“Unlocking the potential of data to help solve social problems requires a robust framework for data governance and data sharing. A framework can address major points of risk and ambiguity that prevent many actors from engaging in meaningful data sharing, and better data sharing and data governance will in turn lead to improved social service delivery. This report, from Beeck Center Fellow Natalie Evans Harris, lays out a three-phased approach to adopting sustainable data sharing governance practices including resources, case studies, and best practices.”
Natalie would love to engage with those in the community interested in collaborating around driving adoption of the report. You can reach her on LinkedIn and on Twitter.
As we enter this new decade, we can’t turn away from the idea that some of the great challenges facing our society today may only be solved by enabling better public/private cooperation. From climate change to disease outbreak, governments and private companies should be able to work closely to share data and enable solutions for these complex issues. A key component of climate change policy is going to be changing the energy mix: enabling consumers, both people and businesses, to access a market for renewable energy as consumer and potentially prosumer. To counter the spread of disease outbreak and other potential epidemics, having access to better data analytics for monitoring population health and outbreaks may lead to quicker resolutions. Additionally, tackling industry issues relating to counterfeits and provenance is a major challenge for many industries from consumer goods to luxury products and would also benefit greatly from enhanced cooperation between the public and private sectors around the sharing of data.
Various technologies to share data
have been available for more than a decade, but the important question is not
what a technology can do, but what people choose to use it for. Often due to
limited trust between counterparties in the aforementioned examples and more,
many issues exist due to limited or complete lack of data being shared.
As Dr. Cathy Barrera, Founding Economist at Prysm Group, shares, blockchain technology can solve this issue by enabling this much needed data sharing by creating an environment that enables parties to be much more willing to contribute and solve what economists have defined as the ‘hold-up problem’.
Embrase — the team behind Startupfest, FWD50, and Scaletech — has been running events for a decade. In that time, we’ve worked hard to ensure that the diversity we want to see in the world is represented on stage. But as Rebecca pointed out last December, the real challenge is that even when event organizers make their invited speaker lineup inclusive, they aren’t guaranteed that sponsors will do the same.
Sidenote: While we recognize that diversity has many faces, we decided to focus on gender representation because it’s where the disparity is most egregious — and most visible. But there are myriad other things we can do—from improving the availability of nonbinary washrooms, to creating spaces for worship, to encouraging people to bring their families (we had a ton of fun welcoming roughly 10 children onsite as part of Take Your Kid To Work Day.)
We know we’re far from perfect; we promise to listen to, and learn from, all feedback we receive, and to respond with concrete steps and changes to the way we run events. This program is just one such step—and the more we can do to bring everyone into the digital government conversation, the better we’ll make society.
you’re disappointed with the speaker lineup at an event, take a quick
look at where the speakers are from and whether their talks are invited
speakers or were provided by a sponsor of the conference. This is one of
the dirty secrets of commercial events. Last year at FWD50, for
example, we had 48 percent invited female speakers. But we only had 19 percent sponsored female speakers.
don’t like to talk about the sponsored talk problem openly, because
it’s a tricky subject with many facets: The shortage of diversity in
corporate boardrooms; the need to treat sponsors well so they’ll support
the event; which employees at a company get speaker training or hold
evangelism roles; and so on. Organizers that call this out can often
step on their oxygen hose, unless they have supportive sponsors.
And we’re lucky to have a really supportive community.
Tackling the problem
their help, at FWD50 this year we decided to tackle the issue head-on.
To our knowledge, this is the first time an event has taken this
approach. We’re sharing it here so others can borrow our language and
terms, and hopefully seed this change across the event industry.
late last year, we laid out in detail how we’d structure our sponsor
contracts for 2019. We told sponsors that, if they had more than one
speaker at the event, half of them had to identify as women.
If they didn’t do so, they agreed to donate the equivalent of 10% of their sponsorship
to Canada Learning Code, a nonprofit that works to ensure that all
people in Canada — particularly women, girls, people with disabilities,
Indigenous youth, and newcomers — have access to the knowledge they need
to prosper in our digital world.
On the other hand, if sponsors did bring us a diverse lineup — and notably, many did without even being
reminded of these conditions — we would donate the equivalent of 10% of
their sponsorship to tickets to under-represented groups who otherwise
wouldn’t be able to join the conversation on digital government and
Things went even better than expected
The results speak for themselves:
48.7 percent of 2019 sponsored talks featured speakers who identify as women, up from less than 20 percent last year.
Overall, this meant we had 49.6 percent female speakers on our stages.
We donated 25 tickets to students from four STEM-focused groups including WISE (Women in Science and Engineering); ANCWT (Advancing New Canadian Women in Technology); Ottawa University’s Co-Op Student Program; and IRC (the Indigenous Resource Centre.)
Here’s the language we included in all FWD50 2019 sponsor contracts, which sponsors were required to co-sign with us when they confirmed their support for the event. Feel free to use and share it if you’re putting together contracts for events you run.
When a sponsor supplies more than one speaker, we require that half of their total speakers are female as a condition of sponsorship. Here’s how we implementing this:
When this requirement is met, we’ll offer subsidized tickets totalling 10% of the sponsor’s fee to under-represented groups so that they can attend FWD50, in the sponsors’ name.
In the case that this requirement is not met, sponsors are required to donate an amount equal to 10% of their sponsorship fee to a nonprofit organization.
For FWD50, our chosen organization is Canada Learning Code, which works to ensure that all Canadians — particularly women, girls, people with disabilities, Indigenous youth and newcomers — have access to the knowledge they need to prosper in our digital world. We require proof of donation before the event takes place. At the conference, we’ll announce this organization, and the money raised through donations. Of course, we hope that in the case of a sponsor providing a single speaker who isn’t from an under-represented group, that sponsor will join us in raising money for a great cause as well!
FWD50 is for all. That means we want a diverse lineup, and we’re working hard to ensure that invited speakers come from all walks of life. You can help: When choosing your speaker, consider people from groups that don’t take the stage as often as they should — and join us in creating the open, accessible event we all want.
We look forward to a time when the stage — and industry — reflect the progressive society in which we’re fortunate enough to live. But that won’t happen by itself. With contractual policies like these, we can encourage our partners to make this change happen sooner.
