 Right now we've got Pia, who is going to be talking about cloud computing and government. Now Pia is someone who definitely does not need an introduction at LCA, and that's why I'm actually going to give her one, because I think it's not fair when people who don't need introductions never get any. But Pia has been the prolific member of our community for, what, 10 years? Something like that? It feels like forever anyways. She's been a past LCA organizer. She was a consultant and strategist for an open source consultancy. And now she's an advisor to Senator Kate Lundy. So hopefully she'll tell us why we need to go and talk to our government representatives to make sure that they get the stuff. So please join me in welcoming Pia. Thank you. That's very nice. So I guess I'm actually here sort of on a bit of an anti-cloud rant, actually. This was kind of inspired by a blog post I did a while ago, because of course being a techie person and being someone who's working in an advisory capacity in Parliament House, I get every day someone comes to tell me something new, try and sell me something. I've actually written a new song about these people, I call it Greed. And I've had a lot of fun playing with some of these people because there's a lot of really important stuff the government needs to know about technology. And not all of that filters through strangely enough, and I didn't actually mean to throw a filter joke in there, but anyway. But there is, so for instance, I was actually invited to a cloud discussion round table with a whole bunch of cloud vendors and with a whole bunch of very, very senior public servant and government people. And I managed to keep myself quiet for quite a while until we got to a point about three quarters the way through this two or three hour thing where one of them said, well we can guarantee that there will be no privacy issues because we can guarantee there will be no personal data in any of our cloud. I just need to say something. That's absolute bollocks and proceeded to then sort of have a chat about well, even if we were to take the strict definition of what is personal data or citizen data or private information now there are still going to be problems, but when you start to understand that every time you fill in a web form there's IP addresses, there's cookies, there's filling in a name, filling in a postcode and all of that is going into a form somewhere which is probably not in Australian jurisdiction then you start to sort of go okay, well that's a ridiculous claim to make. But these are sort of some of the things that are coming up. So I'm going to talk a little bit about some of the cool stuff, some of the issues and largely this is a plea for help. So we'll go through. So opportunities absolutely and you've got plenty of other people here that will talk to you about why all the great things about the cloud and there's a whole bunch of buzz around. I'll get to that. Is it new, somewhat? Who remembers SOA? Who remembers SAS? All these things. So my favorite website is SOAFax.com and I've brought along a few for your amusement. But basically a lot of the hype that we're hearing about cloud we've been through several times before. So here's a couple of definitions of SOA that we could very easily remove SOA and insert cloud and they mean exactly the same thing. SOA invented the internet and the internet was invented for SOA. In the last year SOA increased Turkey's GDP by a factor of 10. One person successfully described SOA completely and immediately died. Another person successfully described SOA completely and was immediately outsourced. That was a government person obviously. SOA is not complex, you are just dumb. It is a very worthwhile website to see. Unfortunately cloudfax.com has been taken by someone who wants to use it seriously. But there is a lot of fud, there is a lot of mythology and there is a lot of misconceptions around what cloud means. And yet there are a lot of people sort of saying, oh yeah, we need to go with the cloud, that's fantastic. Having said that, I do just want to throw in a small caveat. There are also some very, very, very clever people in government who do get this stuff. And so don't think that everyone in government has no idea what is going on. There are some really, really good things going on and I will get to that in a minute. But yeah, there is also an enormous amount of need for clarity of what is and isn't possible. Because basically a lot of people see government plus cloud equals fat water cash. And I am certainly seeing a lot of the vendors sort of take that approach. And like I said, there is nothing good to sell, but yeah. So there is this sort of sales pitch that we are seeing. Cloud computing will save the environment. Cloud computing will be more agile. Cloud computing will make sure that you can have cross-environment support and be able to support people on their mobiles or their laptops or their netbooks or whatever. Cloud computing will save you money. And I guess what I try to put to people is not to say none of that is true. There are certainly circumstances where those things will be true. But you actually have to look at the small print. You are actually by saying, OK, cloud computing is better for the environment. OK, what is the cloud solution that is being offered to you? What is it? What is it running? How much power does it generate? What is the carbon footprint? If you are actually going to buy into the concept on that premise, make sure that it actually fulfills the premise, I guess. Because what you are basically doing is you are taking a bet. You are saying that the way that your government environment or company or home system or whatever, the way that you can do it is worse, either environmentally in terms of agility, in terms of