Elizabeth A Williams
University of Canberra, Faculty of Communication,
P O Box 1, Belconnen, ACT, 2616, Australia
This paper reports on the results of a case study undertaken at the national Parliament House in Canberra, Australia. The study examines attitudes toward privacy in the context of new communication technologies, focusing closely on the Internet.
It first looks at philosophical perceptions of privacy in the traditional setting. It then evaluates whether and how definitions of privacy alter in the context of technological change.
Parliament House is the center of legislative and political life in Australia. It offers a wide-ranging survey sample--from cleaners to clerks of the Senate; from the prime minister to the porter. The occupants of Parliament House represent a range of demographics including income, level of education, cultural background and place of residence.
The academic and legal debate about privacy is long-running and continues to present new challenges. Moreover, concerns about personal privacy are shifting as communication technology is applied more widely. However, research to assess community and individual perceptions of privacy, in an environment increasingly dominated by powerful computers, has not been done in Australia in any extensive manner.
This research examines the effect that technological developments in communication have on views about privacy in our society.
The debate about privacy in legal, philosophical and moral terms has a protracted history. The introduction of the "technology" variable has not made a perceptible difference to the outcome of the debate except to draw attention to the greater possibility--indeed, probability--that individual privacy can be breached. In this exercise it is necessary to locate the arguments of the paper from a philosophical starting point. I have relied on the variety of arguments presented in Schoeman (1984) and other sources to establish an entry point in an often confusing and conflicting set of debates.
Ruth Gavison provides the most useful model for discussions of privacy for this research. Gavison recognizes the tension between the academic/legal debate about privacy and the approach taken by more pedestrian members of the public concerned about, in this case, the effect the use of technology has on the realities of individual privacy. As Gavison says, "To be useful, however, the concept (of privacy) must denote something that is distinct and coherent" (Gavison 1984: 347). That we do not have a sufficiently coherent "public" (as opposed to academic/legal) view of privacy is motivation enough to undertake the fieldwork reported on later in the paper.
Gavison, without economics (see Posner 1984), intimacy (see Reiman 1984) or playful semantic analysis (see Thomson 1984), posits a nonreductionist approach to the question of privacy and its importance in our society.
It is worthwhile to quote Gavison's approach to privacy, as it defines the approach of this work and the rationale for further practical exploration of the concepts of privacy as they stand in the mid-1990s.
Privacy must have a coherence in three different contexts. First, we must have a neutral concept of privacy that will enable us to identify when a loss of privacy has occurred so that discussions of privacy and claims of privacy can be intelligible. Second, privacy must have a coherence as a value, for claims of legal protection of privacy are compelling only if losses of privacy are sometimes undesirable and if those losses are undesirable for similar reasons. Third, privacy must be a concept useful in legal contexts, a concept that enables us to identify those occasions calling for legal protection, because the law does not interfere to protect against every undesirable event. (Gavison 1984: 347)
Gavison does not include in this critique any detailed examination of the effect of technology on ideas about privacy. The fieldwork for this thesis adds this dimension to Gavison's analysis. The key to the relevance of Gavison's academic/legal exploration of privacy in the world of technology is that "our interest in privacy . . . is related to our concern over our accessibility to others: the extent to which we are known to others, the extent to which others have physical access to us, and the extent to which we are the subject of other's attention" (Gavison 1984: 347).
It is undeniable that the advent of technology with the capability to match, remix and retransmit data of any kind has altered the privacy paradigm (see, for example, Tucker 1992, Poster 1994, Davies 1992) What does that mean for individuals in Australia today? We explore this in more detail through an examination of the results of the fieldwork survey.
It is necessary at this point to give some background information on the state of privacy in Australia--the key legislation, key players and current political trends that influence the potential outcomes for change in our approach to privacy.
Privacy Act 1988. Even though "privacy is recognized in international law as a basic human right," a close reading of the Privacy Act 1988 (subsequently, the Act) indicates that there is no protection of individual privacy in the private sector except with regard to credit reporting and tax file numbers (HR&EOC 1995a). In terms of this paper, there is no protection of individual privacy for users of the Internet.
The Information Privacy Principles in the Act illustrate in detail the responsibilities of government agencies such as, for example, the Taxation Office and the Department of Social Security. Those responsibilities include the way in which personal information is collected, the purpose for which it is collected, the storage and security of personal information, the methods by which information is changed or amended and the limits on the use of personal information. In Part II, Section 6(1)c, the Act specifically excludes the private sector from the ambit of its responsibility:
"( c ) a body (whether incorporated or not), or a tribunal, established or appointed for a public purpose by or under a Commonwealth enactment, not being: (i) an incorporated company, society or association; (ii) an organization within the meaning of the Conciliation and Arbitration Act 1904 or a branch of such an organization; or (iii) a body corporate constituted under subsection 6 (1) of the Legal Practitioners Ordinance 1970 of the Australian Capital Territory. (emphasis added) (p. 2131)
There is no standard privacy legislation across the five Australian states and two territories. There are, however, industry-developed codes of practice and some measure of self-regulation in the private sector. According to experts in the field, the current legislation is ineffective and difficult to enforce in the private sector. According to the Privacy Commissioner's most recent survey on community attitudes to privacy, "Only a small minority [of those surveyed] believe personal information on computers is adequately protected, and only one in five are confident they understand the impact new technologies will have on their personal privacy" (HR&EOC 1995a).