We want to thank all the people involved in making this possible: Our sponsors, who participated enthusiastically in the initiative; Kelly Hutchinson from Edelman who worked with Sarah Paquet, EVP at Shared Services Canada and Deputy Minister Champion and Ottawa University to get tickets to the right people; and the Embrase team who worked with our partners to define terms that were meaningful but also flexible.
It’s hard to attract and retain skilled workers from science, technology, engineering, and math — particularly in government positions. We hope that this program will encourage more people to consider careers in digital government by featuring people from all walks of life on stage. But more than that, we hope we can serve as an example for like-minded organizations who want to fix onstage diversity.
An (somewhat expanded) transcript of a talk I gave at the FWD50 conference on digital government held in Ottawa, Canada, in November 2019. I talked there about privacy, security, and machine learning. Some additional material has been added for context, nothing has been removed from the talk as given.
is broken, and it’s actually starting to sort of scare me that we’re
not willing to acknowledge how bad things have become. It’s starting to
scare me that the industry tends to have discussions about morals and
ethics in bars, and sometimes in the hallways and dark corners at
conferences, rather than in the harsh light of day. It’s really starting
to scare me that nobody in the industry reads or understands history any more.
I’m beginning to think that courses in economics should be mandatory for all computer science students. Maybe history as well, real history, not the rote memorisation of lists of people and dates. It might add some sanity to the proceedings.
Because it’s almost back in pre-history now, at least when if you’re on Internet time, all the way back in 1972 in fact, when Alan Kay, one pioneers of the modern Internet, wrote:
years before the invention of the World Wide Web, and thirty five years
before the release of the first iPhone, which arguably really did
change everything, Kay anticipated the black rectangle of glass and
brushed aluminium that lives in all of our pockets today, and the
ubiquity of ad blocking software we need to make the web even a little
Yet, while Alan Kay’s prediction of the existence of the smartphone was almost prophetic, it was also in a way, naive.
Kay lived in a simpler time, without the ubiquitous panopticon of the
modern world, and without the security threats ,which arguably shapes
the modern Internet, and our view of it. Because the arrival of the web,
broke the Internet that sits underneath it.
there really is only one business model on the web, and that’s
advertising. People have consistently refused to subscribe to services
or pay for content. Instead, advertising supports the services that sit
underneath almost everything we do on the Web, and behind advertising is
the data that makes it possible.
about how your day-to-day experience of the Web would be different if
Google charged a monthly subscription fee for its search service, or
perhaps worse yet, used a micro-payment based approach to charge on a
search-by-search basis. It would change how and when you used the web.
series of almost accidental decisions and circumstances have led to a
world where most things on the web appear to be “free”. That doesn’t
mean they are free, just that we pay for them in other ways. Our data
and our attention are the currency we use to pay Google for our
searches, and Facebook for keeping us in touch with our friends.
I used to argue that, one day, the idea that a stranger could make a bell ring in your home, and you would then be socially obligated to talk to them, would seem—when we look back on the twentieth century—laughable.
Today, nobody I know answers their landline. I don’t even know anyone under the age of 30 that has one. Why bother?
I’m now beginning to wonder not if the Facebook-style model of social
networking will seem similarly laughable in the future, but how long
it’s going to be until that happens.
In turn Facebook responded by saying that he will not be allowed to run ‘false ads’ on their platform, “…this
person has made clear he registered as a candidate to get around our
policies, so his content, including ads, will continue to be eligible
for third-party fact-checking.”
Facebook is declaring that it won’t decide what’s an outright lie in a
political ad, but it will decide who is a legitimate political
candidate, which is arguably worse.
While Twitter’s response, to ban all political advertising from their platform is, at least on the surface, better. It means that
while companies can advertise, political groups trying to stop them from
doing harm, can’t.
Ten years ago Mark Zuckerberg famously stated that privacy should no longer be considered “a social norm.” It became the mantra of the Big Data age, and for the last ten years Silicon Valley has pursed it with vigour.
the companies that we have entrusted with our data, in exchange for our
free services, have not been careful with it. Back in April this year more than 540 million records about Facebook users were publicly exposed on Amazon’s cloud computing
service by a third party app developer, and then again in September, another 419 million records were found on an unsecured server, no password needed. This time the
records contained phone numbers linked to Facebook user ids, and some
included both the user’s gender and location details.
But it’s not just the social networks. Back in 2017 the Equifax breach exposed the details of 143 million people in the United States,
millions of driver’s license numbers, phone numbers, and email
addresses. Alongside this were people’s real names, their date of birth,
and their US Social Security number.
While last year the Marriott/Starwood breach leaked details of 500 million people;
name, gender, home address, phone number, email, nationality, passport
number, date of birth, along with arrival and departure information. If
you’ve ever stayed in Starwood property, like the Sheraton, or the
Westin, your details are in this data.
are not small companies. Neither Equifax or Marriott are startups
throwing things on an AWS instance and figuring to fix everything once
their Series A comes in and have the money, or the head count, to do it.
But it turns out that unintentional data breaches might be the least of our worries. Data leakage by design is a real problem.
instance if you share a Dropbox Paper document publicly, any viewer can
see the full name and email address of any other Dropbox user who has
ever opened that document.
a problem. Because it’s trivial to crawl for Dropbox Paper document
public URLs, and harvest all the personal details of the tens, or
hundreds, of thousands of people who have opened those documents.
there isn’t anything new about RF side-channel attacks. Recovering
plain text from encrypted communications using leaked emissions from
poorly shielded hardware dates all the way back to the Second World War,
and the dawn of the information age.
a sufficiently common problem that there are now well established
standards for shielding devices to ensure that they don’t leak. However,
not everybody pays attention to them.
each button press on the wallet creates a significant electro magnetic
signal around the 169 MHz spectrum. However the really interesting thing
here is that the team behind this attack used machine learning to recover the PIN from the leaked RF signals. Which, as far as I know, is a first.
just like software, hardware can leak data intentionally, by design, as
well as unintentionally through mechanisms like an RF side channel
For instance if you have an iPhone have you ever thought about how services like AirDrop work? Or how your MacBook sees you are running Safari on your phone, and is able to open the same web page? Or share a WiFi password?
These features work due to something called Apple Wireless Direct Link (AWDL), a protocol that can work either via WiFi or BLE to interconnect
and allow data transfers between devices. But the protocol is less
anonymous than you might think.
But as well as things like phone and Wi-Fi status, recent work by by security researchers at a company called Hexway show that AirDrop sends out a SHA256 hash of your phone number to all devices in range every time you hit “Share.”
