Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2016
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 9 February 1993
© Xamax Consultancy Pty Ltd, 1992-3
This paper was published in Green L. & Guinery R. (Eds.) 'Framing Technology: Society, Choice and Change' Allen & Unwin, Sydney, 1994
This document is at http://www.rogerclarke.com/DV/PaperPopular.html
During the last few decades, information technology (IT) has become immensely sophisticated, and real benefits have been achieved. There have also been considerable negative impacts. This paper discusses the application of IT to the surveillance of people through their data.
It argues that the risks to individuals and society as a whole are enormous. Moreover, intrinsic control mechanisms are entirely inadequate to ensure measured and balanced application of the technique, and extrinsic control measures have been inadequate and too late. The power relationship between large data-dependent organisations and members of the public is now so unbalanced that concerted action is necessary if the important value of information privacy is to be sustained into the twenty-first century.
During the last seventy years, a series of anti-utopian novels has chilled us with descriptions of imagined futures in which governments use information technology to exercise control over society. Eugene Zamyatin's 'We' established the genre as early as 1922. An important recent example is John Brunner's 'The Shockwave Rider'. But the image that forms our nightmares is George Orwell's '1984'.
During the early 1980s it was fashionable to pretend that the year had been a prediction (it wasn't: literary critics think that it was merely a reversal of the digits in the year in which he finished it - 1948). By 1984 some serious incursions into privacy had occurred, and had not been corrected; but the advanced western societies that are Australia's reference point were still far freer than the constrained world that the tormented Winston Smith endured. In the mid-1990s they still are. But, as a few examples will show, the rein has been tightening quickly during the last decade.
From the late 1950s onwards, corporations and government agencies have made increasing use of information technology. For twenty years computers were mainly used to address needs within individual organisations. Gradually, however, the capacity of machines grew to the point where it was feasible to share data between systems in different organisations, and even to conceive systems which crossed organisational boundaries.
Many such systems involved data about human beings. It proved difficult to combine data from different systems, because each system identified the people it dealt with using different schemes; for example, each finance company had its own customer code, and each government agency its own client or file number.
Corporations are driven by the profit-motive, and hence efficiency in the usage of resources is important to them. During the Labor Government of the 1980s, efficiency also became an important motivator in the Commonwealth public sector. In March 1985 the suggestion emerged that all manner of evils could be combatted if a single identifier were used for dealings with a large number of organisations. The national identification scheme was designed to harness patriotic fervour, by calling it the Australia Card and decking it out in green and gold.
For 2-1/2 years, the Government battled to have its proposal embraced by an apathetic public, and accepted by a Senate in which it was in the minority. They claimed that vast savings would be made from reeling in tax avoiders, social security cheats and illegal immigrants, and that anyone who opposed the scheme must have something to hide. Critics ridiculed the bureaucrats' estimates. They also drew attention to the vast amount of private information which would become available to thousands of public servants, and the significant change in the balance of power between individuals and the State which the scheme would bring about.
At first the Opposition and the Democrats (who held the balance of power) were sceptical, but as more information became available and more analysis was undertaken, they became virulently opposed to the proposal. Finally the import of the scheme became apparent to the public, and after street marches and letters to the editors of newspapers throughout the country, the scheme was withdrawn.
Within months, the Government brought forward an alternative proposal involving enhancements to the Tax File Number (TFN), to enable the objective of reducing tax avoidance to be addressed. This enactment was accompanied by Australia's first privacy statute, and passed into law at the end of 1988.
The TFN enhancements were approved by Parliament on the basis that only the Australian Taxation Office would ever use the number. Within a year, a significant number of additional uses had surfaced, dummied through an inattentive Parliament in various ways. During 1990, the Government proposed extension of its use to the entire welfare sector. The recession had deepened, and the Opposition had moved decisively toward the right. Social factors now paled into insignificance against the dominant economic concerns, an accommodation was reached between the parties, and the legislation passed.
With both sides of Parliament intent on supporting social control measures, public service executives grasped their opportunity and proposed a very large-scale computing matching programme. This was duly passed, although it was made subject to substantial (if flawed) regulatory measures.
A variety of other programmes have been implemented by the Commonwealth public sector during the last few years which have involved significant intrusiveness into people's affairs. In 1990, an obligation was placed on financial institutions to report all cash transactions above the value of $10,000. As was the case with the 'tax' file number, 'function creep' occurred, and the 'cash transactions' reporting scheme was soon extended to apply to a variety of non-cash transactions.
During the period 1990-93, the Attorney-General's Department developed the Law Enforcement Access Network (LEAN), a scheme with data analysis capabilities powerful enough to support the work of professional investigators, but available to in excess of ten thousand public servants. For many months it claimed it was not subject to the Privacy Act, and when the Department relented it claimed instead that it was subject to that Act but covered by a series of exemptions which had the effect of rendering the privacy watchdog powerless. In 1992, another proposal with potentially huge privacy ramifications emerged, relating to a Health Communications Network.
