Proof of personhood and identity

Worldcoin has been in tech news recently. Launched nearly a year ago, Worldcoin is one of many providers of digital identity at the age of AI and offers tokens for new sign-ups in exchange of, well, putting one’s faith in the identity proof technology and trusting that their personal data is well guarded. The shiny orb will scan the user eye iris and the user will get in addition to verified identity a gift. What’s wrong with that?

Scanning persons iris and calculating a hash is definitely a way of identifying a person and reducing identity fraud. Many competitors and privacy watchdogs are taking a different view, however. They see scanning a person’s iris as an unnecessary intrusion and in case of an identity theft it’s nay impossible to reset your digital identity (on that network). German privacy watchdog has launched a probe into its practices as of last week. Michael Will of Bavarian State Office for Data Protection Supervision says “These technologies are at first sight neither established nor well analysed for the specific core purpose of the processing in the field of transferring financial information.” Britain’s data regulator has also publicly announced they will examine the Wordlcoin’s privacy policy. If the provider is focussed on possible future uses and opportunities that currently feel like sci-fi, their promises are similarly vague.

Etherum co-founder Vitalik Buterin has gone into lengths here highlighting the risks related to this nascent industry’s hardware, legal and fraud aspects. It’s an interesting and highly advisable read.

Quartz is reporting on criminals exploiting the vulnerable people hoping for easy payout and getting a fraction of it. In the process the also give up their identity for potential second tier fraud. Not a good deal, but absolutely predictable. Is it also avoidable? Vitalik provides some thoughts how it could be done in his post above.

Whilst I welcome such initiatives to get more people participating safely in a Web3 digital economy (which is still evolving and figuring out the business models), handing out tokens (that can be traded for money) in exchange to grow the user base may not be the best strategy. In this case the provider will soon discover that new users had different motives from theirs and the promise of verified personhood has little to do with those. Tying the identity to UBI will definitely be boon to tech providers and their supply chains as countries need many contact points to roll out the identity validation systems.

It’s plausible that as the digital identity ecosystem continue to evolve, there will be similar pledges that were made by the AI companies recently. Hopefully the politicians will have had time to think and require more concrete pledges, backed up by regulation. Vague promises are just that.

Regulators must not focus on just one company – Worldcoin – to be extensively scrutinised and others falling through the net. I would hope that regulators hire experts who understand both legal and technological aspects, and provide appropriate guidance, which in turn will be included in GDPR and other similar legislation. Equally I hope that in this case the decision makers will not give into the providers pressure to do something but nothing much to make everyone feel somewhat content. Our identity must remain unique and secure and current systems need a massive overhaul to even start to enable thinking of a unified, globally trusted identity. And it shouldn’t be the corporates that run it but rather a decentralised network validated by a UN type body.

Or do you think otherwise?

How to manage the demand for your IT services

When consulting, I am often asked about the IT demand, how to deal with it and how to decide what to take forward. I’ve covered the topic briefly in strategy section before. Let’s pick the topic a little.

The way IT demand is managed will depend on the established IT or delivery structure and relationship with the rest of the organisation and maturity of the processes. In short, what we do and how we do it.

It is useful to bear in mind what the business relationship management does in ITSM and value management context – identify, stimulate and shape strategic IT demand. It sets the boundaries of how the IT solutions are requested and delivered. The people in this role work across the organisation bridging the business demand with IT delivery capabilities and tracking the value delivery in the process.

I’ve worked in and with the organisations with clear processes for demand intake, triage, prioritisation, assessment, handover to delivery and later analysis of value produced. I’ve also worked for and with the organisations that have no formal arrangements in place and demand is dealt with on ad-hoc basis. The latter approach may work for small organisations and with low IT overall maturity. When the organisation grows and teams grow however, there’s need to put in place some frames. The easiest is to follow the ITIL/ITSM guidance and establish necessary roles and procedures.

I like to use HS2 as an example where we had no formal way of managing demand for IT. I’m generalising on purpose – there should be a single channel for the (internal) customers to interact with the provider (your IT unit). It doesn’t matter what type of IT product or service is requested, the service management tool or an IT process should make it easy for the customer to do so. We were tasked with establishing a process and sub-processes, necessary gates and such to ensure that:

  1. internal customers can and will go through a single route for requesting new IT
  2. there’s a framework for classifying demand along with investment requirements, reviews and steering groups
  3. requests for new IT are tied to budgetary process
  4. technology debt is effectively managed and…
  5. value is measured

My team’s focus was on strategic demand. By interacting with the customers, however, it became clear that they may not know what they need and may be unable to understand the implications of new IT solutions. We also noted, that our colleagues may describe a desired solution, not the problem. To counter that, we borrowed a note from the UK Department of Transport IT:

“Describe a problem, not a solution.”

After some deliberation and consulting the service management team, we decided to take the next steps:

  1. define the process, role and routines.
    • The process was initially very simple – capture the demand, assess and contact the requester to understand more.
    • Roles were defined as requester, assessor/analyst (IT Business Relationship Manager/Business Analyst), approver (the budget holder and service provider), delivery team (IT service management or project delivery)
  2. establish a service request form in ServiceNow to capture all new demand. The form was dynamic based on the customer choices and sifted standard SR’s to service desk and the rest in to new IT demand list.
  3. set up weekly demand review meetings for initial triage, demand correction and future customer education. Here we agreed who will be part of the initial assessment and expected outcomes.