While only the first 3-bytes of the hash are advertised, phone numbers
have pretty strict formatting, attackers can use pre-calculated hash
tables to recover your actual phone number.
Again, this is a feature, not a bug.
Hardware can also be weaponised. A HID attack is where an attacker takes a programmable embedded development platform and creates a USB device which when plugged into a computer will execute a pre-configured set of keystrokes to drop a malicious payload onto it.
is sufficiently easy now that I won’t plug my devices into publicly
accessible charging sockets. All those convenient USB sockets on planes,
and hotels? I won’t use them, and I wouldn’t recommend anyone else does
If you can’t compromise someone’s hardware directly, you can always steal its identity.
SIM Jacking is the process where an attacker uses personal information,
that they may have found in a separate data leak — like those from
Equifax or Marriott that I mentioned earlier — to persuade your
cellphone provider to transfer your number to a new SIM card.
the swap is complete, messages containing codes for two-factor
authentication can be intercepted, and the fraudsters can hijack your
email, social media, or even banking accounts. Your life.
Jacking is a growing problem because it differs from other forms of
hacking, in that it doesn’t require any technical know-how; all you need
is skills of persuasion and a basic grasp of identity-theft.
Referred to as ATM jackpotting, the malware tricks the machines into ejecting all of its cash, no card required.
Typically installed by opening a panel to reveal a USB port and the just
plugging in a flash drive, the attack in Germany affected a machine
model that is still in use today. Freestanding ATM machines, often found in hotel lobbies and corner stores, are especially vulnerable.
perhaps the thorniest problems are those caused by a combination of
hardware and software. Earlier in the year a man named Masamba Sinclair
rented a Ford Expedition from Enterprise Rent-a-Car.
When he rented the car he connected it to his FordPass app. The app allows drivers to use their phones to remotely start and stop the engine, lock and unlock the doors, and continuously track the vehicle’s location.
Despite bringing it to the attention of both Enterprise, and Ford, we learned last week that five months after his returning rental car, and multiple renters later, he still has full remote control of the vehicle.
A couple of times now the CES technology show in Las Vegas has run a scavenger hunt. Based around Beacon technology — bluetooth beacons that is — participants needed to hunt for eight
scattered around the vast halls, and all three venues, of the CES show
in Las Vegas.
Both times they’ve run this hunt I’ve managed to hack it,
fooling the CES app into thinking I’ve found all the beacons, and won.
Except that both times I wasn’t actually attending CES, I wasn’t even in
Las Vegas at the time.
By decompiling the CES app you can get the identities, and locations, of the beacons it’s looking
for, and then fake them, and fool the app. It’s actually a pretty easy.
However it turns out that the fact you can win the scavenger hunt from your desk isn’t the most interesting thing I found, at least not the second time I hacked the hunt.
with the identities of the eight hunt beacons came the latitude and
longitude of over 1,000 other beacons scattered over the three CES
venues that — so long as you had the app installed — would be picked up
by the app on your phone as you made your way around the show.
Possibly intended for indoor navigation, the notifications they generated as you made your way around CES were at times a bit creepy.
Looking at the decompiled code of the CES app it looked a lot like that, each time your phone saw a beacon, it “called home”
to report your location. If that’s really the case then a
minute-by-minute log of you position at CES could conceivably be saved
in the cloud, and your location tracked the whole time you’re there.
recently this sort of mass deployment of beacon technology has been
rare, and there has been very little debate about the privacy
implications underlying it.
Connected devices, the Internet of Things, is a problem.
There are so many moving parts, not necessarily physically moving
parts, but rather interactions. Every time software talks to hardware,
or other software, there is an attack surface.
A recent survey revealed that 1 in 5 security experts working with internet connected things feared their smart toilet would be hacked. The only surprising part of that survey was that this many people had smart toilets?
But it’s not just your toilet you should be worrying about.
While just last month they launched a cyber operation against Iran in response to the September attacks on Saudi oil facilities. Of course
that’s nothing new, the history of the US-Iran cyber-conflict dates all
the way back to the Stuxnet attack against the Iranian nuclear program back in 2010.
The government of the Netherlands recently released a document describing their views and position on the application of international
law to cyberattacks. Unlike some previous documents I’ve seen it’s
really a rather well reasoned. I highly recommend it.
Also last month the city of Johannesburg was held for ransom.
Initially, employees thought they were the victims of a ‘normal’
ransomware attack, like the one that hit the city’s power grid back in
July, an attack that left many without electricity for days.
it was later discovered that city computers were not encrypted. Instead
after providing proof, the attackers asked for 4 bitcoins—that’s
roughly US$40,000 at today’s exchange rate—threatening to upload all the
city’s stolen city on to the internet.
An interesting change of tactics there.
In an attempt to keep track of these incidents, StateScoop has developed an interactive map of every known public-sector ransomware attack inside the continental
United States going back nearly six years. More than 100 public-sector
ransomware attacks have been reported in 2019 so far, compared to 51
reported in 2018. Things appear to be getting worse.
attacks can be devastating, especially against utilities, or heavy
industry. Where the increasing use of Internet connected machines mean
loosing not just data, but capability.
Hydro ASA is a Norwegian aluminium and renewable energy company. It is
one of the largest aluminium companies worldwide. Back in March it was it was hit with a ransomware attack. The entire workforce — 35,000 people — had to resort to pen and paper.
lines shaping molten metal were switched to manual, in some cases
long-retired workers came back in to help colleagues run things “the old fashioned way”. In many cases though, production lines simply had to stop.
Concerned about their reputation damage, litigation. Evidence suggests that many, most even, large companies or agencies hit by ransomware pay.
Norse Hydro didn’t, and in the first three months after the attack that
decision cost them somewhere around 60 million US dollars.
What they’ve lost in revenue, they’ve arguably gained in reputation.
Under the weight of malware, botnets, rogue social media, and national paranoia, the global internet is starting to fragment.
The Great Firewall of China, Russia’s ‘sovereign internet’ law which is
basically a parallel domain name system, coupled with deep packet
inspection.These are the obvious signs.
But the malaise goes deeper. The global success of the Chinese TikTok app has been hailed as a “national security threat”
by the United States government. Perhaps because this is the first time
cultural creep has gone the other way. The Americans are used to us
adopting their culture, not the other way around.
there is also intriguing ripples, in part due to the fallout from the
ongoing Chinese-American trade war that the common shared technological
stack, which until recently we all shared, is starting to split.
