Part 2 of a series: INFORMATION SECURITY FOR ACTIVISTS

It’s easier to ignore the need for basic information security, and most people do. I’m asking everyone to adopt a handful of field-tested practices that I have seen used with Global Integrity’s staff and network of 1,200 contributors around the world.[1] By adopting good info security practices, you can help people particularly at risk of surveillance, censorship and disruption. In my work, these people are mostly journalists who write about corruption, natural resources, organized crime or defense.

This works for three reasons: one, it spreads knowledge around. Two, when secure communication is normal it creates lots of noise that makes it easier for people at risk to work safely. Three, it increases the baseline security of the many systems that all these highly networked people use and interact with.

These recommendations are mostly free, and not difficult. I know that annoying tools get uninstalled, so I don’t recommend them. This stuff has to work. The advice here is easy to use and will help mitigate against a number of common threats.

This post is part of a series. I’m starting with at the most basic precautions and we’ll work our way down to the tinfoil hat stuff.

Always use an up to date Web browser

In terms of effort/benefit ratio, there is no more effective way to improve your security than updating to a current Web browser. I honestly don’t care which one. Thanks to Mozilla kicking a complacent industry in the ass, we’re in a Golden Age of browsers, where standards are mostly agreed on and useful features are quickly copied from innovators to followers. So raise a glass to the nonprofit Mozilla Foundation and use whichever major browser you prefer.

I personally like Mozilla Firefox because Mozilla shares my values and Firefox gets more scrutiny than any other product. I also like Google Chrome because the security model (tabs as processes; quietly pushing updates) is good. But really, the main thing is that the browser is up to date. There are many things your browser does to harden you against threats while you surf around the Web — too many to list here — but unless you keep the browser up to date, you are seriously screwed. If you click on “About Firefox”, if should say “Firefox is up to date” — then set it to update in the background. Chrome does this, and is pretty much always up to date.

A bit about settings: Browsing History is a massive privacy flaw masquerading as a feature. Everyone should turn this off and leave it off. Firefox users: set the browser to never remember your browsing history by default. Chrome doesn’t even allow this, unless you use “Incognito Mode” or a history scrubber plugin. This is unfortunate and I wish Google would change it. Here’s a 2008 guide to turning off browser history.

Get a browser here: https://www.mozilla.org/en-US/firefox/new/

Uninstall your plug-ins… except for these

Plugins are little bits of code that let you add features to a Web browser. That’s generally a good thing, but for people concerned about security, it presents a problem: every major browser is subject to scrutiny and community oversight; the same is not true of plugins. So when you install plugins called WeatherBotz or ClickForLulz or TimezoneHelperz, you’re putting a everything you do on the Web in the hands of unknown parties. Who can’t even spell. If they screw up, you are exposed. In some cases, silly plugins have been used as attack vectors for password theft.

So, in general, don’t install plugins. When you do install plugins, get them from authoritative sources like https://addons.mozilla.org/ and note how many downloads they’ve gotten — if it’s not in the tens of thousands, skip it.

The following plugins are helpful in locking down your security, and I recommend them. Features like these frequently end up being part of the browser later on (remember pop-up blockers?). Installing them as plug-ins puts you ahead of that adoption curve.

These are all Firefox plugins. AdblockPlus, Ghostery and Web of Trust have plugins available for Chrome.

HTTPS Everywhere

Why: Forces many popular sites (Facebook, Google, etc) to use encryption, preventing “man in the middle” spying on information en route. This would have likely prevented the widespread interception of Facebook logins by security services in Tunisia.
How: Download plugin.
https://www.eff.org/https-everywhere

AdBlockPlus

Why: Prevents adbot trackers from loading, in addition to blocking ads.
How: Download plugin. Pick the default “subscription” for your language of choice — this is the blacklist of ads you won’t see displayed.
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

FlashBlock

Why: Disables content displayed with Adobe Flash unless you specifically ask for it. Flash is a nice format for games, uploaders and video, but has a lousy security record. Many attacks are based on displaying Flash content to browsers and convincing Flash to download malicious code. This will also improve your battery life by not loading power-hogging Flash elements of a page.
How: Download Plugin. To see Flash content, click on the gray Flash icon.
https://addons.mozilla.org/en-US/firefox/addon/flashblock/

Ghostery

Why: Blocks third party code (from advertisers, mostly) that records your activity online. You don’t know them, so you shouldn’t trust them to know what you’re doing.
How: Download plugin. Configure to “block all” and “no alerts” so it will run silently.
https://addons.mozilla.org/en-US/firefox/addon/ghostery/

Web of Trust

Why: Warns of known malware websites via a popup and displays reputation icons on search results pages. As if you didn’t need a reason to avoid viruses and whatnot, malware is an attack vector for spammers and scammers. It is also used by security services in more targeted attacks on activists. This is particularly useful for people who do a lot of research online, which involves poking around a lot of unknown sites.
How: Download plugin. Set security to the less noisy “moderate” setting. See those little circle icons next to search engine results? Don’t click on the red ones. If you do, you’ll get a pop-up warning you of what’s behind the link; you can click through if you want to.
https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/

In our next post, we’ll talk about Virtual Private Networks, or VPNs.

[1] www.globalintegrity.org

Part 1 of a Series: INFORMATION SECURITY FOR ACTIVISTS

During a recent Transparency/Accountability Initiative workshop, I led several discussions of information security for activists. During these I was told by incredibly smart leaders in the nonprofit technology space — people I really respect — that they had never given the matter much thought. This is a problem.

A bit about me: I’m not a security expert. I can’t talk shop on SSH flaws or random number generators. I am, instead, a practitioner of social ventures who cares about the people in our field. I can translate from the tech experts into usable, field tested recommendations, but to do this I depend on peer review from experts, which I gratefully invite on this and all posts.

Prologue: Keep Calm and Carry On

There are a lot of reasons to be paranoid [1]. Our friends and allies are searched without warrant or probable cause beyond being politically active [2]. In the US, anti-corporate websites are accidentally banned without cause or recourse (Web sites of the powerful fare better) [3]. Journalists are detained at Internet cafes for attempting to file stories [4]. Email is routinely intercepted and stored by governments, without cause — in the United States, when this practice was challenged in court, Congress blocked the lawsuit and explicitly legalized the mass warrantless interception of email (Senator Obama voted yes) [5].

Much attention has been given to the potential of technology to connect, empower and accelerate movements. Less attention has been given to the fact that technology also empowers the adversaries of these movements. See Evegeny Morezov’s book The Net Delusion for a discussion of these issues, reviewed here and here.

This creates conflict between privacy advocates and controlling institutions; this conflict has been slow building but is coming to a boil, particularly after Wikileaks and the Arab Spring. To quote a developer  of the TOR privacy tools (used by the US military, among other ironies), who is regularly detained at the US border:

“The [US Customs and Border Patrol] agents in Seattle were nicer than ones in Newark. None of them implied I would be raped in prison for the rest of my life this time. ” [6]

Technology is not neutral. It is not “just a tool.” All technology creates patterns of power distribution that actively tip the balance towards or away from democratic decision making, often without our intention or consent. Our urgent mission, as activists and technologists participating in the early Internet, is to proactively create, refine and distribute systems that empower the values we care about. I care about democratic participation, diversity of opinion and human rights.

