Coupled with the rise of digital technology, the move of services to e-delivery models and new personal threats in the form of cyber-attacks, libraries are now standing as the vanguard of the most important skill our citizens will have in the 21st century: digital literacy. It is fitting then that VALA – an independent not-for-profit organisation that aims to promote the understanding of information technology within libraries and the broader information sector – sought this year to run an event at the intersection of GLAM – galleries, libraries, archives and museums – and technology.
The event aimed to help librarians and associated professions ‘level up’ on emerging technology, and inspire people to continue their technical learning journeys. By all accounts, it was a strong success.
There were several excellent presentations at #VALATechCamp, and these were my personal highlights.
Ingrid Mason (AARNet) – Infrastructure, research and innovation as components of digital literacy
Ingrid’s presentation was pitched perfectly for the audience, and challenged us to think about the concept of infrastructure literacy as a subset of digital literacy – the ability to understand how pipes, and bytes, and bits all fit together, thus providing a Rosetta stone for the seemingly arcane languages used by technologists. This has touchpoints with initiatives such as Skills for the Information Age, which is a rubric of technical and related skills for professional development in technically-driven organisations. Reflecting on this more however, we almost need something like ‘SFIA for ordinary people’ – some form of syllabus which imparts basic digital and infrastructure literacy. Ingrid’s talk was very well received by the audience, due both to her conceptualisation of the topic and the empathy and warmth with which she was able to deliver it.
Athina’s engaging and energetic presentation highlighted again the role that libraries play in imparting digital literacy, as she recounted her experience in delivering knowledge on personal privacy and encryption through running Cryptoparties at the Melbourne Library Service. It was refreshing to hear from someone who is self-admittedly not a “techie” – and the challenges faced by explaining concepts like privacy and encryption to people who have only a basic understanding of computers. Again, this made me reflect on the digital divide and digital inclusion – digital literacy is now required because of the push toward e-services by government and other service providers, but personal digital literacy – the ability to safeguard one’s own privacy in a digital environment – is not emphasised. Thus, the digital divide not only disadvantages people because of the barriers it creates in accessing services, it also entrenches disadvantage because only the skilled will be able to protect themselves against new threats.
Natasha, who is well-renowned for her work on DoI – Digital Object Identifier System in Australia – presented on the different schemes for persistent identifiers for research artefacts – journal articles, datasets, and ‘grey literature‘. The challenges here mirrored those of other archiving and referent systems – what happens if the auspicing organisation no longer exists? From an open data viewpoint, what struck me here was so many different competing standards – some auspiced by government, some by corporate interests such as publishing houses and others by NGO bodies – who are reliant on member funding to operate. As an international community, we still have a long way to go in negotiating, adhering and nurturing international open standards – but with someone of the calibre of Simons in the mix, there’s strong hope for the future.
Linux Australia Diversity Scholarship
With thanks to my colleague, Sae Ra Germaine, Linux Australia was able to partner with VALA to provide a Diversity Scholarship. As with many other areas of life – employment, social mobility, access to education and healthcare – Indigenous, regional and remote Australians have poorer digital literacy and participation in STEM – science, technology, engineering and mathematics – than the non-Indigenous and urban population . A diversity scholarship is a small step towards providing additional opportunities to help address the digital divide. Through a rigourous selection process, Wiradjuri man Nathan Sentance, Project Officer at the Australian Museum, was selected as this year’s Diversity Scholarship recipient. Nathan will be able to share his learnings from #VALATechCamp with his broader community.
In conclusion, I was left with the impression that libraries and the broader GLAM sector are realising that while their core remit – that of preserving, facilitating access to, and engaging communities around knowledge – remains valid and pertinent, the ways in which those services are delivered is rapidly changing, concomitant with the wave of digital transformation. Just as libraries of yore helped citizens become literate, librarians are now the vanguard of digital literacy, and events like #VALATechCamp are providing a sorely-needed arsenal.
This year, linux.conf.au 2017 headed to the picturesque state of Tasmania, to Hobart’s Wrest Point convention centre, and the theme of the conference was ‘the future of open source’. My key takeaway from the conference was that:
The future will be built on trust, and trust takes many forms –
Trusting that data and systems have confidentiality, integrity and availability – traditional security
Trusting that digital experiences will be pleasant, safe and as frictionless as possible – user experience and community experience
Trusting that people will build the future that they want – agency and empowerment
This blog post is going to explore some of my picks from the conference through these lenses.