One thing that’s driving that divide is magic.
Amongst other things, including inventing the idea of the geostationary satellite, Arthur C. Clarke is famous for saying that “…any sufficiently advanced technology is indistinguishable from magic.”
the outside machine learning, artificial intelligence, looks like
magic. But it’s not, it’s computer science, mathematics, statistics, and
a dash of domain knowledge.
also controversial, because as you might expect the industry is making
the same privacy and security mistakes here as it has done with big
data, and the internet of things.
Learning applications driving digital surveillance are ubiquitous in
China. In a country where every adult has an ID card with their face on
it, and that data is in a government database, facial recognition can be a powerful technology for surveillance, and repression.
to the German Interior Ministry, the system averaged 80% accuracy,
meaning 1 in 5 of the volunteers went unnoticed. The average for false
positives were significantly lower, it incorrectly identified 1 in 1,000
as a person of interest. That seems low, but if you think about a
larger rollout, with more people, and consider the potentially grave
consequences for an innocent person mistakenly identified by such a
system. It’s worryingly high.
Especially since deep learning models are incredibly easy to fool. Adding a simple physical perturbation — just four stickers! —to a stop sign, something that could easily be disguised as real graffiti, can fool a model.
is what is called an adversarial attack, and those four stickers makes
machine vision network designed to control an autonomous car read that
Stop sign — still obviously a stop sign to us humans — as saying the
‘Speed Limit’ is 45 miles an hour. Not only would the car not stop, it
might instead speed up.
You can launch similar attacks against face and voice recognition machine learning networks. For instance you can bypass the ‘liveness detection’ of Apple’s FaceID system, albeit under constrained and limited circumstances, using a pair of glasses with tape over the lens.
worrying that direct attacks perhaps is bias and ethics in machine
learning. There is only really a small group of people making decisions
about what data to collect, what algorithms to use, how they should be
Most of us are middle aged white men.
For instance according to recent research,
algorithms developed to help decide which patients need of extra
medical care are more likely to recommend relatively healthy white
patients over sicker black patients.
algorithm sorts patients according to what they had previously paid in
health care fees, meaning those who have traditionally incurred more
costs would get preferential treatment. That’s where the bias creeps in.
When breaking down health care costs, the researchers found that the
health care system is less inclined to give treatment to black patients
dealing with similar chronic illnesses compared to white patients.
press around machine learning, or rather artificial intelligence,
paints a picture which is really not in line with our current
understanding of how such systems are built today, or even in the
learning systems are trained to a specific task, we are nowhere near
general intelligence, and most researchers would argue that we don’t
really understand how to get from here to there.
security, morals, and ethics around machine learning—all of this is now
being debated, although for the most part it’s being done rather
So as not to scare the public.
what scares me the most is that as an industry we’ve proven ourselves
perhaps uniquely ill-suited to self-regulate. Ten years of big data has
convinced me that the technology industry is arrogant and childish, “…move fast and break something” shouldn’t apply to our personal privacy. Or to our civilisation!
It is the arrival of the GDPR in Europe, and to a lesser extent the CPPA in California, has changed the conversation. They gave us, as citizens, rights. They gave us, as developers, responsibilities.
The reaction from Silicon Valley was predictable, especially perhaps given the different view on privacy between the United States and Europe, something that is based in part on a good number Europeans having survived under repressive governments in living memory.
me, and to a lot of developers who will quietly tell you the same—at
least in private—the screams of anguish from the Valley show not that
the GDPR is a poor law. Instead that it is doing exactly what it should
Just like some US-based websites who didn’t want to think about the implications of the GDPR, some ‘smart’ devices stopped providing service when the GDPR came into force.
One of these was Yeelight.
You could still turn individual bulbs on or off, one at a time, in
their app. But everything else got taken away if you told the app that
what data, about when, and what, bulbs you’re turning on or off is the
company behind the app selling on, or using in ways you don’t expect.
To be clear, I’m fairly sure this sort of response isn’t legal under the GDPR. You can’t refuse to provide the service just because the user refuses to let you have their data, unless that data is required to provide the service. I can’t conceive of a case where GDPR infringing data is necessary to turn light bulbs on or off, can you?
Earlier this year, Zuckerberg stood up on stage at Facebook’s F8 conference and said “…the future is private.”
Even if you don’t believe him, and lets face it we haven’t been given
any reason to, the idea that this man, the man that ten years ago stood
up and sold us on the mantra of the big data age, that privacy was no
longer a social norm said this, tells us something.
It tells us that that age is over.
leave you then with one more thought. I no longer believe the industry
will solve all these problems. I believe legislation, like the GDPR, is
developers we sit in meetings, and if someone asks us to do something
that we feel is ethically bad, we should say no. But there is always
pressure, pressure knowing that others might say “…yes!” That our job is on the line. That our company’s funding is on the line. Our lives, our families, our future.
We need laws that are digital native, laws that tell people that it is okay to say no, we need to know that you have our backs.
Don’t pass laws in anger, or god forbid ignorance,
do not be tempted yourself down the dark paths, the easy wins that
technology offers. But I’m pleading with you, go back to your
constituents, your agencies, and govern. It is past time, more than past
time, for you to do so.
years of big data, ten years of attempted technological fixes, rather
than cultural ones, has proved that the industry cannot.
For the first time, we’re running a Regional Digital Government Summit as part of FWD50. It’s chaired by Hillary Hartley (Ontario’s Chief Digital Officer), Catherine Desgagnés-Belzil (Secrétaire adjointe à la transformation numérique et Responsable du Centre Québécois de l’Excellence Numérique(CQEN)), and Nikhil Deshpande (Chief Digital Officer, State of Georgia.) Aimed at public sector audiences, it’ll bring together dozens of municipal, provincial, and state-level digital innovators to discuss the unique challenges and opportunities in digital government.
Ahead of the event, we asked our chairs—in their own languages—to give us an insight into what their jobs are like.
What’s the biggest difference / Quelle est la plus grande différence?
FWD50: What is the biggest difference between making change happen at the national and regional levels? / Quelle est la plus grande différence entre faire changer les choses au niveau national par rapport au niveau régional ?
Catherine: Que nous travaillions au niveau régional ou national, les changements amenés doivent se faire dans le respect des besoins des citoyens. Or, la principale difficulté réside dans notre capacité d’unifier la vision du citoyen à travers la multitude de profils et de particularités des individus.