Misconceptions are common about the force of the Privacy Act, particularly in relation to the current developments in telecommunications technology. For example, an Internet service provider (ISP) was quoted in The Australian, a major daily newspaper, as saying, "I can imagine that if we monitor e-mail messages at random, we'll get hit with the biggest bloody privacy suit" (Higgins 1995: 31). Subsequent discussions with his office indicated that they were unaware that there was no privacy legislation from which a privacy suit could be launched. According to a Sydney-based law firm, "[c]onfusion had arisen from lack of specific legislation" in relation to the responsibilities of ISPs with regard to the content of material being sent via their service" (Higgins 1995: 31).
In an August 1995 news release, the Privacy Commissioner indicated that "Australians don't believe that privacy protection should be left to the individual alone--the vast majority see a role for government and nearly all believe that laws should be passed to protect privacy in both the public and private sectors." In summary, "the Commonwealth Privacy Act is an extremely limited law. It covers only Commonwealth Government agencies and the credit-reporting industry. It does not give protection against privacy invasion by state governments, the private sector, banking, telecommunications or the insurance industry. Nor does it cover privacy issues relating to any of the professions" (Davies 1992: 133).
The Privacy Commissioner's role is defined specifically by Part IV of the Privacy Act. His main responsibility is to protect the privacy of information held in the public sector. He does not have jurisdiction over the private sector in any sense other than as an advocate for a national legislative framework. The Commissioner is required to submit an annual report to Federal Parliament, undertake investigations of alleged breaches of privacy, educate public sector departments and agencies about their privacy responsibilities and undertake ongoing research into attitudes about privacy.
The Commissioner's role does not extend to areas such as medicine, the law and insurance, which all have voluntary codes of practice that protect client/patient privacy. In a legislative sense, the privacy of individuals in the private sector is not protected by the charter of the Privacy Commissioner. However, according to the HR&EOC's recent report, "Australians are pessimistic about maintaining their privacy in the computer age" (HR&EOC 1995b: Foreword).
It is useful at this stage to identify some key perspectives for this work on privacy and privacy legislation. These relate directly to the role of Australia's Privacy Commissioner and the possibilities for change in the future. Whether amendments are made to current legislation depends on a number of factors: the will of government, the force of community attitudes, the success of the current Privacy Commissioner's advocacy and the financial cost of more widespread privacy protection for individuals.
There is a wealth of material about privacy in the computer age. Some central assumptions that structure the approach of this paper are:
In a March 1995 speech, Privacy Commissioner Kevin O'Connor said, "My experience is that it is not sufficient to leave these matters to the hands of those whose interests might conflict with the privacy interests of individuals. Hence, there is a need to examine how the new technologies operate against internationally-accepted privacy standards to ensure individuals' privacy interests will not be compromised" (Privacy Commissioner 1995: 13).
In the rush to join the enticing and exciting developments in the newest wave of information technology, Australians may perhaps be forgetting to put in place a structure or framework upon which to hang guidelines, and indeed legislation, to govern new technology. If we are prepared, as Wallich says, to depend on "collegial trust and mutual forbearance," then the Internet will develop in a technology/market driven environment (Wallich 1994: 72). He quotes a U.S-based Internet expert who says, "No laws, rapid growth and enterprise--it's shoot first or be killed" (Wallich 1994: 73). Some claim that the Australian experience of the development of the Internet cannot draw direct parallels from North America. However, should we be treading carefully and ensuring that the legislative process keeps pace with technical developments? O'Connor argues that we should.
O'Connor neatly summarizes the position of individual privacy in legislation and at the same time, attempts to redefine his role: "It seems unlikely that all Australians will ever have the same privacy rights unless governments commit themselves to introducing nationally-consistent data protection legislation. The time is ripe for the Commonwealth government to take the lead in this issue" (Privacy Commissioner 1994b: 4).
In conclusion, current privacy legislation does not protect individual privacy in the private sector. The Privacy Commissioner is leading the way in advocating changes to his responsibilities that may broaden the protection offered in law to ordinary Australians when they use electronic communications networks. "Once we acknowledge the fundamental importance of privacy as an inherent ethical standard when debating the impact of new technologies, we then have to consider whether the protections currently available in Australia are sufficient" (Waters 1995: 4).