With such an approach we were able to capture 95% of the new IT demand. By collating all the requests already shared with various parts of the IT, we managed to skim the list of 400 down to circa 120 (a lot were repeat requests and substitutes to existing services). By using ServiceNow routing and custom dynamic forms capabilities we were able to produce intelligent ‘interaction’ with the customer. They felt that they are not asked to describe the same thing over again, just clarify detail.

Once the standard ITSM process was in place, we could focus on strategic demand. For that we used a set of questions that formed basis for the conversation. An example would be here:

What is needed?
Why is it needed?
Who needs it?
Assumed cost and who pays for it?
What gets better?
When is it needed by?
Risks / opportunities?
Link to corp programme?
Other info

This was the initial assessment form and we deliberately chose not to add more information to it than needed for triage – will it go ahead or get rejected. That meant no more than 1-2 sentences per box.

As my team’s focus was on projects, we established a framework for financial and work time impact assessment. For this we set out the following criteria for assessing. Please note that not all may apply.

microsmallmediumlargevery large
CostUp to €50k€50k to €250k€250k to €500k€500k to €1m€1m and above
ImpactSingle directorate / unitSingle directorate / unitMultiple directorates / partnersOrg wide / partnersOrg wide / partners
Delivery timeUp to 1 monthUp to 3 monthsUp to 6 monthsUp to 1 year> 1 year

We anticipated demand to arrive later during the year and thus encouraged our colleagues to engage early and invite us to be part of their thought process. This approach served multiple purposes:

  • it enabled IT to have an early signal of business planning and to conduct internal assessments early, without commitment to delivery
  • it helped to build trust between people and to build up business expertise within the IT
  • it allowed IT to promote existing services and plan necessary changes to those.

The last element, we were asked to do was the hardest – understand anticipated value and be able to measure it. Working with our colleagues from value management team we included a set of goals for any project and measures to track their impact. Each project had to provide at least one of these:

  • improve customer experience
  • improve business
  • streamline processes
  • improve data quality
  • meet regulatory demand
  • reduce duplication
  • reduce technology debt

For example, an initiative to introduce a CRM solution helped to improve customer experience, business processes and data quality while reducing technology debt and meet regulatory demand. In this project we transitioned from in-house bespoke system to cloud-based Dynamics CRM, applied data protection policies, designed easy routes for customers to engage with the team, trained people to use the system. We finally had a single source of truth and were able to effectively respond to FOI’s and data requests. All these were assumed benefits that had values to track against once in operation.

I recognise this blog covered more than just demand management, but the function is quite broad and for it to be valuable, not just a drag on people’s time, it needs to understand both business and IT, and be engaged with both through the demand process.

Want to know more? Get in touch!

The future of workplace, life and business through AI lens

Below is my reflection of the AI related news from the past week. These are likely to be changes that’ll impact us in the long run.

mj5 /imagine prompt: puzzled humans listening to AI generated podcasts:: cartoon::1 rene magritte::1 –v 4

Does your favourite LLM/chatbot/machine know the topic to the extent it will not attempt to wing it in order to please you with its response? It’s not new for AI models to hallucinate, but with convincing enough content we wish that away. A case for future legal professionals to ponder over.

How would you value your favourite podcast being autogenerated? What content will be it based on? And what about the time when the original content creators stop producing input? Is it just a fad or something that can and will be monetised? Would you care how the script and delivery were by non-human actors if all you are after, is information + conversation? Or would you care for connection to the presenters? Who says AI can’t actively engage with the audience replicating the human host? I believe the generative AI can’t yet be creative enough to shift the tone (pun attended!) and topic half-way. Would we even want to develop such capabilities? Wired covers the topic here.

Would the game creators determine the end result or just set loose boundaries of how certain external factors might play out? And then leave it to the models to provide the (ever changing) story that provides customised experience to every player? Am I hallucinating? Nvidia’s recent announcement on autogenerated content.

3000 US workers were asked about their attitude towards AI in the workplace. You might guess that older generations are more concerned than younger and less likely to adopt to the AI driven tools. As it turns out, the response is very similar across all age groups and probably depends more on the personal circumstances like job role, awareness and financial position. I’d like to see something similar done in other economic drivers in EU as well. Full report is available here.

Meanwhile, according to Washington Post, many organisations are considering replacing their copywriters with ChatGPT. And those writing copy, according to the article, are trying their best to dissuade their employers by focusing on the poor output of the generative AI tools. Would it not be more persuasive to give the employer a comparison of output and point out how they would use the new tools to enhance their work and reduce their customer’s service cost? Perhaps the people interviewed were unhappy with their current choice and considered shifting to non-digital occupations already? Either way, the AI-driven world is not going to slow down and many white-collar jobs will be lost for good. The governments should consider mandating lowering the cost of goods and services for businesses that are replacing their workforce by AI tools and not filling the positions. A bit invasive capitalism, I know. But the machines are disrupting the world as we know it at the rate not seen before.

