jueves, 27 de octubre de 2016

MAKE IT OR BREAK IT: The pains of accessing Peru's most respected Ministry's open data


I tried to download data from the most important Ministry in Peru: the Ministry of Economics and Finance. It is one of the few respectable places to work and it is known for staying at the frontier of transparency and technical correctness.
Entering the web portal to access public spending data is one of the most common reasons why people enter the Ministry's webpage. The Ministry itself has spent a lot of resources making it as user friendly as possible. The site's name is actually called "Friendly Consultation". Among some friends of mine, we used to call it "Zero Friendly Consultation". 

And here is why:

When you first access the portal you have to decide the module that you want to access Public Spending or Public Revenue, and if you want the data to be updated monthly or daily. It is still unclear what varies with the update, and they give no indication of the differences or trade-offs, so right off the bat, if you don't know the difference, it could alter whatever analysis you want to conduct.

Assuming you accurately decide the best module (I went for Public Spending with monthly update), you are then welcomed to the portal by one line of the total budget for the present year and different columns with different numbers. One point in favor of the site is that each line has a hover option where it tells you what each column mean, whether it's how much money was budgeted, modified budget, or actual spending, for example. Then you can access different levels of spending. 

On the surface it looks like it's going to be relatively easy. 

The next problem comes at this stage, you have to decide what level you want for a certain type of spending. For example, to obtain data from a social program you have to enter the Ministry of Development line of budget and then in spending subgroups and so on. The problem here is that people normally don't know how the public spending is structured and could be easily deceived or obtain the wrong information. 

Assuming you find exactly what you want, the most common tasks is wanting to compare the same type of expenditure for a given period. The problem here is that there is no way of selecting a range of years and downloading the data, you have to change each year every time and then download the spreadsheet. Moreover, and more scandalously, every time you change the year you have to start all over again, because it resets you search to the total budget! 

I believe this is because some budget lines switch positions over the years, still, I am sure there must be a more efficient way to show the changes without the user having to suffer so much. If the Ministry would dedicate time to actually making that consultation friendly, a lot of people would be more encouraged to analyze government public spending. The trade off would be finding weird stuff, but in reality people are already looking for that, so there is only much to gain from making it user friendly. With the new trend of pay for performance in budget allocation, the Ministry would benefit from making the user more engaged and interested in the data available

Again, another expectation v. reality moment. Here is a visualization on how the total budget has changed in the past 10 years. 


miércoles, 12 de octubre de 2016

Who are we protecting?


The Ministry of Development and Social Inclusion (MIDIS) is the newest Ministry in Peru, that has taken over almost all social programs since 2012. It is also in charge of the algorithm that decides who is eligible for social programs.
After my experience of downloading LastPass there are a few considerations that I would like MIDIS for take into account before mandating all of their employees to use it.

First, it is important to consider the positive externalities that it would generate to both the users and the Ministry itself. For the users/employees, it allows them to have their passwords stored in a "secure" way. There are countless times in which you just can't remember that one password you created with a certain pattern so its easy to remember but with a little twist so that it's different from the others. We all do it. (Did I just give up my password?). Anyway, it is nice to know that you have a safe place where all of that is stored and relieves the mind from that stressful moment and you are in a hurry. Second, I would say that then you can change your passwords and make them more intricate and complex therefore making them harder to guess/hack and by default more secure. Especially since you use a pattern, cracking one password will make it easier to hack the other ones. Third and last, you can use the google chrome plug and even the cellphone app in order to make it easier to access your accounts. The plug in even detects when you are accessing a site with credentials and asks if you would like to save it automatically, which makes the process much easier for the user.

For the Ministry, I think the main benefit is protecting their server from a possible hack. Imagine one of the employees had weak passwords or was very careless about how they manage it. It would expose the entire Ministry servers to stealing information. And take into account the fact that this Ministry is in charge of assessing who is eligible for the biggest social programs in the country. I think that alone is enough reason to encourage employees to add a layer of security to their access credentials.

On the other hand, let's consider the negative consequences that could happen from instating such policy. Both the users and the Ministry itself has to be aware of how LastPass actually works and what kind of security it has to protect the credentials of their users. If LastPass had a security breach it would mean exposing as much as information the employees has stored there, including banking access codes. Would that make the Ministry liable for a sue? Unclear at this point given that Peruvian Law is not as caught up with online services. However, it would generate social unrest and political liability to the incumbent party. The fact that LastPass is the platform that could unlock other platforms is extremely dangerous if it is hacked.

It is important to weigh in the trade offs between having your employees store their passwords in one place, especially if there is a security breach that could have big consequences . Even more so in Government. In conclusion, and just because I am risk averse, I would start by doubling down on securing the networks at the Ministry and engaging in better practices. Start small and then evaluate whether it is convenient to instate such a policy. It might not be the best option for all Ministries, or even for all employees in one Ministries. Try some adaptation if it is planned to roll-out and learn if it is really adding value and protecting the users and the Ministry from external threats.