Security, privacy and integrity
Security, privacy and integrity was a recurring theme of the conference.
Michael Cordover – The Future of Privacy
Michael Cordover‘s talk, ‘The Future of Privacy‘, was perhaps the most thought-provoking talk around privacy. Michael provided a history of privacy, underscoring how technology has shaped notions of what it means to be left alone, and what it means to have personal data remain private. In our ubiquitously-connected, always-on world, it’s becoming harder to delineate what informed consent means – given that data can be inferred by association (which is exactly how Tapad‘s technology is designed). It’s also harder for people to be aware of how apps and platforms are using data – terms and conditions are hard to read, and detract from usability. Practically, it’s hard to own your own data – you essentially have to run your own services. Open systems, decentralisation, federation and non-permissive by default are Cordover’s answers to these problems – but these all pay a usability price. In Cordover’s words,
There’s no easy path forward that ordinary people can take.
David Bell – In Case of Emergency: Break Glass – BCP, DRP, & Digital Legacy
As a first time linux.conf.au Speaker, David delivered a solid presentation covering business continuity planning, disaster recovery planning and digital legacy. His focus was on ensuring that appropriate planning was done before business interruption events. He also covered personal digital legacy – an almost-unexplored topic – for example – would the people you leave behind when you die know how to access your passwords?
George Fong – The Security and Integrity of the Internet
The key takeaway from George’s talk that continued to resonate for days afterwards was:
Trust is the byproduct of integrity
Using examples such as Dirty COW and Heartbleed, Fong opined that we as an opensource community need to make sure that Linux – which the foundation of the internet rests upon – is trustworthy. Bugs are only shallow if many eyeballs are on them, and all too often there aren’t enough eyeballs. Using the analogy of seatbelts, and how few of us would ever feel safe and secure driving without one, he articulated how the internet in many ways is still a frontier, devoid of strong security measures and protocols that ensure safety and integrity – and therein, trust.
Touching on another key theme of the conference – agency and empowerment – he urged the audience to grasp that they, we, the open source community are the voices of the internet. Fong encouraged us to use those voices to better educate the public on what we do – we need to promote our activities to strengthen integrity. Things are broken – and we’re not helping. It’s up to us to fix the problem.
On a side note, as the recently-elected President of Linux Australia, I’m looking forward to working with George, and recently-appointed Chair of Internet Australia, Anne Hurley, to identify how we can work collaboratively together on some of these aims – as Internet Australia and Linux Australia have some overlap in mission, values and remit.
Jon Oxer – Network Protocol Analysis for IoT Devices
Nowhere is security, privacy and integrity more pressing that in the field of Internet of Things. There were several IoT related talks this year, but two that stood out. Firstly, Jon Oxer‘s talk on Network Protocol Analysis for IoT Devices was an eye-opener into the history of the radio frequency spectrum, how some of it is unregulated, but moreover how device protocols can be reverse engineered with simple equipment and a penchant for code-breaking. Oxer showed how simple it is to launch a man-in-the-middle attack on IoT devices on the RF 422 MHz band by intercepting their transmissions, decoding their protocols and then using a playback attack. We definitely need better encryption in IoT.
Christopher Biggs – How to Defend Yourself from your Toaster
Christopher Biggs also gave an excellent security talk around IoT – ‘How to defend yourself from your toaster‘, however he tackled it from the perspective of an IoT device manufacturer or developer – clearly articulating what features and functions should be included in new IoT devices. Although he didn’t frame it as such, his talk was basically outlining a maturity model for IoT devices. For example, devices with low maturity have poor user interfaces, no provision for maintenance, and employ poor security practices – such as having insecure protocols (such as telnet) available. He provided useful advice for improving maturity, for instance port-scanning devices to see which ports are open, and what data is being transmitted. One of the key takeaways here was that if you are designing an IoT device, or managing a fleet of IoT devices, that you need to get someone else to do the hard parts. Apple, Amazon and Google all now have SDKs available for IoT, but the drawback is that most of them are not open sourced.
