Three kinds of code

Imagine it's 1913. John D Rockefeller has gone to the U.S. Congress to charter an innovative new philanthropic enterprise. He's been turned down. He turns instead to the State of New York, which says yes, and the modern philanthropic foundation as an enterprise form is born.

(OK, so I left all the juicy bits out of that story but you get the point)

2014 and beyond is the same moment for philanthropy. We need to invent the new enterprises that will carry civil society forward in the coming century, an age which will be defined by digital connectivity (data and infrastructure). As Rockefeller wanted a new enterprise form to manage a resource (money) for good (philanthropic giving) at scale we need to be similarly creative. We need three kinds of code:

  1. Software code
  2. Organizational code
  3. Legal code
The software code will need to default to the values of civil society (free association, private action, protest and dissent) not the values of government or business. This can be seen in efforts as different as DuckDuckGo and the Martus Project of Benetech.

Organizational codes will include terms of service, data management policies and privacy settings that align with the values and mission of the organization. They won't be cut and pasted from commercial web services and they will be as representative of an association's mission as are it's corporate charter or bylaws. You can see examples of policy and practices codified to represent core values at PublicKnowledge.org/privacy/.

Organizational code will also take the form of common practices for sharing data safely across sectors. Data philanthropy will come to mean something specific, with consent, liability, ownership, and value issues explained rather than assumed.

Legal code will come. We can either inform it or fight it, but it's naive to assume that our legal structures for using digital resources will stay as they've been.  The change might come in response to scandal or damage done or it might come as regulators step up to proactively protect vulnerable people from unscrupulous ones. This may take many forms. It might be data privacy standards such as recently enacted in many US states regarding student data or, as Rockefeller imagined 100 years ago, it could be a new type of enterprise to manage a new resource at scale. It could be new requirements for data governance built into corporate code or it might be something akin to a whole new form of enterprise - data co-ops or benefit corporations built around data.

Together these three codes should embody the values that make civil society vital parts of democracies. These values may not always be exclusive of those that matter to the public or private sector, but we are wrong to assume that the defaults of business or government are also the defaults of the independent associational space where we choose privately to act publicly.

At the Digital Civil Society Lab at Stanford PACS we'll be working on all three. Having spent the last months traveling to Australia, Canada, China, and the UK,  meeting people at the Ethics of Data Conference, and connecting with research partners looking at digital social innovation around the world for the upcoming Blueprint 2015, I feel confident in saying these are global issues and we need global partners. I also feel confident in thinking that those partners are out there.

Nonprofits and Cybersecurity

Today's New York Times reveals that the folks who hacked the website of JP Morgan Chase, one of the world's largest banks, also hacked the website and account of the bank's affiliated charity arm - the Chase Corporate Challenge.

In July, GoodWill Inc announced that hackers had accessed information on payments processed by the nonprofit employment program.

Waaaaay back in 2007 hackers breached the security systems at Convio Inc., gaining access to donor information for more than 90 charitable organizations.

Universities have long been, and in 2014 seemed to grow as, a target for cybersecurity breaches.

I'm sure that hospital systems, not-for-profit health care providers, non-profit financial firms, and even philanthropic foundations are also tempting targets.

Why does this matter? In the Chase Corporate Challenge case it appears that hackers were looking for a way into the bank via the nonprofit portal. (NYT says that didn't work. In this case.) In other cases the stash of information - on donors and their financial information - may be tempting enough on its own. For those with malicious means beyond financial interests, accessing information on program participants or program beneficiaries or activities planned may be enough - especially for organizations doing politically, religiously, or culturally sensitive work.

All of this steals the thunder from one of my intended Blueprint 2015 predictions, that hacking, cybersecurity and nonprofits would rise to public attention next year. (Just came on earlier than I thought). 

Cybersecurity and protecting the digital information that nonprofits collect and store is important on the organizational level. It's also important on a systems level. Collectively, given the capacity constraints for most nonprofits and the linked nature of digital data, information breaches from individual organizations can serve as open doors to breaches across organizations and whole sectors. The limited ability of nonprofits to protect information they gather online - even when they outsource the service to third party vendors (who struggle to stay in front of malicious hackers) - makes not just the nonprofits and foundations vulnerable but also their affiliates and partners.

security experts can will tell you what to do to protect your web and digital assets. I think about this more from the programmatic and human side. Too often I see foundations and nonprofits choosing to collect information from people just because they can. It's easy to ask for addresses, phone numbers and email addresses, even when you don't need them and may not know why you would use them. It's easy (and cheap) to store that information somewhere online. And it's easy to forget about it.

We need to shift our organizational mindsets about collecting information from those we serve. We should stop  thinking about information collection as an "all you can eat buffet," where the ease, speed and price of collecting and storing is so low that "more is better." Commercial websites have habituated us to assuming that we have to trade our data (address, birth date, email, phone number and so on) for access.  That's a value exchange and a type of transaction that nonprofits simply don't need to perpetuate.

Any organization that doubts its ability to ensure that it can protect your digital information (i.e. ALL honest organizations) should approach the collection of information with great care. Given our human propensity to re-use passwords we should even consider whether requiring passwords for public access to nonprofit websites makes any sense. Our users will most likely use the same password they use everywhere else, we won't be able to protect it, and - oops - there goes that breach. Rather than the "all you can eat buffet" approach to user information, let's shift to "don't let your eyes be bigger than your stomach." In other words - don't ask for what you don't need. That way, you won't need to worry about having it and losing it. (Or being subpoenaed for it - more on that elsewhere)

Nonprofits bank on trust and integrity. We need to shift our digital behaviors to reflect this when it comes to collecting, storing (and possibly losing) information from those with whom we work.