cross-environment support, in terms of financially, is worse than how someone else out there can do it. So you are really like, and I am always trying to suggest to people that they just make sure that they look at the small print and actually check all that stuff out. There are a lot of issues that need to be carefully considered. Jurisdiction, there are rules around what data, governments, departments, and agencies are allowed to host offshore. So for instance, there are a few cloud vendors who are saying, use our cloud, it's fantastic, but no, we won't run a cloud in Australia. Now, that sounds kind of dumb, you know, from one angle, but on the other angle, you know, if that company goes down, if that hardware is compromised, if, you know, if, if, if, if, if, they are under, and regardless of the technicalities, they're under a mandate to make sure it's under Australian jurisdiction, under certain circumstances, under a lot of circumstances. So, and there are some really good examples of cloud initiatives where they're not going to use that because they don't fulfill those particular requirements. There's issues around standards. I actually went to a cloud briefing at government, at parliament house by one vendor, and all the vendors will remain unnamed. And I sort of asked the question, well, you know, how about standards? You know, do you store the information that you get? Is the data able to be transported, transportable across different systems, across some different formats? Are we able to retrieve that? And he was just, he looked at me and said, huh? That was a little disturbing. It's really important that we make sure that as we move into using more of this sort of technology, that we make sure that we come in, I think, with the premise of openness. How can we make sure that the standards are open? How can we make sure the APIs that interact with the application in the cloud are open so that we can encourage citizens or businesses, or other government departments, goodness, you know, heaven forbid, to engage with our system, to engage with our data, to engage with us. Data is obviously an important thing. What happens if that company goes down? What happens if everything is, their entire system is wiped out for whatever reason? How can we keep up and running? How can we make sure that we can get our data back? And I just want to bring up, and it's an old story, but I think it's kind of relevant for the same sort of reasons. But years ago there was a case. This is fairly soon after the DMCA sort of laws were brought into the US. But a company had their data in a highly secure system that a company ran. They had a contract dispute and didn't want to continue paying that company for whatever reason. It doesn't matter whether they're right or wrong. They hired someone to reverse engineer the security of the system to get their own data out. They were then charged, they were then taken to court. And I think that the security company actually won. The client was charged with breaking the DMCA, reverse engineering, the system to get access to their own data. They were held liable for that. So it's really important that there is always the assurity you can get access to your data, but it's available in a format that you can read and that kind of thing. Privacy, I mentioned before about our cloud will never store any private data. There is a little confusion around that and these sort of things that people need to be aware of. And SLAs is another one. How can you be sure that you're going to get that two-hour turnaround or 30-second turnaround or two-year turnaround or whatever it is you're paying for? And if you don't get it, what do you do? Particularly if the exit costs of that particular cloud system are so high that really you've got no option. So have a look at your exit costs, have a look at your portability and have a look at actually in fact if things go wrong what are we actually going to be able to do about it? Back into a cheery note. The government approach, there is actually a cloud strategy from Ashimo, have anyone read it? A couple? Does anyone know who Ashimo are? Okay, a few more. For the rest of you, Ashimo is the Australian Government Information Management Office. It is the agency that, it actually sits under finance but it's effectively the office of the Australian CIO, that's her role, the person who runs Ashimo. And they actually do some really cool stuff. There are some mixed opinions but I reckon they do some pretty good stuff. Who, you read the cloud strategy, what do you think? Ashimo are basically in charge of putting out, Ashimo are in charge of publishing things like best practices, advice for government, they're in charge of a whole bunch of things but they tend to be the definition of specifications for how government do things, of which some people ignore and some people use but more and more people are starting to use as they see some values there. And data warehousing I think is another part of the broader agenda which fits very strongly into this. Has anyone heard of Gershin? I'll get to the Ashimo strategy in just a second but has anyone heard of the Gershin review? A few of you. How many people have anything to do with government? Not many, okay. So just very quickly because it does actually, how many people here run IT businesses or work in IT businesses? How many of those sell to government? Okay, right. So I'll just briefly go into this because basically there was a huge review as to how the government used IT which is really exciting actually because even though IT procurement policy is not something that gets everyone excited, actually it's directly related to the ability for government to do cool stuff because if you're only allowed to buy such and such a product then you can't do anything