Degree of Doctor of Philosophy
by Submission of Published Work
at the Australian National University
DATA SURVEILLANCE: THEORY, PRACTICE & POLICY

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 17 January 1997; Minor Revisions of 12 November 2003

© Xamax Consultancy Pty Ltd, 1995, 1997. 2003

This paper is at http://www.anu.edu.au/people/Roger.Clarke/DV/PhD.html


This collection of refereed papers was the basis for a supplication under Rule 28 of the ANU's Degree of Doctor of Philosophy Rules. This Rule provides for a supplication to be made "on the ground that the person has, by published work ... made a substantial contribution to learning and demonstrated a capacity to relate the work ... to the broader framework of the discipline ... at the standard internationally recognised for the degree in the relevant discipline or disciplines [provided that] the collection of published work, on which the candidate relies shall be comparable in quantity and academic quality to that which is required for a thesis in the same general field of study".

The supplication was made in August 1995. It was held up by successive administrative errors until late 1996, and the degree was awarded in April 1997.


Abstract

The papers that make up this dissertation develop a body of theory that explains the nature, applications and impacts of the data processing technologies that support the investigation or monitoring of individuals and populations. Literature review and analysis is supplemented by reports of field work undertaken in both the United States and Australia, which tested the body of theory, and enabled it to be articulated.

The research programme established a firm theoretical foundation for further work. It provided insights into appropriate research methods, and delivered not only empirically-based descriptive and explanatory data, but also evaluative information relevant to policy-decisions. The body of work as a whole provides a basis on which more mature research work is able to build.


Contents


INTRODUCTION

BACKGROUND

The electronic, digital computer was invented in about 1940, and was first used to support the processes of business and government in the early 1950s. It has made great strides, in terms of both the capabilities of the underlying equipment or 'hardware', and in the suites of programs, or 'software' which enable the hardware to be applied to specific purposes. The progressive marriage of computing with local and distant ('tele') communications, and, more slowly, with robotics, has seen the emergence of what is at present commonly referred to as 'information technology'.

The information systems discipline is concerned with information, and with its creation, management and use by individuals, especially in organisational contexts. It emerged because of the perceived need to understand and guide the application of information technology to human needs. Accordingly, the discipline is also concerned with the use of information technology artefacts, and hence with the analysis of user needs, the design of artefacts, their construction, and their progressive re-formation-in-use.

Many aspects of information technology have been well-researched. At the levels of hardware and systems software, the disciplines of computer science and communications engineering are now well-established. At the level of application software, however, and especially in the areas of the management of information technology, and social policy regarding its impacts and implications, understanding is far less mature.

The information systems discipline emerged during the 1960s, particularly in schools of management and commerce, drawing variously on the existing disciplines of computer science, individual and organisational behaviour, operations research / management science, accounting, and operations management. The conventional institutional framework for a discipline, such as formal recognition within universities, undergraduate majors and degrees, specialist postgraduate and doctoral programs, specialist journals and specialist international conferences, was accumulated during the period 1965-1980.

Many areas within the information systems discipline have matured rapidly. For example, bodies of knowledge exist in relation to the development of new applications, the management of existing applications, the processing of raw data into useful information, and the provision of information to support decision-making by individuals and by groups.

There remain, however, many aspects of the discipline which are as yet highly immature. Concern has been expressed that the discipline continues to rely on theories extracted from reference disciplines, and has been tardy in developing its own coherent body of foundation theory (Weber 1987). A great many of the theories which are available are of assistance in describing particular domains, but their explanatory power is weak and their predictive power very limited indeed. There are also significant difficulties in selecting and applying research methods (Galliers 1992). The problems arising as a result of the discipline's youth are compounded by the highly unstable nature of the domain of study, which includes fast-changing technologies which are being influenced by, and are influencing, fast-changing organisational and behavioural patterns.

