Annotated Bibliography Papers on Data Surveillance: Theory, Practice & Policy © Xamax Consultancy Pty Ltd,  1995-2008
Home	eBusiness	Information Infrastructure	Dataveillance & Privacy	Other Topics
What's New		Waltzing Matilda	Site-Search

During the last 30 years, I've done a lot of work in the area of information privacy and data surveillance, and published many papers.

This document provides an overview of the whole body of my work. This page is updated to 31 December 2006. Papers since then are indexed on my What's New Page.

Each paper is designed so as to be readable as a standalone document, and hence there is duplication within the papers, particularly in the introductory sections.

The following alternative indexes are available:

• an introduction to information privacy and dataveillance, and an overview of identification and authentication fundamentals
• a list of the papers that are designed to be accessible, rather than intended for publication in refereed journals
• my home-page for this topic
• a search capability across this web-site
• the 'What's New' pages for this and previous years
• a bibliography in reverse chronological order

This page indexes papers written by me. I also provide assistance in locating resources more generally.

INTRODUCTION

My published work in dataveillance and information privacy comprises well over 100 papers, including over a dozen in refereed journals, many invited and contributed papers published in conference proceedings, and occasional papers on topical matters. Many of them are available on the web, including everything I've published since 1994.

The papers span a very wide range of topics, and are described in the following sections:

1. Theory:
   1. Dataveillance and Privacy
   2. Identification, Anonymity and Pseudonymity
   3. National Identification Schemes
   4. The Authentication of Identity and Other Assertions
   5. Privacy-Invasive Technologies (the PITs)
   6. Biometrics in Particular
   7. The Internet ('e-Privacy')
   8. Privacy-Enhancing Technologies (PETs)
2. Organisational Strategy and Practices:
   1. Strategy
   2. Privacy Impact Assessment (PIAs)
   3. Privacy Policy Statements (PPS)
3. Policy:
   1. Policy Issues
   2. Proposals for Policy Measures
   3. Critiques of Policy Measures
   4. Organisational Self-Regulation
   5. Professional Responsibilities
   6. Broader Issues
4. Australia:
   1. Current Issues
   2. The Australia Card and Its Progeny, 1985-
   3. The Privacy Act 1988, as amended in 1990 and 2001
   4. Other Papers Prior to 1988

Many of the papers are relevant to more than one of these areas, and hence many appear multiple times in this document. They are introduced in logical order, and this is in some cases not the same as the chronological order of publication.

1. THEORY

The first cluster of papers establishes the theory of dataveillance. In part, these papers recapitulate knowledge developed by other people, but they also contain a lot of original contributions.

1.1 Dataveillance and Privacy

An introduction and summary is in 'Introduction to Dataveillance and Information Privacy, and Definitions of Terms' (1997). See also 'What's Privacy?' (2006).

The base for my extensive work in this area was laid in a paper entitled 'Information Technology and Dataveillance' (1988, published in a major US journal). Physical and electronically enhanced monitoring of individuals and groups is expensive. The paper shows how information technology is enabling those old techniques to be replaced by highly automated, and therefore much cheaper, systematic observation of data about people. This new form of monitoring, whose descriptor I abbreviated to 'dataveillance', is potentially highly privacy-invasive.

A second paper, 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' (1994, published in a leading international journal), further develops a vital aspect of the argument: the nature of human identification as it is applied within information systems. Remarkably, there are very few works in any academic literature which address the question of such uses of human identity, and for this reason the paper had a long gestation period (from 1985 until 1994).

A later paper Chip-Based ID: Promise and Peril updated and extended the analysis of the implications of identification cards (1997, presented at an international conference in Montreal).

The paper 'The Digital Persona and Its Application to Data Surveillance' (1994, published in a leading international journal) introduced a new concept, the 'digital persona', as a tool in the analysis of behaviour on the 'net. It applies the tool, together with data surveillance theory, to predict the monitoring of the 'real-life' behaviour of individuals and groups through their net behaviour. The concept of 'nym' is related to (but not identical to) what I mean by 'digital persona'. Nyms are addressed in the following section.

A further paper examined Person-Location and Person-Tracking Technologies, initially for presentation at the 1999 conference of Privacy and Data Protection Commissioners. A revised version was published in a leading international journal.

A paper published in a major U.S. journal argued that Internet Privacy Concerns Confirm the Case for Intervention (1999), and that that last renegade among advanced western nations would find it necessary to establish a statutory framework for privacy protections in the private sector. This paper also specified the requirements of a genuinely 'co-regulatory' approach.

The serious inadequacies in the 'Fair Information Practices' model of privacy protection were stated in 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century' (January 2000), which identified the many additional steps urgently necessary if a collapse in consumer and citizen confidence were to be avoided.

An invited paper reviewed the abject failure of the intelligentsia to notice the rise of privacy-invasive technologies: 'While You Were Sleeping ... Surveillance Technologies Arrived' (January-February 2001).

I took the opportunity of an invited presentation to a New Zealand conference to undertake a retrospective on 'Dataveillance - 15 Years On', supported by a slide-set (March 2003), and to update it further in Have We Learnt To Love Big Brother? (2005) and Social Impacts of Transport Surveillance (2006, with Marcus Wigan).

The following two are less pretentious than the above papers, but they contain some important ideas:

• 'The Eras of Dataveillance' (1994);
• 'A 'Future Trace' on Dataveillance: Trends in the Anti-Utopia / Science Fiction Genre' (1993). Years later, I used a small set of PowerPoint slides to present this to a final-year High School class (2002)

1.2 Identification, Anonymity and Pseudonymity

A short tutorial explaining the key concepts in this vital (and seriously misunderstood) area is in 'Identification and Authentication Fundamentals' (May 2004).

In the area of identity, identifiers and identification, the paper on 'Human Identification in Information Systems' (1994) established the foundation for this thread of my work.

