Monday, August 30, 2010

Gaming of online polls and ways to mitigate vote fraud

I've been reading up on the gaming of the Time.com 100 Poll in 2009, where vote rigging saw the founder of 4Chan elevated to the top position and the order of names in the poll manipulated to spell out 'MARBLECAKE ALSO THE GAME' (see the video below).

While there are often legitimate reasons to create online polls or voting tools, it is very important to be aware of the potential pitfalls if measures aren't in place to minimise the risk of inappropriate voting - people 'gaming', defrauding or hacking individual polls.

Often people aren't aware of how easy it can be to game voting and it is important to weigh up what you're doing and put the right level of protection in place.

One of the simplest form of voting fraud can involve users with multiple computers and web browsers, who may be able to vote once per each - then vote again after clearing their browser cache of cookies. This is possible in the polls featured in many popular newspaper websites.

If an email address is required to vote, as is employed in more sophisticated voting systems, users with multiple accounts can sign-up and vote many times - particularly where they own domains and can create thousands of email addresses at a time. This can be monitored and partially mitigated by looking at voting patterns over time and checking the email addresses for similarity and veracity.

When polls check IP addresses they are harder to 'game', however there are still technical approaches some people can use to change IP addresses - or use botnetworks (all with different IPs) to vote on your behalf. This, however, can become quite technically complex and requires significantly more resources.

Finally, if the poll system's security is not assured, someone may hack the actual voting system and introduce biases that influence the outcome - from changing the order in which options to vote on are displayed, counting some votes as more than a single vote, or more obviously just manipulating the total votes through changing the register of votes.

There are way of checking polls to minimise fraud, using technology to check IP addresses, combining this with email address verification or linking to other services such as Facebook where people are unlikely to control more than a single account. There are also CAPTCHA-based means to screen out most automated voting (though adding a hurdle to fast voting) and even more complex automation techniques to analyse voting patterns in real-time and flag, check or disallow some votes based on their origin.

Depending on the poll different levels of mitigation may be needed. Basically the greater the reward for receiving the most votes in a poll, or the greater the controversy over the subject, the greater the likelihood that gaming or fraud will occur, and the greater the mitigation required.

Online voting in elections - such as used by Estonia - tends to employ far more sophisticated techniques to verify votes. These are much more effective, however tend to cost quite a bit (at present) to implement.

So if you're running a fairly simple and low cost online poll it may be best to use it simply as an indication, or to back it up with a human step (selecting a winner from the top ten publicly voted entries) which mitigates a lot of the risk of vote rigging.

Read full post...

Saturday, August 28, 2010

ACT government launches Canberra 2030 consultation integrating Web 2.0 tools

The government for the Australian Capital Territory (ACT) has just launched a consultation asking for the community's views on what the city should be like in twenty years time.

The Canberra 2030 consultation has gone some way to integrate Web 2.0 tools. It allows residents to submit ideas and vote on the ideas of others (up or down) and has a 'discussion forum' - although this is pre-moderated and not structured in a standard forum mode, which is likely to constrain the discussion somewhat.

There's a Twitter account and a Flickr account and also a video up at YouTube - although this doesn't appear to have been embedded in the Canberra 2030 site itself.

Despite a few basic usability issues and a little of a 'tickbox' approach, the site represents a real attempt to consult Canberrans in a more interactive way and it is worth a look.

Plus if you're an ACT resident you could win an iPad.

Read full post...

Wednesday, August 25, 2010

Disaster management using open source and social media

Some of you may be aware of the Mercury 10 national counter-terrorism exercise currently being held in Australia, involving a variety of government bodies.

While this type of scenario is only one of potentially many different types of crises or disasters that could occur, natural disasters, pandemics, rocks from space, and so on, it does raise the question for me, how is Australia using social media and open source technologies in crisis management.

We've seen quite intensive use of social media in situations such as the Haiti earthquake, Gulf of Mexico oil spill, the Mumbai terrorist attacks and the swine flu pandemic last year.

Across the world authorities are realising how valuable social media can be to help them quickly get information out to the public, to collect information on the extent of a disaster and help prioritise relief efforts.