Two further examples of government programmes highlight a couple of important points. An exhaustive investigation by the N.S.W. Independent Commission Against Corruption (ICAC) in the period 1990-92 identified many instances in which individuals sold nominally confidential personal data for their own advantage. Much worse, however, was the finding that many banks, other companies and government agencies had been active participants in trade which was in all cases highly morally dubious, and in many cases technically illegal.
Meanwhile, on several occasions during the late 1980s and early 1990s, the Health Insurance Commission (which, among several other things, operates the Medicare programme) brought forward a proposal to gather centrally in Canberra all details of all prescriptions issued in Australia. Its purpose was to address fraud and over-servicing by medical practitioners and excessive discounts on prescription items which it claimed were being granted to patients at taxpayer expense. Privacy advocates argued that the very high degree of privacy-invasiveness inherent in the proposal was virtually ignored, and that the estimates of net financial benefits arising were outlandish. In one of the rare instances of a proposal being subjected to prior review, the Auditor-General and the Department of Finance found the claims over-stated and recommended against the project proceeding, and the proposal was withdrawn. Agencies have shown a great deal of persistence with schemes they judge to be in their own interests, and hence it must be expected that the proposal will re-emerge at a time the public service executives concerned consider auspicious.
These bold and insensitive applications of IT are invading privacy on a scale never before possible. The purpose of this chapter is to look behind the schemes to understand their nature and the context in which they are brought forward. To do so, it is first necessary to review developments in IT, and then appreciate why it is so attractive to organisations in general and government agencies in particular. A brief description is then provided of the various techniques which make up modern 'dataveillance'. Some of the key risks it entails are identified, and actual and potential control mechanisms are discussed, in order to ensure that organisations' practices do not sacrifice humanity in the search for resource efficiency.
Information Technology (IT) refers to the combination of computing, communications and robotics. Computers were developed in the 1940s, applied to business and government progressively since the 1950s, and married to both local communications and tele- (distance) communications progressively since the 1960s. Robotics, the combination of computers with machines which directly sense and affect their environment, has developed since the 1970s. There are many positive uses of IT, and the author of this paper is actively involved in its development, its application, and the education of further generations of professionals to assist organisations of all kinds to apply it in a profitable and responsible manner.
During the last four decades, there has been dramatic growth in the capabilities and capacity of information technology. Processor speed and storage capacity have grown exponentially, and costs have fallen just as steeply. Software development, which for the first two decades slowed down and lowered the quality of applications, has been improving in quality.
It would be wrong to let these (very real) explosions in computing blind us to the developments which preceded and ran parallel with the developments in computing, including telex and telefax transmission, and offset printing, photocopying and laser-writing. Since then there have been great improvements in data, voice and now image communications, both locally and over distance. And although developments in robotics have been much slower, there have been real developments also in the integration of intelligence into machines, and sensors and effectors into computing systems.
Even after the early waves of the industrial revolution, the scale of economic activity was quite low by modern standards, and the governmental and private sector institutions which undertook them were quite small. With the dramatic increase in scale of the present century has come a dramatic increase in the 'social distance' separating individuals from the institutions with whom they transact the majority of their business. This social distance can be thought of as the level of distrust felt by both parties, i.e. individuals, and bureaucrats dealing with large numbers of the great unwashed public.
To make up for the loss of immediacy in dealings between individuals who knew one another, there has been a great increase in the data-intensity with which organisations operate - government agencies and companies alike now depend very little on the judgement of employees local to the individual concerned and very heavily on the information that they store in their files and use centrally to the organisation but remotely to the individual.
Information privacy is a relatively recent preoccupation, and in the mid-1980s a senior Australian Cabinet Minister went so far as to denigrate is as a 'bourgeois value'. Until the last few decades, it was not necessary for people to express concern about it, or for Parliaments to create laws protecting it. This was because of the highly dispersed nature of data storage, the difficulty of finding data when it was wanted, and the difficulty of copying and transmitting the data once it was found; in other words, information privacy was protected by the enormous inefficiency of data handling.
IT has progressively reduced that inefficiency, to the great benefit of organisations and their clients. Concomitant with those efficiency improvements, however, has been the disappearance of the traditional information privacy protections. New mechanisms are needed to ensure that society's headlong rush for efficiency does not mortally wound other critically important human values.
This section discusses a class of applications of information technology referred to as 'dataveillance'. By this is meant automated monitoring through computer-readable data rather than through physical observation. Although the techniques are as applicable to goods proceeding along a production line as to people, this paper restricts its attention to the surveillance of humans. Dataveillance is of real potential benefit; for example in the detection of individuals who are worthy of attention, possibly because they are in need, or because they represent a threat to others. The focus of the paper is, however, largely on dataveillance's 'downside'.
Surveillance is the systematic investigation or monitoring of the actions or communications of one or more persons. It has traditionally been undertaken by physical means such as prison-guards on towers. In recent decades it has been enhanced through image-amplification devices such as binoculars and high-resolution satellite cameras. Electronic devices have been developed to augment physical surveillance and offer new possibilities such as telephone 'bugging'.
The last 25 years have seen the emergence and refinement of a new form of surveillance, no longer of the real person, but of the person's data-shadow, or digital persona. Dataveillance is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons. It may be 'personal dataveillance', where a particular person has been previously identified as being of interest. Alternatively it may be 'mass dataveillance', where a group or large population is monitored, in order to detect individuals of interest, and/or to deter people from stepping out of line.
A variety of techniques exists (see Exhibit 1). Front-end verification (FEV), for example, comprises the checking of data supplied by an applicant (e.g. for a loan or a government benefit) against data from a variety of additional sources, in order to identify discrepancies. FEV may be applied as a personal dataveillance tool where reasonable grounds exist for suspecting that the information the person has provided may be unreliable; where, on the other hand, it is applied to every applicant, mass dataveillance is being undertaken. Data matching is a facilitative mechanism of particular value in mass dataveillance. It involves trawling through large volumes of data collected for different purposes, searching for discrepancies and drawing inferences from them.
Data surveillance's broader social impacts can be categorised as in Exhibit 2. By way of example, individuals can suffer as a result of misunderstandings about the meaning of data on the file, or because the file contains erroneous data which the individual does not understand, and against which he or she has little chance of arguing without finding and hiring a specialised lawyer. Such seemingly small, but potentially very frustrating and infuriating personal problems can escalate into widespread distrust by people of government agencies, and of the legal system as a whole.
Clearly, many of these concerns are diffuse. On the other hand, there is a critical economic difference between conventional forms of surveillance and dataveillance. Physical surveillance is expensive because it requires the application of considerable resources. With a few exceptions (such as East Germany under the Stasi, Romania, and China during its more extreme phases), this expense has been sufficient to restrict the use of surveillance. Admittedly the selection criteria used by surveillance agencies have not always accorded with what the citizenry might have preferred, but at least its extent was limited. The effect was that in most countries the abuses affected particular individuals who had attracted the attention of the State, but were not so pervasive that artistic and political freedoms were widely constrained.
Dataveillance changes all that. Dataveillance is relatively very cheap, and getting cheaper all the time, thanks to progress in information technology. The economic limitations are overcome, and the digital persona can be monitored with thoroughness and frequency, and surveillance extended to whole populations. To date, a number of particular populations have attracted the bulk of the attention, because the State already possessed substantial data-holdings about them. These are social welfare recipients, and employees of the State. Now that the techniques have been refined, they are being pressed into more general usage, in the private as well as the public sector.
If dataveillance is burgeoning, controls are needed to ensure that its use is not excessive or unfair. There is a variety of natural or intrinsic controls, such as self-restraint and morality. Unfortunately morality has been shown many times to be an entirely inadeqaute influence over people's behaviour. There is also the economic constraint, whereby work that isn't worth doing tends not to get done, because people perceive better things to do with the same scarce resources. Regrettably this too is largely ineffective. Cost/benefit analysis of dataveillance measures is seldom performed, and when it has been the quality has generally been appalling. This reflects the dominance of political over economic considerations - both politicians and public servants want action to be seen to be being taken, and are less concerned about its effectiveness than its visibility.
If intrinsic controls are inadequate, extrinsic measures are vital. For example, the codes of ethics of professional bodies and industry associations could be of assistance. Regrettably, these are generally years behind the problems, and largely statements of aspiration rather than operational guidelines and actionable statements of what is and is not acceptable behaviour. Over twenty years after the information privacy movement gathered steam, there are few and very limited laws which make dataveillance activities illegal, or which enable regulatory agencies or the public to sue transgressing organisations. A (limited) statute exists at national level, but none at all at the level of State Governments. In any case, statutory regimes are often weak due to the power of data-using lobbies, the lack of organisation of the public, and the lack of comprehension and interest by politicians. The public has demonstrated itself as being unable to focus on complex issues; public apathy is only overcome when a proposal is presented simply and starkly, such as 'the State is proposing to issue you with a plastic card. You will need to produce it whenever anyone asks you to demonstrate that you have permission to breathe'.
There is a tendency for dataveillance tools to be developed in advanced nations which have democratic traditions and processes (however imperfect). There is a further tendency for the technology to be exported to less developed countries. Many of these have less well developed democratic traditions, more authoritarian and even repressive regimes. The control mechanisms in advanced western democracies are inadequate to cope with sophisticated dataveillance technologies; in third world countries there is very little chance indeed of new extrinsic controls being established to ensure balance in their application. It appears that some third-world countries may be being used as test-beds for new dataveillance technologies.
There continues to much that information technology can offer to improve the life of human beings. The success of IT has, however, created a very serious risk that the drive for efficiency will seriously damage human values. The enthusiasm of our institutions for IT must be tempered if we are to avoid that damage. Intrinsic protections have proven inadequate, and the country's parliaments have shown themselves time and again to be stadia for bull-fighting, not for consideration of laws and economic and social priorities. In the absence of concerted action by individuals and public interest advocacy groups, 1984 will arrive; just a little late.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 13 October 1995 - Last Amended: 13 October 1995 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/PaperPopular.html