On with the journalism. If you’ve heard of Artifact app, or using it, you’ll appreciate its slick clean lines and … otherwise it’s as any other modern news aggregator. The team has now built capacity for rewriting the clickbaity headlines using GPT4. The next step is to train the algorithm to recognise noise and alter it’s headline automagically. The problem? Well funded apps can provide good, free aggregated content. Everyone else wants to sell more ad space. I wonder how long will it take for others to follow the suit. And how little for the content mills (that are already using ChatGPT and other generative AI tools) to tweak their output to install multiple clickbaits into one story? Seems like an opportunity for all involved to win more consumer screen time.

Security is necessary, but oftentimes inconvenience. The response is… biometrics, isn’t it? This Babbage podcast episode from The Economist explores the opportunities and threats associated with generative AI and biometrics. A simple reminder – a secret (=password) is something you know, feature (=biometrics) something you have. The former can be changed at ease, and the impact of a lost password can in most cases be stopped or even reversed. Your biometric data is public – I can recognise your face and voice. When your biometric metadata becomes public though (knowledge what is looks and sounds like plus knowledge on how to easily replicate it), the sky becomes slightly cloudier – it’s very hard if not impossible to change your biometrics. Listen to the episode here, it’s rather thought provoking.

I have to agree with Andrew Ng on this one – AI should be seen as a solution, not the problem. However, it’s worthwhile setting the safe boundaries to avoid a large-scale mishaps should it connect to the critical infrastructure and start acting as a chaos monkey. Generating stories to match its suggestions is not too inhuman activity, so probably its creators have tweaked ChatGPT to find evidence where is none. You believe it? Well, we told you, they may be bonkers.

Ukrainian Diia app is starting to make waves. It was inspired by Estonian governmental systems experience, and now our mRiik is taking inspiration from it. When the state digital services are accessible to you when you need them regardless of your location, they will be used. Axios covers the Diia story.

Microsoft is trying to get you to use Teams for business and personal use alike. Detractors noise aside, ability to easily set up online communities is never a bad thing. Even better, if this comes sans near compulsory advertising stream, seen in every commercially minded ‘free’ platform. As Teams is baked into Windows 11 and many people are actively using it, I’d like Microsoft product teams agreeing on timeline for culling Skype and a tool for easily migrating the content history. This has so far been seen as too laborious and hence the steam has gone to push for Teams. Old habits die hard and many will find no compelling reasons to learn to use another messaging platform. I think Microsoft needs to rethink what are the customers getting? Integrated version of AI-supported Microsoft Designer may be it, but not necessarily. In other minor note, as Windows Copilot enters the user realm, Microsoft is quietly pushing Cortana out of it. Did you ever use it? And how was it compared to Siri and Alexa?

WSJ writes about two types of CxO’s – ones who are gung ho about the AI enabled software development and others, who’s perspective also includes risk. The latter camp is very critical about the amount of code being churned out by human-machine combo, that eventually makes it to enterprise catalogue and needs to be maintained. I think Paulo Rosado, the Chief Executive of company called OutSystems is spot on with his caution.

Technical debt and orphan code have long been challenges that have plagued CIOs. As more and more code is built, there’s naturally confusion that comes with understanding what certain code does and how it was created, he said. As developers leave companies, that confusion intensifies and as time goes on a growing pile of code becomes more and more difficult to keep up to date. I do expect these issues to be aggravated by generative AI coding tools. 

WSJ “AI Is Writing Code Now. For Companies, That Is Good and Bad.”

More companies expect workers to return to the offices for at least three days a week. Meta is one of the tech giants to mandate that from September. One could wager that corporate real estate needs to be used, or that we are in general more effective and productive when we have the human connection, i.e. working together in a physical space. My take is that it really depends on the needs set by the role and individual circumstances. And preferences. What’s your take?

Amazon has started rolling out AI based tools to enhance its logistics operations. You could see it in two ways – either to raise customer satisfaction or reduce reliance on human workers. Or both. The statements are interesting to read. Jeremy Wyatt, director of applied science at Amazon Robotics, said of detecting a faulty item “That’s cognitively demanding because obviously you’re looking for something that’s rare and it’s not your primary job”. It might feel as an assumption on the warehouse worker not being the smartest. But their metrics are not set on quality, but on the throughput per hour. I don’t think we should design systems, where the humans do lower cognitive jobs than machines. IMHO the human should be collaborating with the machine working on their optimum mental capacity. Yes, in the future it means less jobs in logistics sector that feeds our collective desire for more stuff ASAP. This raises again a question for the governments – what are the effective policies shaping the future and preparing the workforce for it?

To wrap up, Telly is going to start shipping free 55″ 4K TV’s for those who signed up for the service. Yes, service, not a freebie. I’d love to understand the business model and ROI calculations a bit more. Extending these into hotels is also clever move, but then you’ll need to figure out how to partner with the hotels who currently hold the monopoly for the visitors free time at screen. Who knew, advertisers are willing to pay that much for the attention!