They are also beginning to realise how dangerous it can be to not engage online, leaving rumours and misinformation to spread even faster and more virulently than was previously possible. A good example was during the Mumbai terrorist attacks when a rumour that the Indian government was asking for all live tweeting from Mumbai to stop in order to avoid giving the terrorists information about police movements.

However the really interesting developments in disaster management are happening outside of government. Software engineers and disaster management specialists have spent the last few years developing better tools for addressing crisis situations - often without any support from the authorities responsible for managing emergencies.

Two of these platforms are Ushahidi and Sahana.

Both of these platforms are open source, free-to-use web-based platforms designed to be highly resilient during disaster situations and flexible to the needs of both developing and developed nations.

Ushahidi, developed to report on violence during the 2008 Kenya election, has been deployed more than 20 times around the world to address situations such as violence in Gaza, the impact of the Gulf of Mexico oil spill, Chile and Haiti's emergency responses to their respective earthquake, track crime levels in Atlanta, medical supply levels in pharmacies across Kenya, Uganda, Malawi and Zambia and track the swine flu pandemic.

The system allows reports by mobile phone SMS and MMS and via the internet to be aggregated into a real-time map, then used to identify priority areas for relief efforts or activities. While the system can be deployed simply for reporting by authorities, it has proven to be strongest where citizens have been able to report incidents directly, allowing emergency authorities to respond with a more complete picture of events.

Ushahidi is entirely free to reuse and can be deployed within a few hours.

The group behind the service are currently working on a second service, Swift River, designed to help manage the flood of online information about a disaster in the first few hours and help both emergency services and the public distinguish between rumour and fact. While Swift River won't be launched until the end of August, a video discussing how it will work is available online.

Sahana is another free open source system developed to assist in disaster management. A a web based collaboration tool, it is designed to help manage common coordination problems, such as locating missing persons, managing volunteers and aid and coordinating efforts between a variety of aid groups, government and those impacted by the disaster.

It was originally developed in 2004 by Sri Lankan developers to support the response to the December 2004 Indian Ocean Tsunami and was deployed by the Sri Lanka government to support disaster recovery efforts. A second phase, funded through Sweden, saw Sahana expanded into a more generic disaster management tool with global application.

Sahana was designed to cope with many of the infrastructure issues that frequently occur during disasters, such as intermittent power, loss of network connectivity and the need to deploy the service on low-end hardware and systems. In fact Sahana can be transported on and operated from a USB stick and is extremely flexible and easy to customise, reflecting the need to adapt quickly to the individual nature of every disaster.

Sahana is in use for the Pakistan floods at the moment and it was also used for the Haiti earthquake - discussed in this case study (PDF). It has also been used in the Phillipines, the US, Peru, China, Indonesia and Pakistan for a range of disaster management needs.

There are other open source tools available for disaster management purposes. It is also possible to rapidly build a custom system for a specific need using free and low cost tools such as Wordpress (for content management), Google Maps (for geospatial representations), YouTube (for video), Flickr (for images), Slideshare and Scribd (for presentations and documents), Twitter (for real-time updates), WidgetBox (for embeddable widgets), Facebook (for group coordination), Wufoo (for forms) and services such as Yahoo Pipes to integrate and process information and news feeds.

In most cases the time required to put together these types of custom systems is significantly less than that required to have systems developed within high-end content management systems - as are normally deployed for normal business needs by government agencies.

In most cases these third party services are also cheaper, more scalable and have greater network resilience and peak usage capability - reflecting their need to cater for millions of simultaneous users, more than most government sites are engineered to handle.

So while some governments appear to be relying on traditional means of communications in disasters - brochures or media releases at carefully timed intervals - it is inevitable that communities will self-organise, create their own tools and deploy them with great speed.

Today's challenge for governments is to use social media and online tools to improve their own disaster management capability, organise the flood of information and provide better outcomes - deploying disaster management systems or throwing together custom solutions in a matter of hours rather than months.

Read full post...

Tuesday, August 24, 2010

Legal benefits of social media use

I've been speaking with a few lawyers and solicitors lately regarding the risks of various social media initiatives and tools.

Today, over lunch, it struck me that lawyers rarely - if ever - speak about the legal benefits of social media, the ways in which the use of social media can provide better outcomes for organisation, in a legal sense, than 'traditional' approaches to listening, communication, consultation and engagement.