A long series of papers investigates alternatives to identification, both anonymity (which precludes the discovery of identity, and hence compromises the public interest in accountability), and pseudonymity (which makes the discovery of identity intentionally difficult, but not impossible). The best couple of papers to read are probably 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' (1999) and section 2.4 of Authentication: A Sufficiently Rich Model to Enable e-Business (2001).

Papers relating to national identification schemes are in the following section. Other papers, in chronological order, are as follows:

• Computer Matching and Digital Identity (1993, at the Computers, Freedom & Privacy Conference in San Francisco)
• 'The Digital Persona and its Application to Data Surveillance' (1994, in The Information Society)
• 'Human Identification in Information Systems' (1994, in Information Technology & People)
• Information Technology: Weapon of Authoritarianism or Tool of Democracy? (1994)
• 'When Do They Need to Know 'Whodunnit?': The Justification for Transaction Identification; The Scope for Transaction Anonymity and Pseudonymity' (1995, presented at a U.S. conference);
• 'Identification, Anonymity and Pseudonymity in Consumer Transactions' (1996)
• Smart Cards' Threats to Privacy (1996)
• 'Privacy Implications of Digital Signatures' (1997, with Graham Greenleaf)
• 'Promises and Threats in Electronic Commerce' (1997)
• 'Chip-Based ID: Promise and Peril' (1997, at a conference in Montreal)
• `Technological Aspects of Internet Crime Prevention' (1998, with Gillian Dempsey, Ooi Chuin Nee & Rob O'Connor)
• 'The Legal Context of Privacy-Enhancing and Privacy-Sympathetic Technologies' (1999, presented at AT&T Research Labs in New Jersey)
• 'Privacy-Enhancing and Privacy-Sympathetic Technologies - Resources' (1999)
• 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' (1999, presented at an international conference in Stockholm)
• 'Identification, Authentication and Anonymity in a Legal Context' (primary author Anita Smith; 1999, presented at an international conference in Stockholm)
• Person-Location and Person-Tracking Technologies (1999)
• Famous Nyms (June 2000)
• e-Transport (July 2000)
• 'Certainty of Identity: A Fundamental Misconception, and a Fundamental Threat to Security' (July 2001)
• 'Authentication Technologies and Their Privacy Implications: Technology and Policy Foundations' (October 2001)
• Authentication: A Sufficiently Rich Model to Enable e-Business' (December 2001)
• 'The Mythology of Consumer Identity Authentication' (September 2002)
• 'ENUM - A Case Study in Social Irresponsibility' (December 2002)
• 'Identification and Authentication Fundamentals' DRAFT (September 2003)
• Submission to Queensland Transport in relation to the Proposed Smartcard-Based Driver's Licence (November 2003)
• 'Identification and Authentication Fundamentals' (May 2004)
• Identity Management: The Technologies, Their Business Value, Their Problems, Their Prospects (2004)
• Identity Management; and PIAs (2004)
• The Concepts of (Id)entity, Nymity and Authentication (2004)
• Identity and Nymity: Public Policy Issues (2004)
• Identity Management? Or (Id)Entity Mismanagement? (2004)
• ENUM Trials Create Serious Privacy Concerns (2005)
• Mythologies of Identity Control (2006)

1.3 National Identification Schemes

See:

• Just Another Piece of Plastic for your Wallet: The 'Australia Card' Scheme (1987)
• 'Human Identification in Information Systems' (1994, in Information Technology & People)
• Smart Cards' Threats to Privacy (1996)
• 'Chip-Based ID: Promise and Peril' (1997, at a conference in Montreal)
• Person-Location and Person-Tracking Technologies (1999)
• Submission to Queensland Transport in relation to the Proposed Smartcard-Based Driver's Licence (November 2003)
• Position Statement re National ID Card Proposals, on behalf of the Australian Privacy Foundation
  (2005)
• Resources on ID Cards, on behalf of the Australian Privacy Foundation (2005)
• MyKad - the Malaysian ID Card (2005)
• IDologists (interview in The Sydney Morning Herald, 2 August 2005)
• National Identity Cards? Bust the Myth of 'Security über Alles'! (2006)
• National Identity Schemes ­ The Elements (2006)
• Smart Cards and Biometrics: Is a Nightmare-Free Australia Card Feasible (2006)

1.4 The Authentication of Identity and Other Assertions

The concept of authentication has been seriously misunderstood. A series of papers considers both the specific concept of 'identity authentication', and the authentication of various other kinds of assertions.

An introduction is provided by 'Identification and Authentication Fundamentals' (2003).

The most comprehensive papers are these:

• 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' (1999)
• The Fundamental Inadequacies of Conventional Public Key Infrastructure (2001)
• section 2.4 of Authentication: A Sufficiently Rich Model to Enable e-Business (2001)
• Identity Management: The Technologies, Their Business Value, Their Problems, Their Prospects (2004)

A closely related area on which I've published a succession of papers is public key infrastructure to support digital signatures.

