Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2024
Infrastructure
& Privacy
Matilda
Roger Clarke's Web-Site© Xamax Consultancy Pty Ltd, 1995-2024 |
|
|||||
| HOME | eBusiness |
Information Infrastructure |
Dataveillance & Privacy |
Identity Matters | Other Topics | |
| What's New |
Waltzing Matilda | Advanced Site-Search | ||||
Review Version of 5 February 2010 - kept for historical purposes only
© Xamax Consultancy Pty Ltd, 2010
Available under an AEShareNet 
licence or a Creative
Commons 
licence.
This document is at http://www.rogerclarke.com/DV/CSSD-100205.html
A great deal of energy is wasted by civil society anguishing over the harm done to people by corporations, governments and technologies. Far too little effort is invested by public interest NGOs in 'practical activism'. This paper argues that civil society must establish Standards and Process Descriptions, which clearly communicate their expectations, and provide benchmarks against which the inadequacies of processes and the unacceptable dangers of projects and schemes can be delineated. The paper provides several examples of policy statements and templates of the kind that need to be provided.
Civil society is being overrun by the 'imperatives' of economics, technology and politics. Non-Government Organisations (NGOs) that represent the public interest score small wins from time to time. Overall, however, the last 50 years have seen massive encroachments into human freedoms in what has variously been referred to as 'the free world' and 'the advanced western economies'. Worse, the scene is set for public-private partnerships between large, powerful, transnational corporations and small, weak nation-states, leading to a 21st century version of feudalism.
Part of the reason for this state of affairs is the failure of civil society institutions to harness their resources to good effect. A very large proportion of the energies of 'concerned citizens', and of organisations that represent them and advocate for their interests, is frittered away on dinner conversations, submissions to organs that have no intention of taking any notice of them, conference presentations and posts to bulletin-boards that preach to the converted, and most recently those utterly ineffectual forms of vanity-press - the blogosphere and twitterdom.
In order to have real impacts on the processes of businesses and governments, civil society needs to articulate its requirements, and publish their demands as formal Standards against which the actions of businesses and governments can be assessed. Progress will have been made when the media routinely reports that a particular government proposal scores only, say, 27/100 on the Human Rights Impact Assessment scale, and that a business project fails on, say, 10 of the 24 mandatory features of the Business Project Assessment Standard.
This section provides brief overviews of four examples of public interest standards with which the author has been deeply involved. There is of course a range of other examples worthy of study, including documents of the Electronic Privacy Information Center (EPIC) in Washington DC, and of London-based Privacy International.
The Australian Privacy Foundation (APF) is that country's primary public interest NGO focussing on privacy. Since 1987, it has worked variously alone, and in conjunction with civil liberties and consumer associations. Its activities were reviewed in Bennett (2008).
For many years, APF's policy contributions were primarily reactive, in the form of submissions to governments and parliaments relating to particular projects and schemes. It has been moving towards a more proactive stance, by publicly declaring its policy positions on particular topics, and communicating those positions in advance of projects being announced, rather than just when projects are well-advanced.
One example of an APF Policy Statement is that on 'Visual Surveillance, including CCTV'. The elements of the Policy Statement are:
Much of the Policy Statement is obvious to public interest advocates with knowledge of CCTV. Its value lies not in any claims of originality, but in its provision of clear statements, its existence as a reference-point against which each particular project can be evaluated, and its availability as a standard against which the media can report project proposals to be tenable (few) or unjustified failures-in-waiting (most).
The adoption by civil society of such a document as a formal Standard would provide community groups worldwide with means to combat the excesses of image and video surveillance.
APF has also published a Policy Statement regarding the related topic of Automated Number Plate Recognition (ANPR).
This represents a counter-balance against the joint positions of the security industry and the national security extremists who grasped for control of law enforcement communities on 12 September 2001.
Crucially, the Policy Statement does more than just point out the dangers, and rail against the opacity of process, the lack of justification, and the continual presentation of projects as faits accompli. It presents a specific alternative, referred to as 'blacklist-in-camera' architecture, which balances the public interests in surveillance of miscreants and in non-surveillance of everyone else.
Privacy Policy Statements (PPS) are a creature of the U.S. political scene. In the absence of effective privacy laws, such protections as consumers enjoy derive from commitments entered into by the service-provider, and a PPS enables those commitments to be kept separate from the Terms of Service document. In countries that have data protection law in place, PPS sit oddly, and are little more than window-dressing.
