• Introduction
• Ways of “seeing”
• Purposes of overt surveillance
• Problems with using overt surveillance
• The efficacy of overt surveillance
• The future of overt surveillance
• Views contained in submissions
• Regulation

INTRODUCTION

3.1 This chapter reviews the use of surveillance devices, of any type, for the purpose of conducting overt surveillance. This approach differs slightly from that taken in IP 12.¹ There, our discussion of overt surveillance devices was confined largely to the visual kind, in contrast with aural devices, which were discussed in the context of covert surveillance and the Listening Devices Act 1984 (NSW) (“LDA”). In reality, most surveillance devices can be used either overtly or covertly.

3.2 The chapter also explains why overt surveillance is likely to become more sophisticated and increasingly prevalent. This, coupled with the convergence of technologies, will make it more difficult for individuals to avoid being subject to some form of surveillance in their daily lives. Simultaneously, the public’s understanding of and concern over the possible consequences for their personal privacy is growing. So too are calls for measures to be adopted to safeguard people’s privacy expectations. In industries whose activities impinge on personal privacy, such measures have, to date, been largely in the form of self-regulatory codes of practice.

3.3 In this Report, the principal feature that distinguishes overt surveillance from covert surveillance is the giving of notice to the subject of the surveillance.² This is manifested most obviously where the consent of the subject has been sought by and granted to the surveillance user. However, if the issue of actual consent has not arisen, it may be difficult to prove whether the subject of the surveillance received sufficient notification to be aware that surveillance was taking place. For this reason, the Commission recommends³ that so long as certain measures are taken, such as erecting clear signs advising of the surveillance, notice sufficient for such surveillance to be deemed overt will have been given.

WAYS OF “SEEING”

3.4 The overt use of surveillance devices can take a number of forms. Examples of what are readily recognised as overt surveillance devices include closed circuit television (CCTV) systems, located in shops, offices, malls, public transport access points and so on, and tracking devices fitted in vehicles to ascertain the progress of employees on their rounds. The Commission’s concern is with those surveillance devices that are used for surveillance. This may seem a tautology. However, recreational photography or the taping by a student of a lecture are examples of surveillance devices in use for non-surveillance activities, according to the definition of surveillance at paragraphs 2.37-2.39. This is because their purpose is not to obtain information about the subjects of the surveillance, such as the people in the photographs, or the lecturer, but merely to record an occasion for later enjoyment or as an aid to memory. Similarly, the unconcealed recording of interviews of suspects or witnesses by police are carried out not for the purpose of monitoring but as a visual aid to a written transcript, or as verification that proper procedures were followed.⁴ Surveillance devices also bring many of the sounds and images to news reports on television, radio and in the press. While some of the activity involved in obtaining this material could be characterised as surveillance, much of it is merely a straightforward recording of events to illustrate a story, without any intention of monitoring for the purpose of obtaining further information. In the latter respect it is similar to recreational photography and lecture-taping.

3.5 Other surveillance technology may have multiple fields of application, not all of which would be regarded as surveillance. X-ray devices, for example, are used at airports and high-security buildings for weapons and explosives detection, but are more familiar in the context of medical imaging. While we may not think of the latter application as surveillance, it does, strictly, fit our definition of surveillance. Other devices may not appear, initially, to be surveillance devices, yet surveillance is or may be a function. A keycard may give access to a building, or to certain floors within a building, but, unlike an ordinary key, may also identify the keyholder and enable the collection of information regarding the keyholder’s movements within the building. Recently it was alleged that the use by some rail workers of free staff travel passes had allowed management to download electronic information from automatic station barriers. This information, recording the time and date of use of the passes, could be used to determine if workers were leaving shifts early.⁵

3.6 The perception of whether a device is employed to conduct overt surveillance may determine whether the device should fall within any possible scheme of regulation. For example, it might be required that signs be displayed at keycard access points, alerting people to the possibility of surveillance. In radiology, ultrasound and other departments where medical imaging equipment is used, however, different considerations would need to apply under any scheme of regulation, notwithstanding the fact that, technically, these are surveillance devices.

PURPOSES OF OVERT SURVEILLANCE

3.7 The Commission is of the view that, despite potential intrusions on personal privacy and other concerns, in principle, surveillance has a proper role to play in today’s society. The New South Wales Council for Civil Liberties disagrees with this view,⁶ suggesting that the Commission question not whether to regulate the use of visual surveillance, but rather whether to permit it at all. The Council’s position with regard to the use of overt and covert video cameras in public places is that it should be prohibited outright, although it concedes that if such use is to be permitted then sufficient safeguards must be employed.⁷ In the Commission’s view, any likelihood of halting the growing use of surveillance devices, let alone dismantling the existing infrastructure, is wholly unrealistic. Apart from what the Commission sees as the justifiable reasons for surveillance usage, there is evidence of public support for its continuation.⁸

3.8 The following categories set out what, in the Commission’s view, are the justifiable purposes of overt surveillance. However, as the means used to achieve these ends and their degree of intrusiveness vary greatly, the Commission should not be understood to be endorsing all applications of surveillance technology which aim at achieving these objectives.

Protection of people and property

3.9 The most obvious purpose of overt surveillance is the attempt to provide security for persons and property. The chief interests served by surveillance in this context are those of the general public and the agencies charged with responsibility for law enforcement. Such surveillance is carried out by those agencies, as well as private investigators, private companies and individuals. The principal means by which overt surveillance devices provide protection is by acting as a deterrent. Knowledge of the presence of a device which can detect the commission of a theft, assault, vandalism, or some other criminal or anti-social act, and which can assist in identifying the perpetrator, should stop a rational person who is mindful of the consequences from engaging in such an act. The overt nature of these devices is thus intrinsic to their effectiveness. This may explain why such devices are often left to record the scene without anyone simultaneously studying the monitor. A spin-off advantage of their visibility is that in a location such as a shopping or entertainment district, members of the public may derive reassurance from the presence of such devices. This may bring people in greater numbers to an area that has suffered from a dearth of visitors in the past, and this fact in itself may assist in bolstering safety. If, however, the deterrent effect should fail, then the device nevertheless yields information through recordings, which may be of use in the detection and prosecution of the offender, or for leverage in obtaining a confession so as to obviate the need for prosecution.