Conséquemment, plus petite est l’échelle à laquelle on travaille, plus facilement réalisable est le défi d’identifier un point commun permettant d’établir une vision unifiée dans une perspective citoyenne.
Hillary: All digital teams exist to re-orient their organizations around the user, and deliver better, more convenient and joined-up services to people. The level of government is not as important as understanding who it serves. The common link is that governments don’t have a target market. We serve everyone.
Scale is a differentiator — population sizes vary and needs shift, depending on local context. Sometimes, geography is a factor. Other times, the diversity of user communities, the economic climate, organizational skills and capacity, and lived experience in a particular part of a city, province or country impacts design and delivery approaches and eventual outcomes.
Collaboration is critical. Because needs are diverse across governments, we’re continuously looking for ways to learn from one another. If something has worked in one place, let’s fork it and try it here. It’s part of experimenting together, replicating successes and scaling delivery, to serve more people.
National teams have a leg up regarding the adoption of methods or practices, as long as they are communicating about them. There’s an inherent “trickle-down” effect from the federal government to provinces, states, or municipalities. Often, regional governments use the cover of something a federal team has done to show what’s possible to their stakeholders.
At the sub-national level, provinces, states, and municipalities need to be diligent about communicating and collaborating so that we aren’t reinventing the wheel.
Nikhil: There are probably more common challenges than differences but amongst several factors, the key ones seem to be budget, scale, time to implement, and outreach. Change influencers at a regional level may have a shorter process to push change through but harsher budget conditions to implement. Depends on the type of change, organization and the scale one is trying to implement.
Where do we interface / Dans quels contextes devons-nous interagir?
FWD50: Where do regional governments need to interface with national/global standards, and where is it OK for them to act without considering other groups? / Dans quels contextes les gouvernements régionaux doivent-ils interagir avec les normes nationales/mondiales et quand peuvent-ils agir sans tenir compte des autres groupes ?
Nikhil: Regional governments benefit from research-based policies and standards published at the national/global levels. It is best practice to interface with national/global standards unless any isolated regional use case/cause justifies solitary action.
Hillary: There’s no central standard in the world that points to how teams must work. But making common choices can help us scale digital approaches, practices and tools faster and more effectively.
For example, if one team in place A has gone through the effort of creating, testing and launching a new standard for building and using Application Programming Interfaces (APIs), how might other teams in places B, C and D be able to adapt it for their needs?
Being smart about how we scale accelerates change. It’s not about a one-size-fits-all approach. Instead, we want to continuously share our work and collaborate across the growing network of digital teams in Canada, across North America and right around the world, so that we leapfrog forward, together.
It’s always OK for digital teams to experiment, learn and continuously improve ideas, standards, and approaches. Discoveries in one place can help advance work in another place. Leaders need to encourage their teams to form hypotheses and just get started.
Catherine: Nous devons placer le numérique au service des citoyens dans le but de faciliter leurs interactions avec le gouvernement. Ainsi, l’administration publique vise à adapter ses relations avec les citoyens en fonction de leur réalité.
Pour faciliter les échanges et les interrelations entre les différents paliers gouvernementaux, il est primordial que ceux-ci adoptent un langage commun basé sur le respect de règles et de standards nationaux et mondiaux. Car plus les différents paliers gouvernementaux pourront se rallier et offrir une cohérence d’ensemble, plus grands seront les bénéfices pour les citoyens.
How to make design more local / Comment faire évoluer vers une population plus locale?
FWD50: How do you change design and problem discovery to a more local population? / Comment faire évoluer la conception et la découverte de problème vers une population plus locale ?
Hillary: At root, it’s about users. Having a strong mechanism to recruit the right users for research, and being able to tap into a diversity of users, helps identify specific needs.
The location might matter, but it might not. We don’t know until we ask people about their needs. A general principle of our design philosophy is that when we design for the edges (the most marginalized users), we’ll be more successful for everyone.
It’s essential to be inclusive in user research practices. When we engage people with diverse lived experiences, and especially those individuals who have been historically excluded, we uncover richer insights that enable us to deliver better outcomes.
In Ontario, the Simpler, Faster, Better Services Act was enacted in August, enshrining user-centred service design into law. Essentially, the Act will help us deliver user-centered practices across our organization, so that we can better respond to the changing needs of the 14 million people who live in the province.
“Ask a Mayor“
FWD50: “If you want something done, ask a mayor,” as the saying goes. Why is there a perception that smaller scopes and organizations are more responsive? / Comme le dit le proverbe anglais : « If you want something done, ask a mayor ». Pourquoi les structures et les groupes de plus petite taille semblent plus réactifs ?
Hillary: At the local level, governments are responsible for services that most people use, see and touch. For example, people notice if their garbage doesn’t get picked up, or if the system crashes when you try and sign up your kid for swimming lessons.
At the provincial or regional level, governments fund a lot of other organizations who deliver services directly to citizens. Health and education are two major provincial responsibilities and sectors where provincial policies and processes have impact, but the experience happens in schools, at doctor’s offices, and in clinics and hospitals.
Provincial governments need to collaborate with the Broader Public Sector on digital, and vice versa. Our reach can’t end at our doors — it needs to extend through theirs. The scope of the organization can be big or small — Ontario is bigger than some countries, so what matters more is that the organization is designed to meet the needs of the people it serves.
You have to look inside the culture of an organization. Examine the systems, processes, practices and tools in place. Are they designed for the speed and convenience of the internet era? Or have we become the best dinosaur? To stay relevant, public service organizations of all sizes must continually respond to the changing needs of their populations.
Catherine: La complexité d’une structure de gestion croit généralement en fonction de la taille de l’organisation. Dans une structure de gestion complexe, les paliers à franchir pour obtenir une décision ou transmettre une orientation sont plus nombreux et cela a un impact négatif sur la capacité d’une organisation à être réactive. Voici une des raisons qui explique pourquoi les structures et les groupes de plus petite taille semblent plus réactifs.
Nikhil: There is no doubt that local governments are at the forefront of service delivery. As we move up levels within government, the bodies are tasked with invisible services such as infrastructure and policies. So, the perception of implementing an instant visible change may seem more relevant at the local level; like reporting and fixing potholes or crime reporting. However, regional and state organizations are working towards changing this perception.