Biggs spoke of a metric that I hadn’t heard before in this space – MTT1C – mean time to first compromise – or the length of time it takes an IoT device to be compromised once it’s placed on the public internet. This got me thinking that I haven’t seen anywhere a capability maturity model for enterprise IoT – for instance the practices, support, metrics and continuous improvement that would be used in a large organisational deployment of IoT. Perhaps this is something that the standards bodies in this space – Open Connectivity Foundation, BITAG and Resin.io – will develop in time.
Dr Vanessa Teague – Election Software
Dr Vanessa Teague gave one of my favourite talks of the conference on e-voting systems, and the general problem of end to end verification. Using a number of examples of how companies have (or have not) implemented verification, she articulated a number of anomalies with current e-voting systems in NSW, which are soon to be used in both WA and Victoria. Given the recent controversy around United States elections, this talk was particularly timely, and gave rise to a number of uncomfortable questions – such as just how many votes does it take to change an election result, and possibly the course of history?
One of the most resonating points within Dr Teague’s talk was the rejection of an e-voting system – V-Vote – which had superior verification capabilities, but poor user experience and usability qualities. This touches on the second theme which emerged from #lca2017 – it is not sufficient for a product, tool or platform to be functional – it must also have form. People are persuaded by the shiny – and rather than scoff at this – default behaviour for a lot of our community – we need to recognise and respond to this.
Dr Teague was an engaging, humourous and articulate speaker, and I’d really like to hear more from her in future conf lineups.
It may be unusual to relate user experience and customer / community experience to trust, but I see it as fitting. Our experience with a task, a process, or an interaction either enhances or erodes our trust in the organisation, platform or person with whom we’re interacting.
Donna Benjamin – I am your User, why do you Hate me?
Donna Benjamin‘s excellent talk aimed to bring a user experience / human-centred design element to open source developers by questioning some of the fundamental ‘defaults’ we tend to hold. Using project onboard experiences as a lens to explore how we treat newcomers, she demonstrated that our actions are turning people away from opensource – exactly the opposite effect that we’re aiming for. She outlined how contributions in triage, review and testing are not valued as highly as code contributions, again presenting a barrier to increasing participation and diversity. Benjamin argued for the open source community to see users not in terms of what they can’t do – develop software – but as people – with needs and emotions.
This talk highlighted for me the lack of design thinking, human-centred design and user experience practices that are adopted not just on open source products, but to communities in general. Lowering ‘friction’ – the antithesis of good user experience – is something that both open source products and open source communities need to get better at.
Rikki Endsley – The proper care and feeding of communities and carnivorous plants
Rikki Endsley‘s talk likewise touched on how managing communities is a complex task, often fraught with pitfalls. The key takeaway was that you can’t change everything at once – you need to change elements of the community carefully, then have the metrics available to measure the impact of the change.
VM Brasseur – The Business of Community
VM Brasseur‘s talk was a practical guide for people working inside companies to ‘sell’ support of open source projects to management. This talk was framed along three key topics – benefits, costs and implementation. Benefits such as word of mouth marketing, stronger brand recognition, and more effective upstream support are all selling points. One of the strong points of this talk was the recognition of in-kind / non-monetary support to open source communities by business, such as the provision meeting space, marketing, guidance, leadership and mentoring. In particular, Brasseur cautioned that businesses should ask the community what it needed – rather than making assumptions – and providing, for instance, unwanted promotional goodies. Although implementation plans will vary across companies, Brasseur provided some generic advice, such as having clear goals and objectives for community support, setting expectations and being transparent about the company’s intentions.
Nadia Eghbal – Consider the Maintainer (keynote)
Nadia’s keynote brought to the fore many simmering tensions within the open source community. Essentially, the burden of maintaining open source software falls to a few dedicated maintainers, who in some cases may be supporting a product with a user base of tens or thousands of uses.
Eghbal set out four freedoms for open source producers / maintainers, being:
The freedom to decide who participates in your community
The freedom to say no to contributions or requests
The freedom to define the priorities and policies of the project
The freedom to step down or move on from a project, temporarily or permanently
Whether these freedoms are embraced and used to support open source maintainers remains to be seen.
