Digital service delivery platforms need better quality control and more transparency, argues Ian Brightwell, former chief information officer of the New South Wales Electoral Commission — but public servants also need room to be open with the public when the technology needs fixing.
Now a consultant and academic, Brightwell makes some interesting observations in his submission to the Senate inquiry into digital delivery of government services, which has yet to schedule any public hearings.“It has been my observation that the APS has had the tendency to hide from public scrutiny by using confidentially, privacy and secrecy whenever programs have failed to meet their stated objectives.”
Failure is naturally more common in ICT projects than traditional programs because one component can more often bring the whole system down, he contends. “This in part is why many agencies are reluctant to build these systems as they know there is a reasonable probability they will fail and the agency and CEO will be exposed to public ridicule.”
Brightwell thinks an agreed definition of “acceptable failure” and more openness about how projects are tracking could take the edge off critical commentary, and agrees with the head of the Australian Public Service, Martin Parkinson, that “a fatal combination of arrogance and ignorance” threatens digital transformation.
“It has been my observation that the APS has had the tendency to hide from public scrutiny by using confidentially, privacy and secrecy whenever programs have failed to meet their stated objectives,” Brightwell writes.
He says this has largely worked for traditional programs because their performance is “hard for external parties to measure” but with newer digital projects, “failure is easy to identify” and this puts public servants in an awkward position.
“They do not deal well with the public and media scrutiny when they are being criticised with facts they cannot refute,” says Brightwell, who suggests Senate inquires are an example of when public servants are put between a rock and a hard place, trying to manage reputational risk and avoid getting involved in politics.
“The nature of the committee process is political and seeks to extract information from the APS which can be used to damage political opponents. If parliament at large want the APS to be innovative and take risks then parliament will need to set some ground rules around what is acceptable risk and what does acceptable failure look like.
“If this is not done then the APS will simply ‘play cat and mouse’ whenever anyone accuses them of any type of failure.”
Brightwell also proposes: independent assessments of security, reliability and performance for all “public facing transactional systems” before they go live; CIOs and chief information security officers with separate reporting lines in all agencies; and incentives to create ICT platforms that can be provided as a service to other agencies, including in the states and territories.
In its submission, the National Archives of Australia wants to discuss information governance — the need for agencies to recognise and take steps to maximise the long-term value of their data assets — as a lot of agencies have fallen behind the schedule for APS-wide efforts to digitise records management processes.
The Royal Australian College of General Practitioners hopes the committee will consider a longstanding lack of interoperability between different systems and data repositories throughout the health sector.
There’s also a discussion to be had about the public service moving towards secure cloud computing, and whether foreign-owned or multinational companies should be allowed into this market to some extent, or not at all.
Optimistically, the Australian Information Industry Association, which represents IT companies large and small, both locally owned and global, calls for more bipartisanship on digital transformation.
“While there is always lessons to be learned by looking to the past, it is imperative that a conversation about Government delivery of digital services … does not get bogged down in recriminations or party politics,” the lobby group says. That might be too much to hope for.
Robodebt and eCensus rehash
Of course, security failures, cost blowouts and privacy breaches are likely to take centre stage in the inquiry’s report. Centrelink’s controversial efforts to automate debt recovery, the 2016 eCensus crash, the Tax Office’s online service outages and the Australian Electoral Commission’s hastily procured vote-scanning system will surely be raked over again, and the public sector union’s critical perspectives on outsourcing and cost-cutting will no doubt get a hearing.
On the project known as robodebt, the Commonwealth Ombudsman’s office has submitted part of a “lessons learnt” paper from mid-last year, which is available in full on its website. In short, the Online Compliance Initiative involved an unreasonably sharp and sudden increase in the expectations Centrelink placed on clients, under pressure to vastly ramp up the number of debts it raised.
Federal cyber security leader Alastair MacGibbon re-submitted his thoughts on the eCensus debacle and related matters and the DTA provided a basic overview of its changing role. Recent developments are the new secure cloud strategy and a whole-of-government cyber security unit established last July in the wake of the Census breakdown.
Several submissions highlight the issue of accessibility and suggest there is a growing digital divide leaving behind people who struggle due to factors like language barriers and disabilities.
This is a serious issue for Aboriginal Australians who mainly speak an Indigenous language, especially if they live in a remote area, explains Tangentyere Council, which runs human services into the town camps around Alice Springs.
“The increasing reliance by Centrelink and other agencies on digital service delivery at the expense of client services and support will widen the gap between those who are disadvantaged and those who are not,” Tangentyere argues. It is particularly concerned about the need to use myGov to meet welfare obligations.
“Language speaking Aboriginal people with poor literacy and numeracy will be at best reliant on third parties and at worst open to exploitation. Such a circumstance will result in increased numbers of individuals in remote areas receiving breaches or without income support.”
The Australian Communications Consumer Alliance draws the committee’s attention to a research paper it published last August, highlighting seven vulnerable user groups beside remote-living Indigenous Australians, who all face unique barriers in accessing digital services:
- CALD communities
- People with disability
- Low-income consumers
- Rural and remote consumers
- Adults over age 65
- Remote Indigenous communities
- Homeless people
- Small businesses
ACCAN also points out its previous advocacy for tighter procurement rules requiring the APS to purchase accessible ICT equipment based on universal design principles. It stated “there is a broad lack of accessibility awareness” in the APS in a January 2017 submission to a procurement taskforce, appended to its digital transformation submission.
