The Robodebt Royal Commission, conducted in the wake of Australia's controversial automated debt recovery system, unveiled a troubling saga of governmental overreach and systemic failures. Like other public sector information and records management professionals, Alyssa Blackburn keenly followed the lengthy proceedings of the Commission and what it exposed in terms of inadequate practices. Alyssa, who has worked in senior roles in state and federal government agencies, is currently Director, Information Management at AvePoint. She spoke with IDM publisher and editor, Bill Dawes.

IDM: Alyssa, The Commission's findings exposed a flawed algorithmic approach that wrongfully targeted thousands of citizens, causing undue stress and financial hardship. It revealed that the system lacked proper human oversight and was built upon shaky legal foundations, ultimately leading to the government's decision to repay over $A1.2 billion in unlawfully collected debts. You've looked closely into what led to the downfall of the Robodebt scheme. What have you found were the principal flaws in information and data management? 

AB: I've thoroughly immersed myself in this topic by reading the report, listening to numerous podcasts, and I'm just three YouTube videos away from watching all the actual transcripts. As an ex-public servant, I can confidently say that it represents a massive failure in government administration. If organizations, especially government ones, fail to learn from this, it would be an even bigger tragedy.

One significant failing is the refusal of many senior public servants to create any records. Catherine Holmes, the Commissioner, highlighted this issue in both her report and the video evidence. She even expressed disbelief, wondering why there was such a reluctance to put anything in writing. She mentioned that it doesn't even have to be pen to paper; simply putting fingers to a keyboard would suffice. The absence of documentary evidence leads to situations where conflicting claims are made without any means of verification. The Commissioner often pointed this out when questioning witnesses, emphasizing that supporting documentation was not available to back up claims being made. This raises questions about information management and how it impacts the integrity of government processes and decision-making. When organizations adamantly resist creating records, information managers face the challenge of reconciling this conflict, as there's no information to manage in the first place. There was a refusal to write anything down or as, as the Commissioner says, put a finger to keyboard. How do we prove integrity of process or decisions without appropriate evidence?

The next issue I noticed, is something that resonates deeply with those of us who have worked in information management in the public service. The Commissioner highlights it right at the beginning of the Robodebt report and again towards the end – the extreme difficulty the Commission faced in obtaining information from the department. While the Commissioner attributes this to a deliberate attempt to withhold information, my perspective is slightly different. I believe it's more a consequence of information being scattered across various systems, saved in obscure email folders, buried in file shares, or even left unorganized on individual desktops. It's possible that even when the information is in the right system, it's poorly labelled or organized, making it hard to locate. There may also be limitations in the systems' export capabilities.

As an information manager, I don't interpret this as a deliberate act of concealment. Instead, it seems to stem from the inherent challenges within their information management systems. These difficulties raise significant concerns for government organizations, given the increasing frequency of royal commissions or other investigations or legal cases. For government departments, it's only a matter of time before you have to produce evidence for such a commission or similar process. Ensuring easy and efficient access to information for these purposes is critical.

Additional issues with accessing information was a situation involving Kathryn Campbell, the former Deputy Secretary of the Department of Human Services, who struggled to access information from her electronic calendar. In this scenario, an attempt was made to export the calendar into an Excel spreadsheet, but it only provided basic information like meeting titles and dates. Crucial details such as the attendees or references to specific documents were missing. This inability to retrieve vital information raises questions about technical obsolescence and inadequate information management practices.

Further to that, there was a situation where a time zone difference led to misunderstandings. A witness was asked to produce information and this person was based in Western Australia. This meant the timestamps on emails were different, and concerns were raised as to why they were receiving emails at 3:00 in the morning? It turned out it wasn't 3:00am, they were just in Perth. This highlighted the importance of metadata and how it was examined in the Commission.

Lastly, the Commission extensively discussed the suicides associated with Robodebt. While it's challenging to attribute all of these directly to Robodebt, there's a clear link between the system and some individuals' deteriorating mental health. One case in particular stood out, where the individual ultimately did not owe any debt. This person had provided an employment separation certificate showing their employment end date, but the system couldn't process that information due to the unstructured nature of the data. The system's limitations, inability to access unstructured data, and lack of proper data utilization resulted in a series of failings. These failures, as the Royal Commission rightly pointed out, contributed at least in part to the tragic death of this individual. It's nothing short of a heartbreaking tragedy. The department had the information to make better decisions but either chose not to use it or didn't design the systems to utilize it effectively. Organizations must have access to the correct information to make good decisions and this clearly was not the case in this scenario.

IDM: The Royal Commission struggled in following decision-making across the agencies involved in Robodebt, does this surprise you considering the technology platforms you would expect they would have had available to them?

AB: Indeed, the technology is readily available, and it has never been more accessible. As someone who's always on the go, I find myself constantly juggling tasks. (To demonstrate the insanity of this, I'm going away this Friday, and I have an enormous cabbage I have grown, that I must use up. If I don't turn it into several jars of sauerkraut, I can't go on holidays). So, however crazy that is, I'm accustomed to multitasking and staying organized.

One of the technologies I find immensely helpful is voice notes. I can easily record voice memos and email them to myself as reminders or for documentation purposes. This approach is far from reverting to traditional file notes, a concept well-known to public servants. Instead, it's about leveraging the technology at our disposal to streamline our processes. After a meeting or conversation, I can quickly record a voice note summarizing what occurred, which can then be emailed and stored in the appropriate location.

I work with a colleague who has dyslexia, and note-taking during meetings is a significant challenge for them. To accommodate those needs, we utilize technology during our meetings. For instance, we enable the transcript feature in Teams, which provides a clear record of what transpired in the meeting, including action items. This approach allows everyone to engage effectively. The technology is here, it's accessible, and it's more user-friendly than ever before. However, it appears that many organizations aren't taking advantage of it as they as they could be.

Alyssa Blackburn, Director, Information Management at AvePoint

IDM: The Royal Commission made recommendations about the management of information, or lack thereof, in this case. What do you see as the most important of the recommendations they made?

AB: I believe the most crucial aspect to consider, although these specific words may not have been used in the Robodebt inquiry, is to respect the integrity of our information. It's essential to demonstrate that our information is accurate, correct, and appropriate. This extends to the integrity of our decision-making processes, using the available information as evidence of our sound decision-making.

Some of the recommendations made by the Royal Commission emphasize the importance of organizations taking the creation of records documenting business evidence, decisions, actions, and transactions more seriously. I think this is particularly vital for government organizations, as they serve the community and owe it to the people to demonstrate that they operate in the most appropriate manner. The only way to achieve this is through the integrity of their information, allowing them to confidently present evidence and decisions made.

Government organisations are essentially service providers. They serve people of the nation, and they owe it to the people of that community to prove that they're doing things in the most appropriate way. The only way that they can do that is to stand up and ‘hand on heart’ say we've got this. Here's the evidence. Here's the reason the decision was made.

In the case of Robodebt, the lack of transparency and the discouragement of record-keeping created a significant credibility issue. There was a noticeable absence of integrity across various areas, making it impossible for anyone to have confidence in the proceedings. Therefore, the most critical takeaway from this situation is the absolute necessity of maintaining the integrity of our information, which directly influences the integrity of our decision-making processes.

IDM: Tools that prove for AI-assisted workflows are becoming widely available in 2023. Should the Robodebt scandal provide people with a reason to pause and think before rolling them out?

AB: I'm all for technology when it genuinely enhances processes. That's where technology shines. However, I also firmly believe that technology must always be accompanied by human oversight. The idea that 'machines will take care of it all' is a misguided.

What we often miss, and this isn't exclusive to government organizations but applies to most organizations, is a clear understanding of the desired outcome when implementing automation. It's not enough to just jump on the bandwagon because something is new and exciting. We need to pause and ask ourselves, 'What does success look like? What should be the ultimate goal?' Without defining these objectives, we end up with subpar systems.

In the context of Robodebt, although it involved automation, it's essential to note that there was no artificial intelligence (AI) involved. However, if they had integrated some AI capabilities, even though it might have been early in the technology's evolution (around 2015/2016), it could have been beneficial. AI excels at processing unstructured data and extracting meaningful information, such as interpreting an employee cessation certificate date.

However, AI is most effective when we have a clear understanding of our desired outcomes and continuously monitor and improve it. At this point in time, I don't see AI replacing jobs; if anything, it creates more jobs related to defining desired outcomes, success criteria, and continuous improvement over time.

IDM: That there should have been a human in the loop was a key message from the Robodebt Royal Commission report. Does that mean that that decisions like information classification, retention and disposal made through AI must always be reviewed by a human?

AB: No, I don't believe that every task necessitates human intervention. We should approach this by considering the balance between risk and value.

For example, when we're dealing with situations like potentially charging people with debts that could go back seven years, I would say this is a high-risk activity. In cases like this, human oversight and judgment is essential.

On the other hand, if we're using AI for information lifecycle classification, applying classification terms to content that will ultimately be reviewed by a human before disposal, there's a lower risk involved. In such cases, the value of being able to carry out these tasks at scale is significant.

So, it truly depends on the scenario. Not every task requires human intervention, as long as a careful analysis has been conducted to assess the risk and value associated with it.

IDM: Is there a risk in utilizing AI-based classification to classify and destroy data that could one day be requested by a Royal Commission for instance?

AB: If you've followed the proper procedures, including authorized disposal schedules, there's a clear framework for ensuring the defensibility of actions taken. Even if some information requested by the Royal Commission was potentially destroyed, it should not pose an issue if the disposal followed the guidelines set by entities like the National Archives. This of course, must take into account respecting disposal holds or freezes, but there is defence of the disposal activity because you have followed the appropriate processes.

It comes back to understanding and upholding the integrity of these processes. It's about being able to assert, with confidence, that you no longer possess certain information. You can provide a well-documented process, the relevant policies governing it, and adherence to established retention schedules. In such cases, there should be no reason to worry about future scrutiny or the need to hold onto information indefinitely.

If someone feels the need to hold onto information for fear of a future Royal Commission, it's a sign that they may not be following the correct procedures from the start, and that's something that should be addressed immediately.

IDM: One of one of the key recommendations of the report was a national body to monitor and audit automated decision making. How do you see that working on? 

AB: I understand the perspective behind this, but I see it as part of a broader issue. While I hold Commissioner Holmes in high regard and believe she conducted the Commission exceptionally, I don't think it's sustainable to have a single entity solely responsible for overseeing automated decision-making processes. Instead, we should consider whether this oversight belongs elsewhere within the government structure.

Maybe it’s the Office of the Information Commissioner or the Digital Transformation Agency? The exact placement isn't for me to decide, but should there be policy? Should there be guidance? Should there potentially even be legislation to define whether or not a decision made by a computer is actually a decision versus a decision made by a person?

I think that there's absolutely value in having more guidance for the public sector on what this could entail. Whether it should be a standalone agency, I'm not sure. That's something for the federal government to consider. However, I definitely agree that guidance, policy, and principles are absolutely required.

IDM: Lastly, what are the lessons the private and public sectors can learn from the Robodebt scandal?

AB: Information is vital. Therefore, regardless of the industry, whether it's the commercial sector or the public sector, the management of that information is vital. Good information allows you to make good decisions. The absence of good information can lead to situations like Robodebt, which, as I mentioned earlier, represents a massive failure in public administration in Australia.

Information stands as the most valuable asset within any organization. It's high time that organizations, be it public or private, wake up and recognize this fact.