Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2013
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Roger Clarke **
Version of 30 April 2005
An invited paper prepared for Issues 72 (June 2005)
© Xamax Consultancy Pty Ltd, 2005
Available under an AEShareNet licence
This document is at http://www.rogerclarke.com/DV/DV2005.html
There's a lot of watching going on. Closed-circuit television (CCTV) is offered as a pseudo-solution to lots of ills, like crime in cinema districts, and theft in airport baggage areas. Mobile phone cameras in change-rooms cause consternation. Nicole Kidman's garage door is targeted with listening devices, so that paparazzi can be at the scene in time to capture digital images for magazines' front pages.
Privacy advocates are concerned about people's behaviour being visually monitored, but they're a lot more worried about data surveillance. So what's this surveillance business about?
The term 'surveillance' is French. It was first used at the end of the eighteenth century, to refer to close watch kept on a person's movements. What's monitored may be the person's behaviour, actions, statements, or associates. One purpose of surveillance is to provide information to the watcher. Monitoring conducted for this reason may be most effective if it is done surreptitiously, because the person being watched is less likely to adopt countermeasures.
A second and in some cases more important purpose is to have an effect on the person being watched, usually to 'chill' their behaviour, that is, to cause them to not do things that the watcher doesn't like. This may be better achieved by giving the person reason to believe that they are being watched. If people believe they are subject to surveillance, then their behaviour is very likely to be affected, even if they are not actually being monitored.
A similar concept was developed in Britain around the same time, where the 'panopticon' was proposed as an alternative to transporting convicts to colonies like N.S.W. This was a central tower in a gaol, which enabled a small number of guards to exercise control over large numbers of prisoners.
In comparison with the French notion of 'personal surveillance', the British idea was a form of 'mass surveillance', with large numbers of people being watched by a few. Mass surveillance has an additional purpose: to generate suspects, by picking out which people within the crowd are doing, or might do, something that the watcher doesn't like.
So the origins of the idea are visual. And visual monitoring has been greatly enhanced by technology, with cameras becoming more flexible, and much smaller, and delivering high-quality images that can be stored and manipulated. For every positive use there's a negative one. Cricket devotees enjoy 'stumpcam', with the images complemented by directional microphones that catch the sounds as well. Meanwhile, spies, private detectives, perverts and crooks take still-images and video of their targets.
But visual surveillance requires people, and often skilled ones at that; so it costs a lot of effort and money. It turns out to be much cheaper, and much more effective, to subject people to surveillance through the trails of data that their daily activities leave behind them.
Data surveillance (or 'dataveillance' for short) is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons. The information technologies developed since the 1960s enable data to be captured in vast quantities, to be stored, to be accessed, to be analysed, and to be transmitted from one organisation to another. And all of this can be done in an automated way, and very cheaply.
Many forms of dataveillance leverage off the great many data trails that arise as a byproduct of people's transactions with organisations, but many new data trails have also been created, specifically to advantage organisations. In addition, many privacy-invasive technologies have been created and deployed (which are usefully referred to as 'the PITs').
These new developments have included:
The intensive use of personal information that arises from personal dataveillance is threatening in several ways. Inevitably some of the data is wrong, in particular because it is inaccurate, incomplete or out-of-date. The combination of data from different sources, collected at different times, for different purposes, is especially dangerous, because it can give rise to all manner of unfounded suspicions. Many actions are taken by government agencies and corporations that are based on such misleading information, and which harm individual consumers and citizens. In many cases, the people affected can't find out what's gone wrong, and hence can't get it fixed.
Mass dataveillance is even more threatening. It gives rise to suspicions about individuals, based on quite vague data, such as someone having been seen in the company of someone who is under investigation for a criminal act. And even if the social control agencies take no action, the mere suspicion by the public that 'they' are watching reduces people's freedom to think, discuss, argue and act. Innovation in the arts, science, technology and economics were all stultified in the old Soviet bloc, and continue to be stultified in China, because people censor themselves when they fear that they may be subject to censorship by powerful authorities. If you want to live in a stagnant society, simply let governments give themselves greater surveillance powers.
