Five Most Vital Privacy Issues
Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 31 July 1997

© Xamax Consultancy Pty Ltd, 1997

Invited Comments to Michel Venne, for the Montreal Daily, Le Devoir, prior to the International Conference on Privacy in Montreal, 23-26 September 1997

This paper is at

The following are what I perceive as five most important privacy issues that are presently confronting people who live in information societies.

This is a provisional, unrevised draft, and is likely to be further developed (and perhaps even substantially modified), as a result of discussions with fellow privacy specialists during the coming months.

1. Identified rather than Anonymous or Pseudonymous Transactions

The majority of transactions that people conduct are anonymous. There is an increasing tendency for organisations to convert hitherto anonymous transactions into identified ones. Their purpose is to increase the data-intensity of their relationships with individuals. This enables them to draw inferences about each individual's behaviour and preferences, and thereby detect behaviour that is against the organisation's interests, and manipulate the individual's behaviour. To oppose this trend is depicted as being at least unconventional, probably naive, and at least somewhat suspicious.

Identification is functionally necessary for only a small proportion of transactions. Anonymous transactions need to remain the norm, and the tendency to associate identity with additional transactions must be resisted. Where the production of identification is made a pre-condition for conducting a particular kind of transaction, justification needs to be provided, and subjected to public examination. Where anonymity is not feasible, pseudonymous techniques should be applied.

A further technological development is emerging in the area of electronic commerce. This involves 'digital signatures', and 'digital certificates' that affirm that the signature belongs to an identified person. Moves to preclude the conduct of commercial transactions without the use of identified signatures need to be resisted, except where identification is justified as a pre-condition for the particular class of transaction.

A further element of this movement is the device of linking transactions together, in order to provide apparent justification for as many transaction-types as possible to be identified. This also needs to be resisted.

A particularly important aspect of this threat, which this author is addressing at the Montreal Conference, is Chip-Based ID: Promise and Peril.

Further information is available on:

2. The Technological Imperative to Apply Biometrics

Organisations distrust humans to identify themselves reliably, especially when the person has an apparent interest in mis-identification. There is therefore a tendency for organisations to apply measures of people's physical selves as a means of reducing the levels of error and fraud. Examples of such measures include fingerprints (in image or in coded form); the geometry of the thumb, finger or hand; and the pattern of rods and cones on the retina.

The financial justification for the use of biometrics is commonly presaged on the entirely unjustifiable presumption that all mis-identification will cease forthwith.

People generally feel demeaned to have their physical selves treated as being a tool of an organisation-imposed process. The privacy threat is all the greater where the measure of the person's self is stored in a manner accessible to organisations.

Chips, typically embedded in so-called smart cards, are capable of storing the measure in such a way that it remains in the possession of the individual. This approach poses yet further threats, however. If it becomes common to have to present a chip bearing a biometric identifier, there will be a tendency to mount it in the only carrier that can be relied upon to be with the person at all times, i.e. to install it in the person's body.

Further information is available on:

3. Abuse of DNA Profiling

The vast quantities being invested in research into the human genome is already resulting in bold claims being made about the discovery of direct, causal relationships between particular genetic features and all manner of conditions and behaviours. Much of this is less than scientific, but it is being grasped by many individuals and organisations to serve their own purposes.

During the next few years, proposals will emerge for large numbers of discriminatory and intrusive practices, such as:

The justifications for these proposals will be couched variously in terms of savings to the public purse, 'rational' (i.e. user-pays) tariffing, and offence to religion or ideology.

4. Rampant Growth in Visual Surveillance

A simplistic response to threats to law and order is increased visual monitoring. This is occurring in public places, semi-public locations (such as the workplace), and even in relatively private places.

It takes a variety of forms, including:

Computer scientists funded by the U.S. aero-space-defense industry continue their attempts to establish image-based pattern recognition as a workable technology. This has obvious applications to intensify the reliability of visual monitoring.

The danger is that the public will become inured to such intrusions into behavioural privacy, but will in the process constrain their behaviour on the assumption that they will be observed. This is the classic 'chilling effect', which seriously retards creativity, diversity, and the exercise of democratic freedoms.

5. Failure of the American Public to Appreciate the Need for Publicly-Funded 'Watchdog' Agencies

During the period 1970-85, not only did most countries recognise that privacy was in need of protection, but their legislatures also acted. Most of them created specialist agencies to provide a focal point for privacy-related information-gathering and enforcement.

The United States has failed to adopt that approach. Congress, government agencies, corporations, and even many American people continue to subscribe to the myth that individuals, in their roles both as consumers and as citizens, can exercise control over the actions and behaviours of large organisations. It is a myth, because the imbalance of power is so great, and the capacity of individuals to form organisations with sufficient countervailing power has been limited. [Caveat: the Internet may provide the means for just such organisations to emerge].

There is a danger that this myth may migrate to other countries, and be used as justification for failing to expand the roles and resourcing of watchdog agencies, and even for rolling back the hard-won gains of the last two or three decades.

Postscript - What about the Internet??

Some people may be surprised at the absence from this list of the national/global information infrastructure. The reason is that, although there are serious challenges in this area, it is capable of being addressed in a balanced manner.

Further information is available on:


Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 28 July 1997

Last Amended: 31 July 1997

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 6 288 6916 Fax: +61 6 288 1472