Australia has, in large part, modeled its approach to privacy protection on Organisation for Economic Cooperation and Development (OECD) principles and directives, and it is from these that our Privacy Act is drawn. There are some parallels to the experiences of other countries in our approach to privacy. For example, we have a fairly vocal and concerned debate about privacy in general and information privacy in particular. Like New Zealand and other countries, we have a privacy commissioner responsible for the oversight of privacy matters. Like many other countries, we have privacy legislation in place, albeit it is patchy and has limited jurisdiction. We, like other countries, have a fairly market-driven information technology sector with little drive from governments (of whatever persuasion) to regulate privacy any further.
The current Australian Privacy Act protects public sector privacy in a manner acceptable to most members of the community. This research looks at individuals in the private sector who, currently, have no protection under the current law against any kind of privacy breach. An underlying rationale for limiting the scope of the enquiry to individuals is a desire to add weight to the argument that the Privacy Act should be extended to protect individuals and corporations in the private sector. There were, under the former Labor government, plans to extend the Act. With the March 2 change of government, those plans have been put on hold. A historical and rather cynical view of privacy protection by privacy advocate and anti-Australia Card campaigner Simon Davies says, "There is an ingrained hostility to privacy within the bureaucracy, suspicion of it within the Australian Labor Party, and an ideological opposition to private sector privacy protection within the conservative parties" (Davies 1992: 135). Having said that, there is a general "privacy" inquiry mooted by the new Attorney-General, the timing of which is as yet unclear.
The Parliament House building holds some 3,000 occupants during parliamentary sitting times. People come from all areas of Australia to participate in the legislative program, to represent their electorates and to support the democratic process in Australia. The building itself dominates the Canberra skyline, with a massive flagpole centering attention on Capital Hill not unlike the Capitol in Washington, D.C. A demographic profile of parliamentary residents reveals a wide cross-section of ethnicity, language, educational background, income levels, political affiliation and occupation. Locating the fieldwork project at Parliament House is fortunate in that, without having to travel vast distances, the ideas and input of many people from very different communities can be accessed.
In addition, we have recently had a quite significant change of government, with many new members of parliament taking their seats and bringing with them entourages of new staff. This upheaval is nationwide. After 13 years of Labor government, the new Liberal Coalition government will bring many changes in outlook and perspective to government in Australia.
That we have been able to capture this state of flux is fortuitous as it reflects changes taking place in the wider community. Canberra is a microcosm of the nation as a whole. No claim is made as to the extent to which the results obtained can be generalized, although it is possible that the results do reflect more general trends in the community.
Canberra, the nation's capital, is a thriving city of some 350,000 people involved in a wide range of activities. The physical environment of the city is dominated by extensive parks, gardens and open spaces around a series of lakes. The city is relatively new, the population is relatively young and income and education levels are slightly above the national average. In the past Canberra has been called a "public service" town, but this image is quickly changing as private enterprise takes over while stringent public sector budget cuts are being made.
With the recent change of government, the Australian community is taking the chance to rethink, to take stock and to move into the next century. Our once-dominant agricultural and mining industries are taking lesser roles as we position ourselves as a regional player with strong interests in the Asian region. The information technology industry is growing rapidly--promoted as a clean, environmentally friendly industry with a crucial potentiality to return Australia valuable overseas earnings. The community in general is well educated, highly skilled and flexible enough to adopt and implement new technologies. In this context, this study is of some importance as we redefine the way we understand and use information and information technology. As in most other countries, the market is moving more quickly than the legislative or political processes, which is creating some tensions within the community at large.
The privacy debate continues unabated in academic and legal circles. The introduction of the technology variable puts, in stark relief, a 21st-century spin on potential outcomes. In Australia, as in other countries, it is debatable how much input individual citizens have had in the process of redefining privacy, and indeed, whether they care in anything more than a general sense. This fieldwork is specifically designed with two outcomes in mind. The first is to better interpret individual notions and perceptions of privacy as a particular community understands them. The second is to find out whether, with rapid technological change, those former definitions of privacy alter and, if so, in what way.
In an attempt to draw from individuals in the private sector their views about privacy and technology, a mail survey was undertaken at the national Parliament House in Canberra. From a total population of 3,000 occupants, 350 were randomly selected using the alphabetical internal telephone directory. The survey group included clerks to cleaners; porters to prime ministers; secretaries to security staff. No attempt was made to stratify the sample to focus, for example, on computer literacy. An underlying assumption was made that privacy meant something to everyone; that communications technology is a part, in at least some small way, of most people's lives and that potentially anyone in the group would have views on the questions raised in the survey.
