The electronic, digital computer was invented in about 1940, and was first used to support the processes of business and government in the early 1950s. It has made great strides, in terms of both the capabilities of the underlying equipment or 'hardware', and in the suites of programs, or 'software' which enable the hardware to be applied to specific purposes. The progressive marriage of computing with local and distant ('tele') communications, and, more slowly, with robotics, has seen the emergence of what is at present commonly referred to as 'information technology'.
The information systems discipline is concerned with information, and with its creation, management and use by individuals, especially in organisational contexts. It emerged because of the perceived need to understand and guide the application of information technology to human needs. Accordingly, the discipline is also concerned with the use of information technology artefacts, and hence with the analysis of user needs, the design of artefacts, their construction, and their progressive re-formation-in-use.
Many aspects of information technology have been well-researched. At the levels of hardware and systems software, the disciplines of computer science and communications engineering are now well-established. At the level of application software, however, and especially in the areas of the management of information technology, and social policy regarding its impacts and implications, understanding is far less mature.
The information systems discipline emerged during the 1960s, particularly in schools of management and commerce, drawing variously on the existing disciplines of computer science, individual and organisational behaviour, operations research / management science, accounting, and operations management. The conventional institutional framework for a discipline, such as formal recognition within universities, undergraduate majors and degrees, specialist postgraduate and doctoral programs, specialist journals and specialist international conferences, was accumulated during the period 1965-1980.
Many areas within the information systems discipline have matured rapidly. For example, bodies of knowledge exist in relation to the development of new applications, the management of existing applications, the processing of raw data into useful information, and the provision of information to support decision-making by individuals and by groups.
There remain, however, many aspects of the discipline which are as yet highly immature. Concern has been expressed that the discipline continues to rely on theories extracted from reference disciplines, and has been tardy in developing its own coherent body of foundation theory (Weber 1987). A great many of the theories which are available are of assistance in describing particular domains, but their explanatory power is weak and their predictive power very limited indeed. There are also significant difficulties in selecting and applying research methods (Galliers 1992). The problems arising as a result of the discipline's youth are compounded by the highly unstable nature of the domain of study, which includes fast-changing technologies which are being influenced by, and are influencing, fast-changing organisational and behavioural patterns.
Beyond supporting the description, explanation and prediction of relevant phenomena, the information systems discipline needs to provide normative support to decision-makers within individual organisations which seek to exploit information and information technology. Moreover, advanced technologies are having increasingly significant impacts on and implications for individuals, groups, organisations, industry segments and sectors, and economies and societies as a whole. There is therefore a vital public policy dimension to the discipline.
The sub-discipline of information management has existed since the emergence of the information systems discipline as a whole 25-30 years ago. This segment focuses on matters of concern to managers and executives, primarily within individual organisations. It also involves inter-organisational considerations, and is slowly developing a body of knowledge in relation to public policy questions (see, for example, Dunlop & Kling 1991).
The publications which make up this supplication for a doctorate by published work report on research undertaken in one particular area of great policy significance, and increasing importance to individual organisations, but which has been almost entirely ignored during the information systems discipline's first few decades.
INFORMATION PRIVACY AND DATA SURVEILLANCE
Since the 1960s, there has been considerable public concern about individual privacy (e.g. Cowen 1969). Statutory protections were enacted in most advanced western nations in the 1970s and codified by the end of that decade (OECD 1980). Australia was a laggard, with the Commonwealth Privacy Act being passed only at the end of 1988.
Privacy is a cluster of interests of the individual, which in many circumstances tend to conflict with the interests of other individuals, organisations, and society as a whole. Aspects of privacy which it is valuable to distinguish are:
? privacy of the person. This deals with the integrity of the individual's body. Key issues include compulsory immunisation, blood transfusion, provision of body tissue, and sterilisation;
? privacy of personal behaviour. This relates to such matters as sexual preferences and habits, political activities and religious practices, both in private and in public places;
? privacy of personal communications. Individuals claim an interest in being able to communicate among themselves, using various media, without routine monitoring by other persons or organisations; and
? privacy of personal data. Individuals claim that data about themselves should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use.
With the close coupling that has occurred between computing and communications during the last 15 years, the last two aspects have become closely linked, and are commonly referred to as 'information privacy'. This body of work is concerned with the impact of information technology on information privacy.
Intrinsic to the study of privacy is the recognition that privacy is one interest among many, and that this interest needs to be balanced against other interests, not only those of other individuals, but also those of groups and of society as a whole. A precept on which all of my work has been based is that judgements about the particular balances that are appropriate need to be made by democratic processes, within particular jurisdictions, at particular points in time; that is to say that there are no 'grand solutions' to privacy issues. Rather, there are issues, and dimensions of issues, and stakeholders with interests. It is important that information about all of these be surfaced, and the possibility of rational discourse created.
The study of 'interests' and of public policy measures to protect interests are proper subject-matter for disciplines other than information systems, and in particular sociology and law. An important contribution of this body of work has been to shift the focus from the interest that individuals have, to the technologies and the applications of those technologies which threaten that interest. It is vital that the discipline of information systems, and the sub-discipline of information management, perform intermediary functions between the scientific and technological disciplines which are generating and applying the technologies, and the social and policy disciplines which are seeking to regulate them.
This work has accordingly involved a detailed examination of the techniques and practices of surveillance, the definition of new terms to describe the new ways in which people are being subjected to observation, the expression of this body of theory and practice in terms accessible to specialists in other disciplines as well as in computer science and information systems, and contributions to policy debates.
Only limited prior theoretical work was available to me at the commencement of my research. This is examined at length in several of the papers. As a result of the paucity of established theory, a great deal of the contribution of this collection was necessarily of the nature of theory formation.
Within the information systems discipline, the key pre-existing works were Laudon (1974) and Kling (1978). Important sources were available from other disciplines, including sociology (Westin 1967 and 1971, Westin & Baker 1972, Rule 1973 and 1983, and Rule et al. 1980) and law (particularly Morison 1973). Of especial intellectual importance is the notion of society as 'prison' (Foucault 1975, by analogy with the 'panopticon' of Bentham 1791). Among less academic works are to be found some of significance, including Packard (1964), Smith (1974-) and Burnham (1983).
A number of government agencies, law reform bodies and parliamentary committees had made important contributions to the understanding of information privacy (including HEW 1973, FACFI 1976, NSWPC 1976-, PPSC 1977, Lindop 1978, OTA 1981 and ALRC 1983). A number of other important publications appeared during the course of development of this body of work (in particular, Marx & Reichman 1984, Marx 1985, Roszak 1986, OTA 1986, Flaherty 1989, PCA 1989-, GAO 1990, Bennett 1992 and Davies 1992).
A significant proportion of the contribution of this work was of the nature of scholarship, i.e. the careful and disciplined examination, evaluation and synthesis of a wide range of secondary sources.
This was supported by lengthy and deep, but largely informal, empirical experience. This was gleaned through involvement in privacy issues, variously as:
? a representative of the professional body representing information technologists, the Australian Computer Society (ongoing, since 1972);
? a Research Officer for and subsequently consultant to the N.S.W. Privacy Committee (1976-77, 1977-80);
? a consultant to the Australian Law Reform Commission in relation to its privacy reference (1977-80);
? a public advocate on a wide range of privacy issues, particularly in my role as National Capital Convenor of the Australian Privacy Foundation (ongoing, particularly since 1985);
? a consultant to the Privacy Commissioner of the Commonwealth of Australia during the foundation period of his Office (1989-91); and
? a consultant to several government agencies and private sector corporations on privacy matters.
It is stressed that this supplication is not based on the many consulting reports and unrefereed publications which have arisen from these activities, but on refereed papers arising from appropriately careful and considered research work, and subjected to peer review.
On the basis of reference theories, particularly in relation to information privacy, a body of theory was progressively formed relating to data surveillance. A number of aspects of this were subjected to empirical testing, through structured interviews with practitioners and case study research drawing on multiple sources of data to achieve triangulation on the object of study. On the basis of this work, the body of theory was articulated and refined.
As discussed in several of the papers, considerable difficulties were experienced in conducting empirical research into data surveillance practices, to some extent in the United States, but especially in Australia. The Commonwealth agencies that developed the 'Australia Card' proposal in the period 1985-87 withheld key information from public purview. During the period 1987-92, agencies declined to provide any meaningful information about their use of computer matching, and utilised various exemption clauses under the Freedom of Information Act 1978 to avoid providing documents. Even secondary data, arising for example from the Privacy Commissioner's investigations, are frequently not publicly available. In the mid-1990s, profiling continues to be undertaken out of the public gaze, although a seminar convened by the Commonwealth Privacy Commissioner in July 1995, and addressed by myself, may represent a turning point in the public visibility of profiling programs.
The work reported on in this collection is therefore based on much less, and much less 'hard', information than would have been desirable. On the other hand, the importance of the topic is such that research needed to be undertaken, and works needed to be published, on the basis of careful consideration of such limited data as was available.
SUMMARY OF THE PUBLISHED WORKS
The works are presented in a logical sequence, rather than their chronological order of publication.
Papers 1 and 2 - The Theory of 'Information Technology and Dataveillance'
The first paper, Clarke (1988a), appeared in the leading journal of the United States Association for Computing Machinery. It establishes the basis for the entire work, by reviewing surveillance practices, and showing how information technology is resulting in the replacement of expensive physical and electronically enhanced monitoring of individuals and groups by highly automated, and therefore much cheaper, systematic observation of data about people.
This new form of monitoring, whose descriptor I abbreviated to 'dataveillance', is potentially highly privacy-invasive. The paper imposed a degree of organisation on the field of knowledge that had never previously existed, and has been used by other researchers and teachers in their subsequent work. It also established a framework within which my own further research could be conducted.
The second paper, Clarke (1994a), further develops a vital aspect of the argument commenced in the first paper, namely the nature of human identification as it is applied within information systems. Remarkably, there are very few works in any academic literature which address the question of such uses of human identity, and for this reason the paper had a long gestation period (from 1985 until 1994). It was published in an international journal which might be characterised as 'trans-atlantic' in flavour, and provides a forum for researchers addressing the interaction between information technology and individuals, groups, organisations and societies.
Based on the theory presented in the paper, implications are identified for managers and executives within organisations, and for public policy. I am currently conducting a further stream of research which has grown out of this project, and which is examining the extent to which anonymous and pseudonymous transactions are capable of satisfying the needs of organisations and individuals.
Papers 3, 4 and 5 - Application of the Theory to Computer Matching
A series of papers resulted from a sub-project undertaken between 1987 and 1992. One particular technique identified in the foundation paper as being of especial importance was 'computer matching', particularly as applied in government. The technique did not arise from academic research, but was developed pragmatically, in both the United States and Australia in the late 1970s. There was a very limited literature. Field work was undertaken in the public sectors of both the United States and Australia. The purposes were to describe and understand the phenomenon, to apply data surveillance theory, and to draw implications. Initially, considerable difficulties were encountered in gathering information, but (for reasons explained in the papers) it became progressively more feasible to subject the use of the technique to scrutiny.
The first in this sub-set of papers (Clarke 1994b) provides a detailed description of the technique, and was published in the same journal as Paper Number 2 on 'human identification'. It established that there were considerable difficulties involved in appropriately applying matching, and that the risks were borne by the individuals whose data was matched, rather than by the organisations conducting the matching.
The second paper in the series, and fourth in the collection (Clarke 1995a), was published in the first issue of a newly re-named 'trans-atlantic' journal, Information Infrastructure and Policy (which, during its first three Volumes, was entitled Informatization and the Public Sector). The paper examines the mechanisms which prevent unjustifiably privacy-invasive matching from being undertaken, and ensure that suitable protections are incorporated into such programs as do proceed. It includes a detailed examination of the use of cost-benefit analysis (CBA) to justify matching programs, and a review of the extent to which CBA has functioned as an effective control over misuse and abuse of computer matching in the United States and Australia. Its conclusion is that there are serious inadequacies in the controls over computer matching.
The final paper on matching (Clarke 1995b) appeared in a journal which specialises in the law relating to information technology, and is published by the John Marshall Law School in Chicago. The paper takes as its starting points the theory of dataveillance established in earlier papers, the threatening nature of computer matching, and the absence of effective controls. It proposes a set of general and specific regulatory measures which it is argued are necessary if society is to bring government matching programs under control. It assesses the limited regulatory regimes of the United States and Australia against those proposals, and finds them seriously wanting.
Paper 6 - Application of the Theory to Profiling
Clarke (1994c) examines a further technique which was outlined in the foundation paper, and which has become increasingly popular during the last decade. The paper appeared in the Journal of Law and Information Science, which is edited and published in Australia but is international in terms of both its authorship and readership.
A technical description of 'profiling' is provided. The paper is based on limited 'hard' empirical evidence, because most profiling is undertaken, in the public and private sectors alike, surreptitiously. The paper identifies substantial dangers which are inherent in the technique. It lays the foundation for more careful empirical work, but this may not be possible until parliamentary and governmental action is taken to open up the practice of profiling to public scrutiny.
Paper 7 - The Impact of Developments in Database Retrieval Technology
The seventh paper (Greenleaf & Clarke 1984) was published in the primary journal of record of this country's computer science community, the Australian Computer Journal. It reported on an examination of a very specific matter, the scope for a new form of database technology to render impractical an established privacy-protective mechanism, the so-called 'subject access principle'.
This work represented a case study of the way in which developments in information technology undermine privacy protection laws. It provided a basis for understanding the impact of other developments, such as data matching and profiling, and for current challenges such as 'reverse access' to telephone directories, monitoring of energy usage, textual analysis, and the discovery of individual characteristics through the analysis of seemingly anonymous, statistical collections.
Paper 8 - Application of the Theory to the Information Infrastructure
The eighth paper (Clarke 1994c) was published in another 'trans-atlantic' journal which examines the patterns in 'The Information Society'. The paper applies the theory developed in earlier papers in a particular, emergent context, that of the information infrastructure in general and the Internet in particular. It introduced a new concept, the 'digital persona', as a tool in the analysis of behaviour on the net. It then applied the tool, together with data surveillance theory, to predict the monitoring of the 'real-life' behaviour of individuals and groups through their net behaviour.
Papers 9 and 10 - Dataveillance Practices of the Australian Government
During the period 1985-87, the Commonwealth Government developed a proposal to implement a central database of the Australian population, whose purpose, expressed in terms of the theory developed in this body of work, was the facilitation of dataveillance of all residents of this country. Analysis of the proposal was conducted. In parallel with my research work, I disseminated information about the proposal through intermediate-quality and popular publication channels, and participated fully and actively in the lively public debates.
Clarke (1987) provides a carefully documented description and analysis of the proposal, a distillation of the issues, and a political history of the proposal's development and ultimate fate. It appeared in a refereed journal, Prometheus, which is dedicated to the political economy of information technologies, and is published in Australia but has international authorship and readership. The paper was published prior to the proposal's demise; hence an addendum is provided, which appeared in an unrefereed American periodical.
Although the Australia Card proposal was withdrawn in the face of dramatically negative public opinion, the momentum which dataveillance applications of information technology had attained within the Commonwealth public sector was scarcely affected. Clarke (1992) documents a number of developments during the next three years. It is primarily a political history, expressed within the context set by the theory of dataveillance. It appeared in a 'law of information technology' journal published by the John Marshall Law School in Chicago (which has since merged with another similar journal into the Journal of Computer and Information Law, in which Paper 5 appeared some three years later).
Papers 11 and 12 - Regulatory Measures
These two closely related papers were addressed to different audiences. Clarke (1985) appeared in the Australian Computer Journal, and Greenleaf & Clarke (1986) in the Australian-published but internationally-distributed Journal of Law & Information Science. They examined various aspects of the emergent proposals for Commonwealth law to protect information privacy.
The law which was subsequently passed, the Privacy Act 1988, was subjected to in-depth analysis in two lengthy papers. These were distributed among a small community of interested researchers and government agencies, but were not formally published, either in a refereed journal or otherwise, and hence are not included in this body of work.
Paper 13 - The Overtly Political Dimension of Dataveillance
Like other technologies, computing and telecommunications are capable of being applied to the benefit of humanity as a whole, or of particular interest groups within society. Use of information technology by the politically powerful as a means of exercising control over the thoughts and actions of members of the public, is a matter of especial concern to those living in democracies.
Clarke (1994d) was published in the refereed Proceedings of the 13th World Congress of the International Federation for Information Processing. It represented a response to a paper submitted to the conference by a senior government executive of a country which had previously been dominated by the U.S.S.R., and which has no tradition of democracy as it is known in 'western' countries. The paper's importance is that it lifts the application of the theory of dataveillance from the individual and social levels to the political level.
This paper has a significant polemical overtone to it, however, and must be regarded as a first, tentative step in building a bridge between the theory of dataveillance, developed, as it has been, largely from within the information systems discipline, towards broader theories arising in anthropology, sociology and political science.
THE THEORY, PRACTICE AND POLICY OF DATAVEILLANCE
Each of the papers making up this collection was written in such a manner that it could stand alone. One effect of this is that the papers contain a significant amount of repetition. Another effect is that the underlying structure of the argument as a whole is obscured. This section identifies that deep structure.
The first concern of the body of work was to establish a theory of dataveillance, in part by identifying what already existed, in part by drawing from appropriate reference disciplines, but to a considerable extent by original contribution. The primary papers in the collection which present that body of theory are paper numbers:
? 1, which lays the foundations;
? 2, in regard to human identification;
? 3, which addresses computer matching;
? 6, which is concerned with profiling;
? 7, relating to data retrieval technology; and
? 8, which investigates the digital persona.
The second concern was to exploit the body of theory as a means of observing and documenting the practice of dataveillance. The primary papers in the collection which address practice are:
? 3, 4 and 5, in respect of computer matching;
? 6, in respect of profiling; and
? 9 and 10, in respect of the emergent Australian national personal data system.
On the basis of the empirical evidence, the body of theory has been progressively articulated and extended.
It is widely claimed that information technology is becoming pervasive, and is giving rise to an 'information economy' and an 'information society'. If this is the case, then its impacts will be substantial, and should be managed. The third and final aspect of the research therefore concerned policy. The papers in the collection which make contributions in this regard are:
? 1, which lays the foundations;
? 2, in relation to multi-purpose identification schemes;
? 5, which proposes a normative regulatory regime for computer matching;
? 7, which identifies the manner in which regulatory measures are undermined by developments in technology;
? 4, 9, 10, 11 and 12, which identify the inadequacies of the 'official response' to the application of privacy-invasive technology by governments; and
? 13, which identifies critical implications of information technology for democracies.
The collection is completed by an unrefereed 'Issues and Opinions' piece, published in the leading US journal, MIS Quarterly (Clarke 1988b). This is not a piece of careful academic work, but rather a meta-level discussion concerned with the ethics of academic endeavour in the information systems discipline. It is included in this collection for a quite specific purpose.
The argument pursued in this short paper is that information technology's impacts are so great that detached observation is an inadequate stance for an information systems academic. Rather, it is imperative that information systems researchers engage themselves in their subject-matter, and extend themselves beyond mere description and explanation, and even beyond the prediction of the outcomes of artefact design and interventions in organisations and society. This is a further development of a long-standing discussion within the information systems discipline about the need to achieve balance between the relevance of research and the rigour with which it is undertaken (Keen 1980).
It is emphatically not proposed that the scientific ideals of independence and repeatability should be abandoned. It is, however, contended that information systems researchers, or at least those who focus on the 'information management' segment of the discipline, are irretrievably involved in the process of engineering organisations and society, and cannot meaningfully sustain the pretext that they are entirely uninterested in, and unaffected by, the processes around them.
ALRC (1983) 'Privacy' Report No. 22, Austral. L. Reform Comm., Austral. Govt Publ. Service, 3 vols. 1983
Bennett C.J. (1992) 'Regulating Privacy' Cornell U.P., Ithaca, 1992
Bentham J. (1791) 'Panopticon; or, the Inspection House', London, 1791
Burnham D. (1983) 'The Rise of the Computer State' Random House, 1983
Cowen Z. (1969) 'The Private Man' Boyer Lecture Series, Aust. Broadcasting Comm. 1969
Davies S. (1992) 'Big Brother: Australia's Growing Web of Surveillance' Simon & Schuster, Sydney, 1992
Dunlop and R. Kling (Eds.) (1991) 'Controversies in Computing', Academic Press, 1991
FACFI (1976) 'The Criminal Use of False Identification: the Report of the Federal Advisory Committee on False Identification', U.S. Dept of Justice, 1976
Flaherty D.H. (1989) 'Protecting Privacy in Surveillance Societies' Uni. of North Carolina Press, Chapel Hill, 1989
Foucault M. (1975) 'Discipline and Punish: The Birth of the Prison' Penguin, 1975, 1979
Galliers R.D. (1992b) 'Choosing Information Systems Research Approaches' Chapter 8 in Galliers R.D. (Ed.) 'Information Systems Research' Blackwell, Oxford, 1992, pp.144-163
GAO (1990) 'Computers and Privacy: How the Government Obtains, Verifies,Uses and Protects Personal Data' General Accounting Office, GAO/IMTEC-90-70BR, Washington DC, 1988
HEW (1973) 'Records, Computers and the Rights of Citizens: Report of the Secretary's Advisory Committee on Automated Personal Data Systems' (U.S. Dept. of Health, Education and Welfare) M.I.T. Press 1973
Keen P.G.W. (1980) 'MIS Research: Reference Disciplines and a Cumulative Tradition' Proc. 1st Int'l Conf. Inf. Sys. Philadelphia, December 1980, 9-18
Kling R. (1978) 'Automated Welfare Client Tracking and Welfare Service Integration: The Political Economy of Computing' Comm ACM 21,6 (June 1978) 484-93
Laudon K.C. (1974) 'Computers and Bureaucratic Reform' Wiley, New York, 1974
Laudon K. (1986a) 'Data quality and due process in large interorganisational record systems' Commun. ACM 29,1 (Jan 1986)
Laudon K.C. (1986b) 'Dossier Society: Value Choices in the Design of National Information Systems' Columbia U.P., NY, 1986
Lindop N. (1978) 'Report of the Committee on Data Protection' Cmnd 7341, HMSO, London, 1978
Marx G.T. (1985) 'The New Surveillance' Technology Review (May-June 1985)
Marx G.T. & Reichman N. (1984) 'Routinising the Discovery of Secrets' Am. Behavioural Scientist 27,4 (Mar/Apr 1984) 423-452
Morison W.L. (1973) 'Report on the Law of Privacy' N.S.W. Govt. Printer, Sydney, 1973
NSWPC (1976-) Annual Reports, and reports on particular issues as available, N.S.W. Privacy Committee, Sydney
OECD (1980) 'Guidelines for the Protection of Privacy and Transborder Flows of Personal Data' Organisation for Economic Cooperation and Development, Paris, 1980
OTA (1981) 'Computer-Based National Information Systems: Technology and Public Policy Issues' Office of Technology Assessment, Congress of the United States, Washington DC (September 1981)
OTA (1986) 'Federal Government Information Technology: Electronic Record Systems and Individual Privacy', Office of Technology Assessment, Congress of the United States, Washington DC, OTA-CIT-296, June 1986
Packard V. (1964) 'The Naked Society' McKay, New York, 1964
PCA (1989-) Annual Reports, and reports on particular issues as available, Privacy Commissioner, Human Rights and Equal Opportunities Commission, Sydney
PPSC (1977) 'Personal Privacy in an Information Society' Privacy Protection Study Commission, U.S. Govt Printing Office, 1977
Roszak T. (1986) 'The Cult of Information' Pantheon, New York, 1986
Rule J.B. (1973) 'Private Lives and Public Surveillance' Allen Lane 1973
Rule J.B. (1983) 'Documentary Identification and Mass Surveillance in the U.S.' Social Problems 31:222-234 December, 1983
Rule J.B., McAdam D., Stearns L., Uglow D. (1980) 'The Politics of Privacy' Elsevier, New York, 1980
Smith R. E. (1974-) 'Privacy Journal', Providence RI, monthly since November 1974, and 'Compilation of State and Federal Privacy Laws', Providence RI, annually since 1974
Weber R. (1987) 'Toward a Theory of Artifacts: A Paradigmatic Basis for Information Systems Research' The Journal of Information Systems, 1, 2 (Spring 1987) 3-19
Westin A.F. (1967) 'Privacy and Freedom' Atheneum, NewYork, 1967
Westin A.F. (Ed.) (1971) 'Information Technology in a Democracy' Harvard University Press, Cambridge MA, 1971
Westin A.F. and Baker M.A. (1972) 'Databanks in a Free Society' Quadrangle/N.Y. Times Book Co. 1972