The full series of papers is as follows:

• 'Human Identification in Information Systems' (1994, in Information Technology & People)
• 'Privacy Implications of Digital Signatures' (1997, with Graham Greenleaf)
• 'Public Key Infrastructure: Position Statement' (1998)
• 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' (1999, presented at an international conference in Stockholm)
• 'Identification, Authentication and Anonymity in a Legal Context' (primary author Anita Smith; 1999, presented at an international conference in Stockholm)
• The Fundamental Inadequacies of Conventional Public Key Infrastructure (June 2001)
• 'Certainty of Identity: A Fundamental Misconception, and a Fundamental Threat to Security' (July 2001)
• 'Authentication Technologies and Their Privacy Implications: Technology and Policy Foundations' (October 2001)
• 'Authentication: A Sufficiently Rich Model to Enable e-Business' (December 2001)
• 'The Re-Invention of Public Key Infrastructure' (December 2001)
• 'Why Do We Need PKI? Authentication Re-visited' (January 2002)
• 'eAuthentication: Where's the Public Interest?', plus PowerPoint slides (July 2002)
• 'The Mythology of Consumer Identity Authentication', plus PowerPoint slides (September 2002)
• 'W(h)ither PKI?' (September 2002)
• Authentication Re-visited: How Public Key Infrastructure Could Yet Prosper (June 2003)
• 'Identification and Authentication Fundamentals' (September 2003)
• Identity Management: The Technologies, Their Business Value, Their Problems, Their Prospects (2004)
• The Concepts of (Id)entity, Nymity and Authentication (2004)
• Identity and Nymity: Public Policy Issues (2004)
• Identity Management? Or (Id)Entity Mismanagement? (2004)
• ENUM Trials Create Serious Privacy Concerns (2005)
• (Id)entities Management, and Nym Management, for People not just of People (2006)

1.5 Privacy-Invasive Technologies (the PITs)

I coined the term 'PIT' in late 1998. An explanation is in Introducing PITs and PETs: Technologies Affecting Privacy (March 2001). See also my PITs and PETs Resources Site (February 2001). The remainder of this section provides references to papers on particular technologies that adversely affect privacy.

An early paper, 'Database Retrieval Technology and Subject Access Principles' (1984; with Graham Greenleaf, published in the Australian Computer Journal, but not available on the web), is concerned with data retrieval technology. It examines the scope for a particular form of database technology to render impractical an established privacy-protective mechanism, the so-called 'subject access principle'. This case study exemplifies the way in which developments in information technology undermine privacy protection laws. It provides a basis for understanding the impact of other developments, such as 'reverse access' to telephone directories, monitoring of energy usage, textual analysis, 'data mining', and the discovery of individual characteristics through the analysis of seemingly anonymous, statistical collections.

Field work, undertaken in both the United States and Australia between 1987 and 1992, resulted in a series of papers on Computer Matching:

• the first paper, 'Dataveillance by Governments: The Technique of Computer Matching' (1994) provides descriptions of the technique, and the manner in which it is applied;
• the second paper, 'Computer Matching by Government Agencies: The Failure of Cost/Benefit Analysis as a Control Mechanism' (1995) examines the mechanisms that prevent unjustifiably privacy-invasive matching from being undertaken, and ensure that suitable protections are incorporated into such programs as do proceed. It includes a detailed examination of the use of cost-benefit analysis (CBA) to justify matching programs, and a review of the extent to which CBA has functioned as an effective control over misuse and abuse of computer matching in the United States and Australia. Its conclusion is that there are serious inadequacies in the controls over computer matching;
• the third paper, 'A Normative Regulatory Framework for Computer Matching' (1995) proposes a set of general and specific regulatory measures that it is argued are necessary if society is to bring government matching programs under control. It assesses the limited regulatory regimes of the United States and Australia against those proposals, and finds them seriously wanting;
• a further paper, 'Matches Played Under Rafferty's Rules: The Parallel Data Matching Program Is Not Only Privacy-Invasive But Economically Unjustifiable As Well' (1993) examines the justification for a major computer matching scheme, and shows it to have been incompetent or fraudulent.

The paper 'Trails in the Sand' (1996) highlights the wide range of transaction trails that people leave behind them.

Another technique, Profiling, was examined in 'Profiling: A Hidden Challenge to the Regulation of Data Surveillance' (1993). A later paper examines 'Customer Profiling and Privacy: Implications for the Finance Industry' (1997).

A comprehensive paper examines Direct Marketing (February 1998), including mail, fax, outbound tele(phone)-marketing, and Internet marketing. Related topics that have been addressed include spam, cookies and emailing lists.

During the period 1985-87, the Australian Government developed a proposal to implement a central database, whose purpose was the facilitation of dataveillance of all residents of that country. 'Just Another Piece of Plastic for Your Wallet: The Australia Card' (1987, published in an international technology policy journal) provides a carefully documented description and analysis of the proposal, a distillation of the issues, and a political history of the proposal's development and ultimate fate.

Although the Australia Card proposal was withdrawn in the face of dramatically negative public opinion, the momentum that dataveillance applications of information technology had attained within the Commonwealth public sector was scarcely affected. 'The Resistible Rise of the National Personal Data System' (1992, published in a leading American journal of computers and law) documents a number of developments during the following three years. It is primarily a political history, expressed within the context set by the theory of dataveillance.

Considerable effort has been invested in the area of chip-cards, including:

• Smart Card Applications in the Retail Financial Sector (1996)
• Chip-Based ID: Promise and Peril (September 1997)
• 'Smart Card Technical Issues Starter Kit', for Centrelink (April 1998)
• Submission to Queensland Transport in relation to the Proposed Smartcard-Based Driver's Licence (November 2003)

Another area of importance has been public key infrastructure (PKI) to support digital signatures. A long series of papers published in that area is indexed here.