3.10 Another possible flow-on advantage of the “overtness” of the security devices is a so-called “diffusion of benefits”.⁹ This is the phenomenon whereby the use of notified surveillance devices has led to a reduction in crime beyond the expected target area. This is in contrast to the displacement effect.¹⁰ In one example, after CCTV had been installed on five buses, vandalism and misbehaviour were reduced throughout the whole fleet of 80 buses.¹¹ Another study found that following the installation of CCTV in some of the parking lots on a university campus, vehicle theft was reduced to an equal degree in all the parking lots, even one that was not monitored.¹²

3.11 While CCTV is currently the usual method of carrying out surveillance for such purposes, technological developments may well change this. For example, in the United States, the National Institute of Justice, a branch of the Justice Department, is sponsoring research into several types of concealed weapons detection technology.¹³ These remote scanners rely on different technologies¹⁴ to “frisk” subjects electronically for concealed weapons or other objects. Handheld versions of such devices are also being developed,¹⁵ and are likely to be employed initially by police and prison officers, and ultimately in the private sector by, for example, security guards. Glimpsing the future, applications are expected to include a device not dissimilar to the “x-ray specs” familiar to earlier generations of comic book readers.¹⁶

Protection of the public interest

3.12 While this category and the previous one overlap, here we include the use of overt surveillance devices to monitor situations in which large numbers of people may be affected adversely, although not necessarily from criminal or antisocial behaviour. Again, the interests of the general public in being protected, and of law enforcement agencies in receiving vital support to carry out their work, are intended to predominate. A range of scenarios may be envisaged.

Crowd control

3.13 Crowd control at a major sporting or other large event is one obvious example. CCTV is again likely to be the main mode of device employed to monitor the situation, in conjunction with the presence of police and other security personnel. The presence of known troublemakers might be ascertained through the use of a biometric surveillance system, such as “Mandrake”,¹⁷ although this would not be an overt usage unless notice were given through signposting or widespread publicity.

National security

3.14 There may be cases when overt surveillance devices are used in the national interest. Devices capable of detecting the presence of weapons and explosives are used at sensitive locations, such as airports and parliament buildings, where walk-through scanning machines and others for monitoring hand luggage are familiar sights. New technologies¹⁸ in this area are advancing at a rapid rate and may come to be used overtly.

Coastal surveillance

3.15 The Australian Customs Service and the defence forces also use surveillance to guard the nation’s extensive coastline against entry on land or in Australian waters of illegal immigrants, fishing fleets and drug importers. Radar is employed for this purpose, including the newly developed “Jindalee Over the Horizon Radar” for wide-area surveillance.¹⁹ The Federal Government has announced new measures to detect illegal immigrants, including an increase in the number of electronic surveillance aircraft to extend Coastwatch’s aerial surveillance of, particularly, Australia’s east coast.²⁰ These devices could, arguably, be referred to as overt, because most of their subjects, whether actively trying to elude detection or those relying on radar for navigational safety, are likely to have some awareness or, at least, expectation of their deployment.

Road safety

3.16 Cameras monitor busy intersections so that traffic lights and lane directions can be adjusted where applicable to facilitate traffic flow and to help emergency vehicles reach their destinations. Police are also equipped with such overt surveillance devices as breathalysers and speed cameras (the use of which are often notified), used in the furtherance of public safety.

Aiding identification of persons

3.17 Biometric surveillance techniques²¹ can assist in recognition and verification of personal identification, and therefore have many applications pertinent to what might be broadly termed “the public interest”. Again, there may be some overlap with other functions discussed above. Biometrics can be used to provide “robust authentication” for access to computer systems containing sensitive information pertaining to military, intelligence and other top-level government functions.²² According to one report,²³ Australia could soon see the introduction of fingerprint identification for ATM use, and voice recognition technology to telephone banking.

3.18 Overseas, border control is made possible through systems already installed in North America.²⁴ The Colombian Legislature has, since 1992, used hand geometry biometrics to verify the identity of members of its two assemblies immediately prior to a vote.²⁵ The National Crime Information Centre in the United States plans to install automated systems in patrol cars to allow the relaying of fingerprints to the relevant authorities.²⁶ The United States is also considering the use of biometrics to aid in processing passport and visa applications.²⁷ A major advantage of this is to prevent individuals from applying for multiple passports under assumed names. One possible method is by adding a record of the applicant’s thumbprint and photograph to a database. A verification system would then compare the print to others on the database, to check for matches.²⁸ The detection of fraud in, for example, applications for social security payments, is potentially the greatest area for the use of biometric surveillance.²⁹ Spain’s TASS program combines smart card technology with fingerprint biometrics to prevent duplication in the country’s social security system and to secure access to personal information relating to pensions, unemployment and health benefits stored on the smart cards.³⁰ Similar schemes operate in the United States, such as the AFIRM system in Los Angeles.³¹ This kind of surveillance would in most cases be carried out overtly, because of the need for the subjects’ co-operation in presenting their fingerprints or other identifying traits. Again, such “overtness” can boost the effectiveness of the surveillance. In one example concerning American military retirees living abroad, suspicion that benefits were still being collected on deceased retirees was confirmed by the failure of many to appear in order to enrol their fingerprint in the new identification system.³²

Collection of material for news and entertainment

3.19 Surveillance devices capture much of the matter comprising our mass entertainment and current affairs information, delivered through aural, visual and print media. Most of this material is gathered overtly and unexceptionably for the purpose of recording an event, and transmitting it to a wide audience. Sometimes, however, the activity is more akin to surveillance, because the purpose of the monitoring has been to uncover information, most commonly for public interest, or prurience, or, possibly, both. Those who purchase such publications, impliedly endorse this kind of surveillance, and the interests of the media are served through returns in revenue, the most obvious example in recent times being the unrelenting coverage of the late Princess of Wales.

Workplace surveillance

Occupational health and safety

3.20 It may be considered necessary to monitor a workplace because of some safety concern or hazard particular to that industry.

Recording transactions

3.21 In some instances it may be necessary to undertake surveillance in order to have a record of an event or transaction, to ensure that proper procedures were followed or to protect a legitimate interest. Calls to emergency services are monitored in this way. Certain dealings conducted by telephone may be taped in order to record a client’s instructions, such as the use of client/dealer taping systems by stockbroking firms.³³ The Sydney Futures Exchange (“SFE”)³⁴ is open about its use of surveillance technology to assist in fulfilling its statutory obligation to ensure an orderly futures market.³⁵ Aural and optical surveillance are conducted on the trading floor, and telephone conversations from the floor are taped.³⁶ Members are aware of the surveillance, and their clients are given notice of the telephone taping by means of a client agreement form.³⁷ Employers and company shareholders are the main beneficiaries of surveillance in the workplace, but the public also stands to benefit by, for example, lower prices flowing from reduced stock losses, improved efficiency of service, and better safety and security measures.

Performance monitoring

3.22 Performance monitoring is a form of overt surveillance that arises specifically in the employment context. The phrase “performance monitoring” can be defined as meaning “the random or continuous surveillance of employees for the purpose of monitoring individual work performance”. As will be discussed below, this form of surveillance can be undertaken in a range of ways and for a number of purposes. The Commission considers that while certain forms of performance monitoring are justifiable uses of overt surveillance, others should be subject to the authorisation regime. Accordingly, we have identified performance monitoring as a form of overt surveillance requiring particular attention.

3.23 Types of performance monitoring. Performance monitoring can take a variety of forms. Commonly used practices are those designed to assess how well an employee is carrying out his or her work duties. For example, an employer can use computer-based devices to record the keystroke rate of a data entry operator or can record the length of time a switchboard operator takes to answer the telephone. In addition to utilising types of monitoring directly linked to performance assessment, employers engage in performance monitoring practices such as scanning employee e-mail and Internet use.

3.24 “Investigator”³⁸ is an example of performance monitoring software currently used by Australian employers.³⁹ This monitoring tool logs all employee Internet and e-mail use and has the ability to record every keystroke, programme used and file opened or copied. The collected information can be automatically e-mailed to a supervisor or employer in a searchable report.⁴⁰

3.25 Purposes of performance monitoring. As with surveillance in general, employers engage in overt performance monitoring for a number of reasons. The traditional reasons for using this form of surveillance are to improve productivity, to ensure work quality and to aid performance evaluation.

3.26 Many employers consider that performance monitoring is an effective means of improving employee productivity and ensuring the quality of employees’ work.⁴¹ Through the use of surveillance, employers can achieve a level of supervision akin to having a human supervisor sitting next to each individual employee for every moment of their working day;⁴² surveillance devices can detect every second an employee is absent from his or her computer, details of every Internet site visited can be recorded, the length of every telephone call can be noted. In addition to the basic effect of replicating constant human supervision, the incentive of performance-based bonuses and the threat of sanctions are viewed by many employers as a way of motivating employees to work more effectively.⁴³

3.27 Performance monitoring can aid performance evaluation by providing a detailed and objective measure of an employee’s work.⁴⁴ Rather than relying on second hand reports or periodic observation, a supervisor can see or read what an employee does throughout their entire day.⁴⁵ This reduces the possibility of bias affecting performance evaluation and provides an accurate record of an employee’s performance. Indeed, employers claim that computer monitoring provides the most objective and well-recorded basis possible for making fair evaluative decisions about performance.⁴⁶ In addition to improving the quality of performance evaluation, the use of non-human performance monitoring is said to have the added advantage of reducing or removing the need for human supervision to carry out that function.⁴⁷

3.28 As concerns regarding employer liability for employee action have risen, employers are also monitoring employees to guard against liability for matters such as sexual harassment, discrimination and defamation. The use of performance monitoring to protect against employer liability for employee action is primarily an exercise in detecting misconduct. It is particularly prevalent in respect of Internet and e-mail use. Employers’ desire to check up on employee activity in cyberspace has been increased by cases such as the libel proceedings brought by Western Provident Association against a British company, Norwich Union, following the appearance of messages on Norwich Union’s internal e-mail system falsely suggesting that Western Provident was in financial difficulty. The case was settled, with Norwich Union paying ££450,000 and making a public apology.⁴⁸ A similar warning to employers was sent by the settlement by the Chevron Corporation of a sexual harassment case brought by four female employees for $2.2 million; the case centred on an e-mail called Why beer is better than women.⁴⁹ Such cases may be of significant interest to Australian employers in light of surveys, such as that conducted by Content Technologies, which discovered that two in three workers at large companies are aware that inappropriate e-mail is freely circulating throughout the internal e-mail system.⁵⁰

PROBLEMS WITH USING OVERT SURVEILLANCE

Privacy

Someone is watching

3.29 The threshold problem with surveillance remains the act itself: being watched or otherwise monitored. The potential intrusion on personal privacy through the use of surveillance devices was discussed at paragraph 1.14 and following. It is the most immediate concern with surveillance usage, regardless of whether the devices are employed overtly or covertly. Covert surveillance is potentially more intrusive than surveillance carried out openly for a number of reasons: the surveillance is likely to be targeting a particular individual or group; the context may be more intimate, which may also mean there is less background noise or obstructed vision; the technology employed may be more sophisticated, having greater precision and more capabilities; and, of course, the subject, being ignorant of the surveillance, is likely to engage in unguarded conversation or acts.

3.30 Nevertheless, overt surveillance brings its own particular privacy issues. In its lack of targeting, overt surveillance is analogous to fishing with a fine mesh net. Everything within range is captured, whether relevant to the purpose or not. In most cases, the surveillance is random, and carried out on people who are simply going about their daily business. Those who make a point of being visible in public, for example through exercising their democratic right to attend or address rallies and demonstrations, face a greater likelihood of having their images captured. Without sufficient safeguards, such images could find their way into files, like those kept by the now disbanded New South Wales Police Special Branch.⁵¹ This could have a dissuasive effect on citizens wishing to participate actively in a democratic society.

3.31 Some concern has been expressed⁵² in the United States about recent developments in surveillance technology, deployable overtly or covertly, which allow the detection and imaging of concealed weapons and drugs on the person. In response to objections on privacy grounds to personal “searches”, it has been argued⁵³ that the scan is less intrusive than a manual “pat-down”.⁵⁴ The lack of physical contact certainly has this advantage, as well as being safer for police. The fear is, however, that this remote capability will make overt, but unwarranted “searches” possible.⁵⁵

Data protection

3.32 The other major privacy issue centres on the information gathered or generated by surveillance activities, and the proper way of dealing with it, so as to protect reasonable expectations of privacy.

3.33 Examples occasionally come to light of the questionable use of such material.⁵⁶ One notorious case was a videotape compilation of segments taken from security cameras at Perth’s Burswood Casino and aired by a commercial television station.⁵⁷ The tape included footage of zoom shots down women’s blouses and up their skirts, as well as sexual scenes.⁵⁸ Another tape reportedly in circulation was a compilation of footage from a security camera installed in the ceiling of a lift, and showing people having sexual intercourse.⁵⁹ In England, a film entitled “Caught in the Act” showed sexual acts taking place in doorways, muggings, fights and burglaries.⁶⁰

3.34 The issue is more complicated, however, than simply determining what to do with the film from a surveillance camera. Developments in surveillance have overlapped significantly with those in other fields, particularly that of information technology, which, over the past few decades, has brought considerable benefits in the acquisition and communication of information, along with a diminution in personal privacy. There is an analogy to be drawn between surveillance and information technology, with its uneasy relationship to the concept of privacy, especially as it relates to data.

3.35 The term “information technology”(or “IT”) was first used in the 1970s to describe a coalescence of computing and telecommunications,⁶¹ nowadays connoting all those technologies, whether electrical, electronic or mechanical, concerned with information, that is its processing, storage, retrieval and communication.⁶² The privacy problems associated with IT have generally sprung from its capability to store, collate and transfer vast amounts of information.⁶³ The focus of surveillance is on obtaining information, generally in a retrievable form.

3.36 Information, and very often personal information,⁶⁴ is the currency common to surveillance and IT. We might previously have distinguished between the technologies of surveillance and information by regarding the former as monitoring the activities of the living, breathing person, as opposed to the information about them, held on some databank. However, the convergence of technologies, that is, the breakdown of barriers between what were largely separate technologies so that they may interact, has changed this. The demarcation between surveillance and other technologies is becoming less clear.⁶⁵ Today, surveillance could be regarded as an information technology.

3.37 The same devices can be used in both areas. For example, a cellular telephone, a medium for communication, can also serve as a signalling and bugging device because of radio frequency energy emissions which are capable of being intercepted. Satellites are another form of technology harnessed for both communications and surveillance. Fingerprint and facial recognition, along with other biometric technologies, can establish identity to guard against fraud, but also have a more dynamic surveillance application where indicating a person’s whereabouts, for example, within a sports stadium.⁶⁶ Highway monitoring systems, which can be utilised for such diverse purposes as reducing traffic congestion or deducting tolls from pre-paid accounts, can also monitor an individual’s traffic activity, such as:

when and how often a traveller uses the roadway; how he drives, including travel habits such as vehicle speed or lane changes; at what points he makes stops along the way; and whether his vehicle is performing efficiently. As the system acquires this personal information through surveillance, it can store the information in a database for future analysis. In this way [such systems] combine surveillance and information technologies so that the system can be used for real-time monitoring and for later use in compiling an information mosaic.⁶⁷

You’re walking down Elizabeth Street when your phone beeps. It’s not a friend reminding you about lunch or your boss setting up a meeting, it’s an offer from David Jones [a department store]: “If you come into our store in the next 30 minutes, we’ll give you 30 per cent off all Paul Smith suits.” How did they know you had a penchant for Paul Smith? They have access to your purchasing history at DJs. How did they know you were walking past the store? Your phone reveals your location and wireless technology allows them to send you special deals when you’re nearby.⁷⁰

3.40 From the foregoing, it is easy to see how the information gathered by means of overt surveillance, and the data processed through other IT applications, can become conjoined. In New South Wales, section 9 of the Privacy and Personal Information Protection Act 1998 requires that personal information cannot be collected except directly from the individual concerned (or from some other authorised person). However, the Act only applies to public sector agencies. As far as the private sector is concerned, information obtained legally by surveillance and other means can sit together on one database, where it can be bought, sold or used in other ways with little restriction.⁷¹

Public concern over privacy

3.41 Information and privacy have been competing interests throughout the latter half of the twentieth century and beyond. In this relatively short period, concern with the privacy implications of the new technological developments and their uses has waxed and waned. Early privacy activism has, on many fronts, given way to either complacency or surrender.⁷² While these attitudes still exist, there is also considerable evidence of growing awareness of, and concern at, threats to privacy.

3.42 Complacency. According to Simon Davies,⁷³ director general of Privacy International, a non-government watchdog organisation based in Washington DC, public concern over surveillance has been “neutralised” by such factors as “the illusion of voluntariness”, the forging of “partnerships” between surveillance users and their subjects, and the introduction of data protection principles. The experiences Davies refers to are more common overseas, but have increasing applicability in Australia.

3.43 The “illusion of voluntariness” refers to the inclusion of a voluntary component in surveillance schemes. Davies suggests this may have the effect of neutralising concern on the part of the public who might regard non-volunteers as having brought trouble on themselves.⁷⁴ There is a useful analogy in the Australian Tax File Number (“TFN”) scheme. The TFN is used as an identifier, and is not required to be quoted in respect of a range of financial transactions. However, if one chooses to exercise the option of not quoting a TFN, financially disadvantageous consequences may follow.⁷⁵ Another interesting example occurred recently in the town of Wee Waa, in the State’s north-west. Following a brutal assault there, police requested all male residents of the town between the ages of 18 and 45 to submit to voluntary DNA testing by means of saliva samples.⁷⁶ Civil libertarians expressed concern that, although there was no legal compulsion to submit to testing, those who chose not to might be vilified by their community. The question must arise in such cases as to how voluntary the actions of the residents are, given the weight of community pressure to do so.

3.44 Recasting the relationship between surveillance users and surveillance subjects as a “partnership” is another factor contributing to complacency, according to Davies. This reassures the public that their interests are represented. All parties appear to be stakeholders in a common project with mutually beneficial objectives, principally that of reducing crime. The emphasis is on the positives, and detailed analysis of possible disadvantages may be lacking.

3.45 Privacy concerns over surveillance may also have been defused by the introduction of data protection principles, says Davies, although this is more likely to be true in a European context because of a greater focus there on the subject.⁷⁷ In December 2000, the Privacy Amendment (Private Sector) Act 2000 (Cth)⁷⁸ was passed. Data protection has taken centre stage not only because of its privacy implications, but also because of national interests in promoting trade and electronic commerce.⁷⁹ According to Davies, however, these “appear to have satisfied some of the concerns of information users and the public, but have failed to stem the growth of surveillance”.⁸⁰

3.46 A local illustration of complacency regarding privacy issues which many can recall was the Australia Card controversy, which flourished for two and a half years, from April 1985. The green and gold identity card’s purpose was stated by the then Federal Government to be a means of reducing tax evasion, welfare fraud and illegal immigration.⁸¹ The entire population was to be issued with cards carrying unique identifiers, and this information would be kept on a central register which could be accessed by government agencies such as the Australian Taxation Office (“ATO”) and the Department of Social Security. The Australia Card Bill 1986 (Cth) encountered so much opposition in Parliament and from the public, that in September 1987 the Bill was withdrawn.⁸² Subsequently, the Government announced details of proposed amendments to the Tax File Number (“TFN”) scheme, used by the ATO since the 1930s. A number of safeguards were to be incorporated, so that the TFN scheme would apply only to taxation administration. The scheme became law in 1988. By 1990, organisations other than the ATO authorised to use the TFN system included the Department of Social Security, the Department of Employment, Education and Training, the Child Support Agency and higher education institutions (in relation to the Higher Education Contribution Scheme). There are now 13 Commonwealth acts which regulate the purpose and use of tax file numbers.⁸³ The expanding role of the TFN has caused little comment.

3.47 Surrender.

In effect, we have traded some of our rights to privacy in public spaces for increased security [through the use of CCTV]. Most of us think this is a price worth paying.⁸⁴

Yet citizens may be willing to sacrifice some measure of privacy in order to cut back on fraud [by using biometric technology].⁸⁵

You already have zero privacy. Get over it.⁸⁶

3.48 When the announcement was made⁸⁷ in late 1999, that a giant database, containing personal details of millions of Australians, was to be constructed by the American data management company Acxiom in a joint venture with Publishing and Broadcasting Limited, there were a number of reactions. The Prime Minister, John Howard told a radio audience:

This kind of information is already held by a large number of organisations, and people who have business activities and have some kind of public profile, it’s not all that difficult to assemble the information.⁸⁸

3.49 The aggregation of data. The Acxiom joint venture also attracted criticism. Nigel Waters, a former Deputy Federal Privacy Commissioner, claimed that “it is precisely the aggregation of previously disparate information that is the main source of concern”.⁹² Some claimed the problem lay with the allegedly questionable ethics involved in the collection of the data,⁹³ while others cited the use of the information as the potential evil.⁹⁴

3.50 In the United States the acquisition by Doubleclick, the Internet’s largest advertising company, of database marketer Abacus Direct, led to protests and an investigation by the Federal Trade Commission.⁹⁵ According to Rosen, this reaction:

shows, people don’t want their browsing habits collected in personally identifiable dossiers, because those dossiers can be bought or subpoenaed by employers, insurance companies, divorcing spouses, and others who have the ability to affect our lives in profound ways.⁹⁶

3.52 If an individual wished to control the amount of information about himself or herself available to others, he or she could take a number of precautions set out in an editorial in the Economist and described there as sounding “like the paranoid ravings of the Unabomber”.¹⁰¹ The editorial writer adds, however, that, “[a]nyone who took these precautions would merely be seeking a level of privacy available to all 20 years ago”.

3.53 One of the more extreme consequences which may befall an individual failing to heed the Economist’s checklist, is to become a victim of identity theft, or “identity fraud”. This crime, which has increased sharply in the United States in recent years, involves the theft of another person’s personal identifying information, by means as crude as stealing a wallet or as sophisticated as an organised crime scheme involving the use of computerised databases.¹⁰² The consequences for the victim can be damaging, even apart from any financial loss. The General Accounting Office (“GAO”), the investigative arm of the United States Congress, reports:

[T]he “human” costs of identity fraud can be quite substantial. These costs include emotional costs, as well as various financial and/or opportunity costs. For example, the victims may be unable to obtain a job, purchase a car, or qualify for a mortgage.¹⁰³

3.55 It is increasingly apparent that if an individual wishes to preserve a level of privacy enjoyed hitherto, he or she will have to work harder. Lacking consistent and comprehensive safeguards to protect their privacy, individuals will be left to take what limited measures are open to them to retain control over their personal information. As we have said elsewhere in this Report,¹⁰⁸ consent is largely illusory when it comes to being subjected to surveillance. In today’s reality, this would mean forgoing many things taken for granted, such as using a credit card or an automatic teller machine, and instead taking more proactive measures. For example, the Australian Direct Marketing Association (“ADMA”), lists procedures consumers must follow in order to “opt out” of receiving unsolicited mail or telephone calls from marketers, who have obtained personal information about the individual without his or her permission.¹⁰⁹ To use a metaphor from computer jargon, many features of modern life are configured to default to privacy loss – and that is when they are functioning properly.

Growing concern

3.56 Information gathering activities are attracting attention because of growing public awareness of privacy issues, although this has been more marked overseas than here in Australia.¹¹⁰ Even so, the Australian public has demonstrated its interest. For example, the Internet industry within Australia has expressed concern that electronic commerce in Australia is failing to meet growth expectations. The industry cites the general public’s worry about the lack of privacy and security associated with conducting such transactions as one of the main reasons for this.¹¹¹ The findings of an Australian Bureau of Statistics survey of Internet use by private households¹¹² tend to support the industry’s view.

3.57 In addition to the kinds of personal information held on databases, surveillance can supply details of physical characteristics, habits, activities, whereabouts and associates. The convergence of technologies means that surveillance today is, or has the potential to be, an intrusive information gathering activity.

Social justice

3.58 Street cameras may be fixed so as to capture any person coming within their range of vision, but, in cases where they are being controlled by an operator, critics charge that there is room for abuse, even though in some cases this may be unintentional. One study, emanating from the University of Hull,¹¹³ claims that the prejudices of the camera operator may dictate which persons are targeted. The study found a pattern of targeting black people, youth, and males. For example, cameras would, on average, monitor black people for longer periods than white people. Selection for surveillance was based primarily on the basis of “the operator’s negative attitudes towards male youth in general and black male youth in particular.”¹¹⁴ The Associate Director of the American Civil Liberties Union, Barry Steinhardt, claims that “racial profiling and stereotyping is a reality of the American criminal justice system.”¹¹⁵ He quotes a survey which found that during a period of several months in 1995, 73% of cars stopped and searched by police on a highway in Maryland were driven by African-Americans, although they made up only 14% of those using the highway. He concludes that “video surveillance [will be used] to target those [thought] more likely to commit crimes.” Biometric technology, in particular, has the potential to be used in a discriminatory way by targeting surveillance subjects, based on preconceived notions of which groups are likely to commit crimes. It must be stressed that the examples given above are drawn from overseas, and are not necessarily transferable to the local context. However, it is also important to be aware of the ease with which surveillance technology could be used in a discriminatory fashion.

3.59 Some critics fear that surveillance will be employed to “engineer” the type of people to frequent a vicinity, and that targeting troublesome and anti-social behaviour will lead

to the virtual disenfranchisement from city life of young people with low spending power and of other – generally low-income residents, whose appearances and conduct did not conform to the moral codes of well-ordered consumption enforced by shopping centre managers.¹¹⁶

To the extent that certain people are more likely to be in public places where CCTV surveillance operates, certain people are going to be watched more than others. Although CCTV surveillance is often presented as “democratic” in that all people are watched equally, the reality is that the opposite is true. CCTV surveillance is anti-democratic inasmuch as it tends to operate in areas where the targets of surveillance have little power. It divides society into the “watched” and the “non-watched”.¹¹⁷

The gaze of the cameras does not fall equally on all users of the street but on those who are stereotypically predefined as potentially deviant, or through appearance and demeanour are singled out by operators as unrespectable. In this way youth, particularly those already socially and economically marginal, may be subject to even greater levels of authoritative intervention and official stigmatisation, and rather than contributing to social justice through the reduction of victimisation, CCTV may become a tool of injustice through the amplification of differential and discriminatory policing.¹¹⁹

Performance monitoring

3.61 Monitoring the individual performance of an employee is one of the most controversial uses of overt surveillance.¹²⁰ While it can be of obvious benefit to employers through improving productivity and other such matters, there is a range of objections to performance monitoring, based on the detrimental effects of the practice on employees.

3.62 Although many employers use surveillance as a means of monitoring performance and thereby enhancing productivity, there is a view that surveillance is in fact counterproductive and harmful to employees.¹²¹ Research indicates that there is a link between performance monitoring and psychological and physical health problems.¹²² The problems experienced by employees who have had their performance technologically monitored include increased stress, boredom, high tension, headaches, extreme anxiety, depression, anger, severe fatigue and musculoskeletal problems.¹²³ These health problems can in turn lead to increased absenteeism and employee turnover,¹²⁴ leading to a decrease in productivity.

3.63 We note that clause 6.14 (3) of the ILO Code of Practice, Protection of workers’ personal data,¹²⁵ states that “[c]ontinuous monitoring should be permitted only if required for health and safety or the protection of property”. The Commentary to the Code of Practice identifies the reason for prohibiting continuous monitoring as being that “continuous monitoring has proved to be a cause of constant anxiety which can lead to both physical illness and psychological distress”.¹²⁶

3.64 Stress related problems are not the only health concerns connected to performance monitoring. As this form of surveillance can place a particular emphasis on speed and quantity as a means of assessing performance standards, it has the potential to encourage employees to increase their pace of work at the expense of employing sound ergonomic work practices. Accordingly, serious health and safety issues such as Occupational Overuse Syndrome are associated with performance monitoring.¹²⁷

3.65 In addition to the link with health concerns, performance monitoring has been identified as having a more general negative effect on the workplace. The knowledge that employees are being watched, listened to or otherwise monitored can create a negative workplace atmosphere by undermining employee morale¹²⁸ and creating division between employees and management.¹²⁹ Furthermore, it is apparent that many monitored employees consider that the practice is damaging to their sense of dignity¹³⁰ and perceive that they are viewed with suspicion or as being untrustworthy.¹³¹

Submissions

3.66 In the 1997 Issues Paper, IP 12, only covert performance monitoring was expressly raised as an issue for consideration. However, the Commission received several submissions that also addressed the additional issue of overt performance monitoring.

3.67 A number of submissions expressed the view that monitoring employee performance is an inappropriate use of overt surveillance. The Privacy Committee of New South Wales stated that it is opposed to the use of covert and overt visual surveillance for monitoring work performance.¹³² The Australian Security Industry Association advised that its CCTV Code of Ethics provides that CCTV systems should not normally be used purely for staff monitoring and surveillance.¹³³ Similarly, the Retail Traders’ Association of New South Wales advised that “Shopwatch”, which is an advisory code of practice for the use of video surveillance equipment in retail stores, states that “[t]he use of the CCTV will not relate to the productivity of staff or other similar industrial matters”.¹³⁴

3.68 The Service Station Association does not accept that any form of surveillance should be used for an “improper” purpose such as evaluation of normal employee work performance.¹³⁵ As the New South Wales Council for Civil Liberties considers that overt visual surveillance should be permitted only in specific circumstances based on concerns for public safety¹³⁶ and that in such circumstances, surveillance equipment must not be trained on employees,¹³⁷ it is implicit that the Council opposes overt performance monitoring.

3.69 While the New South Wales Nurses’ Association considered that there should generally be a prohibition on video monitoring of work performance,¹³⁸ it further submitted that performance monitoring might be acceptable with the consent of the employee.¹³⁹ The Association noted the difficulty in this regard of ensuring any such consent was valid, given the power imbalance in the employment relationship.¹⁴⁰

3.70 A similarly conditional view was expressed by a former Senior Public Defender, who submitted that in the case of overt performance monitoring, limits, such as the aspect of performance being monitored being linked to important areas of the business, should be imposed.¹⁴¹ An example of an acceptable instance of overt performance monitoring was given as the time taken to answer a telephone.¹⁴² He suggested some form of permit system may be appropriate.¹⁴³

THE EFFICACY OF OVERT SURVEILLANCE

3.71 The following may sound familiar to an Australian audience:

There is an apparent shift in the public mood towards what a cynic might call personal security at all costs, security at any cost. One need only listen to the tirades in Parliament about the need to get tough on the perceived increase in crime. Privacy is being converted into the poor cousin in debates about public security. Privacy interests that are perceived as hindering effective law enforcement or endangering public security, whether they are in truth a hindrance or not, are too often swept aside.¹⁴⁴

3.72 In 1999, an independent evaluation of open-street CCTV in Glasgow concluded “open-street CCTV can work in limited ways, but is not a universal panacea. It works in different ways in different situations ... .”¹⁴⁶ In the year following installation of the cameras, the area under surveillance recorded 3,156 fewer crimes and offences than was the average for the previous two years. However, after statistical refinement for underlying trends, the rate rose slightly to 109%, and was accompanied by a slight fall in detections (from 64% cleared up to 60%).¹⁴⁷ The same year another team¹⁴⁸ carried out an evaluation of the effect of CCTV on urban violence, by studying accident and emergency department and police assault data in three centres¹⁴⁹ in Wales. They concluded that “[c]ity centre CCTV installation had no obvious influence on levels of assaults” recorded in accident and emergency departments.¹⁵⁰ As far as the Commission is aware, no independent and comprehensive study has been carried out in Australia to evaluate the effectiveness of overt surveillance systems.