So, that brings us to security for activists.

How to think about security

The good people at the Electronic Frontier Foundation frequently take the lead on these issues. I turn to them now, by using an intellectual framework they laid out in the guide Surveillance Self Defense. Please take 30 minutes and read this text now. It’s ok, I’ll wait.

My take away from SSD is to break the unhelpful binary of “secure vs. insecure” into a more actionable set of information:

• you have assets to protect (your browser history; the contents of an email; a list of sources).
• you have threats against those assets (they could be intercepted, they could be published, they could be lost)
• you have adversaries (specific and finite: government agencies, corporate security, vigilante networks, private surveillance firms)
• you have a risk assessment: based on our understanding of the assets, threats and adversaries, how likely is a bad thing to happen? How do our actions increase or decrease that risk?

To this, I would add the historical observation that privacy by “policy” isn’t working [7]. Instead we have to focus on privacy inherent to the technology we use. It is no longer sufficient to trust institutions to protect our privacy, because they have shown — repeatedly — that they do not deserve trust [8]. They roll over to governments, they sell our info for profit, they expose our data through carelessness. Human nature won’t change. The solution is to build technical solutions that allow us to conduct business, relationships and politics online without transferring power over our privacy, communications, and political participation to invisible controlling bodies.

You are not going to be “secure” or “insecure”. Instead, you have a framework for understanding undesirable outcomes, and adjusting behavior and technology choices to mitigate against the most destructive or most likely threats. Security is a series of tradeoffs — most often between usability and privacy of communications.

Fortunately, there are good tools, which give immediate benefits at little cost to users. This is the first post in a series. We’ll talk about specific counter measures and behavior changes in my next posts.

You feedback and critique is welcome in comments or towards @eylerwerve on Twitter.

– Jonathan Eyler-Werve

 

[1] Wired – 9 Reasons Wired Readers Should Wear Tinfoil Hats

[2] Wired – Appeals Court Strengthens Warrantless Searches at Border 

[3] Ars Technica - ICE admits year-long seizure of music blog was a mistake 

[4] The Investigative Fund - Fiji Water: Spin the Bottle

[5] Open Congress – H.R.6304 – FISA Amendments Act of 2008

[6] BoingBoing – Wikileaks volunteer detained and searched (again) by US agents 

[7] Not my idea; credit to security activists who prefer not to be named.

[8] LA Times – Bank of America data leak destroys trust 

 

This essay was written for Global Integrity, as part of the Indaba fieldwork platform site. Original post here. (CC/by)

I’d like to have a conversation about how online collaboration works, based on some things we learned while building the Indaba fieldwork platform, a tool for organizations that use distributed teams to publish data.

Over the last ten years I have used, loved and hated online collaboration tools with teams in more than 100 countries. It’s not magic. Online collaboration is simply getting stuff done over the Internet, and online collaboration tools, all of them, have some means of addressing three functions: relationship management, knowledge management, and project management. Put more simply: keeping people connected, getting them the stuff they need, and sorting out what to do next.

But before I can talk about that, I need to vent a little.

Prologue: Why you hate your online collaboration tools.

This is a picture of Frank Lloyd Wright.

This is a picture of a hammer.

This is a picture of Fallingwater, a landmark in modern architecture. [image: sxenko cc/by]

If we want to understand Fallingwater, most scholars would focus on the architect, not the hammer, despite the many technical innovations contained within the house. This is the correct approach because Frank Lloyd Wright is more interesting than a hammer.

Most discussion of online collaboration does exactly the opposite. All hammers, all the time.

As an occasional presenter at tech-for-social change events, I share the blame. The conferences, blogs and training manuals aimed at the social sector too frequently skip discussion of innovative social institutions and organizational models. We frequently avoid the messy, political discussions of people, their ideas, their behaviors and the background institutions that make their work possible. Instead, aspiring non-profiteers will find great enthusiasm for specific technologies (“social media”), usually approached via uncritical hype for specific technology brands. (Actual training workshop: “Why We Love Twitter & You Should Too!”[1]) Along the way, recipients of this wisdom rarely pause to consider the basics: What do we intend to do with any of these tools, how do they fit into our organization’s theory of change, and how will the behaviors enabled by these tools transform our organizational structure and relationships?

I co-organize a Net2 discussion group for social sector tech. We sometimes use “What’s your favorite new tool?” as an opening discussion. We have never opened a meeting with “What’s your favorite new organizational behavior?” or “What’s your most effective workflow?” or “How has the technology your organization uses transformed your internal or external relationships?” They are much more difficult questions to answer because we aren’t trained to notice these things. Technology providers are happy to keep it that way because it is easier to sell hammers than facilitate a discussion of how a new technology will transform internal power dynamics, however essential that discussion may be to the success of a project.

The unvisited graveyard of forgotten tech.

As a result, the social sector is tool rich but insight poor. This tunnel vision has real consequences, most visibly in the vast graveyard of technology-for-social-change projects that have produced technology but little to no social change. These usually take the form of discussion forums, user-submitted libraries and easy-to-edit wikis that are not in fact enabling any discussion, user submissions or edits. There are a lot of empty forums, silent social networks and abandoned wikis out there, despite the best intentions of their sponsors. I’ve built a few myself.

If this is surprising to you, here’s why: non-profit grant reporting requirements make it deeply uncomfortable for organizations to talk publicly about failed projects. Grantmakers that learn (at great effort) of the dismal long-term success rates for new nonprofit tech also tend not to publicize it. As a result, we often fail without learning.

Beyond our field’s structural barriers to self-awareness, I believe a key driver of this repeated failure is a lack of understanding of the behavioral implications of new technologies. In this paper, I’ll attempt to create a framework for understanding online collaboration. I write with the hope of encouraging social sector organizations to select appropriate online collaboration tools, and for technology providers to build effective collaboration platforms.

I propose that the best way to understand what a technology “does” is to ignore the technology until you understand the social behaviors it enables. Technology that does not change the pattern of human interactions is unlikely to have significant impact on the social sector, however novel the technical approach. It’s the behaviors that matter. (See the work of Clay Shirky for more exploration of this idea.)

Goals and invitations

A definition: online collaboration is a fancy way of saying “a group of people trying to complete work toward a goal via communications technology.” Any discussion of online collaboration presumes a few important things: a group; a method of work; a goal; and finally, a technology. The social sector’s focus on tools tends to skip over the first three items, particularly when the term “crowd sourcing” comes into play. Do this at your peril. The citizens of the Internet are not your private army, and the excellence of your tools will not save you if you have no workers, unclear goals, or no useful work for them to do.

There is much excitement around distributed projects, sometimes known as crowd sourcing. This enthusiasm is justified; however, a little knowledge is a dangerous thing. A great many poorly informed ideas end with the phrase “…just like Wikipedia did.” The lesson that should be learned from successful crowd sourcing is that online collaboration can dramatically lower transaction costs and accelerate iteration among contributors, particularly at large scale. The lesson that is incorrectly learned from crowd sourcing is that on the Internet, people will work for free. Good luck with that.