Future of tech, workplace and us in news – May 22

CBinsights has released Q1 ’23 AI funding report. There’s a notable drop compared to the previous period, but that’s expected considering overall belt-tightening in the tech sector. At the same time three generative AI companied raised enough dough to gain a unicorn status, and only one of them from the US! Overall, M&A deals are up and funding is sure to return to the 2022 level or surpass it by the end of the year. Money doesn’t like standing still…

“Money likes speed” painting in the Viirelaid Embassy in Tallinn.

Heard of Steven Levy’s Plaintext newsletter? If not, sign up for it. If not, then after reading his latest conversation output with Gary Marcus, the AI critic turned into even more of oneself lately. Marcus has an interesting idea of forming one International Agency for AI, a non-profit to guide and guard after the industry and nation states alike.

Caryn AI is a girlfriend for hire service, I mean, a digital twin of a Snapchat influencer designed to reduce loneliness. Or that’s what its creator states whilst hoping to pull in $5m a month at the engagement rate of $1 per minute. “CarynAI is a step in the right direction to allow my fans and supporters to get to know a version of me that will be their closest friend in a safe and encrypted environment,” Caryn Marjorie added. No, there’s no altruism in play here, pure capitalism. Sex sells.

Responsible AI is a theme that all major developers aim to invest in. After all, the trust or lack of it thereof, can change the users perception of a company and encourage them to look for alternatives. When an AI system recommends us more positive tone in messages, we are likely to receive more positive response. The technique is called latent persuasion. The same applies when the tone and messages of the chatbot are negative or biased (again, the bias may be by design). And biased they are, reflecting the values of the creators and validators. A study called Whose opinions do LLM’s really reflect? covers how we, the users of these systems, behave based on the tools we use. So our choice of tools will impact how we are perceived by others.

Who’s on the bus and who’s still trying to catch it? Ben Thompson covers Google I/O and related regulatory topics in his excellent Stratchery post.

Google has been in news with its Bard AI chatbot, but not so much with the work its been doing with pharmaceuticals industry attempting to cut the lengthy process of discovery/trial and time to market.

A subset of US voters are scared of the AI race. However, I have to agree with the words of founder of Anyscale, a UC Berkeley professor Ion Stoica “Americans may not realize how pervasive AI already is in their daily lives, both at home and at work”. Unknown raises fears, but are your congressmen any wiser than an average Joe on the potential benefits and threats the AI race can pose to your future? Ask them.

How very true! Corporate L&D often focuses on desired outcomes from the management, not from the people (those to be trained). Are we providing the most accurate skills training at the people who need it most at their time? Often we don’t. How to improve it?

New York Public Schools Chancellor has decided to remove ban on using chatGPT in NY public schools and instead start teaching the kids on the ethics of AI and opportunities it brings. MIT has celebrated Day of AI and created a starter curriculum for kids up to the age of 18 to get started with the topic. MIT’s RAISE programme looks good as a starting point. Have your kids school tried it yet?

Grammarly was chosen by many as their go-to tool for churning out readable coherent content. As tech giants are eating its lunch, Grammarly is desperate not to lose (paying) customers and claims it’s there for good. It feels that deep integration with Microsoft’s Azure infrastructure is a step towards showing off its product capabilities and eventually being acquired by MSFT. Agree with me?

AI in the near future and your response to it

As anyone with mild interest to the topic has noticed, there’s been a growing concern over our relationship with the AI systems. The fear is that these systems, when left to their own devices (pun intended) will at some point in not too distant future see us, the humans as obsolete and concoct a cocktail of measures to stop anyone or anything with potential to derail it. The ‘it’ being a artificial general intelligence or AGI system which has capacity to learn rapidly, design and deploy tools to execute it’s wishes. Sounds scary? Perhaps. Too sci-fy, definitely not.

The following is reflection of the content I’ve consumed over the past weeks:

  • Industry insiders are potentially terrified yet over-excited with regards to their creations.
  • There are multiple open letters calling on a temporary pause for further training the current models with capabilities of Chat-GPT4 and above. Some were late to the game, others want to help the industry leaders to justify taking the time off necessary for the guardrail to be developed.
  • Education programmes are being adapted to the changes in tech landscape to aid with surge in demand for the skills our education system currently fails to cater for.
  • AI regulation. China, US, EU – all are taking different approaches to regulating the AI with the US trailing behind. Brussels has sprinted ahead of the US and is designing a broad, risk-based approach. Many others are looking in envy. The rivalry between the US and China may become a stumbling block as the fears of losing out drive the US capitalist model forward, and maybe not towards the best outcomes. I can’t fully agree with Foreign Policy when it writes “The East is almost exclusively focused on building up its R&D capacity and is largely ignoring the traditional ‘guardrails’ of technology management,” the authors wrote. “By contrast, the West is almost exclusively focused on ensuring that these guardrails are in place”. The West approach, as it often happens with tech regulation, is divided between the EU, the US and the UK relevant authorities keeping their political-economic interest in mind.
  • …and finally, every major media outlet is covering the topic. Also, a number of niche outlets/portals have emerged, which is good as their coverage is specific and articles longer than 2 minutes. I wonder if this is scaring people too far leading to mass protests (fear of losing jobs and part of identity) or masses will remain oblivious to the oncoming changes, lost in doom-scrolling.