3.73 The evidentiary value of surveillance material may also be exaggerated. Vicki Bruce, Professor of Psychology at the University of Stirling, states:

There are a number of problems with typical CCTV footage which make the task inherently difficult in some circumstances – CCTV images are very variable in quality, and camera and lighting angles may conspire to produce no more than a poorly lit, messy image of the top or back of a person’s head. Recent research findings suggest, however, that the process of matching identities across different images may be remarkably error-prone even when image quality is reasonably high.¹⁵¹

3.74 Current indications are that the use of overt surveillance is unlikely to diminish in the short term. This is despite growing public awareness of privacy concerns, and the lack of strong evidence to support many of the benefits claimed on behalf of such systems. In addition to the reasons cited earlier for conducting overt surveillance, the reality is that government departments, local authorities and private concerns are under pressure to install such systems as one means of bolstering public confidence regarding personal security. Such pressure may take the form of public opinion, as aired by the media from time to time, often in the wake of particular incidents. Examples from New South Wales include the installation of security cameras to improve safety in trains in response to public perceptions about crime.¹⁵² Principals at “schools suffering from violent incidents”¹⁵³ have reportedly called for cameras to be installed. Industry and professional associations, such as those representing taxi drivers¹⁵⁴ and police,¹⁵⁵ together with State magistrates,¹⁵⁶ have argued that their members be subject to video surveillance for their protection.

3.75 In the future, pressure to install overt surveillance systems may have another impetus, the desire to avert litigation. In the United States, a rapidly growing and developing area of tort law¹⁵⁷ involves plaintiffs suing property owners, alleging that the defendants’ negligence in failing to provide sufficient security has resulted in their suffering personal injuries, often at the hands of a third party. Even though the criminal act of a third party is an intervening event, the defendant may still be liable if such an act was foreseeable and the defendant did not exercise reasonable care to reduce the risk of its occurrence.¹⁵⁸ Examples of these so-called “premises liability” cases include ones in which plaintiffs have been attacked in apartment carparks where lighting and locks have been inadequate.¹⁵⁹ In a US case, Nebel v Avichal Enterprises Inc,¹⁶⁰ a motel patron alleged the defendant was negligent in failing to provide “functional and operational closed circuit surveillance cameras and monitors” in a motel in a New Jersey high crime area.¹⁶¹ Morris v Krauszer’s Food Stores Inc¹⁶² was a case in which the plaintiff introduced expert testimony that, considering the foreseeability of robbery, the defendant should have increased security measures including the installation of video cameras. The jury found for the plaintiff.

3.76 The likely response of Australian courts to these type of claims is, at this stage, uncertain,¹⁶³ although one newspaper reported that Australian law firms are already acting for clients seeking compensation for injuries sustained in situations of allegedly inadequate security.¹⁶⁴ In June 2000, Judge Puckeridge of the District Court of New South Wales,¹⁶⁵ found a defendant employer in breach of a duty of care towards the plaintiff employee in failing to provide a safe place of work which would have entailed the adoption of certain security measures. The case did not, however, address the issue of electronic surveillance. We are not aware of any cases in any Australian jurisdiction alleging negligent failure to provide electronic surveillance, but this may come to be regarded as a standard security measure in the future.

3.77 The subject of surveillance has arisen in the context of accidents occasioning personal injury. In Shoeys Pty Ltd v Allan,¹⁶⁶ the plaintiff suffered significant injuries after slipping on some wet vegetable matter on a shop floor. The plaintiff argued that, in order to fulfil its duty of care towards her, one of the obligations of the defendant was to monitor the state of the floor so that it could see when leaves had fallen onto it.¹⁶⁷ Handley JA stated:¹⁶⁸

In my opinion an occupier cannot reasonably be expected to prevent material being dropped in areas being used by the public. Nor can an occupier be expected to remove material the instant it is dropped. What can be expected is that a system will exist for routine inspection and cleaning of busy high risk areas during the times they are in use by the public. (emphasis added)

A real risk of injury should be eliminated unless the cost of doing so is disproportionate to the risk. When the inferred size of the common ways, the number of people attending the Mall, and the risks of injury are borne in mind, the employment of a full-time cleaner cannot be regarded as an unreasonable burden on the occupier of a shopping mall as large as Minto Mall. Indeed the installation of video cameras monitoring the common ways is not outside what could be reasonably expected of the occupier. The use of these cameras for surveillance purposes is commonplace in the shops, stores and venues of Sydney. If video cameras can be used to protect the property of occupiers, they can be used to protect the safety of customers. The cost of employing a full-time cleaner or the installing of an electronic surveillance system was not out of proportion to the risk of injury involved at Minto Mall.¹⁷¹

VIEWS CONTAINED IN SUBMISSIONS

3.80 Submissions were received from media and other organisations which use surveillance devices, law enforcement agencies, associations representing lawyers, and other concerned parties. Many of the surveillance users stated that they adhered to a code of practice, often industry-based.¹⁷³

3.81 In the Issues Paper we asked¹⁷⁴ if the use of overt visual surveillance should be regulated. Unambiguous support for the concept of enforceable regulation of overt surveillance came from the New South Wales Council for Civil Liberties,¹⁷⁵ Privacy Committee of New South Wales,¹⁷⁶ Price Waterhouse,¹⁷⁷ the then Senior Public Defender,¹⁷⁸ and Lismore City Council.¹⁷⁹ Support for the contrasting view, that overt surveillance should, at most, be managed by self-regulation (for example, through industry-based codes of practice) was expressed by the Australian Press Council,¹⁸⁰ Australian Security Industry Association Limited,¹⁸¹ Insurance Council of Australia Limited,¹⁸² New South Wales Department of Training and Education Co-ordination,¹⁸³ Publishing and Broadcasting Limited,¹⁸⁴ the Registered Clubs Association of New South Wales,¹⁸⁵ and the Retail Traders’ Association of New South Wales.¹⁸⁶ Some others, while favourably disposed towards the concept of regulation, were not clear as to whether this should take the form of legislation or industry code of practice. The submission from the New South Wales Police Service, for example, states the view that there would be “some benefit in the development of a mechanism by which to ensure ... local CCTV initiatives were implemented and managed in a standard manner across the State (emphasis added).”¹⁸⁷ Submissions from Fairfield City Council¹⁸⁸ and the Department of Corrective Services,¹⁸⁹ while not necessarily expressing opposition to the concept of regulation, were keen to stress that they should be allowed some degree of exemption, because of existing accountability to its local community in the former case, or because of the special needs of the latter.

REGULATION

How overt surveillance is regulated

3.82 As stated at paragraph 1.50 and following, there is very little to fetter the unrestricted use of overt surveillance, other than codes which are adhered to voluntarily and lack sanctions for breach, or a patchwork of common law remedies which are inapplicable in the vast majority of cases. The practical result is that there is no common set of rules for the operation of overt surveillance in New South Wales. In the event that the surveillance has been abused to the detriment of an individual, in most cases that individual will have no redress.