Beyond supporting the description, explanation and prediction of relevant phenomena, the information systems discipline needs to provide normative support to decision-makers within individual organisations which seek to exploit information and information technology. Moreover, advanced technologies are having increasingly significant impacts on and implications for individuals, groups, organisations, industry segments and sectors, and economies and societies as a whole. There is therefore a vital public policy dimension to the discipline.

The sub-discipline of information management has existed since the emergence of the information systems discipline as a whole 25-30 years ago. This segment focuses on matters of concern to managers and executives, primarily within individual organisations. It also involves inter-organisational considerations, and is slowly developing a body of knowledge in relation to public policy questions (see, for example, Dunlop & Kling 1991).

The publications which make up this supplication for a doctorate by published work report on research undertaken in one particular area of great policy significance, and increasing importance to individual organisations, but which has been almost entirely ignored during the information systems discipline's first few decades.


INFORMATION PRIVACY AND DATA SURVEILLANCE

Since the 1960s, there has been considerable public concern about individual privacy (e.g. Cowen 1969). Statutory protections were enacted in most advanced western nations in the 1970s and codified by the end of that decade (OECD 1980). Australia was a laggard, with the Commonwealth Privacy Act being passed only at the end of 1988.

Privacy is a cluster of interests of the individual, which in many circumstances tend to conflict with the interests of other individuals, organisations, and society as a whole. Aspects of privacy which it is valuable to distinguish are:

With the close coupling that has occurred between computing and communications during the last 15 years, the last two aspects have become closely linked, and are commonly referred to as 'information privacy'. This body of work is concerned with the impact of information technology on information privacy.

Intrinsic to the study of privacy is the recognition that privacy is one interest among many, and that this interest needs to be balanced against other interests, not only those of other individuals, but also those of groups and of society as a whole. A precept on which all of my work has been based is that judgements about the particular balances that are appropriate need to be made by democratic processes, within particular jurisdictions, at particular points in time; that is to say that there are no 'grand solutions' to privacy issues. Rather, there are issues, and dimensions of issues, and stakeholders with interests. It is important that information about all of these be surfaced, and the possibility of rational discourse created.

The study of 'interests' and of public policy measures to protect interests are proper subject-matter for disciplines other than information systems, and in particular sociology and law. An important contribution of this body of work has been to shift the focus from the interest that individuals have, to the technologies and the applications of those technologies which threaten that interest. It is vital that the discipline of information systems, and the sub-discipline of information management, perform intermediary functions between the scientific and technological disciplines which are generating and applying the technologies, and the social and policy disciplines which are seeking to regulate them.

This work has accordingly involved a detailed examination of the techniques and practices of surveillance, the definition of new terms to describe the new ways in which people are being subjected to observation, the expression of this body of theory and practice in terms accessible to specialists in other disciplines as well as in computer science and information systems, and contributions to policy debates.


THEORETICAL BASIS

Only limited prior theoretical work was available to me at the commencement of my research. This is examined at length in several of the papers. As a result of the paucity of established theory, a great deal of the contribution of this collection was necessarily of the nature of theory formation.

Within the information systems discipline, the key pre-existing works were Laudon (1974) and Kling (1978). Important sources were available from other disciplines, including sociology (Westin 1967 and 1971, Westin & Baker 1972, Rule 1973 and 1983, and Rule et al. 1980) and law (particularly Morison 1973). Of especial intellectual importance is the notion of society as 'prison' (Foucault 1975, by analogy with the 'panopticon' of Bentham 1791). Among less academic works are to be found some of significance, including Packard (1964), Smith (1974-) and Burnham (1983).

A number of government agencies, law reform bodies and parliamentary committees had made important contributions to the understanding of information privacy (including HEW 1973, FACFI 1976, NSWPC 1976-, PPSC 1977, Lindop 1978, OTA 1981 and ALRC 1983). A number of other important publications appeared during the course of development of this body of work (in particular, Marx & Reichman 1984, Marx 1985, Roszak 1986, OTA 1986, Flaherty 1989, PCA 1989-, GAO 1990, Bennett 1992 and Davies 1992).