Other specific threats have been examined, as follows:

• The Digital Persona (1994)
• Person-Location and Person-Tracking Technologies (July 1999), reported on in The Melbourne Age in August 1999
• e-Transport (July 2000)
• Technologies of Mass Observation (October 2000)
• 'Digital Property Rights vs. Human Rights: Desperate Publishing Houses Are Demanding A New Dark Ages', plus slide-set (November 2002)
• 'ENUM - A Case Study in Social Irresponsibility', plus a primary slide-set, and a supporting slide-set (December 2002)
• 'Mobile Technologies' and 'Privacy on the Move: The Impacts of Mobile Technologies on Consumers and Citizens' (May 2003), followed by 'Wireless Transmission and Mobile Technologies' (October 2003)
• Very Black 'Little Black Books' (re so-called 'social networking services') (2004)
• Human-Artefact Hybridisation and the Digital Persona (2005)
• ENUM Trials Create Serious Privacy Concerns (2005)
• Visual Surveillance and Privacy (2005)
• Google - The Privacy Perspective (2005)
• Google - User Perspectives (2005)
• Google's Gauntlets (2006)
• Google Challenges Corporations, Consumers and the Law (2006)
• What's Google Really Up To? (2006)
• Social Impacts of Transport Surveillance (2006, with Marcus Wigan)
• A Major Impediment to B2C Success is ... the Concept 'B2C' (2006)
• Digital Privacy (2006)
• The Cost of 'National Security' to Privacy, and to Business (2006)

1.6 Biometrics in Particular

Biometric technologies endeavour to identify people, or to authenticate assertions about people, based on some physical characteristic. Most biometrics technologies are incapable of working effectively in the real world, and most technologies (and many companies) have failed. So-called 'facial recognition' technology doesn't do anything of the kind, is of very dubious usability for authentication, and is completely untenable for identification – despite many statements by salesmen and Government Ministers who pretend it's a solution to terrorism, and to law and order more generally.

A very few biometrics technologies – essentially only fingerprints and iris (and in narrowly constrained contexts perhaps hand geometry) – have any credibility at all. But each of these also has a vast array of weaknesses, and their effectiveness is enormously dependent on the environment in which they are applied.

Whether they are effective or not, biometric technologies are extraordinarily threatening to freedoms of the individual. The papers here examine the wide range of myths that have been perpetrated by biometrics suppliers and their industry associations, and that are sustained by national security and law enforcement agencies because those myths suit their purposes.

The most important papers are:

• Human Identification in Information Systems: Management Challenges and Public Policy Issues (December 1994)
• Biometrics and Privacy (April 2001)
• Biometrics' Inadequacies and Threats, and the Need for Regulation (2002-03) – as-yet incomplete but usable
• Why Biometrics Must Be Banned (September 2003)
• Biometric Insecurity (May 2004, for the AusCERT Conference)
• National Identity Schemes - The Elements (February 2006)

Other significant presentations and notes are:

• Biometrics in Airports: How To, and How Not To, Stop Mahommed Atta and Friends (February 2002)
• The Scope for Privacy-Sensitive Biometric Architecture (May 2002)
• Smartgate (Customs 'Facial Recognition' Trial, being applied to Australian Passports):
  • SmartGate: A Face Recognition Trial at Sydney Airport (February 2003, enhanced 2004)
  • Australian Govt Tries To Make Face-Recognition Look Good (February 2004)
• Smart Cards and Biometrics: Is a Nightmare-Free Australia Card Feasible? (March 2006)

Other papers and presentations include:

• Interview re Biometrics (September 2000)
• Notes on a Presentation at a conference in San Francisco (April 2002)
• Biometrics Inadequacies & Threats & Privacy-Protective Architecture - PowerPoint slides of a presentation at the University of Hong Kong (May 2002)
• Submission to Queensland Transport in relation to the Proposed Smartcard-Based Driver's Licence (November 2003)
• Submissions re Passport Biometrics, on behalf of the Australian Privacy Foundation, of 17 February, 25 February, 2 March, and 15 March (co-authored, 2004)

The following resource is also available:

• a bibliography (2002-03)

Early background papers include:

• The Central Role of Identification Schemes in Dataveillance (April 1988)
• The Resistible Rise of the National Personal Data System (October 1991)
• Chip-Based ID (1997)
• One of the Five Most Vital Privacy Issues: The Technological Imperative to Apply Biometrics (1997)
• Public Interests on the Electronic Frontier: Freedom from demeaning identification rites (1997)

1.7 The Internet (e-Privacy')

I've published about 50 papers in this area, and have described and linked to them from a separate document.

1.8 Privacy-Enhancing Technologies (PETs)

An explanation of the concept of 'PETs' is in Introducing PITs and PETs: Technologies Affecting Privacy (March 2001). Here is another accessible introduction to the key ideas. And here is a paper on Business Cases for Privacy-Enhancing Technologies (June 2005).

An early series of papers addresses security aspects:

• Introduction to Information Security (February 2001)
• 'Keeping Confidential Information on a Database with Multiple Points of Access: Technological and Organisational Measures' (1992)
• 'Best Practice Guidelines for Controls Over the Security of Personal Data' (1993)

A series of papers has considered technologies whose purpose is to directly support privacy. This work is primarily in:

• Smart Cards As Privacy-Protective Or Even Privacy-Enhancing Technology (April 1998, s.8.4 of a larger work)
• 'The Legal Context of Privacy-Enhancing and Privacy-Sympathetic Technologies' (1999, presented at AT&T Research Labs in New Jersey)
• 'Privacy-Enhancing and Privacy-Sympathetic Technologies - Resources' (1999)
• 'e-Consent: A Critical Element of Trust in e-Business', plus PowerPoint slides (June 2002)

I was active in the original W3C Working Group on P3P (Platform for Privacy Preferences). Unfortunately, the initiative fell so far short of its aspirations that it is not worthy of the name 'PET'. All of the following appeared in Privacy Law & Policy Reporter:

• 'Platform for Privacy Preferences: A Critique' (April 1998)
• 'Platform for Privacy Preferences: An Overview' (April 1998)
• 'P3P Re-visited' (April 2001)

2. ORGANISATIONAL STRATEGY AND PRACTICE

In the 1970s, government agencies and corporations resisted calls for privacy protections. During the intervening decades, many of them have come to recognise privacy as a factor that can harm their business, and that therefore needs to be addressed in a positive manner.

I have performed many consultancy assignments in this area during the last two decades. This section identifies published papers that are addressed specifically to business enterprises and government agencies, firstly in matters of general strategic significance, and secondly in the specific area of privacy impact assessments (PIAs).