By offering multiple channels to understand constituent friction, state governments are prioritizing citizen experience and constituent services.
What about political upheaval / En périodes de bouleversement politique?
FWD50: How does a civil servant continue to deliver against their mandate in times of political upheaval or regime change? / Comment un fonctionnaire peut-il continuer à s’acquitter de son mandat en période de bouleversement politique ou de changement de régime?
Catherine: En adoptant une approche et une démarche agile qui permet à l’organisation de s’adapter au fur et à mesure aux divers changements, y compris des changements d’orientation inhérents à des bouleversements politiques.
Delivering user-centred, more convenient and efficient government services is universally important to modern public service teams, around the world.
Digital government is just good government. New tools and practices have created new opportunities to meet people where they are. Our role, as public servants, is to use our knowledge of these tools and practices to show what’s possible, enable and empower others to work in new ways, and continue delivering together with users.
As leaders, it’s also important to recognize that change isn’t always easy. It can be tough to shift organizational culture, build capacity, and deliver better services while living through change. If you’re leading a team, it becomes even more essential to listen, support people, remove blockers to delivery and over-communicate inside the organization. The team should always feel that you’ve got their backs.
Metrics drive change / Les mesures les plus importantes
FWD50: What are the most important metrics you ask for when trying to understand how your organization is running? What’s on your dashboard? / Quelles sont les mesures les plus importantes que vous exigez lorsque vous essayez de comprendre comment fonctionne votre organisation ? Qu’y a-t-il sur votre tableau de bord ?
Hillary: H. James Harrington said, “If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it.”
One of our core principles is “Show, don’t tell”, so let the numbers speak for themselves. The data serves us in two ways:
Data is absolutely critical when it comes to telling the story of change. Are we seeing a difference in the number of projects being built following the Digital Service Standard? Are teams progressing at each sprint review or show-and-tell, or are they constantly stuck or dealing with the same blockers? Are executives doing enough “blocking and tackling” to enable teams to deliver? Are we closing out projects, or are they turning into “recommendations” that don’t actually get implemented?
Data helps us understand if we’re on the right track with our products, and actually meeting people’s needs. Are people using what we build? Are we saving people time?
We look to the metrics to show change in real time. How do we know that what we’re doing is working? Well, we see anecdotal evidence of visible shifts — when an Assistant Deputy Minister sits down alongside a team to whiteboard a journey map. Or, when a Deputy Minister observes the user research on a service. But here-and-there examples alone are not enough. So, we’re also working on KPIs to consistently quantify and measure culture change, such as measuring the number of multidisciplinary teams doing digital service design. This is new ground in the Ontario Public Service, and we’re very excited.
Nikhil: It is important to understand the impact and outcome of activities carried by any organization. Any metrics that show outcomes rather than just outputs, are critical to gauge the success of an organization.
Catherine: Dans une approche centrée sur le citoyen, notre indicateur le plus significatif est celui mesurant la création de valeur. Celui-ci nous incite à favoriser les actions ayant un potentiel d’utilisation élevé et procurant une valeur ajoutée. Les autres indicateurs importants sont ceux liés aux bloquants ainsi qu’aux risques et enjeux.
Recruiting and talent / Recrutement et recherche de talents
FWD50: How have you changed recruiting and the search for talent in a tech-centric world?/ Comment avez-vous changé le processus de recrutement et de recherche de talents dans un monde centré sur la technologie ?
Catherine: Nous travaillons sur ce point !
Hillary: Government presents a unique opportunity to bring together a love for technology and a desire to make a difference. Whether you’re a designer, engineer, communicator or policymaker, you want to leave things better than you found them. You’re intensely obsessed with two things—humans and problems. In fact, the bigger the problem, the more technologists want to dive into it. We’re always experimenting with “how might we” scenarios. And guess what? That’s exactly what great public service teams are all about, too.
Great technologists want to solve big, complicated problems. Government, is full of gnarly problems across sectors, at scale. In Ontario, we serve a population of about 14 million people. When I was with 18F in the United States, the federal government served a population of over 327 million people. It’s the mission of public service that calls people, and it’s not hard to find great people who want to contribute.
In Ontario, our focus has been on targeting recruitment around the skills that are needed most across the public sector — product management, design and development. We also look for people with the aptitude for change — those with a desire to work in new ways and reimagine service delivery. In tandem, and equally as important, is building skills capacity within the public service. There’s a lot of hidden talent across ministries. How might we find it, nurture and unleash it?
Our talent strategy must address digital skills development, training programs, incentive structures and new pathways for growth for both the current cohort, and the next generation of public servants. What roles are emerging and what roles are transforming as a result of working in the internet era? If government isn’t looking to the future of work, we’ll fall behind in the global grab for talented people who understand tech and how to solve problems using internet-era skills. Sitting still is not an option.
Nikhil: Talent search is always a challenge at regional levels. USDS and 18F have established a civic-tech duty model that most regional governments are looking to implement.
The future of talent within tech-centric government organizations seems to be short-term engagements by specialists than the proverbial life term bureaucrats. Similarly at a regional level, we have embraced contract resourcing for short to mid-term engagements.
No expo hall. The conference isn’t a tradeshow; our partners believe that a rising
tide lifts all boats, and brings great content—and if they don’t, the
audience can go elsewhere during the event.
Nonpartisan. Our allegiance is to society as a whole; the “FWD” in our name means “neither left, nor right, but forward.”
Open. We know we’re part of a community, both in Canada and globally, trying to use technology to improve society.
We’d always hoped that FWD50 could serve as a “lightning rod” around which other groups can coalesce. The week that FWD50 happens, we have some high-powered infrastructure (in the form of the Aberdeen Pavillion and the Horticulture Building at Lansdowne park.) We also have an abundance of amazing speakers from around the world. And of course, we have the immense privilege of a Bully Pulpit. We take these things seriously.
of the ways we try to make the most of this is to work with a number of
communities and groups to put on events in and around FWD50 itself. Our
goal, over time, is to turn this into a week of digital government
events for organizations at home and abroad.
a list of the things that are happening alongside the event—it’s
probably incomplete, because we’re adding more events every day at this
point. If you’ve got something you’d like to run in and around FWD50,
please contact us via our website or on Twitter.
Our venue has three breakout rooms, which are available at breakfast and lunch on both November 6 and 7. So we open those up to community groups, NGOs, and civil society organizations to use for on-site meetups. These are informal gatherings and a chance to chat for an hour about a particular topic or project.