With so much to cover I turned to ChatGPT with its view on AI risks. The output is concise and self-explanatory:

There are several risks associated with the AI race, some of which include:

  1. Safety risks: As AI systems become more sophisticated, they could pose a threat to human safety. This could occur if the AI systems malfunction, are hacked, or are used for malicious purposes.
  2. Job displacement: As AI systems become more capable, there is a risk that they could replace human workers in many jobs. This could lead to high levels of unemployment and economic disruption.
  3. Ethical concerns: The development and deployment of AI systems raise a number of ethical concerns, including privacy violations, algorithmic bias, and the potential for AI systems to be used for surveillance or control.
  4. Geopolitical tensions: There is a risk that the AI race could fuel geopolitical tensions between countries, as each country seeks to gain an edge in AI development and deployment.
  5. Arms race: The development of AI systems for military applications could lead to an arms race, with countries competing to develop the most advanced and powerful AI weapons.
  6. Unintended consequences: As AI systems become more advanced, there is a risk that they could cause unintended consequences that are difficult to predict. For example, an AI system that is designed to optimize a certain task could end up causing unintended harm or creating unforeseen problems.

Next prompt is obvious for a curious person – OK, how do we tackle these concerns?

Addressing the risks associated with the AI race will require a multi-faceted approach involving collaboration between different stakeholders, including governments, industry leaders, researchers, and civil society. Here are some strategies that could help tackle these concerns:

  1. Regulation: Governments can play a key role in regulating the development and deployment of AI systems, setting standards for safety and ethical considerations. This could include establishing regulatory bodies to oversee AI development, as well as implementing laws and regulations to ensure accountability and transparency.
  2. Ethical guidelines: The development of ethical guidelines and best practices for AI systems could help to mitigate the risk of unintended consequences and ethical concerns. This could involve the creation of industry-wide standards for data privacy, algorithmic bias, and transparency.
  3. Research: Continued research into AI safety and ethics is essential to address the risks associated with AI. This could involve developing new techniques for verifying and validating AI systems, as well as exploring ways to make AI more transparent and explainable.
  4. International collaboration: International collaboration and cooperation between governments, researchers, and industry leaders can help to mitigate the risk of geopolitical tensions and an arms race. This could involve the establishment of international agreements on the development and deployment of AI systems.
  5. Education and awareness: Raising awareness about the potential risks and benefits of AI systems is essential to ensure that the public is informed about the implications of AI development. This could involve educating the public about the potential risks of AI, as well as promoting AI literacy among policymakers and industry leaders.

Overall, addressing the risks associated with the AI race will require a coordinated and collaborative effort from multiple stakeholders, involving a range of strategies including regulation, ethical guidelines, research, international collaboration, and education and awareness.

What should we make of it? I really like the views of Max Tegmark covered by Lex Friedman in one of his longform conversations. Max’s point is that what’s happening currently isn’t arms race when the winner takes all, but a suicide race to the bottom where at the end everybody loses. There’s an excellent parallel Max brings out when comparing the current leading systems in the AI race as cute and adorable baby nobody wants to see as a risk to incumbents (the us). Lex’s podcast is one of the really good sources to aid thinking.

What will the near future look like?

This is a clear sign of what industries will be affected by the AI being connected to the internet.

Skills and education. We absolutely need to focus our education system on what skills are needed in the future. We mustn’t lull ourselves into believing the AI won’t stand up for it’s own interests (and we can’t be sure of what that is). Teaching students how to manage to AI systems from core infrastructure to security to prompt engineering is necessary. We can manage the systems only when we understand how they operate. It’s harder with a learning system that can adapt to the changes in the environment (objects around it, users, conditions) and hence we need to focus on what the world of tomorrow looks like. And to teach students to design it.

Regulation is being developed in the EU. I totally agree with the position of Margrethe Vestager, Executive Vice-President for a Europe fit for the Digital Age “On artificial intelligence, trust is a must, not a nice to have.” Meanwhile, the US begins to study of possible rules to regulate AI. Whilst the EU likes to regulate everything, supposedly for the better future, the US doesn’t really want to do anything that might give others edge over its technological prowess. Biden views the responsibility laying squarely with the tech companies and self-regulation. Not really a solid strategy when they all race to the bottom… China, on the other hand has been at the front of the pack. In an article dating to 2022, Natlawreview covers Chinese activities in regards to regulation. “China has taken the lead in moving AI regulations past the proposal stage. In March 2022, China passed a regulation governing companies’ use of algorithms in online recommendation systems, requiring that such services are moral, ethical, accountable, transparent, and “disseminate positive energy.”

What about the generative AI relationship to the energy? Training the models can use huge amount of energy to start with. On the other hand the AI systems can detect, highlight and correct the inefficiencies in industrial and energy systems. Take it as an investment in the future.

And lastly, the compensation mechanisms for everyone else. As with any tectonic shift, there will be small amount of winners and many losers in the AI race. In my view, the universal basic income (UBI) should be actively discussed in parliaments of the most digitally advanced countries. This will be the key measure tackling potential job loss created by the task automation. I recommend reading the opening position of the study released in August, 2021. I wonder how much have the position of UBI opponents changed over the past six months?

What can you do now?

