28 October 2010
A couple of weeks ago, I wrote about some barriers across a footpath as a simple illustration of how easy it is to skew public decision making if the question is defined too narrowly. Since then I have come across a number of things which add up to much clearer thinking on this than I managed then.
The first was a piece by Mike Masnick on the not obviously similar question of whether governments should have the ability to tap internet-based phone calls in the same way that they have long been able to do for POTS (Plain Old Telephone Service – excuse for gratuitous use of one of my favourite abbreviations). In the POTS world, it’s easy because there are telephone exchanges. In the Skype world it’s impossible:
Calls are encrypted end-to-end, meaning that only the end users who are parties to a call hold the secret keys to secure the conversation against online snoops. There’s no device Skype can install at their headquarters that would let them provide police with access to the unencrypted communications; to comply with such a mandate, they’d have to wholly redesign the network along a more centralized model, rendering it less flexible, adaptable, and reliable as well as less secure.
So the question becomes how far it is appropriate to require Skype to change its business model and technical architecture for its many millions of customers in order to allow the interception of the conversations of what is presumably a very small proportion of those customers. It is clearly possible to argue the point either way, but the point here is not to resolve, or even engage with, that argument, but to draw out the nature of the trade off being made.
Now here’s another example, this time from Cormac Herley of Microsoft Research in a paper with the splendid title, So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users [pdf]:
We argue that users’ rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort. Looking at various examples of security advice we find that the advice is complex and growing, but the benefit is largely speculative or moot.
The argument is essentially that looked at at system level, the aggregate costs to users of complying with security requirements may well outweigh the aggregate benefit to them of doing so, and that therefore non-compliance is a rational response. As Herley stresses later in the paper:
While we argue that it is rational for users to ignore security advice this does not mean that the advice is bad. In fact much, or even most of it is beneficial. It’s better for users to have strong passwords than weak ones, to change them often, and to have a different one for each account. That there is benefit is not in question. However, there is also cost, in the form of user effort. In equilibrium, the benefit, to the user population, is balanced against the cost, to the user population. If observed user behavior forms the scales, then the decision has been unambiguous: users have decided that the cost is far too great for the benefit offered. If we want a different outcome we have to offer a better tradeoff.
It follows that understanding the cost of compliance is essential to understanding the net value of the policy. Herley does a rough and ready calculation of the cost in the USA from multiplying the number of users by an hourly value of their time:
This places things in an entirely new light. We suggest that the main reason security advice is ignored is that it makes an enormous miscalculation: it treats as free a resource that is actually worth $2.6 billion an hour [...]
When we ignore the costs of security advice we treat the user’s attention and effort as an unlimited resource. Advice, policies and mandates thus proliferate. Each individual piece of advice may carry benefit, but the burden is cumulative. Just as villagers will overgraze a commonly held pasture, advice-givers and policy-mandaters demand far more effort than any user can give.
Then finally, along comes Paul Clarke being authenticated over the phone by an insurance company. It does not go well.
Match the process to the risk. That’s all I ask, as a process rationalist. It works. The one really gold-standard online transaction that government offers – the tax disc – works so beautifully because just such a risk-based decision was made. You don’t have to exhaustively prove that you are the person connected to the licence reminder or the car. You just have to have the reference number in your hand, and a means of payment.
Paul has put his finger on something important there. I too have found over the years – rather to my disappointment – that nobody has tried to pay my bills fraudulently. I remember arguing when plans were first being made to put VAT online that the point at which strong verification was needed was the point at which a trader was applying for a refund. At that stage with very low levels of adoption, putting equivalent obstacles in the way of somebody trying to make a payment (this was at a time when companies were being encouraged to buy digital certificates at £50 a time) didn’t make a great deal of sense.
Firstly, you need to get the balance right between having false positives (letting the wrong people in) and false negatives (keeping the right people out). Where that line is drawn very much depends on the underlying value of the data/transaction.
Secondly, you must acknowledge that your security measures have a cost both for the organisation and its customers. This cost must be offset against the value of the transaction, including the cost as described above that legitimate customers may not be able to complete the transaction at all.
There is a “security” mentality that says that every process should have as much security as possible, whereas it should actually have as little security as necessary. Good security is proportionate and as far as possible, unobtrusive.
All those examples – except the pavement barrier I started with – are about security in one way or another. That’s not an accident, but it’s not the complete story either. The real point is that missing the balance of costs and benefits in the widest sense leads to skewed decision making and it applies to every aspect of service design. The reason why security issues so often come up as examples is, I suspect, not because that basic principle operates any differently, but because in a wide range of organisations and services in both private and public sectors, security is applied as an overlay from a perspective which, as Cormac Herley observed, tends to see the benefits of greater security more clearly than the costs. I am definitely not arguing that we should ignore or neglect security: money and personal data are valuable commodities which attract serious criminal interest and it would be complete folly not to have appropriate defences in place.