November 6 breakfast (8–9AM)
Meet with the folks behind OneTeamGov Canada, a global public sector reform movement which aims to improve public services and change the way we work through practical action.
The Build In Canada Program helps companies move from invention to business model by procuring and testing late-stage technological innovations. Learn about the work they’re doing to help commercialize Canadian innovation and government adoption.
November 6 lunch (12:30–1:30PM)
We’re still finalizing events for this lunchbreak; let us know if you’re interested in using one of the remaining slots.
November 7 breakfast (8–9AM)
Code for Canada connects all the Canadian civic tech groups through a community network
and has a playbook for government innovators to find ways to
meaningfully engage these passionate citizens to help make government
more ‘by the people’.
November 7 lunch (12:30–1:30PM)
We’re still finalizing events for this lunchbreak; let us know if you’re interested in using one of the remaining slots.
Regional Digital Government Summit
New for 2019, the Regional Digital Government Summit is a place for provincial, state, and municipal government leaders to focus on the unique opportunities and obstacles they face. It happens from 11AM-5PM on November 6.
We’re thrilled to be helping put this on; it’s being chaired by three digital government heavyweights:
Hillary Hartley (Chief Digital and Data Officer and Deputy Minister, Cabinet Office for the Province of Ontario)
hoping this parallel event, which expands FWD50 to regional
governments, will become an regular part of the conference each year.
It’s open to all attendees of FWD50, however, participants will be asked
to sign in at the door so that the nature of the event is understood,
the room is secure, and we can keep in touch.
Back for its third year, this fun evening event invites speakers to entertain us—quickly! The popular Ignite format has been run thousands of times around the world: Speakers present 20 slides that auto-advance every 15 seconds, making a series of fun 5-minute talks.
Policy Ignite is open to anyone with a FWD50 badge, but you can also buy a ticket just for Policy Ignite here.
The CFR’s Innovation Showcase
CFR is running a regulatory innovation showcase in the Horticultural
Building on November 5 (as a separate event from FWD50; tickets and details here.)
Beers WiT Peers
For the second year, a group of CIOs headed by Julie Leese is organizing a Women In Tech meetup on the evening of Wednesday,
November 6. Are you looking for an informal and fun way to network with
your peers? Then join the National Capital Region’s Beers WiT Peers
event from 6–9PM. The event is is sponsored by the CIO Association of Canada.
also working with OCIO, ARMA, Edelman, and many other groups to make
this a packed week of digital government and technology transformation
And of course, there’s plenty of networking, breaks, and other events to connect with your peers from around the world. If you want to be a part of it, grab your ticket now.
Our goal is to give every stakeholder in digital government a platform and a place to gather. We make space available for free (or at cost if you require A/V technicians during their lunchbreak) and would love to include your group.if you’re part of a nonprofit or community group that wants to coordinate a meetup onsite for FWD50 attendees, let us know.
One of the most striking and consistent pieces of feedback from our 2019 content survey was this: We’ve drunk the Kool-Aid.
Many people tasked with IT transformation are already true believers. They want to know how to manage digital innovation, and what to avoid to maximize success. And while technology training is useful, digital transformation is more than tools — it’s people. Culture, not tech, is the real challenge.
That’s why we’ve adjusted FWD50 to this new reality, and packed the lineup with content on culture and transformation. For starters, our breakout tracks this year are divided into beginner, intermediate, and advanced content, so you can self-select the level of expertise you’ll find most useful.
But beyond structural changes, there’s lots to learn:
Tuesday, November 5 This is our workshop day, open to anyone with a Conference + Workshop pass. It’s a chance to spend several hours on culture and transformation — or sample some of the 30-minute Fastforward talks.
We kick off our Tuesday Workshop day with a 3-hour session on writing effective policies, taught by renowned policy expert Lewis S. Eisen.
Thursday, November 7 The final day of FWD50 is also full of content on culture and transformation.
We kick off with Afua Bruce urging us to do good work that lasts by focusing not only on technology, but also the people and processes that make real change happen. She’s also running a breakout session for a chance to dig deeper with attendees.
In a first for FWD50, we’re running a Chain Reaction Panel — a series of short one-on-one conversations — between three extraordinary leaders: Accenture’s Claudia Thompson, Shared Services Canada’s Sarah Paquet, and Microsoft’s Lisa Carroll. They’re looking at what it means to lead in the new digital era.
Another can’t miss breakout features three of Canada’s star digital executives — Transport Canada CDO Julie Leese, PSPC CIO Elizabeth Rhodenizer; and PSPC Digital Services branch CIO Tammy Labelle. It’ll look at digital disruption and fundamentals of change.
Transformation needs inspiration, which Apolitical has been building with the Federal government’s toolset. Janice Cudlip of the Federal Public Service joins Apolitical product chief Ella Mae Lewis for a look at how to drive curiosity as a mindset.
We have some other talks we’ll be announcing in the coming days, but what’s clear is that transformation takes more than tech — and we’ve filled the workshops, breakouts, and keynote talks with inspiration and practical lessons on digital transformation. If you haven’t already, grab your ticket on the FWD50 website.
Fifteen years ago, the term “cloud computing” was on the front page of every tech magazine. For that matter, fifteen years ago, we had tech magazines. Today, the term has almost lost its meaning in many IT conversations. We don’t say, “cloud storage”; we say “storage,” and assume on-demand, third-party-operated computing systems are part of that strategy.
And this is a big year for Federal cloud infrastructure. More than a dozen government departments are embracing a cloud-first strategy.
To understand the magnitude of this shift, we first need to nail down terminology — which, even a decade after the first real cloud adoption, can still cause confusion.
Three cloud flavours
Clouds come in three distinct types:
Software as a Service is simply a web application. It’s software functionality, delivered via a web interface. There’s nothing to install; and you migrate by moving content and permissions to the cloud.
Platform as a Service is a place to build applications where you don’t see the underlyiing components. Sometimes called serverless, you migrate by moving your code.
Infrastructure as a Service is access to virtual building blocks — servers, storage devices, and so on. You migrate by moving machine images.
A taxonomy of cloud approaches, circa 2009.
There are myriad variations on this simple category. Some platforms, like Airtable or Google Sheets, have powerful programming languages built into them that blur the line between SaaS and PaaS. And many on-demand functions, from image processing to search lookups to content delivery networks, are simply services.