Agency and empowerment
The third key theme that was reflected in the conference programme was that of agency and empowerment – being the changes that we want to see in the open source world.
Pia Waugh – Choose your own adventure
Pia Waugh kicked off this theme, delivering the first conference keynote, where she gave a retrospective on human evolution, and then extrapolated this to the future of open source, articulating how we’re likely to see a decentralisation of power in order to strengthen democracy. She went on to challenge a number of existing paradigms, calling them out as anachronisms as the world has evolved.
This talk was full of Waugh’s trademark energy and vibrancy, and was an excellent choice to open the conference.
Dr Audrey Lobo-Pulo – Publicly Releasing Government Models
Dr Audrey Lobo-Pulo’s talk extended the open data movement by advocating for the public release of government open source models – financial and economic models used to assess public policy decisions – in essence, virtual worlds to explore the implications of policy.
The key takeaway from her talk was that industry and business also stand to benefit greatly from the release of these models, as they could then be combined with private data – in a unique public private partnership. Lobo-Pulo put forward the four components of government policy models (shown below) – and how each contributes the accuracy and validity of the model.
Karen M. Sandler – Surviving the Next 30 Years of Free Software
Karen‘s sensitive and tactful talk recognised the fact that as a community, many of our pillars and key contributors are aging, and that over the next few years we are likely to bid goodbye to many in our community. Her talk explored the different ways in which copyrights can be assigned after death, and the key issues to consider – empowering us to make informed and well founded decisions while we are in a position to do so. Few presenters could have handled this difficult topic with such aplomb, and as usual Karen’s grace, wit and wisdom shone through.
Again, linux.conf.au delivered engaging, thought-provoking and future-looking talks from a range of experienced, vibrant and wise Speakers – and again it was an excellent investment of time. The diversity of Speakers this year was excellent, if perhaps erring on the non-technical side.
Open source still faces a number of challenges – the ecosystem is often underfunded, maintainers are prone to burnout and we still haven’t realised that UX needs to be a key part of what we’re all about. But that’s part of the fun – we have the power to evolve just like the rest of the world.
And I can’t wait for a bit of history repeating at Sydney 2018!
The Australian Internet Governance Forum – #auigf – was held at the Park Hyatt, Melbourne, October 11th-12th, 2016. This was the first time I’d had an opportunity to attend the #auigf, and I wasn’t sure what to expect. Internet users are a diverse cohort – and auDA – regulator for the .au namespace, and the body which auspices #auigf classifies members into supply class – those providing internet services – and demand class – those consuming services.
My first impression was one of surprise. The #auigf theme for the forum was ‘a focus on a competitive digital future for Australia’ – and given the significant influence that digital technology, policy and communities will play in an era of digital disruption, I couldn’t help but wonder why more key players weren’t passionate about driving the future of the internet in Australia.
The regulator has been the subject of criticism in recent years, particularly around its engagement and consultation practices, and long-serving CEO Chris Disspain left the organisation in March, being replaced by former Liberal state parliamentarian, Cameron Boardman. This #auigf was therefore a symbolic opportunity for Boardman to signal to stakeholders the organisation’s new focus. auDA chairman Stuart Benjamin in his opening address tackled this head on, outlining a renewed focus on stakeholder engagement, particularly in the area of building international partnerships, and relatedly, cybersecurity. He framed this strategic shift as auDA ‘growing up’ – moving from adolescence into maturity. In particular he flagged a shift from reactive approaches to domain administration, to more proactive approaches, underpinned by stronger relationships, renewed processes and systems and more innovative thinking. Linking board performance as critical to the success of the organisation, he introduced new Board Directors, Michaella Richards and Dr Leonie Walsh. Continuing the theme of advancing women in the organisation, Benjamin congratulated lawyer Rachael Falk on her appointment as Director of Technology, Security and Strategy, a newly created role tasked with catalysing auDA’s new directions. Acknowleding that auDA needs to win back the trust of the community it serves, Benjamin emphasised higher expectations of auDA – both externally from stakeholders and driven internally by the organisation itself, announcing he will be “seeking a lot more”.