Identifiers are central to the dataveillance threat. The organisations that want to track and profile people need to be able to associate events with the individuals that they're concerned about. It may be good enough to use names, but names are malleable, and ambiguous. Most organisations impose some form of code on their clients, and demand to know that code when they deal with them.
People don't carry signs around their necks, so data captured from observation doesn't automatically carry a name or code with it. Serious suggestions have been made that people need identification chips inserted in them, just like household pets and cattle. The first experiments are being conducted on people who aren't in a position to argue, such as prisoners and the senile aged. Outside institutions, the first easy target is likely to be paedophiles who've served their term. Despots throughout history would have been delighted with these developments.
Organisations in some cases don't believe that people are who they say they are. So they perform some form of 'identity authentication'. This may be as simple as answering questions about family, dates of birth, and addresses. It may force people to carry and present 'photo id' (for what little use that is). But some forms of id authentication are seriously intrusive. It's quite extraordinary that, in a couple of decades, thumbprints have migrated from a mark of criminality to an arrival and departure ritual that some employers are imposing on their staff, and that some staff are cheerfully accepting.
The greatest danger that arises is where an identifier is commonly used by multiple organisations. It's one thing for personal data to be used by an organisation in managing its relationship with each particular person. It's quite another for that personal data to be shared across organisational boundaries. The widespread use of a single identifier, such as a driver's licence number, or a 'unique student identifier', breaks down the silos that are people's major privacy protection. General-purpose, 'national identification schemes' and the 'population registers' that go with them, are the worst of the lot.
A further development in the consolidation of people's data has arisen in the form of location and tracking schemes. Excessive use of credit-cards for payments means that most people's location at any given time is evident to at least their bank - and to anyone else who can get access to that data-trail. Add to that telephone-call records from the person's home, building access records for people who live in and work in 'security-controlled' buildings, email and Web traffic, identified public transport tickets, and identified use of toll-roads, and marketers and social control agencies in government have lots of ways of tracking people, of generating suspicions about them, and of significantly influencing their behaviour.
There has been a concerted effort by marketers and law enforcement agencies in recent years to make mobile phones report their location accurately to the base station. If and when those ambitions are achieved, that information will be highly valuable to anyone who can get access to the database. When you consider the frequency with which many people make calls and send and receive SMS messages, that database will disclose current location, and direction of movement, not only in the past and present, but even in the future (because in many circumstances it's pretty easy to tell from a person's direction of movement where they're heading). And anyway, unless the battery is removed, the off-switch on a mobile phone isn't what it says it is - the spy in your pocket keeps on quietly reporting your location to the nearest base-station.
Many people today seem to accept this state of affairs. Some people believe that governments and corporations are inherently good, and always have the best interests of citizens and customers in mind. Some people believe that, right or wrong, honest or corrupt, peaceful or violent, governments are right anyway, and should be obeyed. Some people acknowledge that lots of governments have gone bad in the past, and lots of countries around the world are bad right now, but believe that the government of the country that they live in would never, ever again wage an unjustified war or subject anyone to arbitrary arrest, imprisonment, punishment, rough interrogations, torture or elimination.
Yet the most cursory review of history makes it look very likely that governments in the future will use the powers at their disposal to repress the behaviour of citizens. Even the last 5 years have seen a flood of constraints on freedoms, which both the Government and the Opposition have imposed on us all under the pretext there might be more and nastier terrorists in Australia than the 5 that have been identified in the first 4 years of intensive criminal and national security investigations.
So what's all of this got to do with 'Big Brother'?
That expression first appeared in George Orwell's '1984', a novel written by an Englishman immediately after World War II. It blended the vicious techniques of Stalin's Russia with less violent but very effective British propaganda methods. Society was tightly controlled. That was fairly easy, because dissidents disappeared, so most people learnt not to dissent. And history was continually revised to reflect contemporary government policy; so it was difficult to know what the truth was that you were supposed to believe, and what was dissident thought. So it was better to just stay quiet.
The image of the leader in '1984' was 'Big Brother', and the epithet that mixed threat and conscience was 'Big Brother is watching you'. The hero in the book, Winston Smith, tries to resist the oppression. But he's eventually broken, and the final lines of the book are "He had won the victory over himself. He loved Big Brother".