2.1 Strategy

The primary papers I've published on privacy as a strategic factor for corporations and government agencies are as follows:

• Privacy and Dataveillance, and Organisational Strategy (1996)
• Make Privacy a Strategic Factor - The Why and the How (2006)
• Privacy and Corporations – a resource-page (2006)

Guidance on specific matters of a strategic nature is provided in:

• 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' (1994)
• 'Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue' (1996)
• 'Smart move by the smart card industry: The Smart Card Industry's Code of Conduct - Part I' (1996) and Part II (1997)
• 'Information Systems Audit & Information Privacy' (1997)
• 'Direct Marketing and Privacy' (1998)
• `Technological Aspects of Internet Crime Prevention' (1998, with Gillian Dempsey, Ooi Chuin Nee & Rob O'Connor)
• Workplace Privacy (1999)
• 'How to Ensure That Privacy Concerns Don't Undermine e-Transport Investments' (2000)
• 'Authentication: A Sufficiently Rich Model to Enable e-Business' (2001)
• 'Authentication Re-visited: How Public Key Infrastructure Could Yet Prosper' (2003)
• 'Identification and Authentication Fundamentals' (2003)
• 'Identity Management: The Technologies, Their Business Value, Their Problems, Their Prospects' (2004)
• The Cost of 'National Security' to Privacy, and to Business (2006)

2.2 Privacy Impact Assessment (PIAs)

I have performed a considerable number of consultancies in this area (see client list). This included the preparation of guidelines for the performance of PIAs as long ago as 1998, and the review of guidelines prepared by government agencies.

My published papers in the area are:

• 'Privacy Impact Assessments' (1998)
• 'Privacy Impact Assessment Guidelines' (1998)
• 'A History of Privacy Impact Assessments' (2004)
• 'The Search for Balance: The Past, Present and Future of Privacy Impact Assessments' (2004)
• 'Identity Management; and PIAs' (2004)
• Submission re the Commonwealth Privacy Commissioner's PIA Guidelines (2005)
• Submission re the Victorian Privacy Commissioner's PIA Guidelines (2005)

2.3 Privacy Policy Statements (PPS)

A Privacy Policy Statement (PPS) is a web-page that makes statements about the web-site owner's privacy policies. The device is talked about by business and government as if the concept mattered, even though its significance is very low. Nonetheless, some guidance is provided in:

• Privacy Statement Template (2005)
• Information About the Privacy Statement Template (2005)
• Evaluation of Google's Privacy Statement against the Privacy Statement Template (2005)
• A Pilot Study of the Effectiveness of Privacy Policy Statements (2006)
• A Major Impediment to B2C Success is ... the Concept 'B2C' (2006)

3. POLICY

It is widely claimed that information technology is becoming pervasive, and is giving rise to an 'information economy' and an 'information society'. If that is the case, then its impacts will be substantial, and must be managed. This part of my collection of papers is concerned with public policy regarding dataveillance.

3.1 Policy Issues

The main policy issues are identified in the following papers:

• 'Information Technology and Dataveillance' (1988)
• 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' (1994)
• Person-Location and Person-Tracking Technologies (1999)
• Identity and Nymity: Public Policy Issues (2004)
• Privacy: More Wobble-Board Than Balance-Beam (2004)
• Is eGovernment for People, or against People? (2004)
• Identity Management? Or (Id)Entity Mismanagement? (2004)
• Have We Learnt To Love Big Brother? (2005)

I identified what I then saw as the Five Most Vital Privacy Issues, (July 1997), for the Montreal Daily, Le Devoir, prior to the International Conference on Privacy, Montreal.

A resource-page has been maintained since 1996, citing surveys of public attitudes to privacy issues.

3.2 Proposals for Policy Measures

Many of my papers pursue positive arguments about what policy measures should look like. The most important of these are:

• N.S.W Guidelines for the Operation of Personal Data Systems (1977, re-typed 2004)
• my foundation paper on dataveillance (1988)
• 'A Normative Regulatory Framework for Computer Matching' (1995, in an American computers and law journal). This articulates a normative regulatory regime for privacy protection generally, as well as computer matching in particular
• a paper published in a major U.S. journal provided specifications for a co-regulatory privacy protection regime, of the kind needed to establish effective controls over both the U.S. and Australian private sectors (February 1999)
• 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century' (January 2000)
• Privacy: More Wobble-Board Than Balance-Beam (2004)
• Position Statement re National ID Card Proposals, on behalf of the Australian Privacy Foundation
  (2005)
• Resources on ID Cards, on behalf of the Australian Privacy Foundation (2005)

Others include:

• Privacy Protection in the Private Sector (1996)
• 'Privacy Issues in Smart Card Applications in the Retail Financial Sector' (1996, for the Australian Commission for the Future)
• 'Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue' (1996, at an Australian Conference)
• 'Exemptions from General Principles Versus Balanced Implementation of Universal Principles' (February 1997)
• 'Privacy and Public Registers' (May 1997, at an Australian conference)
• Privacy Impact Assessments (February 1998)
• 'Smart Card Technical Issues Starter Kit' (April 1988, for Centrelink)
• 'Public Key Infrastructure: Position Statement' (May 1998)
• 'Privacy Requirements of Public Key Infrastructure' (March 2000), plus PowerPoint slides
• 'Invasiveness of the Body-Snatchers' (March 2001)
• Biometrics and Privacy (April 2001)
• 'Research Use of Personal Data' (August 2002)
• 'Why Biometrics Must Be Banned', plus slides (September 2003)
• A History of Privacy Impact Assessments (2004)
• Identity Management; and PIAs (2004)
• The Search for Balance: The Past, Present and Future of Privacy Impact Assessments (2004)
• Submission to the Federal Privacy Commissioner re Privacy Impact Assessments, on behalf of the Australian Privacy Foundation (2005)
• Submission to the Victorian Privacy Commissioner re Privacy Impact Assessments, on behalf of the Australian Privacy Foundation (2005)
• Submission to the Senate Legal and Constitutional Committee re its Inquiry into the Privacy Act (2005)
• Census 2006 ­ Submission to the Australian Statistician on behalf of the Australian Privacy Foundation (2005)
• Census 2006 ­ Report on the Consultative Processes on behalf of the Australian Privacy Foundation (2005)
• ENUM Trials Create Serious Privacy Concerns (2005)
• ABS's Proposals for Radical Alterations to the Census -Web-Page Updates, for the Australian Privacy Foundation (2005)
• Submission re the Anti-Terrorism Bill to the Senate Legal and Constitutional Committee (2005)

