Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2018
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Marcus Wigan ** and
Roger Clarke ##
Version of 19 April 2006
Proc. RNSA Workshop on Social Implications of Information Security Measures upon Citizens and Business, Uni. of Wollongong, 29 May 2006
Published in Michael K. & Michael M.G. (Eds.) 'The Social Implications of Information Security Measures on Citizens and Business' Research Network Secure Australia, 2006, Chapter 2, pp. 27-44
Revised version published as Wigan M. & Clarke R. (2006) 'Social Impacts of Transport Surveillance' Prometheus 24, 4 (December 2006) 389-403, from http://www.informaworld.com/smpp/title~content=g759284117~db=all
This is also a preprint of an article submitted to and subsequently published in Prometheus 24, 4 (December 2006 ) 389 - 403
© Oxford Systematics and Xamax Consultancy Pty Ltd, 2006
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/DV/SITS-0604.html
The transport sector is a natural focal point for surveillance measures to combat the threat of terrorism. It is also a complex environment that offers many examples of the social impacts of contemporary surveillance.
Surveillance needs to be assessed against the standards used to justify other forms of security measures. The efficacy of many surveillance schemes, however, is in serious doubt. Justification for these schemes is commonly either lacking entirely or is unpublished and hence has not been subjected to critical evaluation.
A small set of mini-cases is presented, in order to identify social impacts of 21st century surveillance schemes that have been implemented as fear-driven responses to terrorist acts. Those impacts are argued to be seriously harmful to Australian society.
Trust is crucial to public acceptance of intrusive measures. But the absence of justification for surveillance, and of controls over abuses, is likely to see the rapid dissipation of trust, firstly in the assertions of national security and law enforcement agencies, and secondly in the politicians who have been rubber-stamping their demands.
The citizens of a number of countries are under threat from terrorist actions, or at least perceive themselves to be so as a result of statements by their governments. This mixture of real and perceived threat has enabled national security and law enforcement agencies in many of these countries to achieve extensions to their powers, resulting in a major shift in the balance between human rights and social control. Increased surveillance, and substantial spending on surveillance technologies have been conspicuous features during this phase. This paper considers the social impacts of this increase in surveillance by reference to the surveillance of transport activities.
Transport is an attractive area in which to concentrate investment in surveillance. People and materiel that constitute threats have to use transport to reach their target. Moreover, large transport vehicles, in the form of ships (in Yemen), aircraft (in New York and Washington) and trucks (in Iraq on a daily basis) are means whereby criminals can inflict damage and misery, and disrupt the confidence required by the community to go about their business and social activities and to use transport systems. In addition, there has been considerable investment in information infrastructure within the transport sector. In most cases, the justifications for the investment were originally economic or social, but the opportunities that they offer for national security purposes are now being grasped as well.
Surveillance is, however, intrusive and demeaning. It signals that powerful organisations distrust people, and it encourages distrust by people of one another, and of organisations. It creates a 'chilling effect' on various kinds of behaviour by various kinds of people. Whether the intended behaviours are chilled, or otherwise constrained, is a critical issue: in free and democratic nations, substantial impositions on people need to be justified, and to be seen to be justified. A primary motivation for this analysis is to assess the extent to which the justification exists, is being communicated, and is being subjected to critical assessment. This is particularly important in a country where the actual risks are extremely low - particularly whan compared to deaths and injuries on the road system (c. 1,600 p.a.), but even to deaths due by drowning (c. 200 p.a.) and assault (c. 200 p.a.), and possibly deaths due to bee and wasp stings (c. 2 p.a.) and shark attacks (c. 1 p.a.).
The paper commences by examining the ways in which surveillance represents an element of security strategy. It then surveys the field of transport surveillance, and examines the social impacts of transport surveillance. The aim throughout is to extract implications of the analysis that are relevant to surveillance generally. Conclusions are drawn about the extent to which surveillance, as it has been imposed in the context of 'the war on terrorism' rhetoric, has been publicly justified, and can continue to be imposed as it has been since September 2001.
This section examines the nature of surveillance as a security tool, and the benefits it can deliver. It first describes the notion of security safeguards, then defines surveillance, outlines the special cases of location and tracking, and places surveillance in the context of security dafeguards generally.