RESEARCH METHODS

A significant proportion of the contribution of this work was of the nature of scholarship, i.e. the careful and disciplined examination, evaluation and synthesis of a wide range of secondary sources.

This was supported by lengthy and deep, but largely informal, empirical experience. This was gleaned through involvement in privacy issues, variously as:

It is stressed that this supplication is not based on the many consulting reports and unrefereed publications which have arisen from these activities, but on refereed papers arising from appropriately careful and considered research work, and subjected to peer review.

On the basis of reference theories, particularly in relation to information privacy, a body of theory was progressively formed relating to data surveillance. A number of aspects of this were subjected to empirical testing, through structured interviews with practitioners and case study research drawing on multiple sources of data to achieve triangulation on the object of study. On the basis of this work, the body of theory was articulated and refined.

As discussed in several of the papers, considerable difficulties were experienced in conducting empirical research into data surveillance practices, to some extent in the United States, but especially in Australia. The Commonwealth agencies that developed the 'Australia Card' proposal in the period 1985-87 withheld key information from public purview. During the period 1987-92, agencies declined to provide any meaningful information about their use of computer matching, and utilised various exemption clauses under the Freedom of Information Act 1978 to avoid providing documents. Even secondary data, arising for example from the Privacy Commissioner's investigations, are frequently not publicly available. In the mid-1990s, profiling continues to be undertaken out of the public gaze, although a seminar convened by the Commonwealth Privacy Commissioner in July 1995, and addressed by myself, may represent a turning point in the public visibility of profiling programs.

The work reported on in this collection is therefore based on much less, and much less 'hard', information than would have been desirable. On the other hand, the importance of the topic is such that research needed to be undertaken, and works needed to be published, on the basis of careful consideration of such limited data as was available.


SUMMARY OF THE PUBLISHED WORKS

The works are presented in a logical sequence, rather than their chronological order of publication.

Papers 1 and 2 - The Theory of 'Information Technology and Dataveillance'

The first paper, Clarke (1988a), appeared in the leading journal of the United States Association for Computing Machinery. It establishes the basis for the entire work, by reviewing surveillance practices, and showing how information technology is resulting in the replacement of expensive physical and electronically enhanced monitoring of individuals and groups by highly automated, and therefore much cheaper, systematic observation of data about people.

This new form of monitoring, whose descriptor I abbreviated to 'dataveillance', is potentially highly privacy-invasive. The paper imposed a degree of organisation on the field of knowledge that had never previously existed, and has been used by other researchers and teachers in their subsequent work. It also established a framework within which my own further research could be conducted.

The second paper, Clarke (1994a), further develops a vital aspect of the argument commenced in the first paper, namely the nature of human identification as it is applied within information systems. Remarkably, there are very few works in any academic literature which address the question of such uses of human identity, and for this reason the paper had a long gestation period (from 1985 until 1994). It was published in an international journal which might be characterised as 'trans-atlantic' in flavour, and provides a forum for researchers addressing the interaction between information technology and individuals, groups, organisations and societies.

Based on the theory presented in the paper, implications are identified for managers and executives within organisations, and for public policy. I am currently conducting a further stream of research which has grown out of this project, and which is examining the extent to which anonymous and pseudonymous transactions are capable of satisfying the needs of organisations and individuals.

Papers 3, 4 and 5 - Application of the Theory to Computer Matching

A series of papers resulted from a sub-project undertaken between 1987 and 1992. One particular technique identified in the foundation paper as being of especial importance was 'computer matching', particularly as applied in government. The technique did not arise from academic research, but was developed pragmatically, in both the United States and Australia in the late 1970s. There was a very limited literature. Field work was undertaken in the public sectors of both the United States and Australia. The purposes were to describe and understand the phenomenon, to apply data surveillance theory, and to draw implications. Initially, considerable difficulties were encountered in gathering information, but (for reasons explained in the papers) it became progressively more feasible to subject the use of the technique to scrutiny.