outside of the limitations of that particular product and all of us can think of many examples of that of course. So really them looking at how they procure IT has been really good and one of the recommendations that came out of that was the more consolidation of data warehousing, of how government does data warehousing. Of course that's going to apply directly to cloud because there's all this talk about private versus public cloud. Generally when there's a looking at cloud they sort of tend to look at, and this is my personal opinion, but there's a lot of what are Amazon and Google doing and what can we do privately? I don't think there is enough understanding of some of the options here and I know a bunch of Australian vendors that do call cloud capability but there really isn't that knowledge in government so anyone that's doing cloud stuff here really should be going to government saying here are our cloud solutions, can we come and brief you about it? By the way, we'd like to do a talk because they're just not really hearing about the Aussie options as another option available to them. Now I'm just going to flick straight briefly to, hopefully, it's on the next thing. So this is the draft document of cloud computing thing and they go into the opportunities and applicability for use by the Australian government of cloud. Now a lot of these sort of documents coming out are kind of fluffy. This one does actually have some good stuff in it though and it is actually worth having a read through if you want to understand where government are coming from. For starters they recognise that it's a way of delivering services and it's not new which is above and beyond what most people are but the other thing is they go into define it and I just want to point out one thing which I thought was kind of cool. Where are we page? So they define it as having five characteristics, it's all good stuff to read, but cloud computing is the result of several technology advances including reliable high-speed networks, reliable high-speed networks, very large global class infrastructures deployed by vendors like Google and Amazon, virtualised capabilities, commodity server hardware and my favourite too, open source software which is slash the cost of software for data centres and the adoption of open web 2.0 standards which has made the development of applications of cloud much faster and easier. It's always nice to have sort of a recognition of the part of these players because I think that actually the whole focus on cloud, similar to the whole focus on gov 2.0 which I know is a stupid term but it's the working term and everyone knows it and so we're just going to continue to use it but this whole idea of how government uses technology, how it engages with citizens, how it opens up its data, how it is more transparent, combined with how they use the cloud presents enormous opportunities for open source, for open standards, for a whole bunch of stuff that we all do every day in love. So I think it's worthwhile with what you're thinking about and what you're doing in this space considering how this applies to government. Why should you care? If most of you aren't working in government which the numbers of hands indicated, well here's why you should care because government is the number one ICT procurement in Australia. They spend more money than anyone else which means that any decisions that they make regarding ICT procurement policy actually inevitably affect the entire market, the entire industry and all of us trying to just get on and hack. So that's why government is a little bit important I think. And that's why I work in it which I certainly take a lot of crap to do but it is important. Okay, so going back... So the government definition was on-demand self-service but I won't go into that because you can read the document. If you have all your governments till the private versus public cloud is going to be pretty important because a lot of people could say, oh well, private cloud, well, that's what we're doing now. So they'll just sort of do what they've always done and whatever. But this whole interest presents a great opportunity to say, okay, what about standards? What about openness? What about interoperability? How about how I can create? Because I mean I've seen enormous projects where government decides on a particular technology and then actually has to figure out a way that people can interoperate without technology. Whereas if they started from the premise well it has to be interoperable to start and you wouldn't have the reverse engineering of your own technology solution. So I think there's a lot of opportunities there. This is my cry for help. Please help. There are always, you know, constantly people coming through Palmer House, people going to the different members, people going to the various ministers that I guess are involved in this space. And at the moment there is, just to give you a bit of a taste, there's Minister Gary Gray, who's in charge of a GMO. He's the Special Minister of State which means that he sits across both finance and he sits across... Goodness. He sits across finance and he sits across something else, which has forgotten me right now. Anyway, but he's very much in charge of the IT procurement standards in terms of the specifications of how government uses IT and that kind of stuff. He's very good to get in contact with very good people and I think he's going to be quite good for that role. You've got Minister Conray, of course, who's mostly relevant to this from the Digital Productivity role and Digital Productivity is the role which he is responsible to the Prime Minister for and that ends up being, well, how do we as a nation use technology? So that's going to feed into this a bit. You've got Minister Kaur, of