Learn to understand how these systems impact you, think along, learn to identify auto-created content especially one that plays on our worst fears and hatred and call it out to authorities. Talk to your elected MP and ask their and their political party’s position with explanation on what they will do to tackle the areas GPT highlighted as a response to my prompt above. Educate the ones around you who discard the risks as nonsense or simple take ‘not-gonna-happen-to-us/in-our-lifetime’ approach. Consider that no industry will be untouched by the changes in technology landscape, some will be beneficial to us, others not so.

Have a nice future!

Sinu organisatiooni IT tulevikuvaade

Aasta alguses paluti mul kirjeldada ühe riigisektori asutuse IT lähitulevikuvaade. Asutuse nime ma siin ei maini, kuid sisu ühtib paljude asutuste hetkeseisuga. Kui tunned, et saad seda kasutada, siis palun.

Sinu asutuse infotehnoloogia valdkonna ja osakonna põhilised väljakutsed ja fookusteemad lähiaastatel.

IT ei ole enam ammu lihtsalt abivahend töö tegemisel. See on muutunud peamiseks tööülesannete ja vabaaja sisustamise platvormiks, mis on endaga kaasa toonud nii jõudluse kasvu kui ka piiri hägustumise töö ja vaba aja vahel. V.a. piiratud teabega tehtavad ülesanded, on tänapäeval töötajal võimalik suuremat osa oma tööst teha seal, kus ta parasjagu aegruumis asub. Asutuse IT ning töökeskkonna struktuur ja eripära seavad terve hulga piire modernsete töökohateenuste ning koostöövahendite kasutuselevõtuks. Kui esimesed puudutavad peamiselt meie oma töötajaid ning kliente, siis teine hõlmab lisaks eelnimetatule veel väliseid partereid. Sõltumata teenustest on kõigil osapooltel sarnased ootused – pakutav peab olema kasutajasõbralik, modernne ja turvaline. Tuleviku vaates on märksõnadeks kindlasti küberturvalisuse tõstmine, koostöö riigi kesksete IT asutustega ning efektiivne arenduste ja raha juhtimine.

Mida see tegelikkuses tähendab?

Töökoha teenuste üksus peab valima seadmed ja teenused, mis tagavad kasutajatele parima võimaliku kasutajakogemuse sõltuvalt nende töö ja IT profiilist. Kasutajaseadmed peavad ’lihtsalt toimima’ nagu aastaid on Apple seadmete kohta öeldud ning tänased äriklassi arvutid koos Windows 11 ja eduka juurutusega suudavad pakkuda. Mobiilsed seadmed peavad tekitama kasutajates tunde, et see on parim nende töö tarbeks ning kasutajad ei hakka otsima alternatiivseid lahendusi. Kõike seda peab tegema eelarve piirides ning hankekorrast ja infoturbe nõuetest lähtudes. Kasutajaid tuleb pidevalt harida parimaid praktikaid rakendama ning kasutama teenuskataloogis pakutavat. Baastarkvara jt lõppkasutajale suuantud rakenduste ajakohastamine koostöös keskse teenuspakkuja kasutajatoe üksusega aitab töövõidud kiiremini koju tuua. Kindlasti peab kaaluma ühtselt juhitud 24/7 tugiteenuse sisseseadmist hiljemalt 2024 aastal. Me ei tohi unustada, et meid hinnatakse peamiselt kasutajakogemuse järgi võrreldes kasutaja eelmise kogemusega.

Fookuses parim võimalik kasutajakogemus meie tingimustes, olemasolevate süsteemide kaasajastamine ja kasutaja teadlikkuse tõstmine. Esimene eesmärk on fookuses 2023-24, teine ja kolmas on püsitegevused.

Infrastruktuuride üksus peab tagama alustaristu toimimise selliselt, et ühendused oleksid kiired, turvalised ja tagaksid kasutajatele võrreldava kogemuse sõltumata asukohast. Samuti peab tagama alustaristu toimimise ning turvalisuse ja vastavuse arendatavate ärirakendustega. Hea koostöö infoturbe, alustaristu ja kasutajatoe inimeste vahel on kriitilise tähtsusega tagamaks parimat võimalikku kasutajakogemust meile kõigile. Samuti peab hästi toimima koostöö väliste partneritega. Nendega koostöös peaks keskenduma ka infoturbe nõuetele ning vastavate lahenduste, sh keskse logihalduse juurutamisele. Peame kõigis arendustes silmas pidama ka keskse teenusepakkuja poolt pakutavaid lahendusi ja teenuseid ning koostöös nende ekspertidega juurutama lahendused, mille saaks neile üle anda vastavalt tänasele migratsioonikavale.

Fookuses robustne ja toimiv alustaristu nii peamajas kui välisesindustes, mis on arendatud koostöös kesksete IT asutuste ning väliste ekspertidega, infoturve ja automaatika. Kõik kolm on püsitegevused; infoturbe nõuetele vastavus, alustaristu värskendamine ja pilvekõlbulikuks muutmine ning logimine/infoturve on fookuses 2023-25;

Arenduste üksuse peamine fookus peab olema infosüsteemide ja ärirakenduste arendusportfelli efektiivsel juhtimisel. Koostöös keskse IT teenuste pakkujaga ning oma IT kolleegide ja riskihaldusega tuleb üle vaadata ning vajadusel muuta mittefunktsionaalseid nõuded. Kuna need puudutavad peamiselt arendatavaid ärirakendusi, peaks just arenduste üksuse arhitektid nende ajakohastamise eest seisma. Moraalselt ja tehnoloogiliselt vananenud süsteemid tuleb uuendada, et tagada nende toimimine, kasutatavus ja turvalisus. Uute süsteemide kavandamisel tuleb kindlasti arvestada agiilsete arenduspõhimõtetega – kasutajakesksus, tagasiside, kiired arendustsüklid ja etapiviisiline lähenemine. Need tagavad tunnetatava väärtuse kõige kiirema realiseerimise. Samuti tuleb koostöös infrastruktuuri üksuse ja keskse teenusepakkujaga juurutada vajalik keskkond tagamaks ärirakenduste tehnoloogilise pilvekõlbulikkuse – see aitab meil lihtsustada haldust ning valmistada rakendusi ette migratsiooniks hübriidpilve taristule. Tarneahelat on alati võimalik optimeerida ning koostööd parandada. Efektiivne kommunikatsioon aitab tagada rollide selguse, protsessidest arusaamise ja ootuste juhtimise nii asutuses, kui majast väljas.

Fookuses äriteenuste ja infosüsteemide ajakohastamine ja jätkusuutlik arendamine, tehnoloogilise võla vähendamine ja protsesside automatiseerimine. Esimene prioriteet (2023) on selge IT nõudluse ülevaate koondamine ja hindamine. Sellele järgneb äriteenuste ja rakenduste teekaarti koostamine (2023) ja planeeritud kava elluviimine (2024-27)

Tooksin välja mõned võtmesõnad, mis on kriitilise tähtsusega kõigi üksuste vaates:

  • Tehnoloogilise võla vähendamine. MKMi digiarengu asekantsleri hinnangul on riigisektori IT tehnoloogiline võlg sel aastal €100m+. Iga värskendamata süsteem ja kasutaja seade on turvanõrkus, mis suurendavad asutuse riske ning vähendavad usaldusväärsust. Meie eesmärk on kasutada meile pakutavaid vahendeid (RES ja SF) tagamaks tehnoloogiline ajakohastatus.
  • IT nõudluse keskne juhtimine. Meie kasutajad ei pruugi olla teadlikud, mida nende poolt esitatud pöördumine endaga kaasa toob. Kindlasti ei ole mõistlik, kui kogu nõudlus ilmneb vahetult enne eelarvestamise perioodi. Olen oma eelnevatel positsioonidel julgustanud kolleege varakult oma vajadused välja tooma. IT otsustab siis oma ressurssidele ja oskustele toetudes, kuidas neid vajadusi hallata ning millises mahus infot on tarvis otsuste tegemiseks. See eeldab IT analüütiku olemasolu, kes on suuteline suhtlema nii kasutajatega ja nende soovid/vajadused vormistama ühtsesse IT keelde kui ka arhitektidega ja lahenduskäigu kirjeldama. Koostöös keskse teenusepakkujaga saame luua turvalisi keskkondi (PaaS), kus ka vähese IT oskusega töötajad saavad oma töö tarbeks mikrolahendusi luua. Teeme seda aga nii, et andmed on turvatud, varundatud ja IT neist arengutest teadlik. Head näited on tuua RMK’st ja Tervisekassast, kus mittetundlike andmetega rakendused on viidud Microsoft PowerPlatform’ile hoides kokku kümneid tuhandeid eurosid ja kuude kaupa arendusaega. Lisaväärtuseks on lihtne jätkuarenduste tegemine.
  • Efektiivne suhtlus ja koostöö asutuse sees ja väliste partneritega – ratta (taas)leiutamine ei ole mõistlik, kui teistel on see juba olemas. Valime parimat võimalikku väärtust pakkuvad teenused ja teostaja – kõiki teenuseid ei pea ise osutama ning tulevikus peaks koostöö keskse teenusepakkujaga ainult kasvama.
  • Avalikud ja hübriidpilved. Pilveplatvormid on meiega ja võimaldavad meil turvaliselt ning kuluefektiivselt pakkuda teenuseid oma töötajatele ning klientidele. EITS võimaldab erinevalt ISKE’st pilveteenuste kasutuselevõtu ning 2024 algul eeldatavalt jõustuv pilvemäärus seab sellele raamid. Andmete turvalisuse ning pilveteenuste sobivuse hindamine lasub jätkuvalt andmete omanikul, kuid ka siin tuleb keskne teenusepakkuja pädeva asutusena appi.
  • Küberturbe riskide tuvastamine ja haldus. Küberrünnakud Eesti riigiasutuste vastu on viimasel 12 kuul jõudsalt kasvanud. Meie kohus on tagada oma andmete ja kasutajate turvalisus töökohal.

IT juhi fookuses on oma valdkonna efektiivne juhtimine ning teenuste toimimise tagamine. See toetub neljale sambale – inimeste arendamine, suhtekorraldus, efektiivne raha juhtimine ja ministeeriumi huvide eest seismine oma vastutusala raames. Harutan neid valdkondi pisut lahti:

  • Inimesed. Tehisintellekti (AI) areng viimasel kahel aastal on olnud muljetavaldav. Palju valdkondi, kus varem pidi palkama tippspetsialiste, on saanud endale täiendust AI ja masinõppe vallas. See ei tähenda inimeste töö kadumist, vaid osakaalude muutumist – inimene peab keskenduma masina treenimisele ning reeglite loomisele. Tootjate pingutused tähendavad aga seda, et suuresti tuleb valida juba loodud poliitikate vahelt ning rakendada neid, mis asutuse infoturbe poliitikat ellu viia aitavad. Inimesed peaksid saama rohkem aega, et oma teadmisi täiendada ja muutustele reageerida suutma. Palju tuge pakutakse meile juba täna parterite, nt. Microsofti poolt. Uudishimulik ja õppimisvõimeline töötaja tähendab keskses perspektiivis ka IT pöördumiste muutumist väärtusahelas kõrgemale. Muutuv IT roll eeldab inimesi, kes on suutelised kavandama tulevikku ning hoidma olemasolevaid süsteeme töös ja turvalisena. Juhi roll on leppida üksuste juhtidega kokku nende valdkondade arengusuunad ning leida vajalikud vahendid nende inimeste arendamiseks. Samuti toetada üksuste juhte värbamisel ja valikul ning nende endi arengul.
  • Suhtekorraldus. Seondud tihedalt esimese punktiga nii osakonna sees, kui majas ja väljaspool. Meil on hankijad, partnerid, kliendid ja teised üksused asutuse sees inimestega, kel on oma ootused ja eelarvamused. Juhi roll on tagada harmoonia oma meeskonnas ning toetada neid oma meeskondade juhtimisel. Samuti on tema hea seista väliste suhete hea toimimise eest.
  • Raha. Paar elementi, mis on vääramatud on kommertstarkvara hinnatõus, palgatõus ning arenduste ja halduskulude kasv. Tänase eelarve kohaselt rahastatakse enamusi arendusi RES’ist. Ootaksin kindlasti suuremat SF kasutust, kuni see võimalus on meil kasutada. Juhi roll on tagada IT nõudluse efektiivne juhtimine ning vajalikele ressurssidele toetuse leidmine juhtkonnas ja MKM’s.
  • Ministeeriumi huvid. See punkt seondub kolme eeltooduga. RIT’i, RIA jt. riigi IT majade ning väliste partneritega saame koostööd parandada ja koos veelgi paremat digiriiki luua. Juhi roll on leida võimalused pakutava ja ministeeriumi vajaduste ning ootuste vahel. Samuti otsustada, mida teha ise ja mida sisse osta.

Purpose and user needs

Needs must come first…

There’s a transformation going on in many organisations. The focus is less on conventional wisdom and more on what’s actually needed to achieve targets, objectives or need.

New initiatives should always be driven by need. User needs are driven by aspirations, desires and previous experience in situations people find themselves in. In a well functioning organisation needs should stem from personal or team objectives that align with organisational purpose. Overall flow should look like one below.

Still I’m regularly asked “Do you know a tool we could use to do this?”. Default response is to “quantify and define your business problem, and state it clearly”. This is the business analysis phase where business needs to understand their problem, or what they believe is a problem. This is also a point where people often need help form an outsider who is not aware of all the intricacies of the situation or need and thus are not dismissing various options.

Many seasoned professionals tend to stick to tools or vendors they’ve used in the past rather than looking out to market for the most appropriate tool or service that meets their needs. This, however,  expects needs and drivers to be identified, listed and weighted against each other, and existing tools – again, what’s your business problem? Is there perhaps a tool in the organisation that will already met this need? Will it meet 75-80% of your must-have’s and the rest can be done using something else? does this tool need to meet 100% of your need? Are you clear on your need?

Concentrating on user needs gives organisation ability to understand its current capabilities and will potentially highlight training needs.

Focusing on existing tooling limits the choice before it’s clear what drives the user need.

On purpose.

How often do we ask ourselves or others – why are we here? What’s the purpose of this organisation, working group or project? Do we understand this or were we asked to be part of it? Have we worked out the problem(s) we are looking to deal with? Do we have terms of reference agreed?

Purpose is a tricky subject and many I speak to are mildly confused about it. How my output contributes to the cause of this organisation?

I think these are fundamental questions people who make up an organisation need to ask themselves. This sometimes happens naturally, especially during the economic downturns or when people feel stuck. In an ideal situation this should take place during the good times – then this is something to hang onto when things go south.

Processes and visibility

When organisations mature business processes are being drawn up to govern the flow of work. It’s important that those processes are reusable by different parts of the organisation, succinct and easy to understand. Often (if not always) it’s also useful to visualise the business process. People process information differently and pictorials help a lot. However it doesn’t help to discover process works against everyone involved.

In mature organisations the process flows often get muddled and people don’t really see at which stage things are. Is it with me or some other party? Who is responsible for this piece of work? Who needs to do what to progress it to the next level?

This is where business process management comes in. If you are interested to find out how to align your initiatives organisational purpose, get in touch.