So I've made a stab below at identifying some of the legal benefits of social media - please feel free to add your own, or debate my views, in comments.


Identifying potential legal risks early
The first legal benefit is the capability to monitor social media to identify any emerging concerns or issues that could lead to future legal risks for an organisation.

People often speak openly online about their concerns and frustrations. A trend of similar issues can represent an emerging issue with a policy, system or service delivery function that could eventuate as a court case or even a class action.

Social media provides an avenue to identify these trending issues quickly and gives organisations an opportunity to address them before they 'blow up' into the media and legal action.


Audit trails
One of the major benefits of the online channel is the capability to capture and track user behaviour - particularly when a user is registered and signs into a service. This can provide legal benefits through a clear audit trail of an individual's online activities to either verify their story, or prove it untrue.

Where an individual claims to not have viewed particular material, or to not have agreed to certain terms and conditions, a digital trail can provide veracity - for example when signing up to a particular online service, changing contact details or revealing personal information.

I have seen cases in government where an individual has claimed that their online account had been fraudulently modified by another party however, through auditing the digital records, it became possible to prove that it was a relative authorised to use the account who had made the changes, preventing any type of legal action against the agency providing the service.

In a case unrelated to government, recently an iPhone log was used to prove that an individual was being falsely accused of rape and in other cases email records and the logs from websites have been used to prove or disprove an individual's involvement in particular matters.

Where government employs social media tools for activities such as stakeholder or community engagement or consultation and some form of log-in or other way to recognise users (such as through a Facebook or Twitter identity) is in use, it becomes much harder for individuals to falsely claim that they were unaware of certain information or otherwise prove statements that could lead to agency legal liability.


Accessibility
The internet can be a cost-effective way to provide documents and discussions during a consultation process in an accessible manner, avoiding the legal risk of breaching the Disabilities Act.

Rather than holding a consultation by mail, where mailed submissions are scanned in and either not provided online at all, or presented as images - totally inaccessible to screen readers - government can hold online consultations where every submission is typed directly into the consultation site.

These submissions can be reviewed and published online in a manner accessible to all internet users. They can also be printed (maybe in braille) or read out by a machine over a phone line for non-users.

This use of the internet for consultations is a very cost-effective way for organisations to meet their obligations under the Disabilities Act and avoid legal action for providing submissions in a non-accessible manner.


Inclusion (equalising access)
Using the internet in engagement activities, alongside other approaches, allows a much broader range of people to participate - minimising the legal risks of decisions where some audiences claim they were not consulted.

Often those who work nights, have day jobs, young children, are physically less mobile, geographically distant or otherwise have commitments are less able to participate in face-to-face discussion with a government agency or its representatives.

Where these people are affected by the outcomes of a face-to-face engagement process these people could feel excluded and unheard. In some situations, could lead to legal action against certain policies or decisions.

By using the internet alongside other approaches within an engagement process - via a forum, blog, facebook page, or similar means - a government agency can ensure that audiences unable to attend a physical event are heard and their views considered.

This increases their feeling of inclusion and lessens the risk of developing poor policy, reducing the risk of policy failures which could lead to legal action.


So there you are - four legal benefits from using social media that can reduce an organisation's legal risks (versus not using social media).

Can you think of any others?

Read full post...

Wednesday, August 18, 2010

ABS embraces internal blogs and wikis

As covered in The Australian's article, Australian Bureau of Statistics embraces world of blogs and wikis, the ABS has implemented an internal collaboration platform supporting blogs, wikis and collaborative documents.

The article reports that 30% of staff have begun using the wiki and blog functions. If reported correctly this reflects a huge demand for internal digital collaboration within the Bureau and bodes well for the implementation of similar platforms in other government agencies.

Given that the platform is said to simplify the management of collaboratively written and edited documents, removing the load from email and enabling better version control, there are significant long-term knowledge management and internal efficiencies that could be realised by the ABS.

I've often wondered why government agencies have been so slow to move away from desktop-based word processing towards wiki-style collaborative documents (with appropriate security and version control). Admittedly there are transition costs - both ICT and training - however the savings in not having incorrect versions sent around as large email attachments and the time saved by not having to compile edits from numerous people back into a single document are quite large.

Read full post...

Bookmark and Share