course, it's probably the third and other really important one. Looking at it from a science perspective, from a research perspective, from an industry development perspective. So those three, there's different things you can tell to each, but in terms of building up the industry, in terms of building up what's happening in Australia, in terms of getting good advice and good technologies in the government, they're probably a good start. Okay, I think the only other thing I wanted to go through was... which I don't think I went through enough. No, that's probably enough. So I guess I'll go for questions because I figured that there would probably be a lot of questions because I'm usually the, what's the word, scapegoat for pretty much everything the government does wrong. So bring it. I could yell it out. Pia, how do we help? How does a person who's not involved with government at all participate in this? Okay, and when you say parts, okay, so there's a bunch of things you can do. Okay, first of all, being helpful. I know this sounds quite bizarre, but the reason that I actually even got the job that I have is because years ago, when the Australian U.S. Free Trade Agreement was being negotiated, and I was one of the nutty people out there saying, oh, this is a really bad idea. I went to see the at the time Shadow Minister of ICT give a talk about the Australian U.S. Free Trade Agreement and particularly about Chapter 17 on the DMCA chapter, as we all like to call it. And she spoke and she made sense. And I was really there to heckle, I was a bit deflated, but I went up to her afterwards and I said that was really good and that was my boss now, Kate Lundy. So I kept in touch with her and just over the years just tried to sort of say, look, here's something you should probably know about, here's something you should probably know about, here's something you should probably know about, and just try to just keep her across things that I thought was important. She actually came and spoke at two software freedom days and just got the importance of openness as an important premise with technology and also got the importance of technology generally. I was surprised to explain to some of her colleagues the importance of the internet. So just continuing to be helpful. So when she came up and she wanted to get an advisor she asked me who I thought and I happened to be free and so it all went from there. So the first thing is just to be helpful. Another person gave me a great example where they sent a letter to their local member about something that we were really cranky about, O-O-X-M-L. And the member came back and said come in, let's have a chat about it. By the way I noticed that you do electric bikes. That's great. I would love to hear more about that. Friendly dialogue is truly the first step because it is too easy for people who are not aligned with the agenda that you're trying to drive. It's too easy for them to say they're just ranty pants, you don't need to listen to them. Unless you can be extremely helpful, extremely calm and convincing in the way that you present it. And of course there are some very, very good examples of that kind of dialogue where one side of the debate is just like no we can't do that because we're all going to die and the other side is going well actually here are all the reasons why that's ridiculous. So good dialogue is the first way and writing letters, if you write to your rep and you write to the minister they have to respond to you. It might take a while, but they have to respond to you. Just a word of warning, some officers treat letters more importantly than emails and when I say more importantly they think that a letter stands for a certain amount of people and the email stands for less. A lot of officers like ours treat we treat tweets importantly. Every piece of engagement that we have is treated as important, but letters are actually really, really good and you have to get a response. So I mean if a minister gets 50 or 100 or 1000 letters about an issue, it sort of starts raising the flags about well there's something going on here we don't, what's going on, what is it that we don't know that they know and why are they being so nice to us as opposed to rant about this. So there's writing letters there's getting involved, there's meeting with them your local member has to meet with you and again it might take a while my dad wanted to meet with a particular member of the state government and eventually said to the guy look you're not in government now, if you ever want to be in government then surely you'd be busy then so if you don't have time now then how are you ever going to have time why would they ever vote for you and you're going to meet him the next day and so yeah meet with them get in touch. The other thing you can do is actually help to build up that sort of very public case for the issue that you're talking about you know making sure that there are good blogs, good information out there I mean Linux Australia I believe and you know always have is a tool for the community to be able to do this kind of stuff there's no reason why there couldn't be a group of people as like a sub committee or a special interest group of Linux Australia which is all about getting together and representing the best interests of that community, of our community I think there would be a small conflict of interest there John and Linux Australia of course would have to be I think lots of people should volunteer but it should be apolitical as well, Linux Australia should be going to all parties and independents that I mentioned independents and be talking to them about these kinds of things but you know Linux Australia is a body that should be able to do that kind of stuff because like there are heaps of groups out