Data, Work, and the Social Sector

(photo from https://www.linkedin.com/company/3632240?trk=hk_egc_website)

Organizations that support nonprofits in the U.S. are quick to point out the contribution these organizations make to the economy. $1 trillion in assets, $2 trillion in revenue, 10% of jobs or GDP - the economic impact of the sector is used as evidence for all kinds of arguments. 

The data behind these numbers, and the methods for calculating them, have typically come from government filings of labor statistics, tax records, contracts, and charitable giving and are crunched by research institutes, scholars, and advocacy groups.

Like every other sector, there are new data sources coming online that may add to our understanding of the social sector. Today, LinkedIn announced its EconomicGraph Challenge - an opportunity to use the company's data on jobs and job openings to ask new research questions. This is exciting and I hope a good number of researchers jump in to ask new questions (or add the data to existing research projects) about the social sector.

Some things I'd like to know:
  • What's the turnover rate of people working in nonprofits?
  • How do salaries really compare for jobs with similar titles in nonprofit, commercial and public settings?
  • What can we learn about professional "sector hopping?" What patterns can be seen in how people move from nonprofit to commerce to public sector jobs (and back) over time?
  • How long do nonprofit chief executives hold their jobs?
  • What professional profiles are nonprofits looking for in terms of board members (LinkedIn for Good facilitate volunteer openings)
  • What might these data show about volunteering, interning, and getting a paid position?
  • How do jobs and job titles compare across countries?
  • What do these data show us about organizational structures around the globe?
  • What types of networks can we see between specific nonprofits and specific universities?
  • What types of networks can we see between board members of nonprofits and companies? (or nonprofits and government agencies?)
  • What skills are nonprofits actually hiring for? 
  • Can we predict skills gaps from these data? Can we identify educational and job training opportunities?
  • What questions do you have?
The LinkedIn Challenge is an an example of the emergent phenomenon of "data philanthropy." This is the practice of giving access to specific data sets for specific purposes (in contrast to opening data sets for broad unrestricted use. This will come to bear on the same types of nonprofit research above when government contracting and grants data goes open). Corporate-owned data becoming more available to the social sector (and about the social sector) is one element of digital civil society that we're thinking about at the Digital Civil Society Lab. The policies and practices by which the data are shared and the ethical challenges of making these data sets available for research are the issues of greatest interest to the Lab itself.

I'm hopeful that lots of research proposals will flow in that will put LinkedIn's data to use to better understand what work is in the social sector and how the social sector works.


Proposals for the research are due by December 15. Details are here. Challenge rules are here.  I am not affiliated with LinkedIn or its challenge. I'm encouraging students and researchers at Stanford (and, via this blog posts, anywhere else) to consider the challenge.

Ten Innovations in Global Philanthropy

Thrilled to see this new report from New Philanthropy Capital - Ten Innovations in Global Philanthropy.*

(photo and report: http://www.thinknpc.org/publications/10-innovations/)

One of my partners in the upcoming Blueprint 2015 - betterplace lab - is featured as one of the innovations. Check out their incredible work from the lab around the world - and be sure to get the Blueprint 2015 (Free from Grantcraft) when it goes live in December.

Also very proud to see PoweredByData from Ajah.ca on the list. I've been saying all year that Canada is the world leader when it comes to using open data for philanthropy and nonprofits. Be sure to check out their work.

On the transparency side the NPC authors chose Glasspockets from The Foundation Center. A great example and worth a look.

Be sure to get the report.




*Full disclosure: I was one of many people interviewed for the report, but had no role in writing, vetting, choosing, producing.


Ethics of Data Conference - First Quick Summary

The #Eod14 Conference was a huge success. Thanks to all who participated. We're still decoding, transcribing, and following up so a more formal synthesis is still to come. But in the meantime:

The conference encouraged real work. One and one-half days of small group sessions, filled with the 100 participants, yielded (at least) the following: 


   The curriculum for a class on building trust in conflict situations being taught at Stanford this quarter
   A "responsibility for harm" checklist
   A framing document on different types of consent - (being carried forward by
            Responsible Data Forum and others)
   A prototype for analyzing the ethics of algorithms
   A 24 month "urgent issues" idea set
   A research agenda (the Digital Civil Society Lab will move some of this forward)
   At least one book proposal
(the Digital Civil Society Lab will try to help move this forward)
   Specific opportunities for commercial data firms to develop consistent policies for
            sharing data with researchers and nonprofits  
   Mock-up for nonprofit Terms of Service agreements to align with their missions
(being carried forward by Responsible Data Forum and others)
   Two(!) draft codes of ethics for data in civil society
   A set of tools for making ethical decisions across the data lifecycle
   A data "badger" for ethical management of data in civil society
   A matrix for locating use cases within and across sectors
   A process for data scientists and nonprofits to articulate and document
            the ethical choices they made in building apps, making visualizations or analyzing
            data sets
   100 people from universities, nonprofits, policymaking, and a variety ofdigital data/media companies creating 100! new relationships 

The actual materials will be shared in a variety of ways, including here and on the conference website stanford.io/ethicsofdata

Blog Posts by Participants

Heather Leson


Christopher Wilson
 

Summary document on conference (forthcoming)

If I missed something, let me know. More soon!