But the basic point remains the same: the costs of design decisions need to be understood as clearly as the benefits. And if the costs fall externally while the benefits are felt internally, there is no incentive to reduce the costs and a continuing risk that the balance will be struck inappopriately. Managing that risk is an important job for any service designer.
25 October 2010
Truncating the axes is the oldest trick in the book, so the story this chart is telling is not quite as dramatic as the initial visual impression, but that story is still striking and important.
The proportion of internet usage from mobile devices is tiny, less than 3%. That’s almost certainly an understatement, since the chart measures operating systems, not connection types, so includes mobile devices rather than devices which happen to be mobile, but the absolute numbers are still pretty much insignificant.
The trend is, quite obviously, another matter. The share of internet usage from mobile operating systems has gone up thirteen fold in the last two years, and the slope of the line is robustly upwards. For all we know, the line might hit some natural ceiling in the next few weeks and never break the 3% barrier. That seems remarkably unlikely, though: if absolutely nothing else were happening, the simple pattern of device renewal which characterises phones as opposed to computers, bakes in substantial future growth to come – and in any case there is no reason to suppose that nothing else is happening.
I thought the chart – which I have lifted from a wider analysis of operating system usage data by Ed Bott – was striking enough to be worth a post in its own right. But then it made me think of an exchange on twitter earlier today:
@Directgov: The Guardian’s Consumer App of the Week features the #jobcentreplus #app from @directgov #iPhone #iPodTouch #iPad http://bit.ly/dgov-app
@Marthalanefox: @Directgov how many ppl going into a jcp have an iphone?
@Pubstrat: @Marthalanefox @Directgov Some certainly do – and the app is also available on android. It’s one more way in to accessing the info online.
@DavidCotterill: @pubstrat @marthalanefox @directgov a few months back the figures were 80k job searches a month from iPhone. Small, but growing…
We seem to be back with the question of whether government should be dabbling with minority interest technology at all. I wrote quite a lot about that in two posts last August - Apps for Elephants and More on Apps for Elephants – and I am not going to go over that ground again. But I think this graph and the challenge implied by Martha Lane Fox’s tweet encapsulate one aspect of that debate very neatly. In essence, the question is whether we should pay more attention to the fact that the absolute figure is still very low, or to the fact that it is growing so rapidly?
There is no inherently right answer to that, no simple rule which automatically determines the right answer. I think government should be very cautious about spending time and money developing at the purely experimental end of the scale. But that’s not where the mobile internet is any more, and it seems pretty clear that we have got to the stage where we should pay serious attention to its rate of growth.
25 October 2010
Things which caught my eye elsewhere on the web. A bumper edition today, having spent some time at the weekend culling twitter favourites and following put aside links. And at the risk of stating the obvious, I include things here because I find them thought provoking and worth sharing, not because I necssarily agree with them.
- My GP is not the centre of my health universe… — Transform So there is little I can learn by accessing my NHS health records; but there’s a lot my GP could learn by viewing my health as more than the sum of my official interactions with the NHS. For me, the consultation document doesn’t paint a clear enough picture of how ‘the information revolution’ is going to enable my GP to get a better understanding of my health, or transform my life for the better.
- Happy Birthday Job Centre Plus – I saw this. And thought of you. Instead of a new social, updated JCP website or IT system, how about the setting of standards and alignment of incentives to enable the creation of an eco-system. An eco-system for a market of private sector providers (including social enterprises), to undertake the brokering of this relationship. Providers that specialise, and really get to know their niche – be it geographical or functional. Providers that can deliver a personalised service to job-seekers. Standards that can make it easy for employers to use the JCP service, with seamless vacancy data transfers and online applications. Think of JCP as setting up the AppStore, and the market creating the Apps.
Perhaps one day the JCP will be a public service with no stigma attached to using it.
- 24 Ways Governments and Organizations Are Generating Great Ideas in the Public Sector Governments around the world have discovered myriad ways to generate great ideas despite the barriers to innovation in the public sector. Here are some of the best examples, organized under five broad themes. Consider it a practical menu of proven approaches to stimulate innovation in any organization. Not all these examples will be applicable to every agency, but every innovation leader should apply at least one strategy under each of the following five themes.
- Defining the Role of Government So what makes public transportation or public education “public”? Is it the fact that public tax dollars support them, the fact that public employees provide them or the fact that the public is served by them?