The first in this sub-set of papers (Clarke 1994b) provides a detailed description of the technique, and was published in the same journal as Paper Number 2 on 'human identification'. It established that there were considerable difficulties involved in appropriately applying matching, and that the risks were borne by the individuals whose data was matched, rather than by the organisations conducting the matching.

The second paper in the series, and fourth in the collection (Clarke 1995a), was published in the first issue of a newly re-named 'trans-atlantic' journal, Information Infrastructure and Policy (which, during its first three Volumes, was entitled Informatization and the Public Sector). The paper examines the mechanisms which prevent unjustifiably privacy-invasive matching from being undertaken, and ensure that suitable protections are incorporated into such programs as do proceed. It includes a detailed examination of the use of cost-benefit analysis (CBA) to justify matching programs, and a review of the extent to which CBA has functioned as an effective control over misuse and abuse of computer matching in the United States and Australia. Its conclusion is that there are serious inadequacies in the controls over computer matching.

The final paper on matching (Clarke 1995b) appeared in a journal which specialises in the law relating to information technology, and is published by the John Marshall Law School in Chicago. The paper takes as its starting points the theory of dataveillance established in earlier papers, the threatening nature of computer matching, and the absence of effective controls. It proposes a set of general and specific regulatory measures which it is argued are necessary if society is to bring government matching programs under control. It assesses the limited regulatory regimes of the United States and Australia against those proposals, and finds them seriously wanting.

Paper 6 - Application of the Theory to Profiling

Clarke (1994c) examines a further technique which was outlined in the foundation paper, and which has become increasingly popular during the last decade. The paper appeared in the Journal of Law and Information Science, which is edited and published in Australia but is international in terms of both its authorship and readership.

A technical description of 'profiling' is provided. The paper is based on limited 'hard' empirical evidence, because most profiling is undertaken, in the public and private sectors alike, surreptitiously. The paper identifies substantial dangers which are inherent in the technique. It lays the foundation for more careful empirical work, but this may not be possible until parliamentary and governmental action is taken to open up the practice of profiling to public scrutiny.

Paper 7 - The Impact of Developments in Database Retrieval Technology

The seventh paper (Greenleaf & Clarke 1984) was published in the primary journal of record of this country's computer science community, the Australian Computer Journal. It reported on an examination of a very specific matter, the scope for a new form of database technology to render impractical an established privacy-protective mechanism, the so-called 'subject access principle'.

This work represented a case study of the way in which developments in information technology undermine privacy protection laws. It provided a basis for understanding the impact of other developments, such as data matching and profiling, and for current challenges such as 'reverse access' to telephone directories, monitoring of energy usage, textual analysis, and the discovery of individual characteristics through the analysis of seemingly anonymous, statistical collections.

Paper 8 - Application of the Theory to the Information Infrastructure

The eighth paper (Clarke 1994c) was published in another 'trans-atlantic' journal which examines the patterns in 'The Information Society'. The paper applies the theory developed in earlier papers in a particular, emergent context, that of the information infrastructure in general and the Internet in particular. It introduced a new concept, the 'digital persona', as a tool in the analysis of behaviour on the net. It then applied the tool, together with data surveillance theory, to predict the monitoring of the 'real-life' behaviour of individuals and groups through their net behaviour.

Papers 9 and 10 - Dataveillance Practices of the Australian Government

During the period 1985-87, the Commonwealth Government developed a proposal to implement a central database of the Australian population, whose purpose, expressed in terms of the theory developed in this body of work, was the facilitation of dataveillance of all residents of this country. Analysis of the proposal was conducted. In parallel with my research work, I disseminated information about the proposal through intermediate-quality and popular publication channels, and participated fully and actively in the lively public debates.