Prof Paul Cornish, former Professor of International Security at Chatham House and independent consultant and author
Prof Cornish outlined how auDA is heading towards a more international posture and developing a number of partnerships. His main argument was that the future of the internet – and the digital economy – needs to be secured. Cybersecurity needs to evolve as the internet does, using a capability maturity model.
Cybersecurity Plenary – Chaired by Rachael Falk, with Alistair MacGibbon, Laura Bell, Prof Chris Leckie, Simon Raik-Allen, Craig McDonald
Rachael Falk opened by drawing attention to the National Cyber Security Strategy, urging attendees to become familiar with it. The discussion quickly turned to why there wasn’t more focus on cyber security, and Prof Cornish had a very incisive response – “interest follows money”. Money is starting to flow to cyber security, and interest will follow. Prof Leckie outlined challenges getting cyber security research from the lab into mainstream commercialisation. Researchers are challenged by the rate of change – for example, hypothetical attacks are quickly becoming reality. Academia is also confronted by getting business and industry to recognise the threat that cyber security presents. The other challenge is getting boards to recognise that cyber security is many different problems – which need many solutions. This is overwhelming for small businesses who “just want it to work”.
One of the best insights on the plenary came from Laura Bell – @lady_nerd on Twitter – who recounted the example of big corporations acquiring smaller firms – who may have a very different security posture, thus putting the larger corporation at risk.
The plenary used the term “happy clickers” to denote people who click on phishing emails without critically assessing their validity. This was the first time I’d heard that term, but it captures the psychological state accurately. Interesting, there was discussion around how people who are disengaged in their roles being more likely to be ‘happy clickers’ – because the phishing email represents a welcome distraction – another reason to ensure positive employee engagement.
Another very interesting discussion thread in this plenary was the paradox of cyberware – people personal information freely with services like Google and Facebook, but resent government intrusion as seen recently with the census. This may come down to the compulsion element – it’s about giving information freely versus being compelled to disclose. There’s an element here for government design of online services – another job for the DTO! – around information design. Imagine a census that was voluntary rather than mandatory, but got people to participate because of the social good involved. I think it would be a much more positive process.
This led into a discussion around corporate use of data – and whether consumers understand the value of their own data – essentially we’re trading our data for ‘free products’. For many online services we have to consent to data disclosure to get access to the service, but in the background there’s data matching going on – there’s a ‘creep factor’. The link was drawn from ‘creep factor’ behaviour to band value – trust and transparency are linked to the public’s view of the brand.
Key takeaway: The pub test for data use – “is it creepy?” If so, don’t do it.
This plenary also covered the practice of ‘hacking back‘ – where individuals or businesses use information security counter-measures to retaliate. The consensus in the room is that this is a poor response, largely because identifying the aggressor is so difficult. The group also highlighted that Australia has an offensive cyber capability – again linking cyber security to an international, nation-state based context. The lack of a standard response protocol for dealing with hacking incidents was also covered – many businesses are afraid of disclosing and are reluctant to do so, but having a standard response protocol would allow businesses to respond in a mature way.
In summary, cyber security is hard – there’s lots of layers and issues to consider, there’s a lack of general awareness in business and industry, the field is rapidly changing and no defined response protocols for business to use.
Women in STEM Plenary – Dr Rowan Brookes, Renee Noble, Dr Catherine Lang, Dr Leonie Walsh, Luan Heimlich
Dr Brookes introduced the plenary with an apology for not being able to include more women of colour and from the LBGQTI spectrum, particularly on Ada Lovelace Day. The key themes of needing to address systemic issues and create a pipeline for women in STEM were prevalent throughout the conversation.
What struck me first up with this plenary was the range of initiatives, groups and organisations that are working to further women in STEM, and I wondered whether this fragmentation is actually a disservice – so many voices have less volume.
Key takeaway: Are there too many women in STEM groups that are too fragmented? Do we need an Australia ecosystem map of women / females in STEM / ICT
Luan Heimlich opened the plenary by asking the audience who young girls look up to; met with responses of pop stars, sports celebrities and models. Not a science or technology role model in sight! She followed up by questioning whether these role models are going to solve the problems of tomorrow – digital disruption, climate change and public health, and let the audience ponder on the gap.