3.3 Critiques of Policy Measures

A paper on the OECD's Data Protection Guidelines (1989) provides a template for evaluating laws, and proposals for laws, and has been applied in a number of countries.

Many of my papers examine the inadequacies of the 'official response' by Parliaments and Governments, which involves providing mere 'fair information practices' protections. The intellectual basis underlying thse arguments is in 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century' (January 2000).

The following comments were made on the dreadful Privacy Amendment (Private Sector) Act 2000. It passed into law in December 2000, and became [in]effective on 21 December 2001:

• Submission to the Commonwealth Attorney-General, re: 'A privacy scheme for the private sector: Release of Key Provisions' of 14 December 1999' (January 2000)
• 'Privacy Bill needs much more work', the Australian Computer Society column of The Australian (February 2000)
• Submission to the House of Reps. Inquiry into the Privacy Amendment (Private Sector) Bill 2000' (May 2000)
• Submission to the Senate Inquiry into the Privacy Amendment (Private Sector) Bill 2000 (September 2000)
• 'Beyond the Alligators of 21/12/2001, There's a Public Policy Swamp' (October 2001)
• Submission to the Review of the Private Sector Provisions of the Privacy Act 1988 (Cth) (2004)

A specific matter of concern is public key infrastructure (PKI), and the use of digital signatures for identity authentication. A long list of papers is indexed above. Two that are particularly oriented towards the policy aspects are 'eAuthentication: Where's the Public Interest?' (2003), and Identity Management; and PIAs (2004).

Another concern is 'ENUM' (March 2003).

Yet another is the mindless enthusiasm for biometrics that has arisen as a result of the dominance of 'national security' over both civil liberties and logic, aided and abetted by fraudulent representations by technology providers. A specific critique is at:

• Submissions re Passport Biometrics, on behalf of the Australian Privacy Foundation, of 17 February, 25 February, 2 March, and 15 March (co-authored, 2004)

Papers between 1996 and 1999 were:

• a submission to a Senate Committee on privacy regulation for the private sector (July 1998), followed by a supplementary submission (August 1998)
• a submission to the Victorian Government in relation to its draft Bill (July 1998)
• Serious Flaws in the National Privacy Principles (April 1998, in PLPR);
• 'Privacy and Public Registers' (May 1997, at an Australian conference);
• Serious Flaws in the Australian Privacy-Protective Regime (February 1997);
• Privacy Protection in the Private Sector (1996).

Older papers that are now of primarily historical interest are as follows:

• 'Clients First or Clients Last?' (1995);
• 'Computer Matching by Government Agencies: The Failure of Cost/Benefit Analysis as a Control Mechanism' (1994);
• 'The Resistible Rise of the National Personal Data System' (1992);
• The Privacy Act as an Implementation of OECD Data Protection Guidelines (1989);
• 'Just Another Piece of Plastic for Your Wallet: The Australia Card' (1987);
• 'Impact on Practitioners of the Australian Law Reform Commission's Information Privacy Proposals' (1985, in the Australian Computer Journal, not currently available on the web);
• 'A Critique of the Australian Law Reform Commission's Information Privacy Proposals' (1986; with Graham Greenleaf; in an international journal of law and computers, not currently available on the web).

3.4 Organisational Self-Regulation

Organisational self-regulation without a layer of statutory regulation underpinning it is not a form of privacy protection, but a mere pretence. This is addressed in a number of places, including:

• Direct Marketing and Privacy (February 1998). The Australian Direct Marketing Association's attempts to gain official imprimatur for its practices was the subject of a submission (October 1998) and a second submission (December 1998)
• I argued in an article in a major journal that self-regulation within the U.S. private sector was demonstrably ineffectual , and that co-regulation was essential

A major paper provides guidance to corporations and government agencies concerning 'Privacy and Dataveillance; and Organisational Strategy' (1996, a keynote presentation at an Australian Conference).

Observations concerning a particular industry code are provided in 'Smart move by the smart card industry: The Smart Card Industry's Code of Conduct - Part I' (1996) and Part II (1997). Both were published in the Privacy Law & Policy Reporter.

3.5 Professional Responsibilities

A paper entitled 'Economic, Legal and Social Implications of Information Technology' (1988, published as an 'Issues and Opinions' piece in a leading US journal) provides a discussion of the ethics of academic endeavour in the information systems discipline. It argues that information technology's impacts are so great that detached observation is an inadequate stance for an information systems academic.

Information systems researchers must engage themselves in their subject-matter, and extend themselves beyond mere description and explanation, and even beyond the prediction of the outcomes of artefact design and interventions in organisations and society. Information systems researchers are irretrievably involved in the process of engineering organisations and society, and cannot meaningfully sustain the pretext that they are entirely uninterested in, and unaffected by, the processes around them. These issues are examined in 'Data Surveillance: Theory, Practice and Policy' (July 1997). That paper argues that policy issues in general, and information privacy in particular, are not only an appropriate area of focus for information systems researchers, but that they are also capable being approached in a sufficiently disciplined manner.