Clarke (1987) provides a carefully documented description and analysis of the proposal, a distillation of the issues, and a political history of the proposal's development and ultimate fate. It appeared in a refereed journal, Prometheus, which is dedicated to the political economy of information technologies, and is published in Australia but has international authorship and readership. The paper was published prior to the proposal's demise; hence an addendum is provided, which appeared in an unrefereed American periodical.

Although the Australia Card proposal was withdrawn in the face of dramatically negative public opinion, the momentum which dataveillance applications of information technology had attained within the Commonwealth public sector was scarcely affected. Clarke (1992) documents a number of developments during the next three years. It is primarily a political history, expressed within the context set by the theory of dataveillance. It appeared in a 'law of information technology' journal published by the John Marshall Law School in Chicago (which has since merged with another similar journal into the Journal of Computer and Information Law, in which Paper 5 appeared some three years later).

Papers 11 and 12 - Regulatory Measures

These two closely related papers were addressed to different audiences. Clarke (1985) appeared in the Australian Computer Journal, and Greenleaf & Clarke (1986) in the Australian-published but internationally-distributed Journal of Law & Information Science. They examined various aspects of the emergent proposals for Commonwealth law to protect information privacy.

The law which was subsequently passed, the Privacy Act 1988, was subjected to in-depth analysis in two lengthy papers. These were distributed among a small community of interested researchers and government agencies, but were not formally published, either in a refereed journal or otherwise, and hence are not included in this body of work.

Paper 13 - The Overtly Political Dimension of Dataveillance

Like other technologies, computing and telecommunications are capable of being applied to the benefit of humanity as a whole, or of particular interest groups within society. Use of information technology by the politically powerful as a means of exercising control over the thoughts and actions of members of the public, is a matter of especial concern to those living in democracies.

Clarke (1994d) was published in the refereed Proceedings of the 13th World Congress of the International Federation for Information Processing. It represented a response to a paper submitted to the conference by a senior government executive of a country which had previously been dominated by the U.S.S.R., and which has no tradition of democracy as it is known in 'western' countries. The paper's importance is that it lifts the application of the theory of dataveillance from the individual and social levels to the political level.

This paper has a significant polemical overtone to it, however, and must be regarded as a first, tentative step in building a bridge between the theory of dataveillance, developed, as it has been, largely from within the information systems discipline, towards broader theories arising in anthropology, sociology and political science.


THE THEORY, PRACTICE AND POLICY OF DATAVEILLANCE

Each of the papers making up this collection was written in such a manner that it could stand alone. One effect of this is that the papers contain a significant amount of repetition. Another effect is that the underlying structure of the argument as a whole is obscured. This section identifies that deep structure.

(1) Theory

The first concern of the body of work was to establish a theory of dataveillance, in part by identifying what already existed, in part by drawing from appropriate reference disciplines, but to a considerable extent by original contribution. The primary papers in the collection which present that body of theory are paper numbers:

(2) Practice

The second concern was to exploit the body of theory as a means of observing and documenting the practice of dataveillance. The primary papers in the collection which address practice are:

On the basis of the empirical evidence, the body of theory has been progressively articulated and extended.

(3) Policy

It is widely claimed that information technology is becoming pervasive, and is giving rise to an 'information economy' and an 'information society'. If this is the case, then its impacts will be substantial, and should be managed. The third and final aspect of the research therefore concerned policy. The papers in the collection which make contributions in this regard are:


EPILOGUE

The collection is completed by an unrefereed 'Issues and Opinions' piece, published in the leading US journal, MIS Quarterly (Clarke 1988b). This is not a piece of careful academic work, but rather a meta-level discussion concerned with the ethics of academic endeavour in the information systems discipline. It is included in this collection for a quite specific purpose.

The argument pursued in this short paper is that information technology's impacts are so great that detached observation is an inadequate stance for an information systems academic. Rather, it is imperative that information systems researchers engage themselves in their subject-matter, and extend themselves beyond mere description and explanation, and even beyond the prediction of the outcomes of artefact design and interventions in organisations and society. This is a further development of a long-standing discussion within the information systems discipline about the need to achieve balance between the relevance of research and the rigour with which it is undertaken (Keen 1980).

