and be consulted online.

Late in the same year the Australian Public Service Commission replaced its Interim Protocols for Online Media Engagement (originally released in late 2008, with the updated Circular 2009/6: Protocols for online media participation.

Early in 2010 the Australian Government released its response to the Government 2.0 Taskforce’s final report, agreeing with all except one of its recommendations (and simply deferring the remaining recommendation to after another related review was completed).

Since then we’ve seen the MAC innovation report, Empowering change: Fostering innovation in the Australian Public and the Ahead of the Game report from the Department of Prime Minister and Cabinet, outlining steps to reform the public service.

There’s been the Declaration of Open Government, the initiation of the Government 2.0 Steering Committee, the launch of GovSpace (a blogging platform operated by the Government and open to all agencies to use).

We’ve seen more than 260 government agencies and councils join Twitter, wide ranging activity on Facebook and a proliferation of social media policies at local, state and Commonwealth level.

Agencies in Australia are using social media in ways that would have been unacceptable and unachievable even two years ago, some demonstrating world class engagement online. Some states have comprehensive action plans in place and official usage of social media by agencies in some places is approaching one hundred percent.

I don’t have the same level of information about Commonwealth agencies (there is no central register of activity or survey results, as there are for some states), however most have established some form of social media beachhead in support of campaign or corporate needs.

With all this official usage you might expect to see vibrant and active online communities of public servants discussing shared issues and best practice, or to see public servants listening to and contributing actively to online policy discussions.

Many groups set up for public servants seem to have reasonable memberships – several hundred people at least – however most of these members are silent, with at most 10% carrying on a halting conversation.