SUBMISSION
Senate Select Committee on Information Technologies
Inquiry into e-Privacy

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 30 July 2000

© Xamax Consultancy Pty Ltd, 2000

This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/SenateeP.html


Xamax Consultancy Pty Ltd

ACN: 002 360 456

78 Sidaway St Chapman ACT 2611

AUSTRALIA

Tel: +61 2 6288 1472, 6288 6916

Email: Roger.Clarke@xamax.com.au

Web: http://www.xamax.com.au/

The Secretary

Senate Select Committee on Information Technologies

S1.30.1

Parliament House

Canberra ACT 2600

Dear Ms Griffiths

Re: Inquiry into e-Privacy

I am a consultant specialising in strategic and policy aspects of electronic commerce and its many variants, information infrastructure (with particular reference to the Internet), and dataveillance and privacy. During the period 1984-95, I was a senior academic in the information systems discipline at the Australian National University. I hold degrees from U.N.S.W. and A.N.U., and have been a Fellow of the Australian Computer Society since 1985.

I have been active in e-commerce matters since long before the term became common in the early 1990s. I have been active in privacy advocacy, research and consultancy since 1972, and have published some 130 papers on various aspects of privacy.

I regret that, due to pressure of work and other activities, I have been unable to prepare a submission that directly addresses the Terms of Reference of the Committee's Inquiry.

I attach a summary of the substantial amount of research that I have undertaken on this matter and which is of direct relevance to the Terms of Reference. I hereby submit each of the identified papers to your Inquiry.

I would be pleased to provide hard-copies of each, should that be necessary. All are, however, published on the web, and the electronic copy of this letter at http://www.anu.edu.au/people/Roger.Clarke/DV/SenateeP.html contains active links to all of the papers.

I would be pleased to discuss the matter further with the Committee, yourself, or your staff, as appropriate.

Yours sincerely

Roger Clarke MComm (UNSW) PhD (ANU) FACS PCP


Senate Select Committee on Information Technologies
Inquiry into e-Privacy
Publications Relevant to the Inquiry


The Dimensions of e-Privacy

I identified the dimensions of e-privacy in 'Information Privacy On the Internet: Cyberspace Invades Personal Space', in the Telecommunication Journal of Australia 48, 2 (May/June1998).Further details are in 'Privacy On the Internet: Threats, Countermeasures and Policy' presented at seminars in Sydney in April and October 1997.

This analyis was updated in 'Current Developments in Internet Privacy', Proc. IIR Conf. Data Protection and Information Privacy, August 1999, Sydney.

A general overview of issues is provided in the form of a Book Review of Simon Davies' important book 'Monitor': 'The Information Infrastructure is a Super Eye-Way', Privacy Law & Policy Reporter 3, 5 (August 1996).

A more specific paper addresses the Promises and Threats in Electronic Commerce (August 1997, prepared as a basis for an interview by the ABC TV series, Quantum).


The Criticality of e-Privacy

In a recent paper in a refereed, international journal, I argued that e-Privacy issues are so significant that they will force even the hitherto intransigent U.S. Administration and Congress to create effective controls over the U.S. private sector.

The paper, 'Internet Privacy Concerns Confirm the Case for Intervention', was published in February 1999 in Communications of the Association for Computing Machinery (Commun. ACM, the flagship journal of a 100,000-member professional body), 42, 2 (February 1999) 60-67. The article was presented to the U.S. Congress as part of a briefing by the ACM in mid-1999.


The Utter Inadequacy of Laws Based on the OECD Guidelines

I provided an explanation of the OECD Guidelines in a 1989 paper 'The OECD Data Protection Guidelines: A Template for Evaluating Information Privacy Law and Proposals for Information Privacy Law'.

In 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century', January 2000, I drew attention to the utter inadequacy of contemporary regulatory approach of 'fair information practices', and the need to move from a 1970s view of 1960s technologies to a 21st century appreciation of what humankind is doing to itself.

I stress that the Privacy Amendment (Private Sector) Bill 2000, currently before the Commonwealth Parliament, is a complete travesty, even when compared against the very modest standards of the OECD Guidelines.

I expressed that view in a Submission to the Inquiry into the Privacy Amendment (Private Sector) Bill 2000 by the House of Representatives Legal and Constitutional Committee, in May 2000. That document referred back to an earlier Submission to the Commonwealth Attorney-General, which explained the Bill's manifold deficiencies.