The Privacy Commissioner has, over a period of four years, conducted research into community attitudes to privacy. Although that research revealed many valuable indicators in the Australian privacy debate, the communications technology variable--and in particular, the Internet--was not included in the surveys. This work goes part way to answering some questions raised as tensions between concepts, such as privacy, come under pressure from technological change.
This work tries to link philosophical understandings of privacy with the community at large to understand how technology is changing those very philosophical understandings. It is, in a sense, a circular but changing argument.
The Australia community is wrestling with other pressing "communications" issues such as media ownership, privatization of our principle telecommunications carrier and universal service obligations for telecommunications services providers. A social and moral issue such as privacy intersects with these "policy" issues, adding flavor and complexity to a nationwide set of discussions to which we have yet to find answers satisfactory to the majority.
This work focuses particularly on Internet technology--on, for example, e-mail, electronic shopping and direct marketing. Some of the survey population have never used the Internet, others have no interest in doing so, still others see the rise of the Internet as something threatening and difficult. We tried to limit the discussion of "technology" to the actual and predicted uses of the Internet.
In limiting the scope of the discussion, we tried to exclude specific references to particular kinds of privacy--for example, medical records--to focus on privacy as an overarching concept. Using Gavison's model referred to above, understanding the concept of privacy is central to grasping potential changes to that concept under the influence of Internet technology.
This work is the first step in a long process of community consultation, lobbying of legislators and implementing change. The research, therefore, remains a work-in-progress with all the possibilities that entails. It is worthwhile work--to disentangle intangible philosophy from legislation and reknit it into a new pattern is indeed a challenge. What changes will come of the exercise remain to be seen.
Benn, Stanley I (1984), "Privacy, freedom, and respect for persons," in Philosophical Dimensions of Privacy: An Anthology, New York: Cambridge University Press. (Schoeman, F., ed.)
Blackmer, Scott (1994), "Privacy in Cyberspace," in International Corporate Law, October, 19-23.
Davies, Simon (1992), Big Brother, Sydney: Simon & Schuster.
Gavison, Ruth (1984), "Privacy and the limits of law," in Philosophical Dimensions of Privacy: An Anthology, New York: Cambridge University Press. (Schoeman, F., ed.).
Higgins, David (1995), "Lawyer urges monitoring of private e-mail," The Australian, 1 August, 31.
Human Rights & Equal Opportunity Commission (1995a), Seventh Annual Report on the Operation of the Privacy Act: 1 July 1994-30 June 1995, Canberra: Australian Government Publishing Service.
Human Rights and Equal Opportunity Commission (1995b), Community Attitudes to Privacy, Information Paper No 3, August.
Posner, Richard A. (1984), "An economic theory of privacy," in Philosophical Dimensions of Privacy: An Anthology, New York: Cambridge University Press, (Schoeman, F., ed.).
Poster, Mark (1994), "The Mode of Information and Postmodernity," in Crowley & Mitchell, Communication Theory Today, Cambridge: Polity Press.
Privacy Commissioner (1994a), Sixth Annual Report on the Operation of the Privacy Act, Canberra: AGPS.
Privacy Commissioner (1994b), Inquiry into New Communications Services, for the Broadband Services Expert Group, April.
Privacy Commissioner (1995), "Evolving Privacy Laws--Keeping in Touch with the Federal Privacy Act," Speech to IIR Conference--Information Privacy in the Public Sector, 23 March.
Prosser, William (1984), "Privacy [a legal analysis]," in Philosophical Dimensions of Privacy: An Anthology, New York: Cambridge University Press, (Schoeman, F., ed.).
Reiman, Jeffrey H. (1984), "Privacy, intimacy, and personhood," in Philosophical Dimensions of Privacy: An Anthology, New York: Cambridge University Press. (Schoeman, F., ed.).
Schoeman, F. (1984), Philosophical Dimensions of Privacy: An Anthology, New York: Cambridge University Press.
Thompson, Judith Jarvis (1984), "The right to privacy," in Philosophical Dimensions of Privacy: An Anthology, New York: Cambridge University Press, (Schoeman, F., ed.).
Tucker, Greg (1992), Information Privacy Law in Australia, Melbourne: Longman Professional.
Turkheimer, Frank (1994), "Privacy and the Internet: The Next Step," in Computer Networks and ISDN Systems, 27, 395-401.
Wallich, Paul (1994), "Wire Pirates," in Scientific American, March, 72-81.
Wasserstrom, Richard A . (1984), "Privacy: Some Arguments and Assumptions," in Philosophical Dimensions of Privacy: An Anthology, New York: Cambridge University Press, (Schoeman, F., ed.).
Waters, Nigel (1995), "Privacy laws and new communications technology," Speech to AIC Conference--Recent Developments in Administrative Law, 28 & 29 August.
This work would have been academically impossible without the guidance and motivation of Dr. Christina Slade and personally impossible without the support of David Vickers.