It is emphatically not proposed that the scientific ideals of independence and repeatability should be abandoned. It is, however, contended that information systems researchers, or at least those who focus on the 'information management' segment of the discipline, are irretrievably involved in the process of engineering organisations and society, and cannot meaningfully sustain the pretext that they are entirely uninterested in, and unaffected by, the processes around them.


REFERENCES

ALRC (1983) 'Privacy' Report No. 22, Austral. L. Reform Comm., Austral. Govt Publ. Service, 3 vols. 1983

Bennett C.J. (1992) 'Regulating Privacy' Cornell U.P., Ithaca, 1992

Bentham J. (1791) 'Panopticon; or, the Inspection House', London, 1791

Burnham D. (1983) 'The Rise of the Computer State' Random House, 1983

Cowen Z. (1969) 'The Private Man' Boyer Lecture Series, Aust. Broadcasting Comm. 1969

Davies S. (1992) 'Big Brother: Australia's Growing Web of Surveillance' Simon & Schuster, Sydney, 1992

Dunlop and R. Kling (Eds.) (1991) 'Controversies in Computing', Academic Press, 1991

FACFI (1976) 'The Criminal Use of False Identification: the Report of the Federal Advisory Committee on False Identification', U.S. Dept of Justice, 1976

Flaherty D.H. (1989) 'Protecting Privacy in Surveillance Societies' Uni. of North Carolina Press, Chapel Hill, 1989

Foucault M. (1975) 'Discipline and Punish: The Birth of the Prison' Penguin, 1975, 1979

Galliers R.D. (1992b) 'Choosing Information Systems Research Approaches' Chapter 8 in Galliers R.D. (Ed.) 'Information Systems Research' Blackwell, Oxford, 1992, pp.144-163

GAO (1990) 'Computers and Privacy: How the Government Obtains, Verifies,Uses and Protects Personal Data' General Accounting Office, GAO/IMTEC-90-70BR, Washington DC, 1988

HEW (1973) 'Records, Computers and the Rights of Citizens: Report of the Secretary's Advisory Committee on Automated Personal Data Systems' (U.S. Dept. of Health, Education and Welfare) M.I.T. Press 1973

Keen P.G.W. (1980) 'MIS Research: Reference Disciplines and a Cumulative Tradition' Proc. 1st Int'l Conf. Inf. Sys. Philadelphia, December 1980, 9-18

Kling R. (1978) 'Automated Welfare Client Tracking and Welfare Service Integration: The Political Economy of Computing' Comm ACM 21,6 (June 1978) 484-93

Laudon K.C. (1974) 'Computers and Bureaucratic Reform' Wiley, New York, 1974

Laudon K. (1986a) 'Data quality and due process in large interorganisational record systems' Commun. ACM 29,1 (Jan 1986)

Laudon K.C. (1986b) 'Dossier Society: Value Choices in the Design of National Information Systems' Columbia U.P., NY, 1986

Lindop N. (1978) 'Report of the Committee on Data Protection' Cmnd 7341, HMSO, London, 1978

Marx G.T. (1985) 'The New Surveillance' Technology Review (May-June 1985)

Marx G.T. & Reichman N. (1984) 'Routinising the Discovery of Secrets' Am. Behavioural Scientist 27,4 (Mar/Apr 1984) 423-452

Morison W.L. (1973) 'Report on the Law of Privacy' N.S.W. Govt. Printer, Sydney, 1973

NSWPC (1976-) Annual Reports, and reports on particular issues as available, N.S.W. Privacy Committee, Sydney

OECD (1980) 'Guidelines for the Protection of Privacy and Transborder Flows of Personal Data' Organisation for Economic Cooperation and Development, Paris, 1980