- How Governments misunderstand the risks of Open Data | eaves.ca The fact is, most governments already have the necessary policy infrastructure for managing the overwhelming majority of risks concerning open data. Your government likely has provisions dealing with privacy – if applied to open data this should address these concerns. Your government likely has provisions for dealing with confidential and security related issues – if applied to open data this should address these concerns. Finally, your government(s) likely has a legal system that outlines what is, and is not legal – when it comes to the use of open data, this legal system is in effect.If someone gets caught speeding, we have enforcement officials and laws that catch and punish them. The same is true with data. If someone uses it to do something illegal we already have a system in place for addressing that. This is how we manage the risk of misuse. It is seen as acceptable for every part of our life and every aspect of our society. Why not with open data too?
- GROWING FLOWERS: 42 seeds for ideas for local government from Beyond 2010. « The Dan Slee Blog Everybody realises technology is changing rapidly. No one individual is keeping pace with all of it.
- A typical phone has enough power in 2010 to run a bank branch in 1980.
- You have no choice but to change as government. Your citizens demand it.
- It’s hard to turn off digital services once you turn them on.
- You can’t predict the technology in three years. Look at the outcomes you want and accept some technology won’t be there.
- Change the way we think. ‘We only do it this way’ is a barrier not a reason not to change.
- At the moment 30 per cent are digitally unconnected in the UK. What does success look like? Single digit numbers in 10 years.
- History says the less cash available the better analysis and decisions get made.
- Look beyond the usual places. Africa is a world leader in phone banking. Why? People have mobile phones not PCs.
- Jacques Vallee’s Stating The Obvious: I, Product – Boing Boing You may think of yourself as a user of Google, Facebook or Amazon, but you are actually their product.
Sure, Google will provide you with search results, but they are not in the search business; they are in the advertising business. Their profits come from marketing firms that buy your behavior.
Similarly, Amazon is not in the book business, although they will send you the books you’ve ordered. They are in the personal information business.
The assets of modern web-based companies are the intimate profiles of those who “use” them, like you and me.
- Create the Space to Innovate » Blog Archive » Where to look for big ideas?: Cherchez les mavericks People whose perspective could be critical to identifying and leveraging a disruptive social innovation – the mavericks – are often side-lined and ridiculed within large social organisations. At the same time, solo mavericks such as some social entrepreneurs, can find it very hard to access [...] the policy-makers and funders that could support them, no matter how innovative their ideas. [...] Endless deliberation and consultation cycles also rarely encourage breakthrough social innovation, as they tend towards lowest common denominator and incremental thinking.
Whilst visionaries are silenced, sidelined or encouraged to work separately there is little hope for breakthrough systemic ideas to come to the fore. This means it is important for those working in the space to celebrate and even hunt down the mavericks – whether civil servants or end-users (or even those who are nothing to do with the domain itself) – who might have the big ideas we are looking for.
- Five reasons why the spending review plans are a tall order | Society | guardian.co.uk It’s no good designing new structures if people carry on working in the same way – people don’t become flexible and creative overnight. Co-operation between local authorities, government agencies, NHS trusts and third sector organisations is a stretch, given that most have trouble enough collaborating within their own departments. There are few precedents for such far-reaching cultural and behavioural change anywhere and none in the public sector.
- The Connected Company – dealing with Complexity – Iconoclast @ work How is your company performing under Complexity? Have you adapted the way you work, lead your people, structure your business, emphasize appropriate values to incorporate”2.0″ practices and mindsets, not just the technology? And if you are deploying “2.0″ tools and technologies (wiki’s, corporate social networks, microblogging) but finding the adoption rate falling behind expectations, have you considered how the “1.0″ values, structures and leadership styles might be barriers to successful roll-out.
- How #gmp24 happened | Amandacomms’s Blog The challenge was to find a way to show people the wide range of issues the police are called to deal with. There were many possibilities – for example, to release statistics and information about crime and incidents over a 24 hour period, or to allow a TV crew (if they wanted to) to spend 24 hours with a police team. But none of them seemed to hit the mark. In a world where the Big Society is a hot topic, hyperlocal sites are growing and open data is on the minds of all public bodies there needed to be another answer. The key had to be in social media, and it was – in Twitter.
- Socitm2010: the need for citizen engagement | PublicTechnology.net “There is a feeling that as public servants in senior roles in government, we should somehow be faceless and behind the scenes,” he concluded. “But that has changed. We need to be seen and to engage.”
18 October 2010
The most important thing to remember about the virtual world is that it is actually very real.
