It can seem self-evident that government services should be primarily designed for the convenience of citizens and organisations, rather than the convenience of the agencies that administer them.
But providers of goods and services have always asked their customers to accept the limitations of what they can provide one way or another. You might be required to join an orderly queue and wait patiently, or accept the industry standard that says airlines need to play a distressing game of musical chairs just to stay in business.
In the now-infamous United Airlines incident, the crew’s response to an overbooked flight started with financial incentives but ended in the airport police dragging an unconscious man off the plane, bleeding. Not a good look.“Ask any privacy commissioner what’s the chances of us failing — it’s 100%”
The fact that the passenger was bumped in favour of airline workers deadheading to wherever they were needed to work next also demonstrates a situation where the service provider puts its operational requirements before the needs of its customers.
All companies make these trade-offs. Government agencies also have limitations and they can’t simply offer a faster, higher quality, more personalised or otherwise gold-plated service to those who can afford to pay more. Equity is important.
The customer perspective
There’s no question that government agencies “absolutely have to” put the users of their services first, says Digital Transformation Agency chief operating officer Peter Alexander, but he sees “legacy and legislation” as the two main challenges.
“And they’re tough to deal with,” he said, speaking on a panel about “the customer perspective” at last week’s AIIA Navigating Digital Government Summit.
Alexander told the ICT industry audience that pushing public sector innovation was difficult, suggesting the reason some services are old and clunky is because governments have a lot of competing priorities.
“Because if something ain’t broke and you can deliver a service in a way that works, why wouldn’t you keep doing that, and invest in other things? But of course, it hampers innovation and our ability to take things forward, so we’ve got to kind of get that balance right.”
Alexander made the point that innovation usually came from the supply side — television did not come about because radio listeners demanded pictures, and horse-drawn vehicle owners were never crying out for internal combustion.
But government, again, is not playing by the same rules as private sector entrepreneurs. When something standard like the way you file a tax return or claim a Medicare rebate suddenly changes, the public react in different and often more sensitive ways, probably due to the fundamental differences between a service you choose and one you have to use as a citizen.
“For government, in terms of how we take things forward as an innovator and driving supply, we can do that; we have the capacity and capability in organisations like [the Department of Human Services],” said Alexander.
“But we’ve got to be cautious because we start looking a bit creepy when we start driving some of that supply-side innovation.”
Channelling the Prime Minister, he enthused that “there’s never been a better opportunity to get that balance right, work with industry, work with other jurisdictions and sectors where things are going forward and we are seeing great innovation, and leveraging that … to deliver better government services.”
Divergent views on responding to data breaches
Courtesy of a question from an information security officer from the Australian Taxation Office, the panel turned to cyber, in which the really big issue from the customer’s perspective is privacy and the risks of data breaches.
Alexander and the other public servant on the panel, DHS chief information officer Gary Sterrenberg, revealed rather divergent views on how to respond to incidents that put the privacy of personal information at risk.
DTA’s relatively new COO focused on the need to build “a system of remedy for when we fail” and see data breaches, whether by accident or attack, as inevitable.
“Because ask any privacy commissioner what’s the chances of us failing; it’s 100%, whether it’s en masse or at a micro level,” Alexander said.
“So the way to build for success is to plan for failure and deal with that when it happens. So we should build robust systems with good controls and arrangements, but understand that we fail. So work out how we do that.”
The former Treasury CIO said the Red Cross had demonstrated an exemplary response when it accidentally released personal records of over half a million blood donors online.
“It wasn’t quite a data breach — sharing some data went a bit awry — but they got on the front foot, they talked about it, they got out in the press, they said what they were doing about it, and it was a blip in the newspaper,” said Alexander. “I think it got a tiny bit of coverage then it disappeared, because people weren’t that interested in it.”
“What was really interesting was, and should have got lots of press, was just how great they were in their response. So I think that kind of approach is a really positive one … as we move into a world where we’re going to have mandatory breach notification in Australia before too long.”“It’s my view that we don’t talk about these things … It just invites people to have a go.”
Sterrenberg, however, has a slightly different view about how much information agencies should share with the wider public about data breaches.
“It’s my view that we don’t talk about these things,” he said. “It just invites people to have a go.”
He did agree with Alexander that increasing use of “much more open government platforms” meant the days of being able to “ring-fence and control cyber from the perimeter” were gone. It’s getting to the point where “you can’t employ enough people to look at the logs” according to Sterrenberg.
“You need a form of machine learning to be able to take in information, to be one step ahead, to be constantly scanning the environment that you’re in,” he said. “The techniques are getting extremely sophisticated from the external point of view.”
Public facing agencies like DHS needed to work out how to get “ahead of the curve” by re-thinking older cyber strategies. “We’re going to have to fight to keep up,” said Sterrenberg.
He also mentioned one interesting new way the Commonwealth’s service delivery giant intends to do that. DHS has challenged other federal agencies to an annual “cyber war game” later this year, “because … you need to learn how to attack before you can learn to defend”. We’ll have more on that in The Mandarin later this month.