Here is the Australian Computer Society's ELSIC Committee, which I chaired 1984-95, and of which I continue to be an active member.

An outline is provided of 'Information Systems Audit & Information Privacy' (1997), and resources are provided for Privacy Impact Assessments (1998) and (2004).

Other papers on this topic include:

• 'Social Implications of IT - The Professional's Role' (1990, in the Australian Computer Journal, not available on the web);
• 'Information Privacy Implications of Information Technology' (1990, a Policy Statement, for the Australian Computer Society);
• 'Balancing Benefits Against Risks in the Proposed Health Communications Network' (1992, for an Australian conference);
• a Position Statement for a Privacy Panel (1993, at an international conference).

Self-regulation by research professional in the I.S. discipline is considered in considered in 'Information Privacy in a Globally Networked Society: Implications for Research', plus slide-set (December 2002). The contributions to the panel session were later published as 'Information Privacy in a Globally Networked Society: Implications for IS Research' (October 2003).

A further paper comments on the social responsibility of engineers, plus PowerPoint slides (2002).

3.6 Broader Issues

Like other technologies, computing and telecommunications are capable of being applied to the benefit of humanity as a whole, or of particular interest groups within society. Use of information technology by the politically powerful as a means of exercising control over the thoughts and actions of members of the public, is a matter of especial concern to those living in democracies.

A paper entitled 'Information Technology: Weapon of Authoritarianism or Tool of Democracy?' (1994; presented at the World Congress of computing academics) identifies critical implications of information technology for democracies. It represented a response to a paper submitted to the conference by a senior government executive of a country that had previously been dominated by the U.S.S.R., and that has no tradition of democracy as it is known in 'western' countries.

This paper's importance is that it lifts the application of the theory of dataveillance from the individual and social levels to the political level, and is a first, tentative step toward the building of a bridge between the theory of dataveillance (developed, as it has been, largely from within the information systems discipline), towards broader theories arising in anthropology, sociology and political science.

Other papers that consider broader issues related to dataveillance include:

• Freedom of Information? The Internet as Harbinger of the New Dark Ages, in First Monday 4, 11 (November 1999)
• Paradise Gained, Paradise Re-lost: How the Internet is being Changed from a Means of Liberation to a Tool of Authoritarianism, in Mots Pluriels 18 (August 2001)
• 'Digital Property Rights vs. Human Rights: Desperate Publishing Houses Are Demanding A New Dark Ages', plus slide-set (November 2002)
• 'Why I'm Not Going to CFP 2003' (March 2003)

4. AUSTRALIA

This section identifies papers that deal with matters specific to Australia.

4.1 Current Issues

A summary paper in this area is a history of privacy in Australia (December 1998). This is supplemented by a running document on current developments, and an update. Because privacy-invasive technologies and applications are so rampant, it's extremely difficult to keep up ...

Australia risks following down the same mindless trail as the U.S. in relation to security in locations such as airline terminals. A paper was prepared on the Smartgate 'face recognition' scheme trialled by Customs at Mascot airport (February 2003). Submissions were also made re Passport Biometrics, on behalf of the Australian Privacy Foundation, on 17 February, 25 February, 2 March, and 15 March (all in 2004).

Another concern is the lack of consideration of privacy throughout the telecommunications industry, including in relation to ENUM (March 2003).

4.2 The Australia Card and Its Progeny, 1985-

Papers on National Identification schemes generally are in a separate section, above. This section addresses the specifics of the ongoing attempts by executives in Australian government agencies and Australian politicians to implement extremist social control mechanisms in this country.

During the period 1985-87, the Commonwealth Government developed a proposal to implement a central database of the Australian population, whose purpose, expressed in terms of the theory developed in this body of work, was the facilitation of dataveillance of all residents of this country. 'Just Another Piece of Plastic for Your Wallet: The Australia Card' (1987, published in an international technology policy journal) provides a carefully documented description and analysis of the proposal, a distillation of the issues, and a political history of the proposal's development and ultimate fate.

Another paper on the topic was 'National Identification Scheme - Costs and Benefits' (1986, published in an Australian journal).

Although the Australia Card proposal was withdrawn in the face of dramatically negative public opinion, the momentum that dataveillance applications of information technology had attained within the Commonwealth public sector was scarcely affected. 'The Resistible Rise of the National Personal Data System' (1992, published in an American journal of computers and law) documents a number of developments during the following three years. It is primarily a political history, expressed within the context set by the theory of dataveillance.

The untrustworthiness of a mere Prime Minister's assurances are underlined in 'The Tax File Number Scheme: A Case Study of Political Assurances and Function Creep' (1991, published in an Australian journal).

An attempt by law enforcement interests to create a highly privacy-intrusive scheme is documented in 'LEAN Times Ahead: The Proposed Law Enforcement Access Network' (1992).

The reasons for public concerns about government agencies are summarised in 'Why the Public Is Scared of the Public Sector' (1993, presented at an Australian conference).

The justification for a major computer matching scheme is shown to be incompetent or fraudulent, in 'Matches Played Under Rafferty's Rules: The Parallel Data Matching Program Is Not Only Privacy-Invasive But Economically Unjustifiable As Well' (1993, published in Privacy Law & Policy Reporter).

Echoes recur continually. In April 1999, the Commonwealth Auditor-General, Pat Barrett, sought to revive the process of extending the Tax File Number, this time into the Medicare arena (ANAO 1999). His proposal was then considered by the House of Representatives Standing Committee on Economics, Finance and Public Administration (EFPA). Too pressed for time to provide yet another time-wasting submission to yet another government committee, I submitted a brief letter (November 1999).

During the 1990s, bureaucrats achieved merger of all government benefits schemes, and correlation of identifiers, by means of Centrelink. Despite resistance going back 15 years, they eventually succeeded in combining the health insurance and pharmaceutical benefits schemes in to a single agency. Then in the early 2000s, the centralist's dream of a 'super-ministry' was achieved, euphemistically called Human Services, which enable the benefit schemes, health systems and child support agency to be drawn even closer together.