There is much to say about how to organize people and how to invite participation that respects the varied motivations of all involved; we should also discuss licenses, contracts and ownership arrangements of collaborative work. That’s not the topic of this paper. But I want highlight the importance of this. Online collaboration tools must be aimed at a specific problem for an identified, invested group of people. If you can clearly identify the work you are trying to do, if you have your workers in mind (volunteer or otherwise), and if you need help managing the flowing scrum of activity that this work creates, then we are finally ready to talk about online collaboration tools and what they can do for you.

A framework for understanding online collaboration

Online collaboration platforms, all of them, have some means of addressing three functions: relationship management, knowledge management, and project management. Or put more simply: every collaboration platform must keep people connected, get them the stuff they need, and sort out what to do next.

By applying this conceptual framework to a collaboration tool, a potential user can start asking the important questions of how does a given tool accomplish these objectives. If these approaches fit your organization’s preferred working style, then it is a good tool. If the tools solves these problems in ways that do not work for your organization, or if the tool has no identifiable solution to these issues, then you might consider using something else.

Let’s get started…

Relationship management

To the tech savvy, the term relationship management calls to mind a specific suite of tools like Salesforce.com or CiviCRM. In this framework, we’re using it more generally to address all of the ways an online collaboration platform connects people to the folks they are working with.

Every online collaboration tool will have a way of letting people find each other, and enable some form of communication about the work.

Key relationship management functions that a collaboration platform should address:

• Who am I working with?
• How can I connect with those people?
• Who else should know about what I’m doing? How do I notify them?
• What mode of communication is preferred by the person I’m trying to reach?
• Are notifications machine generated? If so, how much control does a manager have over the content of these messages?

A collaboration platform may include messaging systems like sitemail or chat, but it doesn’t have to. The platform may simply enable the transition from an online space to an off-platform discussion over phone, chat or email. For example, the Basecamp collaboration service has no built in peer-to-peer messaging, but does have a “Who’s talking about this message?” column, which lists the photo, name, email address and phone number of everyone who’s participating in a discussion thread. Direct connection with peers is enabled without a lot of technology in the way. It’s easy to use, and it’s also easy to build.

All of the relationship management tools in a collaboration platform are intended to lower the friction between individuals, while retaining appropriate privacy.

The relative openness of a system should be dictated by user needs, not by the tool. Privacy expectations are usually built into a tool; the tool selected needs to match the expectations of the group using it. A peer-to-peer support group for abuse victims may have very different expectations about sharing photos or phone numbers than co-workers who share an office. If you haven’t talked to your users about this, I recommend it.

The current status quo for relationship management in social sector organizations is the email inbox. Your email program remembers who you’ve messaged, it stores that for later (we hope), and you use it to connect with people. Maybe you store emails in a folder, so you can find people again. This may be paired with a pile of Post It notes, a spreadsheet entitled “Contact List” or perhaps a full-on relationship management system (in practice, a big database) like Salesforce.com or CiviCRM.

We like email because it is simple, universal and flexible. However, the ease of use comes with “technology debt,” or deferred costs brought on by avoiding planning and structure. Nothing is stored centrally. Nothing is moderated or visible to managers. Project messages arrive in a cesspool of spam and unrelated email.

All of this creates friction: distraction, delays, confusion and stress. A collaboration space can and should relieve some of this burden. Good tools can help, but less is more: the relationship tools in the most successful online collaboration platforms are usually featherweight and respect pre-existing modes of communication.

Knowledge management

All online workers are, in the words of Robert Reich, “symbolic analysts”. The work we do involves manipulating digital stuff: writing, databases, images or other files. So doing work online requires that you have access to this digital stuff, but only the stuff you want, and none of the stuff you aren’t allowed to see. You may also benefit from documents and databases created by your peers that tell you how to do your work. This process of getting stuff out of people’s heads, notebooks and cameras and into something more permanent is called knowledge management.

There’s a lot of crucial project knowledge that exists only in people’s heads. One of the best things you can do to improve knowledge management in long-running projects is to encourage people to get information out of their heads and onto something more permanent. This also tends to make those people happier workers (see David Allen’s Getting Things Done). Having a framework to store and share these new documents will encourage people to create them. This is where your online collaboration tools come in.

When it comes to documents, storing digital stuff is easy. Finding it again is the hard part. In online collaboration, all knowledge management comes down to being able to find what you’re looking for. At one point, organizations used filenames in folders, and finding things was a matter of knowing which branch of the folder tree to look in, and drilling down until you found the right filename. This is simple and durable, but lacks ways to add description and context to a document beyond the filename, which usually looks something like this:

invitation-letter-FINAL-JE’s-edits-FINAL-added-late-change-2010-10-23-typocorrrected-REALLYFINAL.doc

The other popular file repository is the email inbox: everything you could ever need, as long as it happened in the last few weeks. The two represent the two major modes of storage: stable, and contextual. Contextual interfaces are often driven by algorithms that help filter out things you haven’t been working on (Google Reader allows you to sort by name, sort by date or “Sort by magic”). These algorithms work well, except when they don’t, and then they fail completely. Really good storage systems allow users to switch between contextual interfaces (“whatever’s most relevant”) and stable interfaces (“everything in its place”) for organizing information. Good search engines are one way to provide a “stable” lookup in a otherwise highly contextual tool.

These days, there are a number of ways organizations store information, some of which are chosen quite accidentally: no one intends a Google Group to become a knowledge repository until you need a phone number someone mentioned three months ago. Forums, wikis, FAQs, websites and ticketing systems are all working alternatives to the giant shared hard drive.

Contextual interfaces have a natural working scale. Get too big or too small, and forums, file systems or wikis stop working effectively. A quick workaround is to hive off an overgrown knowledge base into two or more smaller working groups. However, in general, the less hierarchy the better, and transparency across hives should still be possible.

A good knowledge management system will…

• Help people find what they want.
• Help people know what help or documentation is available.
• Control access to documents.
• Control versioning of documents.
• Attach metadata to documents like datestamps, revision history, or ownership data.
• Allow discussion of documents to travel with the document.

Regardless of what form of knowledge management you use, a few habits can make things go better. If your online collaboration tool doesn’t allow and encourage these habits, that’s a problem.

• Write down and broadcast your system, whatever it is. People want structure.
• Love and empower your librarians: the people who relabel files, merge threads, delete chatter, and otherwise keep things tidy.
• Labels are very, very important. Search is only as good as your labels.
• “Tagging” or “attaching” documents, discussion threads, and other narrowly focused objects to more general categories of objects is useful.

Project management

Project management is the most common function of online collaboration tools, but it’s perhaps the least well implemented. While an ocean of task lists, Gantt charts and other features are available to you, all project management boils down to a few questions:

• Who’s doing what?
• How’s that going?
• What should I do next?

In online collaboration, project management is the process by which accountability for outcomes happens. Accountability is largely a question of habits and transparency. To make it work, your team needs the following:

• Clear expectations on what people are invited to do.
• Clean boundaries on what a unit of “work” is: until I say it’s done, or until you say it’s done?
• A report-back system that lets people record progress on work.
• A dashboard of some kind that lets managers or other users see those progress reports and use that to make decisions.

This can either be highly automated, like a task list or ticketing system that is assigned out to people, or it can be more fluid, like a scrum meeting on Monday to divide up work, and another on Friday to report back on progress. In the latter scenario, a chat room and a scribe posting notes to a message thread are all the technology you need to do this really well. It comes down to matching the technology to the working style of your people. In some cases, your working style might be bad, and then no technology will fix it. You have to fix your organization first.

If your working style is good, maybe the best technology is a very minimal solution with very few bells and whistles. But beware the vendor who tells you that with the right technology platform, people will suddenly abandon their anti-social behaviors and work in harmony. I mean, have you seen the Internet? It doesn’t do harmony.

Putting it all together

These three concepts functions that any online collaboration space must fulfill. While there are many possible correct answers to the questions of managing relationships, knowledge and accountability in a group, there are also very clearly wrong answers. You should put some thought into each of these before attempting to get work done online.

I wish you luck in your ventures, current and future. I gratefully invite your critical feedback on this paper in comments below.

You are welcome to adapt or distribute this paper, with attribution (CC/by). It was created with gratitude to the Aspiration Manifesto, and the Nonprofit Software Development Summit 2010 and Chicago COUNTS participants, who contributed essential concepts to this paper.

The author, Jonathan Eyler-Werve, builds tools for public benefit organizations. He is currently on sabbatical and considering new projects; he was most recently the leader of the Indaba fieldwork platform team. Learn more at http://getindaba.org.

This essay was written for Global Integrity, as part of the Indaba fieldwork platform site. Original post here. (CC/by)

This post was written for Global Integrity, as part of the Indaba fieldwork platform site. Original post here. (CC/by)

The Indaba fieldwork platform went live in September 2010, with the launch of fieldwork for the Global Integrity Report 2010. That project published the following spring, with a dozen more projects launching on the system since then. To date roughly 3000 assignments have been completed on Indaba.

During the past year, Indaba has moved from a good idea to a field-tested tool with strong user validation. Of the organizations that have completed a project on Indaba (Global Integrity, Transparency International UK, Publish What You Fund), all of them are scaling up their use of Indaba with new projects. I can’t think of a better metric for success than that.

Here’s a review of the last year, with some insight into our learning process and findings. We’re not big on glossy sales pitches — this post includes some fairly brutal self-analysis of our strengths and weaknesses. Your feedback is always welcome at info@getindaba.org. Thanks as always for your support and interest.

In a personal note, after ten wonderful years, I’ll be retiring from service at Global Integrity in 2012 to take a sabbatical and pursue projects in Chicago. You can follow my next steps at eylerwerve.com.

I leave the Indaba project in the capable hands of Monika Shepard, Nathaniel Heller and others at Global Integrity and our growing network of partners and contributors. Working with the Indaba team has been the highlight of a great run — thank you!

Jonathan Eyler-Werve
Director of Technology and Innovation
Global Integrity

 

Our process

Our thinking is evolving fast as Global Integrity is settling into running a small tech startup within the larger organization. One lesson learned has been to resist grandiose feature expansion in order to focus on a lean, iterative, and user-oriented approach to upgrades. This has been a good year for this, as our Early Adopters program provided us with a structured dialogue process with which to constantly challenge our hypothesis about our market fit.

While most of our initial ambitions remain intact, our focus is much sharper. In particular, we are very clear on two things:

1) Scorecards (blending text and datasets) with a workflow are what people can’t get elsewhere. This is Indaba’s core value proposition.

2) Our project install process is too slow. This needs to be less complex for project managers (fewer decisions to make) and less work for admins (data entry chores shared with more users; lower risk of harm from misconfigured settings; faster launch, test, and adjust cycles).

How we learn from users

We took the following steps to gather user input:

• Field contributor surveys that captured three years of baseline experience from our previous-generation fieldwork tools and compared that to data from Indaba users.
• On-site trainings and Q/A with partner project managers in the Philippines, Mexico, Kenya, UK, US, and other locations.
• Several dozen webcast trainings and Q/A sessions with diverse populations of field contributors (for the record, American journalists are the most skeptical users).
• On site, multi-day project design sessions with partner organizations in Atlanta; London; Manila; New York; Port Morseby; and Washington, DC.
• A day long visioning session around future features with internal Global Integrity admins and project managers in one room, proposing and ranking options.
• Year-round capture of requested features into system documentation.
• Sharing an open plan office with Global Integrity project managers who are using Indaba every day.

 

What we learned (or confirmed) by talking to users

• People like Indaba’s scorecards. Creating a structured, indicator-based analysis with peer review and workflow attached is the function that no other tool can deliver to users.
• Project scale matters: Building a giant wooden deck? Get a nail gun. Hanging a picture? Get a hammer.  Google Forms is a hammer. Indaba is (metaphorically) a nuclear-powered auto-feeding large bore nail gun. It works best for large, repetitive projects.
• Managing text document workflow at medium to small scale (producing less than 30 docs) isn’t the most valuable use of Indaba. If it’s small enough to fit your files in one folder, you should consider running the project via email attachments, which is inherently more flexible at some costs to security, stability, and management complexity.
• There’s little current interest in using Indaba to purely manage file uploads (photos, video, audio, “blob storage”). However…
• There’s lots of interest in attaching files to a survey data point. For example: an Indaba researcher can now attach PDFs of legislation to individual scores in a policy scorecard, providing a reference doc that is more permanent than a government website which might go offline at any time. We’re not aware of other Web-based tools that do this, although tools such as DocumentCloud can be useful in more journalistic projects.

Does it work? — Observations on user experience

• The “Fieldwork Manager” (runs fieldwork for remote teams and managers) emphasized usability and stability in our initial build. It has proved highly successful with end users.
• The “Designer” (used by Indaba admins to configure projects) emphasized lowest possible cost over usability in our initial build. It has proven difficult to use and needs serious help before we can scale up the number of project deployments. It’s slow and is a source of risk, as misconfigured projects can impact system stability. This is partially addressed in Indaba 2012.
• Trouble tickets from field staff are increasingly uncommon. We’re seeing 1 to 2 trouble reports a month from a user base of ~500 people active in any given month.  Roughly 3,000 assignments have been completed on the platform, with ~30 trouble tickets generated from those field contributors.
• Internet censorship is a problem we can work around. Yemen’s state-owned telecom classifies Indaba as pornography. Timor Leste’s telecom blocks access for reasons unknown. In most cases the free Hotspot Shield VPN circumvents the local blocking.
• More than half of our trouble tickets are resolved by updating field contributors to a supported web browser. We are becoming more comfortable requiring field contributors to update browsers, as the security considerations around 10-year-old browsers (Internet Explorer 6) make it a worthwhile battle to have with field contributors, regardless of Indaba’s needs.
• Project managers outside of the Global Integrity office (i.e. Global Integrity’s local partners and outside groups using Indaba) have offered consistently positive feedback. We actually would prefer a bit more pushback, but mostly they just tell us they “love it.” As an interesting control case, Global Integrity Executive Director Nathaniel Heller facilitated a feedback session in early-December 2012 between project managers at a large international NGO and their field contributors. The teams had recently completed a pilot research project by fielding 75 indicators across multiple government ministries in three countries. They used Survey Monkey to gather their pilot data, and the uniform feedback was, “We hated Survey Monkey.”
• Project managers are at times overwhelmed by the options available at project launch. We are working to create simplified options based on the choices made on previous projects (“Do you want chocolate or vanilla?” instead of “Configure these 31 flavors of variables…”).
• Global Integrity managers have reviewed ~50,000 scorecard data points on the platform with good results.  They have a number of usability and feature requests, which are reflected in the upcoming Indaba 2012 build.
• Global Integrity managers are less enthusiastic about using Indaba as a tool for the editing of text documents, as noted above. Recent workflows involved the submission of text from field contributors via Indaba, an offline “editing” process, and then inserting final text back into Indaba for peer review, approval and publishing. This reflects the reality that mature text editing/versioning tools are widely available (Microsoft Word and Google Docs are pretty good at this) and we are not willing to replicate this functionality in Indaba.
• Of the initial outside groups to complete projects on Indaba (Publish What You Fund & TI-UK) both are using Indaba for new projects within weeks of completing their original projects. Global Integrity continues to use Indaba for all data collection projects.
• The publishing tools are less rigorously tested than the rest of the system, because there is a 4- to 12-month lag time between starting and publishing a project. This will change over the next six months as the first wave of projects is published. Global Integrity has successfully published two projects through Indaba to the web (the Global Integrity Report: 2010 and the Kenya City Integrity Report) with no significant challenges.

What we learned from other people’s projects

In addition to our own users, we also have been in contact with others in our field that are developing tools in the same space.

On the input side: mobile device data collation is well understood by Nokia Data Gathering, Ushahidi, Citivox, and Frontline SMS. We’re in contact with these groups and could, if needed, build links to Frontline SMS or Nokia Data Gathering as the first step of a workflow that included both mobile input and Web based submission and review of data. We currently believe that we should not build custom mobile input tools for Indaba since it’s possible to link to very good existing tools.

On the output side, we’re talking to CKAN.org and the Open Knowledge Foundation about hosted data stores. Our users are frequently requesting a place to host/distribute/visualize the completed datasets they already have in hand. We’re undecided as to whether to support this use case (it’s not a big expansion from what we already have) or send them elsewhere so we can focus on managing field teams. Creating a bridge between the Indaba database and a CKAN-like network of databases is an attractive long-term goal depending on demand.

We learned about other projects while presenting at events organized by the World Wide Web Foundation, Aspiration, the Transparency and Accountability Initiative, and others.

Note to readers: if you run a project that we should be aware of, please contact us!

New features added since launch

While we have not emphasized expanding the feature set this year, we have incrementally updated what we have based on user feedback and our original road map.

• Automation of daily/weekly/monthly system backups.
• 24/7 monitoring and alarms for HTTP availability and application response (see Uptime section).
• Allowing file attachments that are embedded into scorecard in Fieldwork Manager. This functions similar to the “reference” text field.
• Support for “Not Applicable” score formats.
• A “Force Exit” feature which gives managers better options for handling an assignment that has been abandoned in progress by a field contributor.
• Research into how to improve the display of dynamic visualizations. (Best approach appears to use Flash on the server side and display cached image files to the Web. Flash has mature charting tools, but is not desirable for end users. HTML5 or jQuery are options, but we’re late adopters by nature.)
• Partner user branding integrated into Fieldwork Manager.
• Improved attachments support in text tools.

System reliability

Uptime for the first 14 months has exceeded our best hopes. Based on our monitors (which run once a minute):

• Our total unplanned downtime was less than ten minutes.
• Two network availability errors that resolved within five minutes each.
• Server/application stack has had no unplanned outages, though one planned server reboot was not communicated effectively, leading to approximately 4 hours of downtime.
• We had one incident of limited performance (scorecards were unavailable) for 6 hours total.  This was due to a database error in which a misconfigured “delete” button affected database records. The Indaba ops team recovered all functionality without data loss within 6 hours, despite the error happening at 5pm on a Friday.
• Hurricane Irene damaged hardware associated with the Indaba development environment but no data was lost and the storm did not affect system performance.

Staffing

We continue to work with and recommend Open Concept Systems as our engineering and operations contractors.

Monika (Kerdeman) Shepard joined the Indaba team within Global Integrity in August 2011. She is focused on staffing project design, support to users, and community building. Monika contributed to Indaba user stories while at the World Resources Institute and has been highly successful in bridging the gap between user desires and system realities.

Jonathan Eyler-Werve is transitioning out of Global Integrity at the end of 2011 to take a sabbatical and explore projects in his hometown of Chicago. He joined Global Integrity in 2002 and has been working remotely since 2005.

This post was written for Global Integrity, as part of the Indaba fieldwork platform site. Original post here. (CC/by)

Every year or so, there is a new strain of chattering hype that trickles through the nonprofit tech echo chamber. This is fueled by a special class of nonprofit social media consultants and trainers who, despite their apparent awesomeness as keynote speakers, never seem to have enough work. Thus, a lot of blogs to fill, which leads to inane advice that to me seems a long way away from actual problems that organizations face.

When you sell the hammer, everything looks like a nail, and when you sell emerging technology, everyone needs a Facebook page. Pro tip: You might not. It depends on your strategy.

The impression that “new” (as opposed to “relevant”) is inherently good is a lie, and one that has the effect of disempowering the nonprofit community. I see real anxiety  in managers about not being on trend, despite the fact that these trends are usually stupid and unrelated to real work of building social movements.

The latest buzz bubble is QR Codes, or as I call them, hyperlinks for rich people. I’ll explain the basics:

A QR code is just a damned link. 

I know, it seems more complicated than that. It’s in a phone, after all. I can hear you say: Mobile is being adopted by… NO. STOP. It’s a link. It’s a link to a resource, probably a Web page. The fact that it’s only readable on some phones instead of any other device is not cutting edge. It’s actually a very bad thing. A plaintext URL (eylerwerve.com/2012/QR) is accessible by lots of devices, including smartphones. A QR code is accessible only by a smartphone. But it’s just a link. Thus…

A QR code is a link that only people who own smartphones can use.

QR codes can do a few other things than launch a webpage: dial a phone number, send an SMS, read out as a snippet of text, a few others. But all of those things take control away from the end user compared to, say just thumbing in the number, the URL or reading your 30 characters of text. This is not good practice. This is advertising sketchiness. If that’s your brand, then let’s put it all over your posters, sure.

QR codes can be attack vectors for malware. See, some QR readers will run all kinds of weird stuff, most worryingly javascript. As adoption picks up, people will start to half-remember CNN stories about the badness that can come from an unknown QR code. Confusion will amplify these stories. So..

QR codes are sketchy links restricted to rich people. 

Everything you can do with a QR reader, can be done with your thumb, faster. Look at these instructions on a blog post on QR codes:

To scan a QR Code, smartphone owners download a QR Code Reader [browse your App Store/Gallery for a "qr code reader"] and then take a picture of the QR Code. The person scanning is then sent either to a mobile Web browser to view the link inside the QR Code, sent a text message, or prompted to dial a phone number. QR Codes are ideal for location-based communications and fundraising campaigns. Try it! Scan the QR Code featured in this blog post to see how it works. [1]

Or you could punch in a ten character URL. Reading: it doesn’t require software! Right away, you are cutting out everyone who doesn’t understand the text above. Or you have to include the text above and send your user off to download someone else’s app to do what? Visit your webpage? OMG fail.

