Australian Computer Society

Level 3, 160 Clarence Street, SYDNEY NSW 2000
Ph: (02) 9299 3666, Fax: (02) 9299 3997, http://www.acs.org.au/ E-mail: info@acslink.net.au

Position Paper # 8

Information Privacy Implications of Information Technology

A Statement of ACS Policy and Attitudes

November 1990

The Australian Computer Society is a 12,000-strong body of information technology (IT) professionals. It is one of the largest such professional bodies in the world, both in absolute terms, and on a per capita basis. The Society's long-established policy in relation to the application and implications of IT is that both professionals and the professional body must be careful to avoid adopting a technocratic, "we specialists know best" attitude. However, the ACS and its members have a vital role to play in IT issues. Firstly, they have a moral responsibility to ensure that public debate about IT matters is informed. Moreover, because the technicalities involved often obscure the real issues, the responsibility extends further, to ensuring that in important matters, public debate actually takes place. It is over twenty years since the Society first established its policy in relation to the information privacy implications of information technology, and that policy has been revised on several subsequent occasions. During the last few years there have been a number of important developments in information technology, and the Government has brought forward a number of proposals to apply them. This revision to the Society's policy reflects those developments.

1. The Society supports the use of information technology by individual organisations in the performance of their specific functions. The capabilities of IT are subject to ongoing improvements, and an organisation which effectively harnesses IT can acquire considerable power in relation to people. Hence it is important that the justification for, and protections, checks and balances within such systems, be appropriate to the power of each particular application. IT professionals are trained to build systems subject to such protections, and the ACS Code of Ethics imposes requirements on professional members in this regard.
2. The Society supports applications of IT which integrate functions across organisational boundaries. However, the power of the technology is so great that the economic, legal, employment education, privacy, surveillance and other social implications of such systems are in many cases both very significant and very difficult to appreciate. Very careful attention must be paid to the justification for, and protections, checks and balances within, such applications.
3. The Society expresses especial concern about the potential emergence of a multi-purpose person identification scheme. The significance of such a scheme is that it represents the key facilitative mechanism whereby tight control over the populace would be able to be imposed. Such a large shift in the balance of power between t the individual and particular organisations, and the individual and the State, would result in dramatic change in Australian society. It was apparent from the public revulsion against the Australia Card proposals that most people would regard such change with the most serious concern.
4. The Society expresses extreme concern about the proliferation of the use of the Tax File Number . It notes that this proliferation violates the assurance given when the scheme was introduced. The Parliament approved enhancements to the TFN scheme in December 1988 on the express understanding that its scope was limited to the Australian Taxation Office and to taxation uses. A succession of additional uses has arisen, at best only very indirectly related to taxation. The Government is currently proposing very significant extension of TFN use, such that it would apply to all forms of income support and government benefits. The Government's proposals are tantamount to the conversion of the TFN from a single purpose into a multi-purpose identification scheme. Because the public is so cynical about politicians and their promises, people may be inclined to blame IT and information technologists for the progressive loss of their privacy.
5. The Society expresses serious concern about the implementation of large multi-organisational applications of IT without prior public discussion, including discussion of published cost/benefit analyses. Current examples of such projects include:
   • front-end verification of transactions relating to government benefits, including extensive use by the Department of Social Security (DSS) of its enormous information demand powers;
   • parallel data matching by the DSS on behalf of a variety of agencies;
   • front-end verification of all transactions under the Pharmaceutical Benefits Scheme (PBS);
   • the operations of the Cash Transactions Reporting Agency (CTRA); and
   • the Law Enforcement Administration Network (LEAN), which links several Commonwealth agencies with agencies of State Governments.
6. The Society urges that major IT projects should be subjected to full cost/benefit analyses, and that such analyses be published and publicly discussed, prior to the Government committing to them. The Government defers its consideration of proposals for major industrial projects until after the preparation discussion of Environmental Impact Statements. The Society has proposed on several occasions during the last few years that in much the same way, major IT projects should be subject to the preparation and discussion of environmental or social impact statements.
7. The Society urges that serious consideration be given to choosing not to do some things which are technically possible, and which are expected to have net economic benefits, because their social implications are highly undesirable. In the same way that other technologies, such as nuclear energy and biology, are creating possible applications which society as a whole prefers not to pursue, so too is IT.
8. The Society urges that the Privacy Act 1988 be amended, to enable and require the Privacy Commissioner to inform the public and the Parliament concerning the privacy implications of major IT projects. This power should extend to both the public and private sectors, and should not be constrained merely because the project is contentious, the project has been adopted as Government policy, or the project has been authorised by Act of Parliament
9. The Society strongly supports the development of comprehensive and enforceable guidelines in relation to powerful, privacy-invasive IT techniques. This applies in particular to linkage between systems, front-end verification, data matching, cross-system enforcement and profiling. The Privacy Act 1988 is seriously limited in its effectiveness, because it is a 1970s model being applied in the 1990s. It is vital that the Privacy Commissioner, where he has sufficient power, and Parliament where he does not extend and articulate information privacy protections.
10. The Society strongly supports the acceptance and implementation in legislation of the Privacy Commissioner's comprehensive Draft Data Matching Guidelines. These were released on 18 October 1990, for public comment by 30 November 1990. The Privacy Act requires enhancement to make these Guidelines binding, at the very least on the Commonwealth Government agencies which are subject to the Privacy Act

---

See also:

• ACS Position on Privacy, Draft for Comment, June 1998
• Australian Computer Society (ACS)
• ACS Economic Legal and Social Implications Committee (ELSIC)
Comments to Tom Worthington: tom.worthington@tomw.net.au