Meanwhile, a succession of attempts were made to upgrade drivers' licences into a much broader social control scheme. See Submission to Queensland Transport in relation to the Proposed Smartcard-Based Driver's Licence (2003).

Then in mid-2005, the Queensland Premier Beattie, in an endeavour to shift media attention away from serious problems in his State, suggested that an Australia Card was needed. The Prime Minister ran with it. A cluster of identity schemes was progressively drawn into one being developed by the 'Human Services' Minister dubbed the Access Card.

Advocacy groups and the media have caused a great deal of pertrubation in the statements made by politicians and bureaucrats about the scheme. The resolve with which it is being pursued by the Government appears set to bring down another Minister in due course.

Documentation about the schemes, the continual changes in Government pronouncements, and the privacy advocacy campaigns, is at:

• The Medicare Smartcard (2004-06)
• Australia Card Mark II (2005-06)
• The Human Services Card (2005-06)
• The Dept of Human Services' So-Called 'Access Card' (2006-)
• National Document Verification Service project (DVS) (2005-)

Parallel State Government schemes include:

• The NSW Photo ID card (2004-)
• The Queensland Driver’s Licence (2003-)

Papers on the topic are as follows:

• Position Statement re National ID Card Proposals, on behalf of the Australian Privacy Foundation
  (2005)
• Resources on ID Cards, on behalf of the Australian Privacy Foundation (2005)
• MyKad - the Malaysian ID Card (2005)
• IDologists (interview in The Sydney Morning Herald, 2 August 2005)
• National Identity Cards? Bust the Myth of 'Security über Alles'! (2006)
• National Identity Schemes ­ The Elements (2006)
• Smart Cards and Biometrics: Is a Nightmare-Free Australia Card Feasible (2006)

4.3 The Privacy Act 1988, as amended in 1990 and 2001

The Privacy Act, passed in December 1988, was carefully analysed in the following papers, which were distributed among a small community of interested researchers and government agencies:

• 'The Commonwealth Privacy Act 1988: A Personal Summary' (February 1989);
• Unofficial Short Form of the Information Privacy Principles' (1989);
• 'The Commonwealth Privacy Act 1988: Interpretation and Annotations from the Information Systems Perspective' (March 1989);
• 'The Privacy Act 1988 as an Implementation of the OECD Data Protection Guidelines' (June 1989).

A paper on 'Consumer Credit Reporting and Information Privacy Regulation', summarised the situation in the lead-up to the 1989 extensions to the Privacy Act (1989). The resultant legislation was described in 'Privacy Regulation of Consumer Credit Reporting' (June 1989, published in an Australian journal, not available on the web).

The disastrously bad amendment Bill of 2000 was analysed and severely criticised:

• Submission to the Commonwealth Attorney-General, re: 'A privacy scheme for the private sector: Release of Key Provisions' of 14 December 1999' (January 2000)
• 'Privacy Bill needs much more work', the Australian Computer Society column of The Australian (February 2000)
• Submission to the House of Reps. Inquiry into the Privacy Amendment (Private Sector) Bill 2000' (May 2000)
• Submission to the Senate Inquiry into the Privacy Amendment (Private Sector) Bill 2000 (September 2000)

It came into force on 21 December 2001, exacerbating rather than solving problems. For subsequent analyses, see:

• Beyond the Alligators of 21/12/2001, There's a Public Policy Swamp (October 2001)
• Submission to the Review of the Private Sector Provisions of the Privacy Act 1988 (Cth) (2004)

4.4 Other Papers Prior to 1990

This section is provided primarily as a matter of record, most recent first.

During 1989-90, a series of papers was prepared under consultancy assignments for the Commonwealth Privacy Commissioner, on:

• the Privacy Act 1988;
• Data Matching;
• Transborder Data Flows; and
• Draft Commonwealth Public Service Guidelines for Data Matching.

During the period 1985-1990, several Policy Papers were prepared for the Australian Computer Society, on:

• the 'Australia Card' Scheme;
• the Enhanced Tax File Number Scheme;
• Consumer Credit Reporting; and
• a National Information Policy

The situation in health care is discussed in 'Current Health Care Information Privacy Issues' (1990, invited paper at an Australian conference).

A series of assessments of earlier proposals for privacy regulation was published:

• 'Impact on Practitioners of the Australian Law Reform Commission's Information Privacy Proposals' (1985, in the Australian Computer Journal; not currently available on the web);
• 'Aspects of the Australian Law Reform Commission's Information Privacy Proposals' (1986; with Graham Greenleaf; in an international journals of law and computers; not currently available on the web);
• 'Australian Proposals to Implement the OECD Data Protection Guidelines' (1988).

During 1978-80, a series of papers were prepared for (now High Court Justice) Michael Kirby, in relation to the design of the OECD Guidelines.

During 1976-77, a series of papers was prepared while I was a Research Officer the N.S.W. Privacy Committee. This included a set of Guidelines in relation to Personal Data Systems which would stand up very well today.

During 1972-75, several papers were prepared on behalf of the N.S.W. Branch of the Australian Computer Society. At that time, it appeared that the N.S.W. Government might push through privacy protection legislation that could have been harmful to the then immature computer industry. I led the professional association's lobbying against unreasonable regulation. I was too successful: N.S.W. passed no substantive law until 1998, and then came up with what was until December 2000 the world's worst privacy protection legislation ...

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).

Created: 17 August 1997 - Last Amended: 30 October 2007 by Roger Clarke - Site Last Verified: 15 February 2005
This document is at www.anu.edu.au/people/Roger.Clarke/DV/AnnBibl.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2006   -    Privacy Policy