there that purport to represent us they try to represent us as IT professionals they try to represent us as an industry they try to represent us as an Australian industry they try to represent us as a cloud industry there's lots and lots of messages going out there so if we're not actually representing ourselves then you know we're already spoken for does that answer your question a little bit I might even do a blog post about how to get engaged in government see how much trouble I get in any other questions yes can you hear me leading on from that you'd be where you're involved in the public sphere thing last year is there any more coming more coming and in what form sort of thing is that going to I would like to see that sort of enthrined in some way absolutely so for everyone else one of the projects that we did last year which I think before actually we've been doing for about 18 months which is kind of exciting in a really wanky government way is like for anyone who cares about democracy which I hopefully you all do is trying to look at how can government better engage with in a meaningful way not like a fluffy or we better look like we get a few people's perspective but in a really meaningful way with people so we sort of took a bunch of traditional conferencing ideas but we put it together with modern communications and came up with a mechanism to came up with some methodology for doing consultations on issues that not only came out with some sort of outcome like here is what we recommend but could they actually be applied to live policy development why shouldn't at every point of policy development whether it be the original design the detail design the actual implementation of that policy and then the ongoing maintenance of that policy there's no reason why citizens shouldn't be able to participate in all of those levels and be able to actually contribute to and make policy better so the answer to the question is we ran three there were four more that have been run two by government departments and two by universities that have adopted the methodology and collaborated with us to do it and we're going to continue sort of pushing the barrier that it should be a part of normal business for government now there has been the declaration of open government and the gov2 task force report of which the recommendation one of the main recommendations was all government activities should have public consultation proper public consultation done with the public in a public way and so those kind of recommendations are starting to be filtered through a lot more of them are starting to do these consultations and there are actually some good websites which are starting to collate examples of Australian consultation in that sort of method in that sort of way it's been really good we do have challenges though that it is sometimes difficult to demonstrate the value of these consultations so the whole reason we did these things was to show actually we got really good feedback really good input amazing outcomes amazing suggestions you know it's all really good but the difference is that that's partly because we truly value what people have to say and so a lot of what government does is about minimizing risk which then infers that community input is a risk and that is how a lot of people see it so there's a lot of hurdles there to follow but hopefully it's got in terms of where next for us we have a bunch more planned for this year and some of them will hopefully be around actual policy that we're working on with her new portfolio responsibilities we'll see how we go should be fun any other questions no one's throwing OXML yep I was just wondering if within the bounds of what we can talk about here today from the working as an advisor in the minister's office have any thoughts on the comparative performance of different departments and agencies post in this year or so post-Gershin and moving into the different cloud strategies that people are working on so from a position of cloud actually the most interesting one to watch I think I think this is public yes yes it's public yes it is Ajimo are actually doing a bunch of cloud stuff so it's not just like the paper and stuff they're actually going to be doing stuff and that's going to be great because then they're not just putting out recommendations and support for people but they're actually demonstrating here is how you can do it here's how you can do it well here's how you can do it safely within strong jurisdiction and all that kind of stuff there is there's actually some good case studies in that document which I've probably closed oops I will actually open hold on hello Debian there are actually some examples in this but I'll just quickly bring up because it's probably going to be better than Ajimo are going to be one to watch over the next couple of months I think in terms of other examples Pilots improves the concept so there's ATO, ABS and EME have done a bunch of stuff and but I mean there is a lot of questions around that private public space and what is appropriate for government to do and what's not appropriate for government to do because I mean you could almost say that a private cloud in a way competes with the market but there are some things for instance that government could set up a private cloud because they have the same security requirements they want to pull their resources they have really good people whatever and I think that's going to be a bit of a competing tension I think over the next of the while but there's also the question around again data so are you in an Australian company or international doing cloud stuff Australian government I'll change my tune I think the big thing missing at the moment is looking at Australian companies that do cloud because that actually does solve