On behalf of older Australians, COTA Australia points out that accessibility and digital inclusion is not specifically mentioned in the committee’s terms of reference.
“It is just as important (and challenging) to understand and address inclusion as it is to ensure privacy and security when building government digital platforms, service delivery models and business practices,” it argues.
“Given that many government programs are specifically targeted to disadvantaged and vulnerable groups, it is essential that digital delivery to be fit-for-purpose. This issue should not be a ‘bolt-on’ concern at some later stage but ought to be a key design parameter and performance indicator from the beginning.”
Much like people in remote Indigenous communities, COTA says older Australians will increasingly rely on others to handle their business, increasing the potential for exploitation. And based on its extensive surveys and consultations, the group seems to have a pretty good sense of what is needed to increase consumer satisfaction with online services:
“COTA recommends two essential features become standard operating procedure in the design, development, implementation, monitoring and evaluation of all government service delivery (online or otherwise): consumer co-design; and rigorous, segmented user testing.”
“Government program delivery must be based on a real sense of how an ordinary person would use the services. This reality test is a fundamental way to improve quality.”
The group’s submission also makes a key point that applies beyond its constituent group — governments need to recognise some people will never adapt, and they should not be “penalised with social exclusion or second-class service delivery” as a result.
Digital service delivery efforts are often criticised for being an exercise in putting lipstick on a pig, as they say; there are digital elements at the front end, but no actual transformation of the underlying processes.
“This has still not been addressed by a range of government agencies that deliver outward facing services to customers – while the technology is new the underlying processes remain antiquated,” says the AIIA.
“For example, the plethora of forms, the way in which these are compiled, how they are required to be completed and submitted continues to reflect old processes and old ways of thinking.”
The industry body acknowledges the challenge of building end-to-end digital services where citizens never need to go to an office or call a phone line is “exacerbated by attempts to retrofit old and legacy systems” and, unsurprisingly, says more spending is the answer. It also suggests there are APS turf wars going on:
“Internal to government, competitiveness amongst some agencies vying to protect their own self-interest and/or internal investments has undermined the seamless and whole of government service delivery model articulated by successive governments.
“This continues to hamper the speed of digital adoption, typically at the expense of customers. Examples include approaches to digital identity, the proliferation and lack of interoperability of content between websites and agency specific procurement practices.”
“While the structure and operation of the original Digital Transformation Office was flawed, delaying progress on the Government’s digital agenda, the renewed Digital Transformation Agency is heading in a more positive direction.”
The AIIA also says service delivery agencies have been “notoriously poor at industry engagement” and argues this has held back their digital transformation plans, leading to costlier and often unsuccessful solutions. The body has high hopes for an upcoming memorandum of understanding with the DTA.
Locally owned cloud services provider Vault Systems, chaired by former Finance secretary Jane Halton, offers some technical views on the benefits of good quality cloud solutions and also warns about the risks of allowing APS data to be “accessed, configured or administered” from offshore by its foreign owned rivals, arguing the Australian Signals Directorate’s Information Security Manual should prohibit this.
Vault claims there has been “a concerted effort” by multinational corporations and the AIIA to encourage the government to certify more cloud providers to handle PROTECTED information and argues that without additional funding put into the security assessment process, this would amount to an unacceptable relaxation of standards.
A local government lobbying company, AusAccess, offers a similar view, hoping to play on current concerns about foreign espionage, influence and interference (as well as having a dig at multinational companies minimising their tax contributions).
“The approval of MNCs for protected cloud status by ASD acting unilaterally is a low profile and casual method of handling such a central and sensitive issue of the protection of the security and privacy of the data of Australians held by Government,” argues the Canberra-based firm, owned by Mark Ridgway.
“Given the current sensitivity of foreign allegiance issues with our politicians it would be remarkable that this issue of the protection of Australians’ privacy is not dealt with at a Cabinet, or indeed Parliamentary level.”
APS digital leadership school
The year began with a sign that APS leaders have recognised a need to strengthen their digital leadership capability, and it’s likely the inquiry will touch on this new development, too.
As reported by ZDNet, APS senior executives will soon be asked to self-nominate for an intensive training course in “leading digital transformation” starting from mid-June, which will include an “immersive facilitated residential” component, according to tender documents.
A “learning design standard” document explains the business need for stronger digital leadership skills:
“SES leaders are responsible for driving digital transformation in their organisation through people and by seizing opportunities resulting from digital disruption while managing risks and threats to government, organisations, and citizens.
“In this context, SES leaders must cultivate and enable a culture of trust, transparency, innovation, agile ways of working, collaboration, dynamic learning, co-creation and operational excellence.”
The initial plan is to put 10% of the SES, about 266 people on current numbers, through the training program over three years. Those whose job involves “leading, driving and accelerating the digital transformation of government services and products in their agency” are first priority.
Others “within functions within organisations with responsibility [for] leading enabling functions to support the delivery of services, products and processes” will be eligible too.
The committee is now due to report on March 20, after its original December 4 deadline was extended.