11 October 2010
Things which caught my eye elsewhere on the web
- Blogging, empowerment, and the “adjacent possible” — Scott Rosenberg’s Wordyard So when I hear the still-commonplace dismissal of blogging as a trivial pastime or an amateurish hobby, I think, hold on a second. Writing — making texts — changes how we read and think. Every blogger (at least every blogger that wasn’t already a writer) is someone who has learned to read the world differently.
- Rands In Repose: The Update, The Vent, and The Disaster Business is noisy because there is always stuff to do and the process of doing stuff is called tactics. It’s tactical work and while tactics are progress, the real progress is made when we get strategic. A productive 1:1 is one where we talk strategically about how we do stuff, but, more importantly, how we might do this stuff better.
- An open letter to David Cameron, part one of three « Francesca Elston Looking under the surface of any government department – any large organisation, in fact – you will find a microcosm of smaller organisations, which are not like each other. You will find pockets of excellence and pockets of dereliction. You will find deep commitment and deep alienation. You will find effective processes, and people who are so dedicated that they are serving their clients despite broken processes, and processes that are so baffling that they make your head explode. This is the truth. These different places need to be treated in different ways. Some should be abolished. Some should be tweaked. Some should be taken to pieces and completely reconfigured – perhaps with half the people, perhaps with the same number. Some should be built up. You can do all of these things and still take out 25% across the board – and have a healthier department at the end of it – but you are going to have to work at it, and you are going to have to let it be complicated.
- Caught not taught – lessons from the number 23 bus « Community Links blog When we got to Liverpool Street he thanked us for travelling on his bus, wished us a pleasant evening and signed off with: “and if you’re travelling home from work don’t forget to come back tomorrow and we’ll do it all again.” We all said good bye and thank you and alighted with a bounce we hadn’t had before.Trivial, I know, but what if he’d asked us to keep his bus clean and take our litter home, help with a buggy or just move up. I suspect most passengers would have been a lot more receptive to him than we are to those silly little posters.
Because he didn’t exhort or instruct or threaten. He modelled a certain kind of behaviour. The kind that’s caught, not taught. [...]
The recognition that relationships and modelled behaviour change lives could and should usefully inform decisions about what to develop and what to cut, in the forthcoming spending review.
- From Public Servant to Public Insurgent | eaves.ca But what I find particularly interesting is a tinier segment who - as dedicated employees, that love the public service and who want to be as effective as possible – believe in their mission so strongly that they neither leave, nor do they adhere to the rules. They become public insurgents and do some of their work outside the governments infrastructure.Having spoken about government 2.0 and the future of the public service innumerable times now I have, on several occasions, run into individuals or even groups, of these public insurgents. [...] The offenses range from the minor to the significant. But in each case these individuals are motivated by the fact that this is the most, and sometimes only, way to do the task they’ve been handed in an effective way.
- Government Should Do its Own Data Homework | Jeni’s Musings My perception is that the argument that government should open up its data has basically been won. The questions within the public sector are now about how, not whether. And as a result, in this changed environment, I’m growing slightly uneasy about the core developer message of “give us your data and we’ll show you what we can do with it!”There are two things about that message that concern me. First, it implies government is doing it all wrong. Second, it implies that government doesn’t need to do any better, because the developer community can take up all the slack and fill in all the gaps. It’s like getting fed up with a child struggling with their homework, and saying “oh, just give it here and I’ll do it!” It’s a narrative that simultaneously undermines the best efforts of those within government and removes from them the motivation and opportunity to learn to do better.
11 October 2010
This is not a post about the barrier I came across as I walked to the post office on Saturday.
I had to turn into the path in the picture, which takes a 210° hairpin to the right, followed by a 110° turn back to the left – it’s sharper and more awkward than the picture makes it look. A moment’s trivial inconvenience, a moment of minimal exasperation, and on I went – as no doubt does everybody else who needs to go that way.
I am going to assume – perhaps generously – that whoever decided to put it there did not do so with the express intention of creating an unnecessary obstacle for pedestrians. But if not that, then why?
The obvious explanation is that it is there to discourage cyclists from using the path as a short cut, and for all I know, it succeeds at that perfectly. But that’s not an answer to the much more interesting question of whether the existence of the barrier is a good thing.
I think there are at least three factors which need to be looked at here (there may be more, but that’s plenty to start with):
- Harm avoided
Effectiveness is the easy one. If it is designed to discourage cyclists, does it in fact discourage cyclists? The fact of the obstacle is indisputable. It’s not impassable, because there is a necessary trade off with pushchairs and wheelchair users, but it’s probably enough to be mildly discouraging.
