Sunday, October 21, 2018

First question...

I've been talking to a lot of nonprofit and foundation folks + software developers lately. The good news is these two communities are starting to work together - from the beginning. But there is a long way to go. Just because you're working in or with a nonprofit/social sector/civil society organization doesn't mean unleashing the most sophisticated software/data analytic techniques is a good thing. In fact, using cutting edge algorithmic or analytic techniques that haven't been tried before in an effort to help already vulnerable people is quite possibly a really bad idea.

I've come to believe that the first question that these teams of well meaning people should ask about whatever it is they're about to build is:
"How will this thing be used against its intended purpose?"
How will it be broken, hacked, manipulated, used to derail the good intention it was designed for? If the software is being designed to keep some people safe, how will those trying to do harm use it? If it's intended to protect privacy, how will it be used to expose or train attention in another dangerous way?

Think about it this way - every vulnerable community is vulnerable because some other set of communities and structures is making them that way. Your software probably doesn't (can't) address those oppressive or exploitative actors motives or resources. So when you deploy it it will be used in the continuing context of intentional or secondary harms.

If you can't figure out the ecosystem of safety belts and air bags, traffic rules, insurance companies, drivers' education, and regulatory systems that need to help make sure that whatever you build does more help than harm, ask yourself - are we ready for this? Because things will go wrong. And the best tool in the wrong hands makes things worse, not better.

Friday, October 12, 2018

Liabilities and line items

A lot of work on responsible data practices in nonprofits has focused on staff skills to manage digital resources. This is great. Progress is being made.

Digital resources (data and infrastructure) are core parts of organizational capacity. We need to help board members understand and govern these resources in line with mission and in safe, ethical and responsible ways.

Digital data and infrastructure need to become part of the regular purview of boards in thinking about liabilities and line items.
  • Ongoing budgeting for staff (and board) training on responsible data governance 
  • Making sure practices are in place - and insurance purchased when practices fail - to protect the people the organization serves when something goes wrong 
  • Understanding the security and privacy implications of communicating digitally with volunteer board members
  • Horizon scanning on ethical digital practice and opportunities
Digital data governance is as much a part of running an effective organization as are financial controls and good human resource practices. We need to help board members lead.

Wednesday, October 03, 2018

Your tech vendors are your landlords


https://www.eff.org/wp/clicks-bind-ways-users-agree-online-terms-service

No one reads the Terms of Service. Few of us understand who has access to the data we generate all day every day. Rachel Maddow and others continue to refer to Cambridge Analytica/Facebook as the former "stealing" data from the latter, when actually, the latter's business model depended on the former doing what it did.

Our (us as people and civil society) relationship with the companies that make our phones, sell us internet access and data plans, "give" us apps, social media feeds and "free" cloud storage is a mess. Part of it the problem is the metaphors. So here's a new one. Don't think of the software, internet, cloud, app, hardware companies whose products you use as vendors, think of them as landlords.

Then think about how you read your lease. How you ask for better terms and negotiate for buildouts or rebates. And how, if they told you they'd be coming in and rummaging around in your file cabinets at any time of day or night, taking what they wanted, claiming it as their own, using it to sell to other renters, and even selling it - you'd run.

People are beginning to recognize the creepy landlord relationship they have with their tech vendors. Nonprofit organizations and foundations who depend on Facebook and/or its APIs, Salesforce and its Philanthropy Cloud, Google docs or hangouts - they're your landlord. You're running your programs and operations in their space. By their rules. You wouldn't stand for it in physical space - why do so in digital space?