The term 'security' is used in at least two senses: as a condition in which harm does not arise, despite the occurrence of threatening events; and as a set of safeguards designed to achieve that condition. Threats exist, variously natural, accidental and intentional. Threatening events, in which a theoretical threat becomes real, give rise to harm. They do this by impinging on vulnerabilities, which are aspects of a system that render it susceptible to harm arising.
Safeguards or security measures can be devised to address threats, to monitor vulnerabilities, and to ameliorate harm. Security safeguards may be designed to perform one or more of the following functions:
Any proposed security safeguard needs to be assessed, in order to understand what contributions it is capable of making to those functions, what conditions must exist for the objectives to be achieved, what susceptibility they have to countermeasures, and what new vulnerabilities they give rise to. The costs and other disbenefits of a security safeguard need to be taken into account. These include not only the direct costs, but also the opportunity costs, by which is meant the opportunities that are foregone by committing specific resources to a particular security safeguard rather than to alternative uses.
The term 'surveillance' derives from the fraught times of the French Revolution at the end of the 18th century. It refers to the systematic investigation or monitoring of the actions or communications of one or more persons. It is useful to distinguish several categories:
The basic form of surveillance is physical, and comprises watching (visual surveillance) and listening (aural surveillance). Monitoring may be undertaken remotely in space, with the aid of image- amplification devices like field glasses, infrared binoculars, light amplifiers, and satellite cameras, and sound- amplification devices like directional microphones; and remotely in time, with the aid of image and sound- recording devices. In addition to physical surveillance, several kinds of communications surveillance are practised, including mail covers and telephone interception. The popular term 'electronic surveillance' refers to both augmentations to physical surveillance (such as directional microphones and audio bugs) and to aspects of communications surveillance, particularly telephone taps.
Since the explosion in the scale and accessibility of collections of data about things and people, data surveillance has developed as a convenient and relatively inexpensive approach to monitoring. Dataveillance is "the systematic monitoring of people's actions or communications through the application of information technology" (Clarke 1988, 2003a). It depends on the acquisition of data, preferably streams of data, and preferably from multiple sources.
Some surveillance technologies support the location of specific objects or individuals in some space. Further, they may support tracking, which is the plotting of the trail, or sequence of locations, that is followed by an entity within that space, over a period of time. The 'space' within which an entity's location is tracked is generally physical or geographical; but it may be virtual, e.g. a person's successive interactions with a particular organisation (Clarke 2001).
Due to timeliness limitations, data generated by a surveillance measure may only be able to be used for retrospective analysis of a path that was followed at some time in the past. A 'real-time' trace, on the other hand, enables the organisation undertaking the surveillance to know where the entity is at any particular point in time, with a degree of precision that may be as vague as a country, or as precise as a suburb, a building, or a set of co-ordinates accurate to within a few metres.
A person in possession of a real-time trace is in many circumstances able to infer the subject's immediate future path with some degree of confidence. Given an amount of data about a person's past and present locations, the observer is likely to be able to impute aspects of the person's behaviour and intentions. Given data about multiple people, intersections can be computed, interactions can be inferred, and group behaviour, attitudes and intentions imputed.
Location technologies therefore provide, to parties that have access to the data, the power to make decisions about the entity subject to the surveillance, and hence to exercise control over it. Where the entity is a person, it enables those parties to make determinations, and to take action, for or against that person's interests. These determinations and actions may be based on place(s) where the person is, or place(s) where the person has been, but also on place(s) where the person is not, or has not been. Surveillance technologies that support tracking as well as location extend that power to the succession of places the person has been, and also to the place that they appear to be going.
Surveillance can be utilised as security safeguard. But it is a safeguard of a very particular kind, and it requires careful assessment in order to appreciate what it can and cannot contribute, under what circumstances, and at what costs.
Surveillance is essentially an intelligence activity. It may be designed for any of several purposes:
Generally, a surveillance scheme designed for one of these purposes may not contribute a great deal to others. Security strategies based on anticipation of an action generally do not - and often cannot - work on the basis of verified or verifiable evidence, but rather on profiling, and on narrowing down the range of groups and individuals who might be planning an action, enabling pre-emptive measures.