QR codes are for the people who are wealthy enough to use smartphones and are informed enough to have a QR reader, but not so informed that they think that QR codes are sketchy or stupid.  

If that’s your strategy — use tech that confuses and could threaten users; talk only to people who can afford to get your message; make simple things harder — then good luck to you. If you’re a consultant pushing this on people, I question your values design philosophy. [clarified below] But the thing is, that isn’t happening much — despite the fact that all the software and hardware needed to spread these things have existed for years, adoption is not widespread. I’ve yet to come across any QR Code success story that could ‘t have been accomplished with a printed shortlink. If you have counter examples, please hit the comments section below.

So why do these things exist? Here’s where it makes some sense:

• You need to put text on something too small to use letters. Like the back of a microchip, which is why the MicroQR format was created.
• You are scanning URLs in repetition, like someone taking stockroom inventory, checking in ticketholders, or (as the Obama campaign did) marking phone banking printouts as completed. The key difference is that one person is scanning many codes, not putting one code in front of many people.
• You are mainly talking to robots. Moving boxes around on conveyor belts? Codes ahoy.
• You want to be opaque and use a hidden message. See the QR hobo codes, which are readable by homeless people… with iPhones.
• You want to secretly embed tracking metrics into your campaigns. Sure it looks like your campaign website, but you actually went to a different site, then redirected, so you can track conversion rates. Not crazy, but a little sketchy.

Why do QR codes get so much hype outside of the narrow constraints listed above? My theory: op art. It’s awesome. I love it. QR codes just look cool. Piet Mondrian would have loved these little things popping up all over the place. So if your organization’s mission is a Dada approach to 1920s art appreciation, then yes, QR codes are right for you.

– Jonathan Eyler-Werve

[1] https://nonprofitorgs.wordpress.com/2011/01/24/22-ways-nonprofits-can-use-qr-codes-for-fundraising-and-awareness-campaigns/

* My faithful editor Kate points out that the phrase “question your values” comes across pretty hard. I can clarify: I have doubts about a design philosophy that emphasizes complex solutions where simple ones can also work, particularly for nonprofit clients. I’m not trying to say that the people in our field aren’t well intended or making the best recommendations they can.

I recently decided to spend time thinking about information, technology and social movements — my own DIY graduate program.

If I had technical background and was over thirty, I would start by reading manuals. If I had a technical background and was under thirty, I would start by publishing code, and then asking my friends what they think about it.

I have a liberal arts background, so I started by reading about ancient Greece.

I’m working through Thomas Cahill’s Mysteries of the Middle Ages: The Rise of Feminism, Science, and Art from the Cults of Catholic Europe. I’m drawn by the story of Alexandria, the legendary city and wellspring of intellectual streams that continue to flow today — the Old Testament, compiled from dusty sources and translated into polished Greek by a team of Alexandrian translators, is one of many examples.

I’d always thought of Alexandria as primarily a library; a repository of the world’s knowledge. But it wasn’t. It was first a city, a community of minds that started quite deliberately — Alexander the Great wanted a city — but soon enough self reinforcing and pinwheeling out of control as all good intellectual communities will do. The library was not burned once, but three times. It was rebuilt, until it wasn’t. Community is more durable than static media.

This meshes, instantly, with memories of my own work.

“The best place to store knowledge is to embed it into a community,” said social entrepreneur Steve Song, trying to convince a room full of African hackers not to start a website intended to contain the output of a three day Web Foundation jam session in Dar es Salaam.

We don’t need Yet Another Website. We need a community of people who need to create, to revise, to review, to share like they need to breath. This is the stuff of an intellectual wellspring, the kind of idea machine that will still be shaping the future a few thousand years from now.

Alexandria had a good run — some 700 years as the center of scholarship in the Western world — but it didn’t last. It was not the books that failed. It was the ideas.

Cahill writes:

In 415, a wild-eyed army of illiterate black-cowled monks filled the streets of Alexandria like so many crazed bats, “human only in their faces.” In a sense they were the prototype for all the mobs of religious fanatics that sweep through history. One of their number had already stoned the imperial prefect and been canonized for his deed by Cyril, Athanasius successor as patriarch. Now they encountered Hypatia, a philosopher and mathematician, on her way home from lecturing at the Mouseion. She was a pagan teacher, an unescorted woman; she did not bow to their beliefs. She lured young Christians to her lectures; she consorted with Jews; she had dared to speak against the patriarch. She practiced who-knows-what obscenities. They dragged her from her carriage and into the cathedral, where they stripped her, gouged her eyes out, skinned her alive, and tore her to pieces with jagged tiles ripped from the mosaics.

By this time… the ancient ideal of the city as bastion of balanced reasonableness was long buried. [1]

Alexandria wasn’t burned. She had her eyes gouged out by people who disagreed with her ideas.

Today, we are witnesses to the founding of humanity’s next great library: the Internet.

It started quietly. It tipped in 1993, the “eternal September” where the once a year rising tide of new students was overtaken by a wave of newbies that has yet to crest. For nearly two decades, the tectonic shifts in power it implied were largely misunderstood or ignored by the controlling interests of our time, who could not see its potential beyond a new way to sell pet food and airline tickets. It metastasized, to spill out of its containers, beyond the IP protocol to SMS and voice networks, which adapted the idea of the always-on-network to create barrooms, marketplaces, libraries, help desks using whatever communication technology fit the place and time. And now it’s here like a brushfire, wild, still crude and half-formed, but already toppling governments, churches, corporations.

Alexandria teaches us that these heresies will not go unopposed. And already, we see it.

200 kilometers and 1,600 years away from Hypatia’s death in Alexandria, ideological mobs are still beating women who dare to speak against the patriarch. Egyptian journalist Mona Eltahawy writes of her arrest at the hands of Egyptian security:

I read news reports about a journalist whose arms were broken by Egyptian police, but I don’t connect them to the splints around my arms that allow only one-finger typing on a touchpad, nor with the titanium plate that will remain in my left arm for a year, to help a displaced fracture align and fuse.

But the hands on my breasts, in between my legs and inside my trousers – that, I know, happened to me. Sometimes I think of them as ravens plucking at my body. Calling me a whore. Pulling my hair. All the while beating me. At one point I fell. Eye-level with their boots, all I thought was: “Get up or you will die.” [2]

Mona Eltahawy is the Internet. We are the library. We are the network.

The Internet — that is to say, we who trade in knowledge — will be opposed not by shotguns or tear gas (though we’ll see both), but by ideas. By the idea that knowledge created by public institutions using unpaid authors should be available only to those who can pay for it. By the idea that criticism of a person (the kings of Thailand) or an institution (the religion of Pakistan) should be forbidden. By laws which seek to contain one problem (piracy) while creating a dozen more (the unfettered, unaccountable censorship of anything online). By a thousand new ideas which aim to fight the reshaping of our world that the great library will bring.

Our great library — this new freedom to create and share — will be challenged. May it fare as well as Alexandria’s.

