Sunday, October 21, 2018

First question...

I've been talking to a lot of nonprofit and foundation folks + software developers lately. The good news is these two communities are starting to work together - from the beginning. But there is a long way to go. Just because you're working in or with a nonprofit/social sector/civil society organization doesn't mean unleashing the most sophisticated software/data analytic techniques is a good thing. In fact, using cutting edge algorithmic or analytic techniques that haven't been tried before in an effort to help already vulnerable people is quite possibly a really bad idea.

I've come to believe that the first question that these teams of well meaning people should ask about whatever it is they're about to build is:
"How will this thing be used against its intended purpose?"
How will it be broken, hacked, manipulated, used to derail the good intention it was designed for? If the software is being designed to keep some people safe, how will those trying to do harm use it? If it's intended to protect privacy, how will it be used to expose or train attention in another dangerous way?

Think about it this way - every vulnerable community is vulnerable because some other set of communities and structures is making them that way. Your software probably doesn't (can't) address those oppressive or exploitative actors motives or resources. So when you deploy it it will be used in the continuing context of intentional or secondary harms.

If you can't figure out the ecosystem of safety belts and air bags, traffic rules, insurance companies, drivers' education, and regulatory systems that need to help make sure that whatever you build does more help than harm, ask yourself - are we ready for this? Because things will go wrong. And the best tool in the wrong hands makes things worse, not better.

Friday, October 12, 2018

Liabilities and line items

A lot of work on responsible data practices in nonprofits has focused on staff skills to manage digital resources. This is great. Progress is being made.

Digital resources (data and infrastructure) are core parts of organizational capacity. We need to help board members understand and govern these resources in line with mission and in safe, ethical and responsible ways.

Digital data and infrastructure need to become part of the regular purview of boards in thinking about liabilities and line items.
  • Ongoing budgeting for staff (and board) training on responsible data governance 
  • Making sure practices are in place - and insurance purchased when practices fail - to protect the people the organization serves when something goes wrong 
  • Understanding the security and privacy implications of communicating digitally with volunteer board members
  • Horizon scanning on ethical digital practice and opportunities
Digital data governance is as much a part of running an effective organization as are financial controls and good human resource practices. We need to help board members lead.

Wednesday, October 03, 2018

Your tech vendors are your landlords


https://www.eff.org/wp/clicks-bind-ways-users-agree-online-terms-service

No one reads the Terms of Service. Few of us understand who has access to the data we generate all day every day. Rachel Maddow and others continue to refer to Cambridge Analytica/Facebook as the former "stealing" data from the latter, when actually, the latter's business model depended on the former doing what it did.

Our (us as people and civil society) relationship with the companies that make our phones, sell us internet access and data plans, "give" us apps, social media feeds and "free" cloud storage is a mess. Part of it the problem is the metaphors. So here's a new one. Don't think of the software, internet, cloud, app, hardware companies whose products you use as vendors, think of them as landlords.

Then think about how you read your lease. How you ask for better terms and negotiate for buildouts or rebates. And how, if they told you they'd be coming in and rummaging around in your file cabinets at any time of day or night, taking what they wanted, claiming it as their own, using it to sell to other renters, and even selling it - you'd run.

People are beginning to recognize the creepy landlord relationship they have with their tech vendors. Nonprofit organizations and foundations who depend on Facebook and/or its APIs, Salesforce and its Philanthropy Cloud, Google docs or hangouts - they're your landlord. You're running your programs and operations in their space. By their rules. You wouldn't stand for it in physical space - why do so in digital space?

Thursday, September 13, 2018

Hacking civil society

 
 (Image from Charlie Chaplin, The Circus)


I've been saying - explicitly since at least 2013 - that the digital policy environment and the digital ecosystem are civil society's domains.


This article on why the Russians might hack the boy scouts spells out the same point fairly clearly.

Civil society exists in and depends on digital data, gadgets, and infrastructure. We rely on the norms and policies that shape the digital environment, are able to use digital tools to advance our goals, and are subject to the manipulation and sabotage of digital spaces.

The "Russians hacking boy scouts" is a great headline to make the point. Anyone with a desire to manipulate opinions - which includes advertisers, hackers, politicians, extremists, ideologues and all kinds of others - knows that our digital dependencies make it easier than ever to do so through supposedly trustworthy institutions, like nonprofits and "news" sites. In a time of information warfare everyone and every institution operating in the digital space is potentially on the battlefield - intentionally or unwittingly.

Practical, immediate meaning of this for every nonprofit? Your digital presence - website, communication on social media, outreach emails, everything - exists in an information ecosystem that is being deliberately polluted with misinformation all day, every day, on every issue. If your communications strategy still assumes that "hey, they'll trust us - we're a nonprofit" or "hey, this is what the data say" then I recommend you reconsider both what you say, how you say it, how you protect what you say, and your expectations and responses to how what you say gets heard and gets used.

You may well be speaking truth. However, the digital "room" you are speaking it into is one filled with deliberate, diffuse distractions and detractors (at the very least). It's like trying to show someone a clear picture in a room full of fun house mirrors. It's time civil society started "assuming" (as in taking as a starting point) that the digital environment in which it exists is one of distortion and distrust and start building effective, trusted, and meaningful strategies from there (instead of being surprised each time things go wrong).