Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Surveillance and Privacy'

Surveillance and Privacy

Version of 11 October 2022

For a presentation to U3A, Ainslie, 19 October 2022

Roger Clarke **

© Xamax Consultancy Pty Ltd, 2022

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at http://rogerclarke.com/DV/SandP-U3A.html

The accompanying slide-set is at http://rogerclarke.com/DV/SandP-U3A.pdf


Extended Abstract

Introduction

Privacy can be intruded upon accidentally, occasionally and sporadically. It can also be invaded systematically, and that has become far more common with the increased sophistication and normalisation of surveillance in recent decades. The threats are technologically and contextually highly diverse.

Privacy

It's useful to first review the nature of privacy. There are many definitions and interpretations, most of them inadequate or misleading. It's about the protection of 'personal space', but it's seldom a right, and is best regarded as an 'interest' that individuals have. It involves both 'freedoms from' and 'freedoms to'. And, despite the focus of the law and a lot of discussion on data protection, data privacy is only one of multiple dimensions or types of privacy interest.

When considering the impact of surveillance on privacy, it's most useful to start by acknowledging the many concerns about data-handling, that is, the collection, storage, retention, use and diclosure of data. Data in transit is also subject to considerable communications surveillance threats. Then there are some threats to individuals' physical integrity, such as State-imposed vaccinations and blood transfusions, and demands for samples of tissue and fluids. Some of those give rise to additional data threats, because body-samples carry DNA of both individuals and their relatives. Then there are threats to behavioural privacy arising from the observation of activities, movements, preferences and associations, even where no data is recorded. A fifth kind of 'personal space' that has leapt to prominence since the turn of the century is experiential privacy. Our reading choices, our attendance at live events, and what audio- and video-recordings we decide to listen to and watch, have all switched from unrecorded, 'analogue' to recorded digital behaviour.

Why does this matter? Contrary to the presumptions (or preferences) of some in the business world, and some organisations and individuals committed to government surveillance of the populace, a lot of people take very badly to being treated in the same inhumane way as is done to artefacts and animals. The nature of the concern varies between individuals, and between circumstances, but extends across the physical, psychological, economic, political and philosophical planes.

One of the important insights gained by regarding privacy as an interest rather than some form of 'right' is that privacy protections for some may threaten other interests. Some of those interests are societal or community - reflecting the fundamental challenge of individualism versus collectivism. Some involve conflicts between what an organisation desires and the needs of the individuals who they interact with. Sometimes balances are needed between the interests of two individuals. And individuals themselves face conflicts, such as whether to compromise their personal space in order to get access to, for example, a loan, or an alibi.

Surveillance

With that as background, the many forms of surveillance become easier to analyse. The idea has been around since the snake peeked at Adam and Eve in the Garden of Eden. The word existed in French prior to the French Revolution, but investment in it, and use of the term, both exploded during Robespierre's Reign of Terror. With the English aristocracy watching on it horror, it quickly crossed the Channel, and was applied to Bentham's 'panopticon' design for prisons, with efficient 'watching from above' intended as a more humane treatment than execution or transportation to New South Wales.

The original forms were all visual and spatial, and they've continued unabated since, with many technological advances increasing the capacity to see and to hear, and to record. Electronic communications commenced in the 1840s, and within months so did wire-tapping, as a form of electronic listening.

Dataveillance

The generic notion of surveillance has to do with systematic investigation or monitoring. The economics of surveillance activities had improved somewhat since the 1780s, but capabilities leapt in the 1980s. The volume of machine-readable data about individuals reached critical mass. It was quickly discovered that this enabled more efficient watching, and hence greater scope to influence and control people. Rather than watching the individual, data about them is used as a proxy, and decisions made about the proxy and applied to the person. People currently over 60 remember bank managers, and interviews to get loans; whereas people under 40 don't know what the people over 60 are talking about.

Fast-forwarding 20 years to the noughties, and the data-volumes had escalated enormously. Most data is now 'born digital', and much if it is captured by individuals themselves, acting as unpaid employees of the organisations they deal with. The frequency with which data is gathered about each person is vastly higher, and the granularity is too. In addition, individuals' locations at the times of their continual transactions are captured, or are inferred from context. Frequent capture of location is equivalent to tracking a person's movements. Dataveillance has graduated from localised and ephemeral, via batch-based retrospective analysis of few data-points, to real-time analysis of many data-points. The scope has been created for projection of location and for inferences about behaviour, which is reasonably described as 'prospective surveillance', but is spruiked by its advocates as being 'predictive'.

Digitalisation

The digitisation of data has enabled a whole new way of doing business and government, which Shoshanna Zuboff famously refers to as 'surveillance capitalism'. That notion seems a little diffuse, but 'digitalisation' isn't. That's the adaptation of organisational processes to take full advantage of digitisation. The interpretation and management of the world is no longer performed through human perception and cognition, but by processes that are almost entirely dependent on digital data.

The model was described by a Berkeley applied economist, Hal Varian, in a text published in 1999 by the Harvard Business School. A year later, Eric Schmidt had hired him into Google, the new 'business model' was born, the manipulation of consumers got into full swing, and a host of what are currently referred to as 'tech platforms' joined the new gold rush. The targeting of ads is familiar to the public. What fewer people appreciate is the extent to which consumers' behaviour is and is not successfully manipulated, and how to indulge in counter-manipulation.

