Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 16 December 1999
© Xamax Consultancy Pty Ltd, 1999
This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/InfoBase99.html
A report appeared on 30 November that the media moghul Kerry Packer, through his primary vehicle, PBL, has contracted with a major U.S. direct marketing services provider, Acxiom, to establish and run a highly data-intensive and highly privacy-intrusive database on Australian consumers. This document provides information on the matter.
The original story was on the front page of The Australian IT Section (p.33), on Tuesday, 30 November 1999:
My posting to the padvocacy and link e-lists that morning was as follows:
"(Unfortunately, it's just a one-dimensional piece, with information from just two interviews with the supplier, plus one with a commentator, and no background research).
"It reports on an initiative by a large group called Acxiom, working in conjunction with Packer's PBL, to produce a data warehouse called InfoBase.
"To be stored in the world's most technologically advanced data haven, InfoBase is to consolidate personal data about "almost every Australian", gathered from a wide variety of sources. Intended uses are stated to include the delivery of a sheaf of personal data onto the screen of, say, an insurance company employee, as the individual's incoming telephone call is answered.
"Acxiom's international division head was quoted as saying that the company strictly adhered to privacy legislation in every country where it operated. Which gives you a warm feeling, doesn't it?
"I wonder if that great protector of the public's interests, Darryl Williams, has checked to ensure that his still-not-tabled Bill won't cause Packer's InfoBase any undue difficulties".
It should be noted that the newspaper that broke the story is part of Rupert Murdoch's media empire; and that at present Rupert and Kerry are at one another's throats, in particular in relation to HDTV and the carve-up of the available electromagnetic spectrum among media corporations.
There have been rumours that The Australian had the story ready to go for some days before they broke it; but this might merely reflect the fact that the IT Section is a weekly segment that runs every Tuesday. The announcement of the PBL venture with Acxiom was on 17 June 1999, but it was not specific as to the data accumulation methods and sources to be used, and it attracted only limited coverage.
The influential ABC Radio programme, AM, used it as the lead story at 08:00.
I had calls from The Australian (the main paper rather than the IT Pages) and The Age. Chris Connolly did interviews with the SBS TV, Australian, AFR, the Age, Channel 10 late night news, SMH, and several radio programmes. ACA also did heaps of media. The topic was on most of the TV news bulletins that night.
Kate Lundy (ALP) asked a question in the Senate. The ALP's Leader in the Senate, John Faulkner, also asked a question. Senator Lundy's Press Release stated that "This constitutes the most blatant declaration of intent to gather personal information for commercial purposes this country has ever seen ... The PBL-Acxiom pronouncement about establishing a 'giant warehouse of all personal and financial information' serves as a critical wake-up call for a negligent Government that has failed to legislate to protect privacy of personal information in the private sector. ... The Opposition has called for an inquiry into the use of the electoral roll and called on the Government to implement private sector privacy legislation as promised".
The ABC's Online News carried a report, at http://www.abc.net.au/news/newslink/weekly/newsnat-30nov1999-77.htm
The Attorney-General, Daryl Williams, hastily called a press conference regarding the promised, delayed and still-unseen privacy legislation that afternoon, which was doubtless just a coincidence ... Williams' Press Release was characteristically timid, and reflected the Government's intense desire to facilitate business, whatever the cost to people.
He appeared to have said in the press conference that the legislation would require Packer/Acxiom to get consent before using/disclosing any of its data; but the written words could easily be read as approving of Acxiom unilaterally collecting the data and storing it in a data haven like the U.S.: "Reports of a data warehouse of personal and financial information being developed by Acxiom highlight the importance of the private sector privacy legislation. The collection of information by Acxiom and its database will be covered by the legislation. The legislation will ensure the data quality, data security and openness of this type of database. It will allow people to access records about themselves and to correct those records if they are wrong".
The influential ABC radio program, PM, ran with it as the lead story at 18:10 that evening.
Follow-ons, also in the Murdoch press, include:
Among the political parties:
The Internet Industry Association issued a News Release calling for the urgent passage of the proposed new private sector privacy legislation, "to bring into law the co-regulatory controls that will ensure that personal information about Australians cannot be misused".
With such a flurry of political activity, it was no surprise that there was considerable further print-media, radio and TV coverage, with more interviews with at least Chris Connolly, Ian Dearden, Chris Puplick, and myself, but heaven knows how many others. By late in the day, the talkback radio juggernaut was just starting to crank up. The ABC TV's influential 7.30 Report ran with it.
Thursday saw the Editorial writers join the fray:
The enfant terrible, Paddy McGuinness, said something in the Sydney Morning Herald, but as is usually the case with his columns, it's not quite clear what exactly.
ABC New Online carried an item on Electoral commission seeks better roll security.
Meanwhile, the Acxiom contingent continued to lie as low as they could manage. ABC's Radio 2BL pulled a planned session with me because they couldn't get anyone to come on air on behalf of the company. Given the unconscionable nature of the proposition, and the firestorm of protest, no-one except John Howard and Padriac McGuinness appears to be stupid enough to volunteer to argue its virtues.
More media interviews ensued. The ones I'm aware of at 11:00 are that Jason Catlett was interviewed in New York by The Australian, and ComputerWorld talked to Roger Clarke and Chris Connolly.
The evening ABC Radio programme Australia Talks Back ran a lengthy conversation and talkback session on Friday evening, featuring Chris Puplick (MSW Privacy Commissioner), Bill Caelli (security expert professor from QUT), Charles Britton (ACA) and the hapless Scott McLennan from ADMA.
On Friday 3 December, the lunchtime ABC Radio programme The World Today carried a segment on the topic.
By this stage, it appears that the Privacy Commissioner, Malcolm Crompton, had given about twenty interviews to various media.
The Weekend Australian of 4-5 December 1999 dedicated the lead-article of its 'Weekend Focus' section to the topic, written by Stephen Romei in New York. with the heading 'Someone to watch over you'. This was backed up by a locally written piece by Michelle Gilchrist called 'Taming big brother', and a statement by Andrew Robb for Acxiom. So far, I've been unable to locate these reports on News Limited's atrociously disorganised web-site.
On Tuesday 7 December, The Australian's IT Section continued with a series of articles:
Not to be outdone, The Sydney Morning Herald carried a piece by Nigel Waters on its Opinions page, entitled 'Why privacy laws must have muscle'.
Among many other radio interviews, I took part in one on South-East Queensland regional ABC, featuring Chris Puplick and an ALP Senator, Sue West. Once again, Andrew Robb declined to participate.
On 8 December, The Australian reported 'Database privacy assured: Vanstone', with the Minister for Justice re-cycling old information.
In the Saturday 11 December edition of 'The Melbourne Age', Garry Barker wrote 'In pursuit of our vital statistics'.
On Tuesday 14 December:
On 14 December 1999, the Attorney-General issued a press release, and published segments of the draft Privacy Amendment (Private Sector) Bill, in RTF and PDF formats, together with a an overview, also in RTF and PDF formats.
Submissions were invited by 17 January 2000. He stated that "Government policy is settled in respect of the Bill", so it was unclear what impact submissions could possibly have on the Bill, unless the lobbyist were to speak with a great deal of force. In addition to employee information, media now gain a substantial exemption, health information is subject to a number of qualifications, and the Privacy Commissioner's Principles have been "revised to accommodate legislative language" (which may or may not have been used as an opportunity to modify their effect).
The Australian direct marketing industry has been much slower than the U.S. in adopting highly data-intensive approaches. That appears set to change.
Despite Australia's accession to the OECD Data Protection Guidelines in 1984, there is no protection for consumers against direct marketers. There are a few moves afoot, which may or may not result in some progress.
In 1998, the Privacy Commissioner issued a set of (non-binding) privacy principles for the private sector. These include something close to carte blanche for the direct marketers, and that aspect of the Principles has been rejected wholesale by the privacy lobby.
The Australian Direct Marketing Association has unilaterally issued an appalling 'code of conduct', without entering into any form of consultation with the primary stakeholders. It has even gained the approval of the ACCC for its code, despite heavy criticisms by many consumer and privacy advocates and representatives. You can find further information on this self-regulatory (or should that be 'pseudo-regulatory?) fiasco.
The Attorney-General promised a Privacy Protection (Private Sector) Bill for mid-late 1999. In September, his Department has issued an Information Paper, but has not yet delivered on the promise of a Bill. It is understood that that would implement the Privacy Commissioner's (inadequate) Principles.
One reason for the delay in the Bill's introduction has been staff-turnover within the relevant Branch of the Department. Another has been a co-ordinated campaign by the media industry, scared of its effects on their access to information. They have been lobbying for a blanket exemption for media purposes, or, of course, no Bill at all. (It's nice to see that the editorial interest in publishing a good story has overcome the business interest in not having any nasty privacy-invasion stories that might encourage introduction and passage of a media-constraining Bill ...).
A comprehensive critique of privacy and direct marketing is in Clarke (1998).
There are several different levels at which the issue needs to be engaged. This section considers:
Organisations gather data directly from their customers, or as a byproduct of dealings between themselves and those people. They then use that data in order to develop and sustain an ongoing relationship with each individual. That gives rise to moral responsibilities in relation to the care for, and restrictions on the use of, that data.
In addition, a variety of direct marketing companies, and businesses that provide services to them, gather personal data from multiple sources, in some cases by surreptitious means. This commonly involves organisations that hold personal data breaching their moral responsibilities to protect it, and not disseminate it.
The rationale of marketing interests is that the consolidation of consumer profile data from multiple sources enables companies to undertake their marketing and selling activities in a more efficient and targeted manner, which in turn benefits the consumer by ways of more attractive offers, and fewer irrelevant ones. Consumers call that consumer manipulation.
Whatever the legal position might be, the gathering of personal data in these ways is immoral, and unacceptable to the public. The corporatist perspective, worshipped by governments around the world during the last couple of decades, holds economics to be the end, and social factors to be secondary. Citizens and consumers reject that assumption. The primary objectives are social; and economics, markets and corporations are means to social ends.
This is not merely a latter-day socialist view; it's how the public feels. The incursions into privacy that have been accumulating during the last few decades have not resulted in the public becoming inured to them, and accepting them; their patience is being stretched to breaking point. Periodically, issues bubble to the surface and attract virulent opposition. Moreover, the frequency with which issues have exploded is increasing. As the AFR Editorial said on 2 December 1999, there is now "the potential for the privacy of personal information to take off suddenly as an emotional political issue".
Citizens and consumers are clearly signalling that they've had enough, and expect protections. This has been particularly apparent in the relatively slow take-up of consumer Internet commerce, which I investigated in depth in Clarke (1998) and Clarke (1999). To stimulate consumer EC, corporations have to discover the facts of the new era, and deal with their customers much more sensitively.
In consumer marketing, it is useful to distinguish several phases:
Marketers have become habituated to the use of TV and other broadcast media in order to project advertising one-way at consumers. This will continue to be a mainstream way of generating prospects.
The problem is that they want to apply the same techniques when they use communication channels that are both more personal and more interactive. They believe, quite fervently, that they need every piece of data about each prospect that they can lay their hands on, in order to fine-tune their offers, and hence cajole that person into parting with money.
One-way projection may have worked fine with passive consumers; but that era is over. In the Internet age, people are easing out of the comatose mode with which they absorbed television, and are interacting with entities at the other end of bi-directional communications channels. As a result, communications between corporations and consumers have to be approached through the notions of 'relationship' marketing, 'one-to-one' marketing, 'consensual' marketing and 'permission-based' marketing.
This means that the default assumption that an individual somehow accedes to data acquisition and storage by not doing anything (sometimes called 'opt-out') is simply ineffectual, and will cause ever-increasing harm to relationships between consumers and marketers.
The only solution is 'opt-in', which is usage of personal data by corporations only on the basis of each consumer's consent.