50 years later, another use of the term emerged. The phenomenon of people lining up to embarrass themselves in front of the public had been evident at least as early as 1968, when Andy Warhol referred to everyone's '15 minutes of fame'. The expression's longstanding negative image was harnessed to the needs of marketers, and the breakthrough reality TV series in 2000 took its title from 'Big Brother is watching you'.
The Baby Boomers (roughly speaking, people born between 1945 and 1965) remember the aftermath of World War II, Hitler and Stalin, and the Cold War. Generation X'ers (roughly, people born 1965-1980) remember the national security apparatus of Communist regimes such as East Germany's Stasi (and the defeat of the Australia Card). Yet they've been the majority of the voters while governments have been creating privacy protection laws so feeble that they're of little value, and swamping those limited protections by authorising widespread government and corporate dataveillance activities.
The Y Generation (roughly, people born in the 1980s) don't remember any of those ghastly experiences, when people's freedom to act and speak and think were subjected to tight constraints by powerful governments. They're inheriting a regime that is highly permissive of surveillance of consumers and citizens. The Y Generation is doomed to re-live history, unless they use their imaginations, and discover that the mass media has trivialised the message, and that loving Big Brother is as serious a mistake now as it was in '1984'.
The web-version of this paper contains hotlinks to resources on this topic. It can be found at http://www.rogerclarke.com/DV/DV2005.html.
The Australian Privacy Foundation provides a comprehensive set of resources on privacy issues and privacy laws, at http://www.privacy.org.au.
Electronic Frontiers Australia provides comprehensive materials on on-line privacy issues and surveillance, at http://www.efa.org.au/Issues/Privacy/
An introduction to privacy and dataveillance is at http://www.rogerclarke.com/DV/Intro.html
The author's many papers on privacy and dataveillance topics are indexed at http://www.rogerclarke.com/DV/AnnBibl.html
More details on the arguments in this paper are in:
Clarke R. (1988) 'Information Technology and Dataveillance' Commun. ACM 31,5 (May 1988), at http://www.rogerclarke.com/DV/CACM88.html
Clarke R. (1993) 'A 'Future Trace' on Dataveillance: The Anti-Utopian and Cyberpunk Literary Genres' Xamax Consultancy Pty Ltd, March 1993, at http://www.rogerclarke.com/DV/NotesAntiUtopia.html
Clarke R. (1994) 'Dataveillance: Delivering 1984' Chapter in Green L. & Guinery R. (Eds.) 'Framing Technology: Society, Choice and Change' Allen & Unwin, Sydney, 1994, at http://www.rogerclarke.com/DV/PaperPopular.html
Clarke R. (1999) 'Anonymous, Pseudonymous and Identified Transactions: The Spectrum of Choice', Proc. IFIP User Identification & Privacy Protection Conference, Stockholm, June 1999, at http://www.rogerclarke.com/DV/UIPP99.html
Clarke R. (2000) 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century' Xamax Consultancy Pty Ltd, January 2000, at http://www.rogerclarke.com/DV/PP21C.html
Clarke R. (2001a) 'While You Were Sleeping ... Surveillance Technologies Arrived', Australian Quarterly 73, 1 (January-February 2001) 10-14, at http://www.rogerclarke.com/DV/AQ2001.html
Clarke R. (2001b) 'Biometrics and Privacy' Xamax Consultancy Pty Ltd, April 2001, at http://www.rogerclarke.com/DV/Biometrics.html
Clarke R. (2001c) 'Person-Location and Person-Tracking: Technologies, Risks and Policy Implications' Information Technology & People 14, 2 (Summer 2001) 206-231 , at http://www.rogerclarke.com/DV/PLT.html
Clarke R. (2003) 'Dataveillance - 15 Years On' Proc. Privacy Issues Forum, New Zealand Privacy Commissioner, Wellington, 28 March 2003, at http://www.rogerclarke.com/DV/DVNZ03.html
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Baker & McKenzie Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Fellow in the Department of Computer Science at the Australian National University.
He is also a Board Member of the Australian Privacy Foundation, and Electronic Frontiers Australia.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 40 million by the end of 2012.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916
Created: 19 April 2005 - Last Amended: 30 April 2005 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/DV2005.html