On the other hand, there are some benefits in organisations confronting the question of what they actually do with personal data. Industry associations provide templates, but they of course are self-serving, not privacy-protective. Law firms prepare precedents, but they are proprietary rather than published, are inevitably legalistic and difficult to understand, and serve the interests of the client not the public. Data protection commissioners publish guidelines, but these are inevitably jurisdiction-specific, and limited by both the terms of the local legislation and the imaginations of the commissioner and their staff.
Remarkably, however, there appear to have been few attempts by civil society to express the public's expectations of a PPS.
A Privacy Statement Template was published in Clarke (2005a), with an accompanying guide in Clarke (2005b). During the first 4 years after its publication, it has amassed over 17,000 hits. It has been used by a number of organisations in preparing their own PPS. Its primary benefit, however, is as a standard against which corporate PPS can be compared, in order to expose their massive weaknesses. See, for example, Clarke (2006a).
The Terms of Service that are imposed by international consumer marketing corporations are generally based on the permissive laws of the U.S.A., and fall far short of the both the consumer protection laws in some other countries, and the reasonable expectations of consumers.
In 2005, I looked for an authoritative statement by the consumer movement of what they expected from marketers. I found no such document. In order to assess the Terms of Service of the same 6 companies whose PPS I had studied in Clarke (2006a), I had to prepare what I refer to as a 'Normative Template for Marketer-Prosumer Communications'. This was first presented in Clarke (2006b), and a revised version is in Appendix A of Clarke (2008).
The Template is currently being used in research into the state of consumer protection laws in Australian jurisdictions. Its value can be far greater than that of a mere research tool, however. If this (or some variant of it, or replacement for it) were to be adopted by major institutions of civil society, it would provide at least a Checklist of the matters that companies need to address. With some further articulation, it is capable of becoming a formal declaration of expectations, and a Standard against which marketing organisations' Terms of Service can be measured, and (in almost all cases) found to be seriously wanting.
These examples of Policy Statements and Templates demonstrate that documents can be assembled that codify public expectations in relation to particular activities, and particular technologies. Several advantageous features of such documents have been highlighted.
Industry and government have been playing the Standards game for many years. By publishing Documents that have capital letters, economic and political institutions have inculcated acceptance by the media and the public that all is well, and thereby avoided careful examination of their initiatives.
Community institutions must raise themselves from their torpor, stop wasting their time grizzling, adopt the well-proven technique of promulgating Standards, match the bravado with which business and government announce their initiatives, and attract the media into reporting the positions of civil society with the same enthusiasm as they have when they re-print corporate and government agency media releases.
APF (2008) 'Automated Number Plate Recognition (ANPR)' Policy Statement, Australian Privacy Foundation, March 2008 at http://www.privacy.org.au/Papers/ANPR-0803.html
APF (2009) 'Visual Surveillance, incl. CCTV' Policy Statement, Australian Privacy Foundation, October 2009, current version at http://www.privacy.org.au/Papers/CCTV-1001.html
Bennett C. (2008) 'The Privacy Advocates: Resisting the Spread of Surveillance' MIT Press, 2008
Clarke R. (2005a) 'Privacy Statement Template' Xamax Consultancy Pty Ltd, December 2005, at http://www.rogerclarke.com/DV/PST.html
Clarke R. (2005b) 'About the Privacy Statement Template' Xamax Consultancy Pty Ltd, December 2005, at http://www.rogerclarke.com/DV/PSTAbt.html
Clarke R. (2006a) 'A Pilot Study of the Effectiveness of Privacy Policy Statements' Proc. 19th Bled eCommerce Conf., Slovenia, 5-7 June 2006, at http://www.rogerclarke.com/EC/PPSE0601.html
Clarke R. (2006b) 'A Major Impediment to B2C Success is ... the Concept 'B2C'' Proc. ICEC'06, Fredericton NB, Canada, 14-16 August 2006, Invited Keynote Paper, at http://www.rogerclarke.com/EC/ICEC06.html
Clarke R. (2008) 'B2C Distrust Factors in the Prosumer Era' Proc. CollECTeR Iberoamerica, Madrid, 25-28 June 2008, pp. 1-12, Invited Keynote Paper, at http://www.rogerclarke.com/EC/Collecter08.html
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Department of Computer Science at the Australian National University. He has been a Board member of the Australian Privacy Foundation since its formation in 1987, and its Chair during 2006-2010. He has also been a member of the Advisory Board of Privacy International since 2000.
| Personalia |
Photographs Presentations Videos |
Access Statistics |
 |
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax. From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021. Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer |
Xamax Consultancy Pty Ltd ACN: 002 360 456 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 |
Created: 5 February 2010 - Last Amended: 5 February 2010 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/CSSD-100205.html
Mail to Webmaster - © Xamax Consultancy Pty Ltd, 1995-2022 - Privacy Policy