The capacity of surveillance to assist with the performance of the various security functions identified in section 2.1 above can be analysed as follows:
Within this generic framework, the following section considers various forms of surveillance that are applied in the transport context.
The term transport is used in this paper to refer to all forms of conveyance, whether intended for freight or for individuals, and irrespective of the mode, hence including road, rail, water and air transport. This section provides a brief survey of surveillance in transport as a whole, supplemented by mini-cases that provide insight into patterns of use, and impacts and implications.
Transport surveillance may be focussed on an area, such as a container loading-point, or an inter-modal interchange. Alternatively, it may be oriented towards objects, including installations such as a gate, vehicles, and items of cargo. Applications include video-recording, spatial logging of vehicle location and movement, and RFID usage in supply chains. Surveillance may be focussed on individuals, either directly, or by inference, based on their association with one or more areas, one or more objects, or both.
Transport offers both real-time and retrospective surveillance opportunities. Some real-time contexts also provide the capacity to pick out vehicles of interest, to retrospectively trace their connections with other vehicles and other locations, and to thereby infer their associations and patterns of behaviour. Some surveillance measures provide the capability to predict with a degree of confidence the likely destination of a vehicle or person, and even to impute the person's intentions.
Surveillance designs that are concerned primarily with people include:
Such elements of transport-related surveillance create the scope for enormously detailed and precise surveillance of individuals' movements, activities, and personal and business linkages. The privacy impacts of these measures are potentially quite extreme, because they create intensive trails which create the scope for location and tracking, and hence they create the scope for many additional applications for many additional purposes.
Surveillance to assist with security has long been a major issue in goods transport, as loads may be very valuable, and loads may be dangerous. The monitoring of freight transport vehicles has long been accepted as appropriate, and the side-effect of driver surveillance has been worked through over quite some time, starting with automatic vehicle logging systems, in order to achieve an acceptable balance.
But surveillance is now being extended to encompass the great many individuals associated with transport of loads into and out of ports and interchange facilities. This draws into the surveillance net people who are far removed from the driving task. Whereas the monitoring of road transport drivers and train drivers was the subject of prior consultative processes and negotiated and balanced features, these extensions have not had the benefit of such interactions.
Speed management strategies can be developed in several different ways. For example, the use of covert cameras has been shown to be effective in securing generally lower traffic speeds, and to be more effective than the use of cameras whose locations are publicly declared. Overt cameras, on the other hand, act as a warning-marker for high-risk locations. The use of covert cameras, especially in what are apparently safe areas and locations, has the effect of reducing public trust in the reasonableness of the speed management strategy. This must be balanced against the general effect of reduction of the speed environment as a whole.
This tension has much in common with surveillance and security strategies, where the pin-pointing of the covert surveillance can undermine the deterrent effect of the strategy, whereas if it is not disclosed at all then the general impact will be lower than if it is intensively focussed on specific locations or systems. This tension between community trust and general effectiveness and deterrence needs to be finely balanced, as indeed is evident in the continuing public debates about speed camera strategies, which oscillate between visible deterrence and systems-wide general impact targets. The system-wide effects of covert enforcement are significant in terms of behavioural modification, but one price of this strategy is a greater distance between the police and the community.
There are similarities between the security strategies of direct after-the-event prosecutions and pre-event actions based on probabilities and the speed strategies. The speed strategies of direct, credible and immediate on-the-spot enforcement strategies and their clear nexus with civil law, evidence and intent and the system-wide covert automated penalty approach which leaves many weeks between event and reinforcement are both still capable of civil demonstration and evidence, while preemptive security actions are not, and cannot be.
In short, the medium-term effectiveness of surveillance schemes is dependent upon social acceptance and trust (Danile et al. 1990, Wigan 1995).
One automated enforcement system that is attracting much attention at present is Automatic Number Plate Recognition (ANPR). This involves a camera stationed near a road, capturing images of the numberplates of passing vehicles, using pattern-matching recognition - in a manner similar to Optical Character Recognition (OCR) for documents - and making the data available to back-end applications.
ANPR data can be used to automatically generate and despatch notices of speed violations, and to charge vehicle-owners for road-usage. ANPR can also be used to compare passing registration-numbers against a 'blacklist', reflecting, for example, cars that have been reported as being stolen (and whose numbers have not yet been deleted from the database), or cars that are subject to an alert because they are recorded as having been used in past by a person who is the subject of personal surveillance. This capacity is already in use in the U.K., and has been touted as "[future] infrastructure across the country to stop displacement of crime from area to area and to allow a comprehensive picture of vehicle movements to be captured" (Connor 2005). It has been mooted by at least two State Governments in Australia.
A 'hit' on the blacklist may be used merely to generate a record for future data-mining, or to trigger action by law enforcement agencies, e.g. to intercept the vehicle on the basis of the suspicion generated by the entry in the database. These schemes have been introduced with little or no public involvement, little or no discussion in parliaments, and without any apparent controls over use, abuse, data retention and function creep.
"A passport was originally a document, provided by a sovereign to an individual, which requested officials at borders and in seaports to permit the bearer to enter. The notion was known to English law at least as early as 1300. At the end of the nineteenth century, passports were issued on request, by the governments of various countries, in order to provide evidence of nationality, and, by implication, of identity. But there were few circumstances in which it was actually necessary to have one, even when crossing national borders. After World War I, in a climate of mass movements of displaced persons, it became increasingly common for governments to demand documents which evidenced a person's nationality. An international conference in 1920 established the present passport system. During the inter-war period, the passport became a near-universal requirement for international travel. It has remained so" (Clarke 1994).
Government agencies have grasped the opportunity presented by the post-September 2001 terrorism 'managed hysteria' to arrange parliamentary approval for a new form of passport that embodies various technologies. In Australia, the Passports Office actively avoided making information available to the public, and indeed to the Parliament. Even after the new scheme was launched in October 2005, the information made available remains so scant as to be almost worthless from the viewpoint of someone trying to understand the scheme's features (DFAT 2005).
It appears that the document includes a contactless chip, which contains at least the same personal data as the printing on the document and the previous magnetic-stripe, but in a form that is machine-readable provided that the reader has access to a cryptographic key. The original proposals were subject to enormous vulnerabilities of a privacy nature, extending to the point of facilitating identity theft. The protections ultimately implemented are claimed to be compliant with a (hastily flung together) specification approved by an international association of governments (ICAO 2004). If effective, then the worst of the data-leakage problems in the original proposals have been overcome. But it remains unclear what additional data the chip contains now, what it may contain in the future, and who will be permitted the capacity to access the data.
Among the powers that the Department achieved by submitting a replacement statute for brisk and almost entirely unconsidered approval by acquiescent law-makers was the freedom to implement biometrics, in whatever manner the Department sees fit, subject only to convincing their own Minister of the day. This was done in such a manner as to avoid even mentioning the word or concept of biometrics in the relevant s.47. This represents an extraordinary delegation of power to public servants.
The mythology used to produce time-pressure for the provision in the Bill was that a chip-based scheme carrying a biometric was necessary to retain Australian status under the U.S. visa-waiver program for short-term visits. This was simply presumed to be extremely important. It is unclear how significant the claimed justification is, even for the small minority of Australians who do business in the U.S. or travel there as tourists, and it appears never to have been subjected to analysis or public consultation.
(DFAT 2005) states that "facial recognition technology is being introduced to coincide with the release of the ePassport". On the other hand, the accompanying press release of 25 October 2005 said circumspectly that the new passport "will enable the implementation of cutting-edge facial recognition technology"; so it is unclear whether or not the Department has yet implemented it.
Facial recognition technology has been trialled in the SmartGate scheme run by the Australian Customs Service (ACS). In responding to criticisms of the technology's effectiveness (e.g. Clarke 2003b), ACS has acknowledged that it is not a security feature, but rather a 'customer service' feature. The very probable failure of the facial recognition technology appears likely to be used as an excuse to implement successive biometric schemes, progressively creating a government-controlled pool of biometrics of Australians, available for sharing with friendly governments, and other strategic partners.