If that Bill were to be passed into law, in anything even vaguely resembling its original form, it would gravely exacerbate the already serious distrust between people and corporations. It would, moreover, be evidence of astounding and most regrettable incomprehension on the part of the Members and Senators, and failure by them to address the needs of the people that they represent.


Corporate Behaviour

I examined the privacy-invasiveness of direct marketing techniques in 'Direct Marketing and Privacy', Proc. AIC Conf. on the Direct Distribution of Financial Services, Sydney, 24 February 1998.

Many corporations marketing to Australian consumers have been extremely cavalier in the handling of personal data. The unilateral 'code' established by the Australian Direct Marketing Association was attacked by virtually all consumer and privacy advocacy organisations, yet ADMA irresponsibly continues to assert that its code is privacy-protective. Criticisms of the draft code were expressed in a submission to ACCC (October 1998), and in a further submission (December 1998).

A particularly extreme initiative is the Packer / PBL / Acxiom InfoBase, which came to light in November 1999.

I provided an explanation relating to the specifics of direct marketing and e-privacy, in a paper written for, and approved by, the Australian Computer Society: 'Privacy Bill needs much more work', the Australian Computer Society column of The Australian, 15 February 2000.


The Theory of Dataveillance

The foundation analysis of the impending explosion in surveillance of people through their data rather than through visual and aural means was provided in 'Information Technology and Dataveillance', published in the international journal Comm. ACM 31,5 (May 1988), and re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991.

A populist rendition is in 'Dataveillance: Delivering 1984', a chapter in Green L. & Guinery R. (Eds.) 'Framing Technology: Society, Choice and Change' Allen & Unwin, Sydney, 1994.

A literary perspective was provided in 'A 'Future Trace' on Dataveillance: Trends in the Anti-Utopia / Science Fiction Genre' (March 1993).

A central element was comprehensively examined in 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994).

'The Digital Persona and Its Application to Data Surveillance' was published in the leading international journal, The Information Society 10,2 (June 1994). This predicted the monitoring of the 'real-life' behaviour of individuals and groups through their net behaviour.

A further vital aspect is the availability of choice among anonymous, pseudonymous and identified transactions. This was first addressed in 1995 in 'When Do They Need to Know 'Whodunnit?': The Justification for Transaction Identification' at the Computers, Freedom & Privacy Conference in San Francisco. It was addressed again in 1996, in a paper for a Sydney conference, 'Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue'. A more advanced treatment was provided in 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice', for a conference in Stockholm in June 1999.


Specific Aspects of e-Privacy

Papers and resource-pages that examine specific matters include:


The Yet Greater Threats of Advanced Technologies

Privacy Issues in Smart Card Applications in the Retail Financial Sector were addressed in 'Smart Cards and the Future of Your Money', Australian Commission for the Future, June 1996, pp.157-184.

The promise and peril of chip-based ID was addressed in an invited paper for the International Conference on Privacy, Montreal (September 1997).

Of enormous significance among the ever-growing threats are person-location and person-tracking technologies. These were examined in an invited paper for the Conference of Privacy and Data Protection Commissioners in Hong Kong in September 1999.

A more recent paper considered privacy in the context of e-Transport, including the denial of road-usage without the provision of one's identity, and the secret extension of truck-monitoring technology to cars. This was presented to a conference in Melbourne last Friday, 28 July 2000.

The following series of papers addresses the technically difficult area of cryptography in general, and digital signatures in particular:


e-Privacy as a Human Right

The scene for this topic was set by an overview paper, Public Interests on the Electronic Frontier, Invited Address to IT Security '97, 14 & 15 August 1997, Rydges Canberra (August 1997).

A more general perspective is provided in 'Information Technology & Cyberspace: Their Impact on Rights and Liberties' (1995, invited presentation to a Seminar Series of the Victorian Council for Civil Liberties).

A more recent expression is in 'Ethics and the Internet: The Cyberspace Behaviour of People, Communities and Organisations', Proc. 6th Annual Conf. Aust. Association for Professional and Applied Ethics, Canberra, October 1999 (revised version forthcoming in the Journal of Professional and Applied Ethics).

The role of I.T. professionals is addressed in 'Economic, Legal and Social Implications of Information Technology', in the international journal MIS Qtly 12,4 (December 1988) 517-9.


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 30 July 2000

Last Amended: 30 July 2000


These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916