Privacy Panel
at the International Conference on Information Systems
Orlando FL, December 1993

The IT Professional's Lament
Position Statement by Roger Clarke

Slick back my hair, crop my beard, tighten my lips, look hard.

I'm a serious-minded IS professional. And I'm angry about privacy.

I'm concerned about the low-income people whose data is continually treated as the property of the Federal and the State bureacracies. I'm concerned also about borrowers being mis-treated by credit reporting companies. But not all that much.

What really makes me angry is this. I'm an IT professional, and I believe very strongly in the benefits which IT offers mankind. And I'm very annoyed that mis-use and abuse of technology is marring IT's image and threatening to make its promise unrealisable.

Consumer marketing companies are a pet hate of mine. It's partly that they acquire personal data by dubious means, use it without consent to build profiles, and use the profiles to customise advertising in order to manipulate the behaviour of individuals. But it's mostly that the stink of unfairness that they have extends to the technology they use. I want to see them forced to adopt fair information practices: to collect and exchange data only if they have consent, to remove people from mailing lists when they're asked to, and to be open about their sources and their techniques.

And none of this nonsense of self-regulation. Wolves self-regulate for the good of the pack and themselves, not the deer. Governments are abrogating their responsibility to their citizens by failing to impose and enforce external controls. The collapse of communism is being mistaken for a victory for capitalism. The fact is that every successful nation is a mixed economy, with government intervention at key points. The United States is the best in the world at intervening in aero-space-defence, and together with France and Japan one of the greatest exponents of protectionism. It should be intervening on behalf of its citizens' privacy interests too, and making sure IT doesn't get a bad name.

One of the biggest disappointments to me is the failure of cost/benefit analysis to act as a restraint on unreasonable applications of technology. You know the theory: assess in advance the costs and the benefits, take into account unquantifiable factors, consider the risk factors involved, and don't invest unless there's a strong probability of payback worth the level of risk. Well no-one does it!

Take another one of my pet hates: computer matching. Most applications of computer matching are demonstrable failures when it comes to making enough money to pay for the effort involved. But there are no hard-headed assessments of the cash flows. Government agencies mouth platitudes about the deterrent effect of their programs, and pretend that the multi-millions of dollars spent on staff to investigate hits and pursue miscreants don't exist, that the majority of their hits are furphies, and that they actually collect some of the missing millions of revenue they detect. On those few occasions that auditors actually get a look at these programs, they show up appalling inadequacies.

And meanwhile the public is imposed upon more and more. And it's always the same people who get it in the neck: disabled pensioners, veterans, the unemployed. Why? Well one reason is just convenience: the government has lots and lots of data about those kinds of people. And the second reason is convenience too, for the government that is: those kinds of people aren't very good at fighting back. They have trouble coping with bureaucracy, and prosecuting their innocence. Once again, the smell is becoming associated with IT, when the blame for the oppressive behaviour should be laid at the door of lazy bureaucrats.

And then we have the politicians. It's bad enough that they agree to every request that agencies put up for computer matching. They're going further now, and reviving the national data center proposal that was beaten down in the 1960s. Billary Clinton wants an id card as part of the health scheme Americans need in order to catch health standards up with the rest of the civilised world; but rather than a separate scheme, the idea is being floated that it should be linked with existing identifiers such as the SSN.

Meanwhile John Major has discovered some enthusiasm for Europe - they all have id cards; so Britain needs one too. In both cases, the assumption is being made that more efficiency will be achieved if there is multiple use of a single identification basis. When will politicans realise that people don't trust governments??

It's bad enough that the scope for agencies to concentrate data about individuals will be increased. My concern is that when the revolutions in public opinion come, they will not only sweep out politicians, but they'll harm IT as well.

It's really very upsetting that the U.S. has fallen twenty years behind the rest of the advanced world in protecting its citizens' data privacy. The idea that citizens could litigate to protect themselves was laughable when it was advanced in the early 1970s, and it's derisory now. Until the country creates a watchdog and gives it teeth, there will be a downhill slide in the credibility of government and government agencies. The anarchy so vividly described in the sci-fi cyberpunk literature may seem like art, but if governments don't act, that's the kind of ungovernability that we're headed for.

And I hate the idea of IT's promise being undermined like that.

RAC - 26 November 1993


Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Last Amended: 13 October 1995

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).

The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,

Information Sciences Building Room 211

Xamax Consultancy Pty Ltd, ACN: 002 360 456

78 Sidaway St
Chapman ACT 2611 AUSTRALIA

Tel: +61 6 288 6916 Fax: +61 6 288 1472