OTA (1981) 'Computer-Based National Information Systems: Technology and Public Policy Issues' Office of Technology Assessment, Congress of the United States, Washington DC (September 1981)

OTA (1986) 'Federal Government Information Technology: Electronic Record Systems and Individual Privacy', Office of Technology Assessment, Congress of the United States, Washington DC, OTA-CIT-296, June 1986

Packard V. (1964) 'The Naked Society' McKay, New York, 1964

PCA (1989-) Annual Reports, and reports on particular issues as available, Privacy Commissioner, Human Rights and Equal Opportunities Commission, Sydney

PPSC (1977) 'Personal Privacy in an Information Society' Privacy Protection Study Commission, U.S. Govt Printing Office, 1977

Roszak T. (1986) 'The Cult of Information' Pantheon, New York, 1986

Rule J.B. (1973) 'Private Lives and Public Surveillance' Allen Lane 1973

Rule J.B. (1983) 'Documentary Identification and Mass Surveillance in the U.S.' Social Problems 31:222-234 December, 1983

Rule J.B., McAdam D., Stearns L., Uglow D. (1980) 'The Politics of Privacy' Elsevier, New York, 1980

Smith R. E. (1974-) 'Privacy Journal', Providence RI, monthly since November 1974, and 'Compilation of State and Federal Privacy Laws', Providence RI, annually since 1974

Weber R. (1987) 'Toward a Theory of Artifacts: A Paradigmatic Basis for Information Systems Research' The Journal of Information Systems, 1, 2 (Spring 1987) 3-19

Westin A.F. (1967) 'Privacy and Freedom' Atheneum, NewYork, 1967

Westin A.F. (Ed.) (1971) 'Information Technology in a Democracy' Harvard University Press, Cambridge MA, 1971

Westin A.F. and Baker M.A. (1972) 'Databanks in a Free Society' Quadrangle/N.Y. Times Book Co. 1972


THE WORKS

1. Clarke R. (1988a) 'Information Technology and Dataveillance' Communications of the Association for Computing Machinery 31,5 (May 1988) 498-512, Re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991, at http://www.anu.edu.au/people/Roger.Clarke/DV/CACM88.html

2. Clarke R. (1994a) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Information Technology & People 7,4 (December 1994) 6-37, at http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html

3. Clarke R. (1994b) 'Dataveillance by Governments: The Technique of Computer Matching' Information Technology & People, 7,2 (June 1994) 46-85, at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchIntro.html

4. Clarke R. (1995a) 'Computer Matching by Government Agencies: The Failure of Cost/Benefit Analysis as a Control Mechanism' Information Infrastructure & Policy 4,1 (March 1995) 29-65, at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchCBA.html

5. Clarke R. (1995b) 'A Normative Regulatory Framework for Computer Matching' Journal of Computer & Information Law XIII, 4 (June 1995) 585-633, at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchFrame.html

6. Clarke R. (1993) 'Profiling: A Hidden Challenge to the Regulation of Data Surveillance' Journal of Law & Information Science 4, 2 (December 1993) 403-419, at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperProfiling.html

7. Greenleaf G.W. & Clarke R.A. (1984) 'Database Retrieval Technology and Subject Access Principles' Australian Computer Journal 16,1 (February, 1984) 27-32, not available on the web

8. Clarke R. (1994c) 'The Digital Persona and Its Application to Data Surveillance' The Information Society 10,2 (June 1994) 77-92, at http://www.anu.edu.au/people/Roger.Clarke/DV/DigPersona.html

9. Clarke R. (1987) 'Just Another Piece of Plastic for Your Wallet: The Australia Card' Prometheus 5, 1 (June 1987) 29-45. Republished in Computers & Society 18, 1 (January 1988), with an unrefereed Addendum in Computers & Society 18, 3 (July 1988), at http://www.anu.edu.au/people/Roger.Clarke/DV/OzCard.html