– Jonathan Eyler-Werve

[1] Thomas Cahill – Mysteries of the Middle Ages: The Rise of Feminism, Science, and Art from the Cults of Catholic Europe

[2] http://www.guardian.co.uk/world/2011/dec/23/mona-eltahawy-assault-egyptian-forces

A recipe for a delightful German pastry. Makes two to three large pastries. Kringle 2.0 has a pastry crust and is pictured on the left. Original recipe Kringle is on the far right. The origin and tweaking of this recipe is discussed in another post.

Shopping list

• unsalted butter
• sour cream (16 oz. tub)
• Solo pastry/cake filling (apricot, cherry, raspberry, cherry, almond…)

Make the dough

Warm butter to near room temperature.

You’re about to combine the following in a mixing bowl:

• Two sticks unsalted butter
• Two cups flour
• 8oz (half a tub) sour cream
• dash salt

Cut the butter into the flour in quarter sized lumps with a knife or pastry cutter. Stir in the sour cream and salt. With a little mixing, you’ll get a somewhat uniform mass of dough.

You’re ready to start folding. Lump it into a ball and mash it flat between the heels of your hand. Fold it in half (or quarters), aiming for a shape similar to your original ball. Mash it flat again. Repeat 15 times. Try to keep the layers parallel, so they stack on top of each other. Each time you do, you double the number of layers — after 15 folds, you should have a 2^15 layers (65,536) give or take a thousand. In food terms, this is now a light, flaky crust.

Wrap the folded dough ball in plastic wrap and put it in the fridge overnight or at least 4 hours. You want the internal temperature of the dough to be cold — below 50* F — or it gets sticky and screws up your layers.

Make the pastry

Preheat oven to 375* F.

Leave the dough in the fridge and get your workspace ready. You’ll need

• flour,
• rolling surface,
• rolling pin,
• one can of Solo pastry filling,
• cookie sheet coated very lightly with high-temp cooking oil.

Throw flour on hands, rolling pin, surface.

After you’re set up, grab the dough from the fridge. Cut the ball in half or thirds with a knife — top to bottom, across the layers — and return the unused dough to the fridge. The idea is to keep the dough cold until you’re ready to roll it.

Use your hands to squeeze the dough into a small lump the shape of a shoebox, with the layers flat against the tabletop. Gently roll into a rectangular sheet, roughly 2′x1′ and a quarter inch thick. You want square edges, so fold any thin rounded edges over to make a rectangle.

Spoon Solo filling into the middle third of the Kringle, on the long axis. You’ll use one can (or less) for all of your dough, but you don’t have to use the whole can. Popular filling flavors are cherry, raspberry, apricot. You can also use almond (which tastes like a nutty cherry).

Fold the narrow ends over, then fold Kringle shut by sealing the two outside flaps together. Pinch the edges together or they will open during cooking. Push down any stray corners or edges, which will burn.

Bake for 35-40 minutes until Golden Brown Delicious.

Remove from baking sheet immediately. As it cools, drizzle with icing. Make icing by mixing a big tablespoon of powdered sugar mixed with a tiny splash of milk or cream in a measuring cup.

 

Kringle is a holiday treat that my mother’s family would cook in the wintertime. For many years, this thin slab of homemade pastry would provide the calories required for a hyperactive Christmas morning. It’s easy to make, highly portable, and covered in icing — in other words, pretty much perfect.

For this reason, I always assumed that tinkering with my grandmother Alice’s Kringle recipe was akin to remixing Thriller — it’s never going to be as good, so why would you?

Then, there was the butter incident. The recipe calls for margarine. I don’t use much margarine myself, so I was caught short of the two sticks required and had to wing it. So I just used butter.

And it was… good. Possibly even… better.

For years, that’s as far as I went. I kept using butter. I didn’t talk about it. Alice’s Kingle recipe was codified in a family cookbook I helped edit, the King James Bible of the family recipe boxes. But I had sampled the apple filling of knowledge, and it could not be undone. I started to wonder if other aspects of Kringle could be tinkered with. I played with the dough. I tried some new fillings. I started to take notes, add to the canon. I was hacking Grandma’s Kringle.

And here’s the thing about hacking… hacking makes stuff better. And sharable. And delicious. And at the end of the day, this is where the first Kringle came from. Then I found out that everyone else was using butter too… but not mentioning it.

You may now insert [here] your own rant about how America is still a country that makes things,but only if we actually hack and share and post pictures of pastries on the Internet. When you’re done with that, here’s what I figured out about Kringle in my variation of Alice’s recipe.

The King James edition is published in the cookbook Alice’s Kitchen, a free PDF download.

This is written by Allen Gunn and co. at Aspiration, an organization that helps nonprofits make better technology decisions. I love this thing. I send so many people to this page, that I wanted to post it somewhere with slightly bigger type. I’ve linked the original and definitive version of the Aspiration Manifesto. – Jonathan

 

Aspiration is a values-driven nonprofit technology organization. Our work, our passion, and our focus derive from a set of philosophies that come down to a single unassailable conviction: technology and technologists should be in service to nonprofits and their missions, not the other way around.

We hold these truths to be self-evident, or at least readily verifiable via grizzled veterans of nonprofit technology struggles:

• Nonprofits should strive to remain in control of their technology destiny
• Power dynamics in nonprofit technology are all too often broken
• Technology discussions and planning should remain firmly rooted in the language of the end user
• Technology challenges are organizational development opportunities in disguise
• Technology is for building and strengthening relationships; it is not a replacement for the same
• It’s about the data, not the software and hardware
• Technology is a vessel to create, maintain and carry data into the future
• If it is not free (as in speech) and open (as in open), it is worth trying to avoid
• Process-driven technology is good technology. Technology without process is bad technology
• What has worked offline for generations still deeply informs what works best overall
• Nonprofits should (almost) never write their own software
• Less is more, and iterative is good
• And last, but perhaps most important: nonprofits should never forget who technology leaves out, and what it leaves undone

Our manifesto is posted as a love-fueled rant, and we invite you to read it in the same spirit :^)

To Elaborate:

Nonprofits should strive to remain in control of their technology destiny.

This is always challenging, and it requires a poignant and visceral understanding of the alternative. Organizational processes should drive technology thinking, not the other way around. Organizations should pay earnest attention so as to understand what they are requesting and what is being delivered, whether it be by staff or external providers, and even when it is not simple to grok. And all staff should be treated as engaged stakeholders in technology planning.

Thinking first about measurable, achievable goals, developing concrete strategies, selecting technologies proven to support realizing such goals, and explicitly designing and documenting replicable processes to employ selected technologies, should be the paradigm of all nonprofit tech endeavors. Even when resource limitations dictate otherwise.

Power dynamics in nonprofit technology are all too often broken.

Techies, especially technology consultants, have too much power and not enough accountability in many relationships. Nonprofits feel disempowered by the majority of technology engagements. Designing processes that hold techies accountable to nonprofit mission, and that place them in a position of creating simple, usable solutions instead of dictating non-trivial technology terms which only they understand, should be a primary objective of any nonprofit’s technology strategy and process. Technology expertise should never be synonymous with disproportionate decision-making authority.