Behind this all is one fundamental idea: Own the base, rent the spike. Computer workloads are bursty, particularly those that are seasonal (like tax filings) or deal with data (like building a machine learning model from unlabelled data sources.) Making compute resources shareable makes them more cost-effective; making them easy to use reduces the time to create a new app or run a prototype.
Here be dragons
But look to these strengths, and you’ll find some of the issues that still plague cloud adoption:
Risk of lock-in: Turnkey programming interfaces make it easy to add a new feature — like search or backups — with just a few lines of code. But each time you use one of these interfaces, you’re entangling yourself with the cloud provider, making it harder to migrate. Unless you hew rigidly to cross-vendor standards, you get locked in. But if you’re rigid, you lose access to some of the most powerful things clouds have to offer.
Unbounded costs: If you see a spike in demand on servers you own, things get slow for your users. But your costs don’t go up. By contrast, in an elastic cloud, you pay for what your users consume — so capital expenses give way to variable operasting costs.
Compliance worries: The original “cloud” was the Internet — data went in somewhere and came out somewhere else, and we didn’t worry about what was in the middle. Out of sight isn’t out of mind; depending on the sensitivity of data, clouds may not be appropriate to store certain information or do certain processing. Building all the rules needed to ensure compliance is lots more work.
Drawing the right line between what you control, and what you use in the cloud, is critical if you’re to retain data sovereignty, effective cost management, and the ability to move workloads around. This is complicated stuff you need to get right.
Years ago, during the peak of cloud hype, Ian Rae made this image ironically. It became the top search result for cloud computing in the world. Clearly, clouds meant lots of things to many people.
So we’ve packed this year’s event with lots of expert content on cloud migration and adoption, including:
A workshop on cloud migration and DevOps, taught by the team at CloudOps and one of the architects of some of the world’s biggest cloud deployments. In this half-day workshop — open to anyone who’s bought a Conference + Workshop ticket, we’ll look at how to understand and operate a modern cloud deployment.
A session on the importance of open compute (the “right to root”,) open source, and open data as a way to maintain sovereignty in IT transformation.
The move to cloud is one of the most significant shifts in government IT adoption since we moved off mainframes and onto distributed clients. It’s important to get it right — and FWD50 has experts from around the world teaching can’t miss content. Grab your ticket here to chart your best move to the cloud.
There’s plenty of debate over whether AI is real. The very definition of Artificial Intelligence keeps changing — show a computer scientist from 50 years ago a modern algorithm’s ability to drive a car, identify images, compose text, or diagnose diseases, and they’d immediately conclude that AI was here.
A shot from the 2017 main stage.
But AI is brittle. It makes mistakes. At best, it complements human intelligence. It’s not artificial — it’s different. Is it still a cause for concern? Or will it never amount to a real threat to human work and jobs as little more than augmentation?
Why we need to act
Do we need to plan for AI now? Or should we wait and see? Two things say that yes, we need to act, strongly and immediately.
AI is a logical next step The first is that AI is a logical progression of computer trends that have been happening for decades:
Data centers gave us significant, centralized computing and storage power.
Cloud computing made these data centers elastic, so you didn’t have to buy what you didn’t need.
This meant sharing infrastructure, and “bursty” workloads, so anyone could analyze vast reams of information — which the modern, connected, mobile Internet was only too happy to provide.
When you have that much data, you need algorithms to crunch through it.
The best of those algorithms create better versions of themselves, which we call Machine Learning.
And that’s the state of modern AI and data science.
The second is what I call the “not not going to happen” argument. I heard a great version of this during a panel I moderated at the 2019 APEX symposium in Ottawa. I asked Deloitte’s Shelby Austin whether she felt organizations needed to act on AI immediately, or whether they could wait. “We don’t know which of the companies deploying AI today will win,” she replied, “but we know the winner will use AI.”
This is a good Occam’s Razor for AI adoption. We don’t know for sure which AI strategy will win out, or exactly how it will be deployed successfully. But we do know — given its tremendous power to make sense of the torrent of data modern society generates — that AI is not not going to happen.
The automation that machine learning and data science can bring is often a nonpartisan issue—given that it can bring tailored, personalized services to bear, but also can be used to cut costs and run balanced budgets. At the same time, everyone’s concerned about the invasion of privacy that AI might bring (whether that’s analyzing public data to infer private facts; reinforcing prejudices in policing and justice, or myriad other concerns.)
It’s also no surprise that AI consistently ranks high as a topic in our annual survey of technologies and domains. If you’re interested in the promises and challenges of AI and data science, you need to be at FWD50.
November 5—workshop day
On the first day of the conference, which is open to all ticket holders with a Conference + Workshop pass, there’s plenty lined up:
There’s a 3-hour workshop on AI, sustainability, and ethics taught by Jerry Overton, who travels the globe running thoughtful, interactive workshops on ethics and AI that constantly earn him accolades.
We’ve sprinkled AI and data science content throughout both keynotes and breakouts, as well as Circlesquare, on the second day of the event:
If you want to think about the future, Science Fiction is a good place to start. So we’ve asked author Malka Older to talk about her imagining of future worlds. She’ll look at how to use those visions to focus on the right things today. (Fun note—this started with a tweet from Thom Kearney back in February; great to see it turn into something!)
If we’re going to rely on computers, data, and algorithms for our future, they’d better belong to us. Open source is only part of the conversation—so is the right to repair, and the sovereignty of our data. We’re assembling organizations like OpenCorporates and OpenStreetMaps to shine more light on this critical self-determination angle.
The Circlesquare interactive discussion once again has an AI and Data Science corner, where we’ll talk about the impact of these technologies on Climate, disaster, and emergencies; regulation and compliance; finance and spending; and records and information management.
On the final day of the conference, there’s still plenty of AI content to keep you busy, including:
As if that weren’t enough, Ramy Nassar and Rebecca Kain are running a 3-hour workshop on design thinking and AI, with particular focus on Canada’s world-leading AI guidelines. Entitled “Design Thinking for AI & Machine Learning: Methods & Best Practices for Building Citizen-Centered AI-enabled Services & Solutions” it’s a custom-built workshop format for those who want to dive deep into the ethical issues of building AI services.
If you’re interested in how AI and data science change government—and you really, really should be—then FWD50 is the place to be this November. You can grab a ticket here, and become part of this critical conversation.