Even less understood is the effect of 'micro-pricing'. Shopfront retailers are still stuck in the position of having to rely on vague information about their customers to estimate which price will deliver them the highest financial return. They're stuck with a 'fixed price' for a period of time, glued to the product or at least the shelf. Data-rich business enterprises can change their prices in real-time, to reflect scarcity, and can lie in order to create the impression of scarcity, inducing FOMO 'panic-buying'. Current examples are airlines, accommodation intermediaries, and ski resorts. The tech platforms, meanwhile, have no need to advertise the same price to all comers. They can utilise the digital persona of the individual that they're dealing with, to estimate the highest price the person will pay. The idea of a 'special offer' was once used as though it meant one cheaper than it otherwise would be; but no longer.

And Privacy Protection?

It's long been conventional to distinguish several categories of protection against privacy invasions. Regulation comes in a variety of forms. Organisational practices are capable of playing important roles. Technical tools can help data-holders, and can help individuals. How are they holding up under the barrage of surveillance technology being developed, installed, and inflicted?

The Australian Privacy Act, and all State Acts are (a) creatures of the 1980s designed to address threats of the 1970s, and (b) drastically weakened over the years at the behest of business and governmental interests. The tech platforms are primarily subject to US law, which is for the most part not even up to 1970s levels. The post-9/11 era saw national security extremism take over the Attorney-General's Department, and many other agencies as well. Beyond the massive growth of ASIO, the private sector has been enlisted as part of the government surveillance net. And the reason for the fairly mainstream data-hacking incident at Optus recently becoming such a media and Ministerial extravaganza is that the national security extremists see it as a great opportunity to win yet more powers over business enterprises, and yet more access to yet more personal data. There's frequent talk of upgrading privacy protections, but when Murdoch and other powerful corporate interests side with government executives, the talk comes to nothing.

Organisational protections depend on investment, ongoing commitment, and competence. Data breach notification laws have told us what we already knew, which is that both government and private sector organisations lack all of the above. In short, the application of technical tools, to some extent by organisations - primarily the banking sector - and to a greater extent by individuals, is a vital source of protection against surveillance.


Resources

Clarke R. (1988) 'Information Technology and Dataveillance' Commun. ACM 31,5 (May 1988) 498-512, PrePrint at http://www.rogerclarke.com/DV/CACM88.html

Clarke R. (1994) 'The Digital Persona and its Application to Data Surveillance' The Information Society 10,2 (June 1994) 77-92, PrePrint at http://www.rogerclarke.com/DV/DigPersona.html

Clarke R. (1997) 'Introduction to Dataveillance and Information Privacy, and Definitions of Terms' Xamax Consultancy Pty Ltd, August 1997, at http://www.rogerclarke.com/DV/Intro.html

Clarke R. (1999) 'Internet Privacy Concerns Confirm the Case for Intervention' Commun. ACM, 42, 2 (February 1999) 60-67, at http://www.rogerclarke.com/DV/CACM99.html

Clarke R. (2008) 'Web 2.0 as Syndication' Journal of Theoretical and Applied Electronic Commerce Research 3,2 (August 2008) 30-43, PrePrint at http://www.rogerclarke.com/EC/Web2C.html

Clarke R. (2009a) 'Privacy Impact Assessment: Its Origins and Development' Computer Law & Security Review 25, 2 (April 2009) 123-135, PrePrint is at http://www.rogerclarke.com/DV/PIAHist-08.html

Clarke R. (2009b) 'A Framework for Surveillance Analysis' Xamax Consultancy Pty Ltd, August 2009, at http://www.rogerclarke.com/DV/FSA.html

Clarke R. (2017a) 'An Instrumentalist's View of Koops et al.'s Typology of Privacy' Xamax Consultancy Pty Ltd, January 2017, at http://www.rogerclarke.com/DV/PTyp-1701.html

Clarke R. (2019a) 'Risks Inherent in the Digital Surveillance Economy: A Research Agenda' Journal of Information Technology 34,1 (Mar 2019) 59-80, PrePrint at http://www.rogerclarke.com/EC/DSE.html

Clarke R. (2020) 'A Comprehensive Framework for Regulatory Regimes as a Basis for Effective Privacy Protection' Proc. 14th Computers, Privacy and Data Protection Conference (CPDP'21), Brussels, 27-29 January 2021, PrePrint at http://www.rogerclarke.com/DV/RMPP.html

Clarke R. (2021) 'A Dataveillance Retrospective: 1986-2021' Panel Notes on 'Geolocation and Dataveillance, Sousveillance and Uberveillance', AAG Geoethics Series Webinar, American Association of Geographers, 11 August 2021, PrePrint at http://www.rogerclarke.com/DV/DV21.html

Clarke R. (2022) 'Research Opportunities in the Regulatory Aspects of Electronic Markets' Electronic Markets 32, 1 (Jan-Mar 2022) 179-200, PrePrint at http://rogerclarke.com/EC/RAEM.html

Clarke R. & Greenleaf G.W. (2017) 'Dataveillance Regulation: A Research Framework' Journal of Law and Information Science 25, 1 (2017) 104-122, , PrePrint at http://www.rogerclarke.com/DV/DVR.html

Clarke R. & Michael K. (2011) 'Location and Tracking of Mobile Devices: +berveillance Stalks the Streets' 'Computer Law & Security Review 29, 3 (June 2013) 216-228, PrePrint at http://www.rogerclarke.com/DV/LTMD.html

Clarke R. & Wigan M.R. (2011) 'You Are Where You've Been: The Privacy Implications of Location and Tracking Technologies' Journal of Location Based Services 5, 3-4 (December 2011) 138-155, PrePrint at http://www.rogerclarke.com/DV/YAWYB-CWP.html


Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor associated with the Allens Hub for Technology, Law and Innovation in UNSW Law, and a Visiting Professor in the Research School of Computer Science at the Australian National University.



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 11 October 2022 - Last Amended: 11 October 2022 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/SandP-U3A.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy