Current Developments in Internet Privacy

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 27 August 1999, prepared for presentation at the IIR Conference on Data Protection and Information Privacy, 31 August 1999

© Xamax Consultancy Pty Ltd, 1999

This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/ICurr9908.html


Abstract

The 'privacy on the Internet' scene is rapidly evolving. Initiatives to date by most business enterprises, many industry associations, and most governments have demonstrated pathetically limited understanding of the nature of the Internet, of the issues that the public is concerned about, and of the depth of their concerns.

A great many more iterations will be needed before public confidence will be established in the information infrastructure as a place to do business with businesses, and to do business with government. A window of opportunity exists for privacy-aware organisations to distinguish themselves from their competitors by offering consumers what they want.


Contents


1. Introduction

This document provides an overview of the current situation in the debates about the Internet and privacy. It is copiously cross-referenced to documents that provide more detailed information about specific matters.


2. Background

2.1 Privacy

Privacy is the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations. It has multiple facets. Information Privacy is the interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves. An introduction and definitions of terms are in Clarke (1997f). An outline of the context in which privacy discussions take place is provided in Clarke (1998h).

The Internet has brought with it enormous potential benefits. Those relating to virtual communities are being realised; but those relating to electronic commerce are delivering on their promise much more slowly.

The slow take-up of consumer I-commerce results from a variety of factors, which are examined in Clarke (1997h), Clarke (1997i) and Clarke (1999a). Central among the impediments are the multitudinous negative impacts on privacy that are part and parcel of the present Internet experience. This document provides access to information about these negative impacts, about further threats that technologists, corporations and governments keep creating, and about means of dealing with those threats.


2.2 Threats

In order to make sense of the Internet, it is essential to be a participant, to understand something of the technology (Clarke et al. 1998), and to appreciate the mindset of the people who inhabit cyberspace (Clarke 1997c). The freedoms that netizens claim are expressed in Clarke (1997g).

In Clarke (1997j) and Clarke (1998e), privacy threats on the Internet are categorised as follows:

Further details about each category are provided at the above references.


2.3 Ever More Threats

A series of specific issues repeatedly force themselves into the public eye. These include:

On the important question of whether one's activities on the Internet are anonymous, pseudonymous or identified, see Clarke (1999e).

An issue of especial significance is public key infrastructure (PKI - Clarke 1996b). This can take a variety of forms, but most of them (and all of the obvious ones) are themselves highly privacy-intrusive (Clarke 1997i, Greenleaf & Clarke 1997). Securing each person's private key in such a manner that they (and only they) can apply it, and can do so with relative ease, is a considerable challenge. Some of the schemes proposed involve highly intrusive applications of highly-intrusive biometrics (Clarke 1994). Schemes proposed to date fail to measure up against the requirements (Clarke 1998d).

Several organisations are currently endeavouring to shape the Australian PKI, in particular the Government Public Key Authority (GPKA), the Certification Forum of Australia (CFA), and the recently-announced National Electronic Authentication Council (NEAC). Although these have been placed on clear notice of the public's concerns, it is as yet uncertain whether they will heed the calls. For example, NEAC includes no representation of the general public interest, and its terms of reference appear to overlook the matter entirely.


3. Responses

This sections considers firstly the actions of governments, then those of the public, and finally those of organisations and technologists.


3.1 Regulatory Responses

The Internet has reduced the power of governments, because it facilitates extra-jurisdictional and even supra-jurisdictional activities, and extends their availability beyond corporations and wealthy individuals (Clarke 1997c, Clarke 1997e). It is an over-reaction, however, to infer that governments and localised watchdog agencies are powerless. If governments choose to, they can use the force of law to constrain undesirable activities. Governments are choosing to use their powers in relation to some Internet behaviour (e.g. the dissemination of pornographic materials). They should also choose to defend the important human value of privacy.

* International Developments

A small number of international documents are influential in discussions about regulation by Australian governments:

In the United States, freedom of private sector behaviour continues to be regarded as a higher value than personal privacy. One of the few agencies to take an interest in Internet privacy, the Federal Trade Commission (FTC), began by 'talking tough'; but, in July 1999, it reduced its stance to minimalist intervention justified by the pretence that corporations had taken notice of the FTC, and were now protecting the public.

The FTC provides a guide for the public which reflects the country's preference to let corporations dominate consumers. Despite its own findings about the thorough inadequacy of corporate web-site privacy policy statements, together with those of EPIC (1997 and 1998) and a more recent academic study (Culnan 1999), it has opted not to take any action, nor even to provide any guidance to business. The farce is therefore continuing.

Contrary to the FTC's judgement, it was argued in Clarke (1999b) that Internet privacy concerns represent the straw that will break the camel's back, and will force intervention by the U.S. federal government into much-vaunted corporate freedoms.

* Developments at National Level

The abject failure of U.S. legislators and agencies is mirrored by the incapacity of the Commonwealth Government to grasp the importance of the matter and structure protections that will provide a basis for public confidence. Its original (and excellent) concept of 'co-regulation' has been downgraded to 'light-touch legislation'. It appears likely that the imminent private sector privacy Bill will try to leave the protections in the hands of the private sector. If it does that, it will fall so far short of the public's expectations as to undermine the Bill's capacity to encourage public confidence.

Constrained as they are by a government timid to offend what it sees as the interests of corporations, watchdog agencies are doing little to make good on the shortfalls.

In 1998, the Privacy Commisioner promulgated a set of 'National Principles for the Fair Handling of Information' (PCA 1998). These are largely a rendition of the Fair Information Principles (FIP) which were formulated in about 1970 to reflect the computer technology of the time. The FIP approach has been rendered entirely inadequate for the 1990s, let alone the new century, because of the rapid and cumulative advances in computer technology, and its marriage with networking and robotics technologies (Clarke 1999b, 1999c), Worse still, the 'National Principles' contain very serious loopholes, that have been designed to accommodate the desires of law enforcement agencies and the direct marketing lobby Clarke (1998c).

Meanwhile, the Australian Competition and Consumer Commission (ACCC) has approved, with minor amendments, an appalling document presented to it by the Australian Direct Marketing Association (ADMA). The response of public interest advocates of all descriptions had been vociferous, and uniformly extremely critical of the document, especially the pathetically ill-informed segment that purports to regulate members' activities in relation to electronic commerce (e.g. Clarke 1998k). The ACCC's capitulation to pressure from sections of industry and the Prime Minister's staff was justified by reference to the inadequate OECD document.

In addition to ADMA, several other industry associations claim to represent organisations active on the Internet. The Internet Industry Association (IIA) has issued a draft code. At section 8, the statements in relation to privacy reference the Privacy Commissioner's inadequate 'National Principles' document.

An additional regulator relevant to the Internet context is the Australian Communications Authority (ACA). ACA has the power to enforce a Code on carriers (in particular Telstra and Optus), carriage service providers (i.e. Internet access providers), and even content service providers (a term whose meaning in law is quite unclear). No such Code yet exists; but in May 1999, the the Australian Communications Industry Forum (ACIF) released a Draft Industry Code for the 'Protection of Personal Informaiton of Customers of Telecommunications Providers'. It claimed to draw heavily on the Privacy Commissioner's inadequate 'National Principles for the Fair Handling of Information'. The public comment period expired on 30 July 1999. Further steps are awaited.

* Developments at State Level

In late 1998, N.S.W. made a pathetic contribution to privacy protection in the State public sector. It passed a 1970s statute so riddled with inadequacies as to constitute a strong contender for world's worst public sector privacy legislation (Greenleaf 1998, 1999a). It has limited impact on Internet privacy.

In May 1999, Victoria tabled a Data Protection Bill, covering both the public and private sectors, and intended for debate after the forthcoming election. The Bill goes a long way towards providing the kinds of protections the public and consumers are expecting (Greenleaf 1999b). The Commonwealth Government will be very much hoping that Victoria loses momentum with the impending retirement of the key sponsor of the legislation, the Treasurer and Minister for Multimedia, Alan Stockdale.

A Victorian Surveillance Devices Bill was also tabled in May 1999. It is intended to replace the Listening Devices Act 1969, and is to regulate not only listening devices, optical surveillance devices and tracking devices (defined as an electronic device the primary purpose of which is to determine the geographical location of a person or an object), but also data surveillance devices.

Historical background to the regulation of privacy in Australia is provided in Clarke (1998i). The attempt is made to sustain a running commentary on developments in Clarke (1998j); but they are so rapid and multi-facetted that it inevitably falls behind unfolding events.


3.2 The Regulatory Response That's Needed

A genuinely co-regulatory approach involves the following elements:

A more detailed specification for a co-regulatory framework is at Clarke (1999b).


3.3 Public Responses

The public can withstand the onslaught of hyperactive marketers and over-eager social control mandarins, and the inadequacy of protective measures provided by parliamentary and regulatory agencies. Each of the privacy threats identified earlier are subject to countermeasures of various kinds (Clarke 1997j).

In addition to the specific defensive measures, a range of generic countermeasures is also available to the disaffected public. Clarke (1997t) and Clarke (1998e) discuss:

In addition to organised resistance, consumers and citizens are capable of taking actions at a personal level. They are becoming actively poor in their memories of details about their lives, and vague about their identities. Governments will have difficulty imposing unpopular laws on a sullenly uncooperative public. Meanwhile, I-commerce will simply wither, through overwhelming consumer apathy, if appropriate protections are not implemented.


3.4 Constructive Technological Responses

A number of schemes have been launched that are based on privacy statements and trademarks. Examples of such pseudo-technologies include TRUSTe, WebTrust and CPA WebTrust, and the Better Business Bureau. Their primary purpose is to provide an image of contribution; but they contribute little because they lack meaningful sanctions.

Mainstream, privacy-invasive technologies (the PITs) can be defended against using counter-privacy invasion tools such as message-encryption (e.g. SSL, PGP, S-MIME), and cookie-crunchers (EPIC 1997-). The most well-developed framework proposed to date is W3C's Platform for Privacy Preferences (P3P). This creates the possibility of standards-based protections for personal data that is resident on clients, and/or held by intermediaries; and enables programmatic negotiation between server and client (Cranor 1998, Clarke 1998f, 1998g).

Tools that actively assist individuals to protect their privacy are commonly referred to as privacy-enhancing technologies (PETs). They generally support anonymity (IPCR 1995, EPIC 1997-, Clarke 1999c).

One major shortfall in technology to date has been the lack of effective and widespread anonymous payment mechanisms. One of the few to have technical credibility is David Chaum's / Digicash's eCash, which offers payer anonymity, but payee identification. With the acquisition of the eCash technology in August 1999 by a new company, eCash Technologies Inc., that capability may finally enter the mainstream, and enable transactions that have been hitherto anonymous to stay that way.

An alternative approach is privacy-sympathetic technologies (PSTs). These avoid denying access to the identity underlying a nym, but protect the link between the nym and the person's identity through technical, organisational and legal means (Clarke 1999c).

In addition to these high-level technologies, privacy-sympathetic architectural features of the information infrastructure can be conceived, that embody an appropriate balance between privacy and accountability. In the best of all possible worlds, that would begin at TCP/IP, and even the Layer 1 protocols, and work upwards, in a coherent fashion. Even ISO OSI, however, strongly architected though it was, lacked even a security thread through its Layers, let alone evidence of embedded privacy-awareness. The result is that Internet-based infrastructure must have privacy-sympathy grafted onto it, and gradually integrated into it.

One sign of adaptation of the Internet Protocol Suite is the draft revised standard for cookies, which would deliver a privacy-sensitive tool for state-maintenance. From the control page, the current version (RFC2109, version 3.10 of 16 August 1999) can be accessed. Unfortunately, the approval process has been slow, due to the failure of even the IETF to recognise the significance of this adaptation to the Internet's architecture.


3.5 Constructive Organisational Approaches

Some corporations, a few industry associations, and some government agencies, have recognised that privacy has become a strategic factor for them. Clarke (1996a) provides advice on the steps to take if your organisation has reached that point. Specific guidance on unlocking the willingness of net-consumers to part with their money is provided at Clarke (1999d).

Organisations and consortia that are proposing large-scale applications of information technology will need to consider whether they should undertake a privacy impact assessment (PIA). Background on PIAs is provided in Clarke (1998b).


4. Conclusions

Disappointingly few marketers and few regulators have even begun to appreciate the nature of the Internet and of the netizens that inhabit it.

There will be a great many false starts, a great deal of huffing-and-puffing, a great deal of money lost, and a great deal of disappointment about slow adoption of I-Commerce by consumers, until and unless both marketers and governments learn, and act.

The good news is that this provides a window of opportunity for those business enterprises that are aware of the realities, and that offer services over the Internet that embody privacy-sensitivity.


References

Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Information Technology & People 7,4 (December 1994) 6-37, at http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html

Clarke R. (1996a) 'Privacy and Dataveillance, and Organisational Strategy', Proc. Conf. I.S. Audit & Control Association (EDPAC'96), Perth, May 1996, at http://www.anu.edu.au/people/Roger.Clarke/DV/PStrat.html

Clarke R. (1996b) 'Message Transmission Security (or 'Cryptography in Plain Text')', Privacy Law & Policy Reporter 3, 2 (May 1996) 24-27, at http://www.anu.edu.au/people/Roger.Clarke/II/CryptoSecy.html

Clarke R. (1997a) 'Spam' February 1977, at http://www.anu.edu.au/people/Roger.Clarke/II/Spam.html

Clarke R. (1997b) 'Cookies' February 1977, at http://www.anu.edu.au/people/Roger.Clarke/II/Cookies.html

Clarke R. (1997c) 'Regulating Financial Services in the Marketspace: The Public's Interests ', Proc. Conf. Electronic Commerce: Regulating Financial Services in the Marketspace, Sydney, February 1997, at http://www.anu.edu.au/people/Roger.Clarke/EC/ASC97.html

Clarke R. (1997d) 'Privacy and E-Lists', May 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/E-Lists.html

Clarke R. (1997e) 'The Monster from the Crypt: Impacts and Effects of Digital Money', Proc. Computers, Freedom & Privacy Conference (CFP'97), San Francisco, March 1997, and Proc. QuestNet'97, Brisbane, July 1997, at http://www.anu.edu.au/people/Roger.Clarke//EC/Monster.html

Clarke R. (1997f) 'Introduction to Dataveillance and Information Privacy, and Definitions of Terms', August 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html

Clarke R. (1997g) 'Public Interests on the Electronic Frontier: Their Relevance to Policy-Formation for I.T. Security Techniques', Proc. IIR IT Security '97, August 1997, Canberra. Republished in Computers & Law No. 35 (April 1998) pp.15-20, at http://www.anu.edu.au/people/Roger.Clarke/II/IIRSecy97.html

Clarke R. (1997h) 'What's Holding Up EC in Australia?', August 1997, at http://www.anu.edu.au/people/Roger.Clarke/EC/Impeds97.html

Clarke R. (1997i) 'Promises and Threats in Electronic Commerce', August 1997, at http://www.anu.edu.au/people/Roger.Clarke/EC/Quantum.html

Clarke R. (1997j) 'Privacy On the Internet: Threats, Countermeasures and Policy', IBC 1997 Australian Privacy Forum, Sydney, October 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/Internet.html

Clarke R. (1998a) 'Direct Marketing and Privacy', Proc. AIC Conference on the Direct Distribution of Financial Services, Sydney, February 1998 , at http://www.anu.edu.au/people/Roger.Clarke/DV/DirectMkting.html

Clarke R. (1998b) 'Privacy Impact Assessments', February 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/PIA.html

Clarke R. (1998c) 'Serious Flaws in the National Privacy Principles', Privacy Law & Policy Reporter 4, 9 (March 1998), at http://www.anu.edu.au/people/Roger.Clarke/DV/NPPFlaws.html

Clarke R. (1998d) 'Public Key Infrastructure: Position Statement', May 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/PKIPosn.html

Clarke R. (1998e) 'Information Privacy On the Internet: Cyberspace Invades Personal Space', Telecommunication Journal of Australia 48, 2 (May/June 1998), at http://www.anu.edu.au/people/Roger.Clarke/DV/IPrivacy.html

Clarke R. (1998f) 'Platform for Privacy Preferences: An Overview' (April 1998), Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39, at http://www.anu.edu.au/people/Roger.Clarke/DV/P3POview.html

Clarke R. (1998g) 'Platform for Privacy Preferences: A Critique' (April 1998), Privacy Law & Policy Reporter 5, 3 (August 1998) 46-48, at http://www.anu.edu.au/people/Roger.Clarke/DV/P3PCrit.html

Clarke R. (1998h) 'A History of Privacy in Australia: Context', October 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/OzHC.html

Clarke R. (1998i) 'A History of Privacy in Australia ', October 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/OzHistory.html

Clarke R. (1998j) 'A History of Privacy in Australia: Current Developments', October 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/OzCurrent.html

Clarke R. (1998k) 'Ad Code Must Respect Web Culture ', ACS Comment in The Australian, 15 December 1998, at http://www.anu.edu.au/people/Roger.Clarke/EC/ACS981215.html

Clarke R. (1999a) 'Key Issues in Electronic Commerce and Electronic Publishing', Proc. Information Online and On Disc 99, Sydney, January 1999, at http://www.anu.edu.au/people/Roger.Clarke/EC/Issues98.html

Clarke R. (1999b) 'Internet Privacy Concerns Confirm the Case for Intervention', Commun. ACM 42, 2 (February 1999) 60-67, at http://www.anu.edu.au/people/Roger.Clarke/DV/CACM99.html

Clarke R. (1999c) 'The Legal Context of Privacy-Enhancing and Privacy-Sympathetic Technologies', April 1999, at http://www.anu.edu.au/people/Roger.Clarke/DV/Florham.html

Clarke R. (1999d) 'The Willingness of Net-Consumers to Pay: A Lack-of-Progress Report', Proc. 12th International EC Conference, Bled, Slovenia, June 1999 , at http://www.anu.edu.au/people/Roger.Clarke/EC/WillPay.html

Clarke R. (1999e) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice', Proc. Conf. User Identification & Privacy Protection, Stockholm, June 1999, at http://www.anu.edu.au/people/Roger.Clarke/DV/UIPP99.html

Clarke R. (1999f) 'Person-Location and Person-Tracking: Technologies, Risks and Policy Implications', Proc. 21st International Conference on Privacy and Personal Data Protection, Hong Kong, September 1999 , at http://www.anu.edu.au/people/Roger.Clarke/DV/PLT.html

Clarke R., Dempsey G., Ooi C,.N. & O'Connor R.F. (1998) 'A Primer on Internet Technology', at http://www.anu.edu.au/people/Roger.Clarke/II/IPrimer.html

Cranor L.F. (1998) 'P3P Privacy Tools', at http://www.research.att.com/projects/p3p/

COE (1999) 'Council of Europe Guidelines for the Protection of Privacy on the Internet', Recommendation No R (99) 5, March 1999, at http://www.coe.fr/cm/ta/rec/1999/99r5.htm

EU (1995) 'The Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data', European Commission, Brussels, 25 July 1995, at http://www2.echo.lu/legal/en/dataprot/directiv/directiv.html

Greenleaf G.W. (1998) 'NSW Privacy Bill passes Legislative Council' Privacy Law & Policy Reporter 5, 4 (September/October 1998)

Greenleaf G.W. (1999a) 'A new era for public sector privacy in NSW' Privacy Law & Policy Reporter, 5, 7 (February 1999), at http://www2.austlii.edu.au/~graham/cyberspace_law/NSW_Act.html

Greenleaf G.W. (1999b) 'Victoria's draft Data Protection Bill - The new model Bill?' Privacy Law & Policy Reporter, 5, 7 (February 1999), at http://www2.austlii.edu.au/~graham/cyberspace_law/Vic_Bill.html

Greenleaf G.W. & Clarke R. (1997) 'Privacy Implications of Digital Signatures', Proc. IBC Conference on Digital Signatures, Sydney, March 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/DigSig.html

IPCR (1995) 'Privacy-Enhancing Technologies: The Path to Anonymity' Information and Privacy Commissioner (Ontario, Canada) and Registratiekamer (The Netherlands), 2 vols., August 1995, at http://www.ipc.on.ca/web%5Fsite.eng/matters/sum%5Fpap/papers/anon%2De.htm


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 25 August 1998

Last Amended: 27 August 1998


These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916