10. Clarke R. (1992) 'The Resistible Rise of the National Personal Data System' Software Law Journal V, 1 (January 1992) 29-59, at http://www.anu.edu.au/people/Roger.Clarke/DV/SLJ.html

11. Clarke R. (1985) 'Impact on Practitioners of the Australian Law Reform Commission's Information Privacy Proposals' Australian Computer Journal 17, 2 (May, 1985) 76-84, not available on the web

12. Greenleaf G.W. & Clarke R. (1986) 'A Critique of the Australian Law Reform Commission's Information Privacy Proposals', Journal of Law and Information Science 2, 1 (August 1986) 83-110, not available on the web

13. Clarke R. (1994d) 'Information Technology: Weapon of Authoritarianism or Tool of Democracy?' Proc. 13th World Computer Congress, Elsevier, Hamburg (September 1994) 588-596, at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperAuthism.html

Epilogue

14. Clarke R. (1988b) 'Economic, Legal and Social Implications of Information Technology' unrefereed Issues & Opinions article, MIS Quarterly 12,4 (December 1988) 517-519, at http://www.anu.edu.au/people/Roger.Clarke/DV/ELSIC.html


ACKNOWLEDGEMENTS

The research underpinning this body of published works has been undertaken progressively between 1971 and 1995, with refereed publications appearing from shortly after I entered academe for the first time, when I joined the A.N.U. in 1984. The program has absorbed a very large amount of time and energy, over an extended period. The acknowledgement of the long-term support of my parents, Tony and Rene Clarke, and my wife, Linda Spinaze, may be ritual in a work of this nature, but is nonetheless appropriate and heartfelt.

The earliest stimulus for my interest in the area arose in a class with Graham Pont, of the University of N.S.W., in 1971. It was intellectually nurtured by the work of Bill Morison of the University of Sydney, and politically driven by the Attorney-General of N.S.W. at the time, John Madison. I was challenged to deliver an information technology perspective on privacy by Bill Orme, foundation Executive Member of the N.S.W. Privacy Committee. The challenges Bill set, and I and my co-researchers Penny Goode and Graham Greenleaf began to address during those foundation years (1975-77), established the agenda I've been pursuing ever since.

Particularly during the years either side of 1980, I profited from interactions with Michael Kirby, then Chair of the Australian Law Reform Commission and of the Expert Group which was responsible for the OECD Guidelines. Throughout the years, I have sustained frequent and important contact with Graham Greenleaf, now of the University of N.S.W., Sydney. I have greatly valued my many discussions with Nigel Waters, whose full-time commitment to privacy regulation extends over a decade as the senior executive in the Offices of firstly the United Kingdom Data Protection Commissioner and subsequently the Australian Privacy Commissioner.

There is only a small number of people who have made sustained contributions to the theory, practice and policy of dataveillance. In addition to drawing on their work, I've had the pleasure of meeting with and forming friendships with virtually all of them. I have particularly valued my interactions with the following people (in alphabetical order): Phil Agre (University of California at San Diego), Colin Bennett (University of Victoria, Canada), Julie Cameron (Consultant, Sydney), Simon Davies (Australian Privacy Foundation and Privacy International), David Flaherty (University of Western Ontario and currently Privacy Commissioner for British Columbia), Rob Kling (University of California at Irvine), Ken Laudon (New York University), Gary Marx (University of Colorado at Boulder), Jim Nolan (Barrister, Sydney), Kevin O'Connor (Australian Privacy Commissioner), Marc Rotenberg (Electronic Privacy Information Centre, Washington), James Rule (State University of New York at Stony Brook), Rohan Samarajiva (University of Ohio), Robert Ellis Smith (Privacy Journal, Providence, Rhode Island) and Marcus Wigan (Australian Privacy Foundation).

My thanks to all who've helped me persist with my work on data surveillance. The difficulties it presents, and its unpopularity, especially when juxtaposed against its importance, make it imperative that we sustain our commitment.

Canberra - August 1995


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 17 January 1997

Last Amended: 12 November 2003


These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916