Dr Leonie Walsh covered efforts to help encourage early to mid career researchers to further their careers, noting that it’s difficult for women to step out of their careers to have a family – as this often puts them several years behind. She also noted that employers are looking for candidates with more well rounded skills, and her program provides exposure to work environments. Dr Catherine Lang highlighted the influence of pre-service teachers in promoting STEM. Another key thread in this discussion was that professions are socially constructed, and that this can be changed – but it’s an uphill battle because ICT careers are not even on the radar as a career choice for young women.
While programs are having localised success, there are still major gaps at a systemic level, and better consistency and co-ordination is required at a national level.
Behavioural insights panel – Kirstan Corban, Dr Alex Gyani, Christian Stenta, Helen Sharpley
This panel was a series of vignettes centred around how behavioural insights had led to social change. The standout piece was by Alex Gyani, who ran the audience through examples of where minor changes had a major impact – using a framework of
Easy – interventions should be easy for people, but this is hard to do
Attractive – the intervention has to be attractive for people
Timely – try something, see if it works – don’t be caught in analysis paralysis
Social – social norms are a powerful influencer for change
A key concept from Gyani’s talk was the concept of cognitive budget – we have so many choices to make every day we need to think critically about choice architecture.
The other three speakers, from health and government, highlighted case studies that showcased design thinking, co-design, and approaches to difficult problems.
Key takeaway – minor changes can make a big impact
Internet of Things Plenary – Pablo Hinojosa, Matthew Pryor, Phil Goebel, Lorraine Tighy, Dr Kate Auty
Hinojosa opened proceedings by outlining how the internet has reached 3.5 billion users – half of this volume in Asia – and there are double the number of internet connected devices than people. We’re on the cusp of a revolution.
Matthew Pryor outlined the use of IOT in agriculture and agribusiness, and emphasised how IoT helps with decision making. He highlighted how it’s hard to scale infrastructure in regional and rural areas – and questioned whether we should be investing in networks that connect people or devices or both? He gave the example that as soon as farmers leave the farmhouse, they have no internet – they need to go back to the farmhouse to make better decisions, and this reduces their ability to deliver economic benefit. We need to consider the principle of universal access as we build out infrastructure.
Phil Goebel used the Disneyland Magic Band example to highlight how IoT has taken a purely physical experience and used connectivity to enhance that – leading to “augmented experience”. For example, the band allows Disney to know where the longest queues are, how the park is being used, what facilities are important for which demographics – very granular marketing data. He outlined that there are multiple users of the data – different actors in the ecosystem – administration, marketers and the users themselves – using the data gathered by wearables for different purposes. He flagged the issue that there are no guidelines around how the data is being used – for instance is it being sold on – we need to consider transparency.
Lorraine Tighe is the Smart City and Innovation Manager at City of Melbourne, and outlined how vendors she mets present the IoT as a silver bullet. She outlined the use cases for IoT in smart cities, including parking sensors – to reduce traffic that is searching for a car park – leading to traffic efficiencies. She positioned local government at the coalface of the community, and bringing the community along on the journey – using the City Lab as a vehicle to test and prototype solutions. As part of this, the City of Melbourne made the decision to go open by default with their data, encouraging smart people to co-create with the City.
“We’ve got things that collect data and make our lives easier- but where does that data go?” @LorrTighe#IoT#auigf
Dr Kate Auty spoke on projects like RedMap and Atlas of Living Australia providing citizen scientists with tools to protect biodiversity. She related how ‘super science’ projects like AURIN and NECTAR are important for understanding how cities work.
Scott Seely had the quote of the panel though;
Scott Ceely – #IoT *is* the internet – in the future all devices will be connected to net, this has big #cybersecurity implications #auigf
In summary, the #auigf reflected many of the contemporary themes of digital society. Digital disruption and digital society are changing at a rapid pace, and we have a dearth of tools, approaches, standards and response protocols to handle them. We need to start by clearly defining the problems we’re trying to solve, and approach solving them with new types of problem solving approaches, such as design thinking, co-creation and open data. Many of the problems we’re trying to solve require national and international co-operation to build ecosystems, standards and agreed approaches – and the #auigf is a good starting point.