a lot of the problems for some particular implementations that people want to do and there's just not really the discussion around that at the moment it's either Google or Amazon or we do it ourselves and that's been a bit of a problem but that will be fixed pretty soon and but yeah in terms of actual other case studies well I'll try and pull together a bit of a blog post around pointing some stuff that might be helpful any other questions I'd say most Australians have the false impression that they have some kind of right to privacy and it's false has there been anything going along to try and increase and secure individual's rights for example actually being able to have it I'm not pretty sure that the government will do covert surveillance on you through having your mail and stuff in the cloud and anything to actually go a bit further on individual's rights as opposed to just using it so there's a couple of things that have been set up there's been a set up a thing called the office of the information commissioner now the office of the information commissioner has three roles effectively has the information commissioner which is looking at FOI and is looking at that kind of holding government to account data that people want access to and is doing and there's been major reforms around FOI which is kind of cool there's the privacy commissioner and there's the something else sorry it's all the martial arts I didn't talk just before now but the privacy commissioner looks at all that kind of stuff and I thought that there was actually some work done some policy work done to sort of try and strengthen some of this stuff and there has been certainly a lot of consideration around what constitutes personal data for instance is it that very strict old perspective of personal information is in their name address their geospatial location and that kind of stuff or is it also their IP address when they fill out a form on the government website is it the fact that we hold we store that form or whatever for a while and maintain that information so I think there are a lot of questions around that and I think what's going to happen basically in the short term is we're going to see cloud being used for stuff which isn't like a lot of privacy sort of information and while they figure a lot of that kind of stuff out but I mean the best thing is just sort of I'll tell you do you experience cloud services to say as an individual using cloud just email or microblogging and coming from a thing of sharing or your records there I mean in certain places happens and no one gets told you don't know is there anything trying to solidify sort of you're right there to know about this kind of thing have a bit more personal security about having data versus on your person versus in a cloud I don't know of anything in Australia I don't think it's even being thought of in that way at the moment I think that there are a lot of questions around cyber safety catchphrase at the moment and a lot of cyber safety ends up being around so that people don't get caught out in scams or don't get cracked or don't get you know or children getting groomed and that kind of stuff I don't know of but I will have a look for and I'll add it to the blog that I do on this talk I'll look for and see if there's any sort of other reports and stuff that are going on I know that there was a big cyber safety committee last year that reported and had a very lengthy book with some useful recommendations but I'll have a look and see if I can find in terms of what you're referring to I don't think there's anything it seems one of those places that will fall off the radar because it's hard for explaining it to a lot of population until they're actually screwed themselves the thing is that there are rights now to be able to look at information that people would probably feel very uncomfortable about and it's been interesting to watch people get very hot under the collar about some of the new things that are being looked at when it's actually stronger than that now but let's have that conversation a bit later but I'll try and add it to the blog anything else as I said it's more of a call for help and be where the cloud sort of talk but yes but you also said that everyone approaches you you also said everyone approaches you when there's a problem oh yeah yeah bring it it's not a problem but I I guess a year ago I went to fill in a web form on I think it was the AECMA site and they got you to enter sort of name, date of birth sort of all first born but the thing is they've been very clever and most unusual and outsourced the quiz or formed to a US company and that's where all their data got stored yeah that's a problem and I was just a bit stunned by this at the time I thought surely not but in fact they did and is this something we should get upset about and should we approach someone and say look you've done a bad thing here so in the spirit of the talk which I just gave which is about applying martial arts to the workplace I suggest getting upset never actually helps you but you write a very well-reasoned questioning letter to your local MP to say look I noticed this and it's a bit concerning to me for this reason do you think that it is a danger for Australian information to be you know shared in this way I just asked the question so who happens it's only by asking the question and getting people curious about the issues that change happens it's not me so does that answer the question a lot of it is just about raising awareness well thank you all very much I'll put up a blog post about this probably tonight and if anyone is interested in the broader sort of OpenGov2o stuff which I think is very very firmly related then there's also MiniComfort Tomorrow stuff about open government thank you very much