Large corporations are very slow to adapt. Change is initiated by new companies adopting new approaches, and gaining market share. But powerful corporations are able to slow down those changes, by exercising market power, and by giving the newcomers offers that they can't refuse. The manoeuvres of Acxiom and some others among ADMA's large-corporate membership are typical of the dinosaur approach, denying that the Internet is different, and that marketing has been changed by it.
For positive statements on how to conduct direct marketing in the new era, see generally Clarke (1997), and specifically principles and practices for effective direct marketing in the new era that we've entered. For an analysis of the situation in relation to direct Internet marketing, see ACS (1998).
Self-regulation is an utterly discredited charade, and can never convince the public that they are protected. Legislatures must fulfil their responsibilities to the public, and put regulatory schemes into place. If Governments will not come forward with adequate Bills, then Opposition Parties must do it for them.
Most Australian businesses are in full agreement with that proposition. Industry associations supported the previous Victorian Government's in putting pressure on the Commonwealth to implement nationwide legislation, and in late 1998 forced the Prime Minister to change his 1997-98 position back to the one that he held in 1995-96. Here is the background to that policy turnaround, and to the promised 'light-touch' legislation.
The Liberal Party came up with a brilliant word in 1995: 'co-regulatory'. They need to re-discover it very quickly. For what it means, see (Clarke 1999). The long-promised and still undelivered Bill will need to measure up against those requirements, or it will fail to impose reasonable behaviour on large corporate marketers, and will failt to pacify the public.
The Government had intended publishing its Bill in September 1999, but in December has still not presented it. The Bill is to implement the Privacy Commissioner's National Principles for the Fair Handling of Information (NPFHI). The NPFHI is a rendition of the OECD Principles, with one ot two improvements (e.g. the addition of an anonymity principle). The OECD's now-ancient 1980 document, acceded to by Australia in 1984, codified ideas that were developed during the early 1970s, and which provide an appropriate response to the technologies of the late 1960s. Far, far more than this is necessary now (see Clarke 1999). But at least it's a start.
Unfortunately, the NPFHI has a couple of horrendous loopholes built into them that are so serious as to undermine the whole undertaking. One of those areas of desperate weakness is Principle 2.1(c), which purports to legitimise the direct marketing industry's existing, obnoxious, and hitherto unauthorised practices. In short, the defence used by the Government, to the effect that the Bill will provide effective privacy protections against the Acxiom scheme and its ilk, is ill-informed, mis-information, or just a lie.
In addition to the moral, marketing and general regulatory questions, there are further areas of detailed concern.
The following specific aspects were drawn to attention by Chris Connolly immediately after the story broke:
The company operates out of Arkansas, c/- PO Box 2000, Conway AR 72033-2000. Its site is at http://www.acxiom.com. There's a privacy statement (for what little that's worth) at http://www.acxiom.com/privdetl.htm. There's an Australian site at http://www.acxiom.com.au (but it looks like it's just a mirror of the U.S. HQ page). The corporation markets email addresses for the purposes of spamming, from http://www.acxiomdatanetwork.com/.
One of the Australian executives is a long-time campaign organiser for the Liberal Party, which is currently the party of government at federal level.
An iterm from the International Herald Tribune in 9 March 1998 is reproduced in the cypherpunks archive. It appears to be a re-working of a piece on the previous date in IHT's parent, the Washington Post.
The contents on this page have been mercilessly nicked from contributers that include (in alphabetical order, and hoping I haven't left anyone out): Dave Banisar in Washington DC, Jason Catlett in New Jersey, Judi Clark in California, Chris Connolly in Sydney, Tim Dixon in Sydney, Irene Graham in Queensland, Dan Tebbutt in Sydney, Damon Whyte, and Marcus Wigan in Melbourne.
Go to Roger's Home Page.
Go to the contents-page for this segment.
Send an email to Roger
Created: 30 November 1999
Last Amended: 16 December 1999
|These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).|
| The Australian National University|
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Pty Ltd, ACN: 002 360 456|
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916