These new forms represent a potentially enormous leap in the power of the State over individuals. The passport has been transformed into a general identity document, with apparently enhanced credibility through the inclusion of a biometric element. This creates the risks of wider permeation of biometric identifiers, and of function creep towards use in circumstances other than at national borders. The ability of an agency to achieve the wide and uncontrolled powers that it has, without so much as the pretence of public consultation, augurs very ill for the survival of freedom of anonymous movement within the country's borders.
The examples outlined above need to be seen in the context of widespread endeavours to pool personal data sourced from different programs. The tracking of identified individuals generates increasingly intensive data-sets. The existence of data about movement paths creates risks in relation to dangerous cargo, valuable cargo, and persons of interest. Further, through correlation of locations and times in entries for one person with the entries for another person, social networks can be inferred, at least with probabilistic confidence.
The many transport surveillance applications produce multiple data-trails. Linkages and correlations across depot, toll-road, ANPR and public transport schemes, for example, are capable of generating yet more detail about a person's movements and habits. Such intrusiveness is a matter of sensitivity to corporate strategists, deal-makers and salesmen as much as it is to individuals in less exalted occupations. Those who have in mind to exercise rights of political speech and action are increasingly likely to be confronted by this data, directly from national security and law enforcement agencies, or more likely via their employers, Centrelink, and grants administrators.
Collections of tracking data are capable of being linked with data from other sources, variously for personal data surveillance (of a suspect), or for mass data surveillance (in order to generate suspects). Data may be acquired from many sources, such as consumer marketing databases, government registers, and health systems. The operators of each such system is similarly tempted to seek additional sources to link with their own, and barter is an attractively low-cost approach. Data protection laws are already very weak, and are easily subverted and amended. They represent only a limited barrier for powerful corporations and government agencies.
The explosion in surveillance opportunities needs to be seen in the light of strenuous efforts to destroy the longstanding norm of anonymity in both travel, and the conduct of large-volume / low-value transactions. In the space of a decade, public transport tickets and toll-road payments have been changed to preclude cheap and convenient travel in the absence of an authenticated identifier - simply through refusal to accept payment other than by credit-card and debit-card. Such cards are subject to 100-point checks as a result of government diktat justified by the mythology of money-laundering. (These schemes have been in place for years, with barely any significant results. The solution has of course not been to admit that they don't work, but rather to claim that they will, provided that they're extended yet further).
The public has enjoyed anonymity in many transactions, and the freedom to use multiple identities. Some uses are for criminal or anti-social purposes, but the vast majority are harmless to society and important to individuals. Examples of people for whom multiple identities are a matter of sheer physical safety include undercover national security and law enforcement personnel, protected witnesses, psychologists and counsellors and many other groups who need to maintain separation between their private and professional personas - and obscuration of their locations.
Transport-based security systems targeting people, whether directly or only incidentally, are capable of rapidly breaking down longstanding protections. It is remarkable that schemes could have been introduced so blindly, without a debate as to how society handles these important issues.
The examples of transport surveillance outlined in the previous section evidence a wide range of serious social impacts and implications. They have not yet been subjected to a coherent evaluation of their privacy impacts. Nor have the broader social effects of such systems yet been thought through.
A study of surveillance in other settings would appear very likely to generate a long list of comparable problems. For example, some access control systems to premises and to computer-based systems are being linked to criminal records (in such areas as registration of teachers and child-care workers), and to health records (e.g. for pilots and train-drivers). Such inter-system data linkages open up high probabilities of misuse, and of automated errors arising from conflicts and ambiguities in identity-matching, and in data definition, accuracy, precision and timeliness. They therefore give rise to many forms of socially expensive stress.
Consideration of these schemes leads to a number of inferences about their design features:
In addition, control issues emerge:
There are clear antidotes to these ills. Techniques for the evaluation of proposals for technology applications are well-established, in such forms as cost-benefit analysis and the more appropriate cost-benefit-risk analysis. The stakeholder concept is well-known to encompass not just government agencies, technology providers, and business 'partners', but also affected individuals. The process of privacy impact assessment (PIA) is well-established (e.g. Clarke 1998). Focus-group techniques are available. Representative and advocacy organisations are available to consult with, and the principles that guide effective community information and consultation processes are well-known. Agencies have no excuses for failing to inform and consult. But some prefer to ignore public opinion, and exercise their power.
What is lacking is not the ability to specify appropriate processes, but rather courage on the part of parliamentarians to ask hard questions, and to say 'no' to the national security community. It could be argued that courage is also lacking on the part of senior executives, who are failing to oppose excessive demands from national security and law enforcement agencies. Those senior executives are compromised, however, and unlikely to take actions to benefit freedoms. Social control is a primary motivation for many senior government executives - carriage of the original Australia Card proposition was after all with Health, supported by Treasury and to some extent Social Security and Immigration (Clarke 1987). The mandarin class appears to subscribe to the belief that there will be a 'trickle-down effect' from the recent spate of authoritarian initiatives, which will benefit mainstream agencies.
Transport security systems eat into the social space, and they have been doing so in an unaccountable manner. It is far from clear that the ostensible reasons for their introduction are justified. Their extended application would be even more intrusive and threatening.
Proposals for new and enhanced surveillance schemes, in transport as elsewhere, must be measured against the norms of security analysis and design. It is clear that the dependence on rushed presentation of proposals to Ministers and the Parliament under the guise of 'measures necessary in order to conduct the war on terrorism' have been a smokescreen for the absence of any such assessments having been undertaken even behind the closed doors of national security agencies.
The agencies that are imbued with the surveillance and intelligence culture are utilising their opportunity to the utmost, and can be expected to extend the window as long as they can. They have little interest in ceding the ground they have won through the fog of misinformation. What community leaders must now do is appreciate the massive harm that surveillance measures are doing to public confidence in its institutions. It is increasingly obvious to the public that not only are there few wolves to cry out about, but the impediments that have been built are impediments to normal activities of normal people, not to the violent activities of such terrorists and latent terrorists as exist in this country.
The lack of legitimacy will rapidly undermine the preparedness of the public to accept substantial constraints that are available for government control of miscreants rather than for the claimed terrorist threat. Recourse to the excuse of 'drug barons' and 'organised crime' is on similarly thin ice, because of the failure of data surveillance in particular to bring them to book. The collapse in confidence will accelerate as abuses come to attention, and as the reality of the various schemes' privacy-threatening features and lack of controls hits home.
Community trust in the State cannot be sustained in the absence of transparency. Individuals and communities are being precluded from contesting claims made by the State of the necessity of extremist measures. The lessons of the speed campaigns of the last 20 years makes it all too clear that this is a pivotal point, as community social capital is inevitably undermined by intelligence-based preemptive actions. Cooperation by the public, and by the workers whose job it is to operate and maintain such schemes, can be withdrawn at short notice if trust is not established and maintained. The integrity of surveillance schemes, in transport and elsewhere, is highly fragile.
The last few years have seen a headlong rush to secure national infrastructure, and to protect people's physical safety from major acts of violence. This movement embodies major risks to society. The right of freedom of anonymous movement within the country has been suddenly and substantially compromised. The freedoms to be, to think, and in most circumstances to act differently from other people, and privacy and civil rights more generally, are being destroyed, not by terrorists, but by 'friendly fire'. It's vital that Australians energetically resist not only religious fundamentalism but also national security fundamentalism.
URLs accessed April 2006
Clarke R. (1987) 'Just Another Piece of Plastic for your Wallet: The 'Australia Card' Scheme' Prometheus 5,1 (June 1987), at http://www.rogerclarke.com/DV/OzCard.html
Clarke R. (1988) 'Information Technology and Dataveillance' Comm. ACM 31,5 (May 1988). Re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991, at http://www.rogerclarke.com/DV/CACM88.html
Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues', Information Technology & People 7,4 (December 1994) 6-37, at http://www.rogerclarke.com/DV/HumanID.html
Clarke R. (1998) 'Privacy Impact Assessment Guidelines', Xamax Consultancy Pty Ltd, February 1998, at http://www.xamax.com.au/DV/PIA.html
Clarke R. (1999) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' Proc. User Identification & Privacy Protection Conference, Stockholm, 14-15 June 1999, at http://www.rogerclarke.com/DV/UIPP99.html
Clarke R. (2000) 'How to Ensure That Privacy Concerns Don't Undermine e-Transport Investments' Proc. AIC e-Transport Conf., Melbourne, 27-28 July 2000, at http://www.rogerclarke.com/EC/eTP.html
Clarke R. (2001) 'Person-Location and Person-Tracking: Technologies, Risks and Policy Implications' Infor. Techno. & People 14, 2 (Summer 2001) 206-231, at http://www.rogerclarke.com/DV/PLT.html
Clarke R. (2003a) 'Dataveillance - 15 Years On' Proc. Privacy Issues Forum, New Zealand Privacy Commissioner, Wellington, 28 March 2003, at http://www.rogerclarke.com/DV/DVNZ03.html
Clarke R. (2003b) 'SmartGate: A Face Recognition Trial at Sydney Airport' Xamax Consultancy Pty Ltd, August 2003, at http://www.rogerclarke.com/DV/SmartGate.html
Connor S. (2005) 'Britain will be first country to monitor every car journey' The Independent, 22 December 2005, at http://news.independent.co.uk/uk/transport/article334686.ece
Daniel M., Webber M.J. & Wigan M.R. (1990) 'Social impacts of new technologies for traffic management' Australian Road Research Board, Research Report ARR 184, 1990
DFAT (2005) 'The Australian ePassport', Department of Foreign Affairs, undated but apparently of October 2005, at http://www.dfat.gov.au/dept/passports/
ICAO (2004) 'Biometrics deployment of Machine Readable Travel Documents: Annex I - Use of Contactless Integrated Circuits', International Civil Aviation Organisation, May 2004, at http://www.icao.int/mrtd/Home/Index.cfm
Kopytoff V. (2006) 'Wi-Fi plan stirs big brother concerns Log-on rule would allow Google to track uses whereabouts in S.F.' San Francisco Chronicle, 8 April 2006, at http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/04/08/BUGROI5S5J1.DTL
Pollack P. (2005) 'Concerns arise over Google user tracking in SF' Ars Technica, 10 April 2006, at http://arstechnica.com/news.ars/post/20060410-6570.html
Wigan M.R. (1995) 'The realizability of the potential benefits of intelligent vehicle-highway systems: the influence of public acceptance' Infor. Techno. & People, 7, 4 (1995) 48-62Wigan M.R. (1996) 'Problems of success: Privacy, property, and transactions' In Branscomb L. & Keller J. (Eds.) 'Converging Infrastructures: Intelligent Transportation and the NII', MIT Press, 1996
Dr Marcus Wigan is Principal of Oxford Systematics, Professorial Fellow at the University of Melbourne, Professor of both Transport and of Information Systems at Napier University Edinburgh and Visiting Professor at Imperial College London.
He serves on the Ethics Task Force and the Economic Legal and Social Implications Committee of the Australian Computer Society, of which he is a Fellow.
He has worked on the societal aspects of transport, surveillance and privacy both as an engineer and policy analyst and as an organisational psychologist. He has published for over 30 years on the interactions between intellectual property, identity and data integration in electronic road pricing and intelligent transport systems for both freight and passenger movements. He has long been active with the Australian Privacy Foundation, particularly on transport issues, and works with the University of Melbourne on transport engineering and information issues in both logistics and social and environmental factors.
His work in Scotland is focussed on data observatories, knowledge management and transport informatics, currently as part of a European Union railway project: in London on the issues of a national transport data infrastructure; in Australia he has also worked on vehicle identification and related issues.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.
He was for a decade the Chair of the Economic Legal and Social Implications Committee of the Australian Computer Society, and spent some time as the ACS Director of Community Affairs. He holds degrees from UNSW and ANU, and has been a Fellow of the ACS since 1986. He has been a Board-member of the Australian Privacy Foundation since its foundation in 1987.
He has undertaken research, consultancy and public interest advocacy, and published extensively in Australia and overseas, in the areas of identification, security, dataveillance and social impacts and implications of information technology, for over 30 years. His website is one of the most extensive and most used resources in these areas.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 31 March 2006 - Last Amended: 19 April 2006 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/SITS-0604.html