Technology discussions and planning should remain firmly rooted in the language of the end user.

Vocabulary is a powerful barrier to organizational autonomy and empowerment. Nonprofits don’t care about acronyms, jargon and buzzwordology; “XML RPC”, “CRM”, and “syndication” are closer to profanity than profundity for the typical nonprofit staff member or activist. They care about social justice and making the world a better place. They want tools that support their vision, not distract from it. Technologists who talk tech early and often are doing nonprofits a disservice by exploiting specialized vocabulary to get to “done” and on to the next techsploit without fully explaining their intentions and associated implications, or enabling the organization to move forward on their own terms. Techies who shortchange meaningful discovery, who fail to document requirements and intended functionality in language and formats that all end users can understand, and who fail to treat excellent training and clean hand-off as more important deliverables than the associated technology, are paving solution cul-de-sacs for the organizations they claim to serve.

Technology challenges are organizational development opportunities in disguise.

Designing and redesigning web sites, developing online communications strategies, deciding who gets to blog, Tweet, and update social network status: these objectives tease out underlying issues of how an organization represents its work, talks about itself, and empowers its staff and allies to convey the same. Technology projects too often go awry not because of tech issues, but because an organization is not prepared to address the foundational dynamics that underpin effective technology utilization. Organizations should be prepared to do heavy lifting in challenging existing process (and/or the lack thereof) and associated control dynamics, and should treat technology engagements as opportunities to move to more transparent and accountable ways of doing business, communicating and affecting social change.

Technology is for building and strengthening relationships; it is not a replacement for the same. 

A “Donate Now” button is not a virtual and instant ATM; it is a doorway through which some of those who have come to respect, appreciate and support an organization’s work will hopefully some day and more than once pass. Establishing a mailing list and renting an online action platform will not transform a nonprofit into the next TrueMajority; such steps only create the opportunity to develop meaningful dialogs with online audiences in order to build trust relationships, mobilize citizen power and positively impact communities. Technology provides conduits and multipliers for organizational messages and services that reach present and future allies to realize change. It does not inherently or magically convert the non-initiated, win the campaign, or achieve just outcomes. Even if that technology is named Twitter.

It’s about the data, not the software and hardware.

It is a tragedy of nonprofit budgeting that software (web site, CRM, fundraising, office tools, etc) and hardware (desktops, laptops, routers, gizmos, etc) enjoy dedicated line items in organizational budgets, while the more abstract and essential technology components known ubiquitously as “data” rarely surface as identified investments and cost centers for anything other than project-specific work. The amount of staff time and salary invested in creating and maintaining organizational data dwarfs the hard costs of the associated tools. Nonprofits should center their technology strategy and resource allocation around the creation and curation of data, instead of fixating on the cost of applications and processors that edit and store that data. Data is each organization’s digital power; proprietary technology should not serve as a jail or cage that bounds that power. Which means…

Technology is a vessel to create, maintain and carry data into the future.

Data will outlive technology every time, so nonprofits should plan for end-of-lifing platforms and tools, and for migrating data . Technology selection decisions are not unlike marriages; divorce is sure to be painful if and when that day comes, and it all too often comes. Nonprofits should maintain data in open and accessible formats, and verify portability, migration and integration options on a regular basis. Even when programmatic fecal matter is hitting the proverbial fan and ones and zeros are the last thing on the organizational mind. Thus…

If it is not free (as in speech) and open (as in open), it is worth trying to avoid.

While the promise of free and open source software has sometimes been oversold, and is only some of the time realized in the nonprofit sector (CMS! Browser! CRM!), closed and proprietary solutions continue to dictate licensing, workflow and data formats to nonprofit users. Tools that lock in organizations, that charge usurious fees, or which fail to give nonprofits flexibility and control of their long-term destiny should be de-prioritized in favor of those which are designed to give nonprofits sovereign control of their operations and processes. Closed tools which are “too important to avoid” should catalyze movements of those passionate and willing to create healthy, sustainable free and open alternatives.

Process-driven technology is good technology. Technology without process is bad technology.

Many have opined that “nonprofit workflow” is an oxymoron. Rare is the nonprofit that formally defines its business processes. Rarer still is the organization that specifies and adopts technology specifically to support defined processes. Too often, selected technologies end up dictating process and workflow. Technologies should not be adopted until the workflows they support have been described, and stakeholders in those workflows have verified both accuracy of the workflow and affirmed that the technology plan supports the way they do their job, rather than defining the same.

What has worked offline for generations still deeply informs what works best overall.

Technology has not changed the game so much as it has changed the process of winning the same. The game is the same as it has been since before anyone walking today on this earth was alive: build power in movements to catalyze social change and justice, and hold corporations, governments, and random controlling parties accountable for the leverage they exert and maintain. Tech fetishism is never a substitute for great organizing. Technology will not set you free, in fact quite the opposite.

Nonprofits should (almost) never write their own software. 

…and should better learn how to reuse existing software. When they do create code, they should work in constant consultation with others who have survived the process. Software provisioning is not like pizza delivery; you don’t order a case management system or a web site or a CRM solution and have it delivered piping hot on a short turnaround to be consumed care free. Developing custom software is like planting an ambitious spring garden; only the experienced and the previously unsuccessful know that watering and weeding tasks and associated time commitments will dwarf initial implementation efforts, and understand how to plan for the ineluctable winters. If the mission of a nonprofit is to create software, that’s all fine and good, but if the mission of a nonprofit is other, they should avoid the perils of trying to become a software development shop and instead study what existing tools others are using to achieve relevant outcomes. “Our needs are different than everyone else’s” is an unsustainable vanity of the sector that leads to bad technology decisions.

Less is more, and iterative is good. 

Too often nonprofits treat technology projects like a trip to the market from a remote location. They try to pack in as much as they can in one pass, so they won’t have to deal with it again for a while. But doing technology right is never easy, and every new function added to a technology deliverable increases exponentially the likelihood of delays and less-than-successful outcomes. Adopting essential feature sets defined by user input and focused on delivering concrete value, and then incrementally enhancing those tools based on user feedback, is a more realistic and sustainable way for nonprofits to successfully adopt technology. Such approaches always cost less in the long run, if not the near term. Let users drive priorities and vision for new tools, but also make them justify their requests in terms of actual value delivered and measurable impact to mission. When in doubt, leave it out.

And last, but perhaps most important: nonprofits should never forget who technology leaves out, and what it leaves undone.

A number of those most in need of the social justice impact that nonprofits strive to realize exist beyond the reach of the latest shiny internet fad. Technology is a powerful, seductive and essential vehicle for communicating vision, winning campaigns, buttressing programs and supporting operations. But technology doesn’t make a better world, people working for positive social change make that better world. The most impactful technologies are those that get individuals away from their screens, and out into their communities to strengthen the social fabric and build movement power. Technologies should always be assessed with regard to their ability to be inclusive, and to drive real change as opposed to virtual momentum.

We welcome your feedback on our guiding principles; they are a work in progress borne of many nonprofit technology engagements over many years.

We learn by gratefully working with the many and varied nonprofit organizations and communities we serve, and we invite you to work with us.

– Aspiration

(aspirationtech.org/publications/manifesto — CC by)

Image: Aspiration