Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2018
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Review Version of 20 September 2012
Short Invited Paper for IEEE Technology & Society 31, 4 (Winter 2012) 29 - 31
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2012
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/DV/PAO-12.html
The power and reach of government agencies and corporations have increased greatly in the last few decades, and the prospects, and threats, inherent in so-called 'public-private partnerships' now loom large. The terrorist attacks of the first decade of the new century have been ruthlessly exploited by national security agencies to not just recover but to considerably extend their powers, to give them even greater freedom from democratic controls, and to increase their resources. Law enforcement agencies and even social control agencies have gained powers as well, in part by clinging to the coat-tails of national security. Meanwhile, consumer marketing organisations have taken advantage of social media, and the laxness of privacy laws, to greatly increase their sources of personal data. With the recent surge in interest in 'real names policies', organisations are again seeking to impose a single identifier on people and to deny the use of pseudonyms.
Representing the interests of the general public has never been easy, and the challenges have multiplied as institutional power over individuals has increased. How do privacy advocacy organisations work, and what are their strategies, and their prospects? This brief analysis provides an outline from the perspective of one of the world's oldest and most successful organisations in the field, the Australian Privacy Foundation (APF). Consideration is first given to the outcomes that an advocacy organisation seeks to achieve, and then to the outputs that it can produce in an endeavour to achieve those outcomes. This is followed by discussion of the processes involved, and the inputs on which those processes depend.
Ultimately, the aim is for all organisations to collect, use, retain and disclose personal data only in ways that are justified, proportionate and transparent, and subject to controls and accountability. In order to achieve that condition, a number of enabling measures are necessary.
Laws are needed, to create the framework within which appropriate balances can be achieved. Regulators need to be empowered, obligated, and resourced, to police abuses. Organisations need to use Privacy Impact Assessment (PIA) processes in order to understand the issues, to design privacy-sensitive systems, and to devise mitigation measures for unavoidable privacy intrusions. Effective PIAs depend on stakeholders being identified, and consultations being conducted with the relevant consumer segments and their representative and advocates.
At present, throughout the world, the shortfall from that set of requirements is vast. Even European laws are limited to the protection of data and provide few safeguards for privacy of the physical person, of personal behaviour and of personal communications. And even European countries suffer from a plethora of exemptions and exceptions, and from lack of enforceability, particularly through corporate use of jurisdictions-of-convenience from which to operate privacy-invasive systems - particularly the USA. What actions by advocacy organisations can bring about the rapid and substantial change that is needed, in the face of rampant social control agendas and consumer exploitation?
A primary function of advocacy organisations is to make Submissions to organisations that are sponsors of potentially privacy-invasive systems, to parliaments, and to regulators and oversight agencies. To get out ahead of problems, rather than be merely reactive, advocacy organisations also need to proactively develop and publish Policy Statements.
Many organisations do their best to ignore submissions and policy statements, or to dismiss them and deprecate their source. To pre-counter those manoeuvres, an advocacy organisation needs to develop a reputation for careful, evidence-based analysis and argument, and then to protect that reputation. The organisation's standing needs to be reinforced, for example through quality Patrons and Advisers, and Board members and spokespeople with demonstrable expertise. Policy positions need to be disseminated, through the media, by means of backgrounders, press and radio interviews and media releases, but also through postings on electronic lists and fora.
Many privacy oversight agencies fail to perform adequate public education, and hence it may fall to privacy advocacy organisations to provide information resources. A particularly critical example is lists of and links to privacy-relevant statutes and cases. The public also needs lists of and contact-points for relevant regulators and oversight agencies, for relevant Ministers and Parliamentary Committees, and for all advocacy groups in the privacy, consumer rights and human rights arenas. A further collection of value is an archive of media reports on privacy-invasive projects and technologies. Such resources not only underpin the organisation's own research, but also encourage and enable other organisations, individuals and students to contribute to public debate.
To deliver those products, and thereby contribute to the desired outcomes, an advocacy organisation needs to have all of the normal 'hygiene' processes in place, including incorporation, membership administration, Board appointments and meetings, mentoring of newcomers, secretaryship, financial administration and reporting, general meetings and compliance with the regulatory body for associations.
More critically, however, it needs processes for detecting opportunities to contribute to public policy formation, for developing policies, for preparing submissions, for participating in consultations, and for providing verbal evidence to parliaments. The Internet has facilitated electronic interactions and virtualisation. These are invaluable to advocacy organisations, particularly in countries with widely scattered populations.
The critical input for an advocacy organisation is the expertise, energy and time of individuals who can make a difference. Electronic tools such as web-sites, emailing lists, conferencing and wikis are vital. Funding is valuable, but may be hard to come by because of competition from charities, medical research, and the arts. In some countries, membership fees and donations to advocacy organisations are not tax-deductible, because parliaments and government agencies see it as being against their interests to encourage what they perceive to be public nuisances. As a result, a great deal of the work of privacy advocacy organisations is of necessity dependent on volunteers, for policy work, for coordination and mentoring, and for administration.
In a healthy society and polity, public participation in policy formation is encouraged. Regrettably, many countries fail to measure up to this standard. Although a Canadian index of privacy advocates identifies in excess of 150 organisations around the world, they all face enormous challenges to acquire the necessary resources, and to break through the hostility of corporations, industry associations, government agencies and parliaments, in order to represent the public interest in privacy.
Australian Privacy Foundation (APF), at http://www.privacy.org.au
Bennett C. (2008) 'The Privacy Advocates: Resisting the Spread of Surveillance' MIT Press, 2008
Electronic Privacy Information Center (EPIC), at http://epic.org
Privacy Advocates Index, at http://privacyadvocates.ca/
Privacy International (PI), at http://www.privacyinternational.org
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Research School of Computer Science at the Australian National University. He has been a Board member of the Australian Privacy Foundation since its formation in 1987, and has been its Chair since 2006. He is also a Director of the Internet Society of Australia (ISOC-AU), and an Advisory Board member of Privacy International (PI).
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 17 September 2012 - Last Amended: 20 September 2012 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/PAO-12.html