Externalities are reasonably clear too. The fact that I am bothering to go on about this at all is an indication that there are some. Even I couldn’t argue that they are big for any single pedestrian. Whether they are cumulatively bigger than the cumulative benefit of discouraging cyclists is another matter. Since whatever cyclists there might have been have been discouraged, it’s hard to tell.
That gets us to harm avoided. How bad would it really be if the cyclists were not discouraged? I have a feeling that the answer may well be, “not very”. That’s partly because similar barriers which get in the way of where cyclists actually want to go seem to have no effect whatsoever (I say that with no malice – this is not a post about, let alone against, cyclists – merely as an observation), and partly because in only a few yards (only to the end of the railings on the left) of shared use of a wide path, the scope for conflict should be limited.
Since only a small proportion of the readers of this blog can be supposed to have an obsessive interest in the minor footpaths of south London, that’s probably more than enough on that. The real question, of course, is what this might tell us about some bigger and less obvious problems.
I think it’s the last of the three factors which most often trips up decision making. If the problem is assumed to be big, the solution will tend to be big too. And even if the problem is big, it is not unusal for it to have been made big by something which is treated separately. So, to take another local environment example, the road where I live has speed humps to slow the traffic down. But it only needs slowing down because the installation of traffic lights sped it up.
So step one should be, is the problem as big as it looks?
Step two then becomes, can we make the problem smaller?
That leaves as step three, is the problem now small enough that we can accept the risks it carries because of the positive externalities?
Reflecting further on my own recent post reinforced by some thoughts from Lost ConsCIOusness, I wonder how far skewed outcomes are a result of looking too much at effectiveness and too little at harm avoided and externalities. If the size of the problem is exaggerated, purported solutions to it will be disproportionate. And if the costs of the solution fall on users of the service or on random passers by, there is no incentive to reduce them.
8 October 2010
The trouble with best practices is that they worked yesterday.
(via Valdis Krebs)
29 September 2010
Things which caught my eye elsewhere on the web
- Mydex White Paper on implications of personal data stores for public services One area government IT has made progress is with public data, with the “power of information” policy and the data.gov.uk portal, which recognises the value of ‘unlocking’ data held by the Government for reuse by added value service providers. Next we need a comparably radical rethink on personal data. This starts with a return to the role of personal identifiers and intermediaries set out by UK officials a decade ago, and as recently adopted by the Obama Administration.
- Twitter goes down and the world falls silent But for people in the media business, it has rapidly – in less than four years – become their peripheral nervous system: it tells you what’s going on around the world, or within your sphere of interest; it helps for bouncing ideas around, for staying abreast of what you have to know. Twitter creates its own little cities of specialism and knowledge which don’t (unlike Facebook) require you to “befriend” the other person; you can follow pretty much anyone you like.
- Small essay on Rewired State, Open Data and future of public service « Emma Mulqueeny But taking the big vision, the proper head above the parapet moment, what has to happen as a big leap into translating this stream of data and tables into a valuable source of information and commerce to everyone who is not blessed with binary brilliance. This is unlikely to be one thing, or enabled by any one person, but it will be a steady rise in the number of initiatives that realise value of this information for many communities, that weave themselves into the heart of every day life that will bring us to this epiphany.
- London Calling » The twitter tax and what it really says about your business Instant response channels such as twitter allow consumers to complain at the very place and time when they receive bad service, even on their mobile. The fact that they now can provide this feedback exposes the fact that many companies are not prepared to respond and action what is being said.
- Guesswork « MindBlog Public servants were routinely guessing what their boss thought would be an appropriate course of action on a given policy. They were also guessing what their boss’ boss might think (this would be the deputy permanent secretary). And, obviously, most of all they were trying to guess what the permanent secretary might eventually think. (Who of course has been guessing all along what the political boss — the minister — is thinking). Tremendous amounts of time is spent on this guesswork, not just on the guessing, but on drafting courses of action that might (or, more often, might not) be what the ‘hieararchy’ is looking for. [...] I have seen policy development processes that arguably should have been completed in a year or less take twice that time, with no discernible increase in quality or political relevance.
28 September 2010
Some slightly random visual aids
Lots of data packed in to a five minute video, which really brings home how much and how many things are going on (via Transform). Lots of the numbers are now getting on for a year old, which makes some of them look quaintly old fashioned. Where the video has tweets per day at 27.3 million, for example, that’s for November last year: the chart below shows how fast that is changing (via John Naughton):
More people may be doing more things more frequently in more places, but that makes it even more important to remember the people who aren’t. Helen Milner periodically produces short, simple and information-rich presentation which tell us about them. This is her latest: