Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2018
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 16 September 2000
Interview published at http://www.biomet.org
© Xamax Consultancy Pty Ltd, 2000
This document is at http://www.rogerclarke.com/DV/BiometixIview.html
With biometric devices becoming increasing affordable and reliable it is opportune to reflect upon the impact that the use and miss-use of biometrics may have upon personal privacy. Dr Roger Clarke is a long time defender of privacy rights and, as the first in the series of biometric interviews, we start with a sobering reflection on the current state of the biometric industry with regard to privacy.
Comment or reaction to this interview can be found in the privacy forum.
Dunstone Q1: It seems that the general public have become increasingly injured to liberties being taken with personal privacy in return for enhanced convenience. What do you think of this trade off, is it inevitable, and at what point will, or do, people rebel against it?
Clarke: People are rebelling against it, and have been doing so for quite some time. National ID schemes have been successfully resisted in multiple countries; outbound telemarketing and market surveyors are annoying more and more people into impolite refusals; and, of all growth metrics in cyberspace, the worst performance is that of consumer e-commerce.
Yes, privacy is one interest among many, and yes, privacy protection is about balances. I've been saying and writing that for almost three decades. But ponderous government agencies and predatory marketers aren't interested in balances, merely in using their authority and market power. The result is big swings in mood, and fragility in investments. Privacy-invaders look like they're getting away with it, until suddenly public sentiment crystallises on some seemingly minor, but highly symbolic event, and the technology or initiative is subjected to ritual drowning. That's not a healthy climate for relationships between people and the institutions within their society and economy.
Dunstone Q2: How does biometrics fits into the wider privacy debate, and what do you feel are the critical issues, if any, that make it distinct from general information privacy?
Clarke: So far, biometrics have had a dream run, because the public is basically bemused by them, employees have been given no choice, and the early applications have been in circumstances in which authority or market power dominate (such as prisons, and aggressive employers' secure premises).
Issues are now coming into focus, and the same mood swings and fragilities of investment that have occurred in other areas will shortly appear in the biometrics industry.
Dunstone Q3: What are the most important questions the general public should be asking about biometrics and privacy?
Clarke: The first is 'why??'. Justifications for the use of biometrics have been singularly lacking.
The next is 'how?'. Schemes to date have been driven by unimaginative engineers, with no interest in or grasp of public policy issues. The result has been systems that are far more privacy-invasive than is actually needed to achieve sponsors' objectives.
The stage after that is 'how to avoid and subvert?'. People will be sufficiently unimpressed that countermeasures will be published, and biometrics providers and their client organisations will feel the heat in much the same way as organisations that attract public opprobrium are currently finding their web-sites subjected to hacking and denial of service attacks.
Dunstone Q4: Do you feel these questions are being addressed, and if not, what kind of education is required?
Clarke: No, they're not being addressed yet. Scheme designers are arrogant, and leaving the public, its representatives, and advocates for the public interest out of the loop. Ask yourself how many of your projects have included public consultation, a published privacy impact assessment, and representation of the affected public in the design process. Those are critical elements of an organisation's privacy strategy.
It would be nice to think that papers at conferences, and interviews like this one, would actually change knuckle-headed opinions. After a quarter-century of doing this kind of thing, I know that they don't. For the message to get through, projects will have to fail, project-managers will have to be sacked, and companies will have to go broke.
Dunstone Q5: How much should privacy practices be mandated by government regulation versus determined by the market (assuming appropriate education)?
Clarke: Self-regulation means protection of the sheep by the wolves; and funnily enough the wolves pay more attention to their own objectives than to those of the sheep. Self-regulation without a comprehensive set of government measures surrounding it is a non-event, and convinces no-one. Only big business and governments that have abandoned their responsibility to the public think otherwise.
At the other extreme, 'black-letter law' regulation, with everything embedded in statutory legalese, is no use to anyone except lawyers.
The appropriate approach, 'co-regulation', involves legislation that establishes a framework, and enables codes of practice to be worked through, subject to the framework, but reflecting the realities of the particular circumstances.
Some industries exercise market power and issue codes without meaningful public involvement. The Australian Direct Marketing Association is an example of such a poorly-judged and ill-fated approach. Gradually, some are learning to adopt a constructive approach.
Dunstone Q6: Are you aware of any specific cases of companies endangering people privacy through the use of commercial biometrics systems? (excluding DNA testing)
Clarke: Pretty much any project could be chosen as an example. The biometric in most cases is recorded somewhere, in a manner accessible to someone. In principle, any kind of biometric is capable of being used as a means of effecting masquerade; and with many kinds of biometrics the technology is readily available to do so now. Given that a biometric is a PIN you can never change, biometrics providers and user organisations are busily creating a vast problem for the future. (Yes, there are ways of addressing this problem; but ask yourself in how many projects the hard work is actually done, and the error avoided).
A further and quite fundamental problem is that a biometric, to be usable across large populations, is all but unique. It's therefore a means whereby data trails arising in many contexts can be consolidated, to produce what we used to refer to as a personal profile or dossier. One of the great protections against dataveillance has been the existence of multiple identification schemes, and the resultant difficulties of integration of data trails. Biometrics cavalierly destroys that protection.
Dunstone Q7: In a nutshell, what are the main technologies or procedures should companies use or follow to enhance the privacy of capturing and storing biometric data?
Clarke: Okay, so now I have a conflict between my researcher and advocate self and my consultant self. To be blunt, I sell my expertise in matters of that nature, and I'm not giving my livelihood away for free. People who aren't prepared to pay are welcome to read the hundreds of papers on my site, and work their own way through the analysis of the problems, the generation of potential solutions, and the creation of strategies ...
Dunstone Q8: Can you provide any examples of biometric systems that have been practically deployed and provide what you would consider adequate or good privacy provisions?
I'd like to think that that's because I haven't looked at enough projects; but I fear that there aren't any that are privacy-sensitive.
Dunstone Q9: What additional issues would the introduction of a rapid, cheap DNA biometric technique present over traditional biometric techniques such as the use of fingerprints or irises?
Clarke: There's a great array of privacy intrusions, affecting each of the multiple dimensions of privacy. What's more, issues vary depending on the specifics of the context and scheme design; so generalisations are difficult.
Two of the nastiest aspects of DNA are, however, that it's not just some external 'measure of the man' that's involved, but rather something that's intrinsic to, and very detailed about, the person; and that DNA 'identification' is probabilistic in a particularly awkward way.
Dunstone Q10: Which countries do you feel have a good privacy model, particularly as regards biometrics, that other countries should be following, and why?
Clarke: No country has even come near a good privacy model. Every existing scheme is based to a greater or lesser degree on the limited 'fair information practices' model that was codified by the OECD in 1980. It assumes that any information usage is fine, and requires no justification, and that all that's necessary is a few procedural limitations on how it's handled.
What's more, the OECD Guidelines merely codified laws passed in the early 1970s, so it's relevant to technology of the late 1960s. And despite the subsequent dramatic advances in computing, the marriage with communications, the convergence with content, and the still-awaited integration of robotics and of 'artificial intelligence', the OECD Guidelines are trumpeted as being the solution for the 21st century?? How naive can people be? There's a whole swathe of additional features required of effective privacy protection law and practice.
Of the more mature forms of antiquated OECD-style legislation, the New Zealand Act of 1993 is about as useful as any. This is because it embodies a practical approach to co-regulation.
As regards biometrics, I don't believe that public servants, legislators or their advisors have any idea of the topic. For example, Stott-Despoja's Bill was met with blank incomprehension on all sides. Even the Internet is still too big a challenge for them. After over 5 years of Internet explosion, the government is still incapable of grasping how it works, let alone what its implications are; and is still passing legislation woefully out of tune with the real needs. Biometrics will escape their radar for a while, allowing providers and user organisations to commit their blunders unhindered by the law.
Dunstone Q11: Are you optimistic that in around twenty years time appropriate regulation and compliance will be in place for most government and commercial biometric system to avoid infringing on peoples privacy.
Clarke: Firstly, I have very little confidence in the ability of parliaments to cope with advanced technologies. They're just mud-holes where high school debaters who never grew up wrestle with one another in an effort to score political points. The focus isn't on policy, and little legislation of quality gets passed.
Secondly, if biometrics makes much progress, it will be during the next 20 years, and any regulation that comes along later will be retro-fitted to whatever biometrics providers and user organisations got away with.
The only thing I'm optimistic about is that many projects will collapse, and many providers will fail. Slowly, some appreciation of the dangers of these technologies will emerge; but it won't be in my working life-time.
Dunstone Q12: And finally, which biometric project currently operating or in development alarms you the most in terms of its potential privacy implications.
Clarke: That's akin to asking which of the wolves in the pack I'd least like to be eaten by ...
Roger Clarke is a consultant in strategic and policy aspects of e-commerce, information infrastructure, and dataveillance and privacy. His disciplinary background is in information systems. He has degrees from UNSW, and doctorate from ANU, and has been a Fellow of the Australian Computer Society since 1985. His interests have moved on from technologies and their management to their strategic and policy impacts and implications. He is active with professional and industry associations, is on several Boards, and is Chair of AEShareNet Limited, which facilitates copyright licensing in the VET sector. 10 of his 30 years in the I.T. industry were spent as a senior academic, and he's also spent nearly 30 years as a privacy advocate. He stresses that the comments below are expressed wearing all of his multiple hats.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 15 September 2000 - Last Amended: 16 September 2000 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/BiometixIview.html