Self-regulation

3.83 A report produced in 1997 by the Commonwealth Interdepartmental Committee on Quasi-regulation stated that:

[r]egulation can usefully be considered as a spectrum ranging from self-regulation where there is no government involvement, through various regulatory arrangements with increasing degrees of government influence and involvement, to explicit government regulation (often referred to as “black-letter law”).¹⁹⁰

Advantages of self-regulation

3.84 It is self-evident that most industries would, if given the option, prefer to govern themselves than have rules and sanctions imposed by government.¹⁹⁴ Self-regulation lessens or avoids altogether the need to fulfil bureaucratic requirements, and the consequences of failures in compliance are likely to be relatively light. While this preference is motivated in part by self-interest, there are nevertheless sound reasons why self-regulation can be beneficial to the wider community.

3.85 It may be more efficient for an industry, with its existing expertise, to set the benchmarks, rather than government. The cost to an industry in formulating and operating its own code of conduct is likely to be less than if it were forced to comply with standards mandated from outside. This can benefit taxpayers, as it shifts costs from government to the industry.¹⁹⁵ The “in-house” nature of self-regulatory controls should also make it easier for rules to be modified, and therefore be more responsive, as circumstances change.¹⁹⁶

Shortcomings of self-regulation

How valuable is the thing being protected?

3.86 Self-regulation may be a feasible alternative to other forms of regulation where it can provide the public with an appropriate and sufficient level of protection for the commodity, value or other objective sought to be safeguarded. This issue was addressed recently by the Australian Broadcasting Authority (ABA), during its inquiry into the commercial radio controversy which came to be known as “cash for comment”.¹⁹⁷ In its report, the ABA commented:

The right to exclusive use of a section of the radiofrequency spectrum for the purpose of commercial broadcasting is an extremely valuable public asset, and the community has certain expectations of those who are entrusted with the use of such assets ... (T)hose promulgating and seeking to rely on self regulatory codes (as a defence against formal government intervention) are bound to ensure that the codes are living, working and workable guides to behaviour and conduct in the industry. ... (T)he entrusting of significant self-regulatory responsibility to industry indicates that a very high standard of compliance is expected of industry in the fulfilment of its self-regulatory responsibilities.¹⁹⁸

The fact that a law exists protecting a particular right does much to symbolise the importance to society of that right. It also serves an educative function for society at large. From this perspective, the fact that infringements might be rare is beside the point. What matters is that the right is considered important enough to deserve both the symbolic imprimatur of the law and the provision of practicable means of redress.¹⁹⁹

3.88 The rights of surveillance users and surveillance subjects will conflict in some ways. While self-regulatory schemes do not preclude protection of the interests of surveillance subjects, they are formulated and operated by surveillance users, whose own interests will, doubtless, be reflected. In the case of conflict arising between the interests on either side, impartiality cannot be assumed when one party makes the rules. A similar point was made by the Senate Select Committee on Information Technologies, in its report on Australian media, entitled “In the Public Interest”.²⁰⁰ The code of practice of the Federation of Australian Commercial Television Stations (“FACTS”)²⁰¹ states that in broadcasting news and current affairs programs, licensees:

must not use material relating to a person’s personal or private affairs, or which invades an individual’s privacy, other than where there is an identifiable public interest reason for the material to be broadcast.²⁰²

[T]he decision as to what will or will not constitute “an identifiable public interest”, should not be left to purely sectarian interests. The Committee is of the view that the important balance to be struck between the “private” and “public” interest ought to be weighed up within the framework of a fair, independent and objective statutory regime.²⁰³

3.89 Where there is significant diversity in an industry or sector, it is unlikely that a voluntary regulatory regime can be adopted universally or consistently. Privacy protection loses force unless all involved in activities which may compromise privacy agree to such participation. This is because it is more and more difficult to fence off personal information.²⁰⁴ Information is a commodity which can be bought and sold. Convergence also renders technological barriers increasingly irrelevant.

Enforceability and accountability

3.90 Some businesses may claim to comply with an industry-wide code of practice. It may be difficult for a member of the public to ascertain the degree of such compliance, and indeed whether the business is even a signatory to the code. If non-compliance is demonstrated, it must be questioned how sanctions, if any, will be enforced against members, let alone against non-members riding along on their coat-tails. It is difficult to understand why an industry member would choose to bind itself by a set of rules. If a voluntary code is intended to act as reassurance to the public that its rights are being protected, it seems this goal would be better achieved through the enactment of laws providing sanctions and remedies. Commissioner Varney of the United States Federal Trade Commission put it this way:

Given the great diversity of companies, a significant number of companies are unlikely to agree on a uniform set of guidelines. Even among those who agree to the guidelines, some may not in fact comply with them. Over time, some who at first complied may cease to do so while not publicly acknowledging that they are no longer in compliance. Without an independent party to monitor and enforce compliance, consumers have no way to judge whether or not a company is actually in compliance with such guidelines. If a statute were to make the guidelines mandatory and provide meaningful remedies, consumers at least would be assured that companies have an incentive to comply.²⁰⁵

Australia

3.91 Prior to 1992, the broadcasting industry was subject to a cumbersome regulatory regime.²⁰⁶ In the report of the so-called “cash for comment” inquiry, referred to above at para 3.86, the ABA found there appeared to have been “a systematic failure to ensure the effective operation of self-regulation”, as well as a failure by the relevant codes “to provide appropriate community safeguards”.²⁰⁷

3.92 A similar conclusion was reached in a report by the Senate Select Committee on Information Technologies evaluating “the appropriateness, effectiveness and privacy implications of the existing self-regulatory framework in relation to the information and communications industries”.²⁰⁸ The Committee found:

substantial evidence to question the efficiency and effectiveness of self-regulation and co-regulation in Australia’s information and communications industries. Self-regulation in the print media industry appears to be failing the community. In the television and radio industries, co-regulation has attracted widespread criticism. Standards for advertisements are not being adequately enforced.²⁰⁹

3.94 The Privacy Committee of New South Wales was established in 1975.²¹² In 1980 it released a paper in which it outlined²¹³ the Committee’s philosophy with regard to privacy protection. This stated that privacy is best protected by:

(a) Flexible guidelines, monitored by an informed and concerned public, aided by a vigilant permanent watchdog,

(b) specific legislation aimed at particular problems which fail to respond to guidelines.

During 1982, the Committee reassessed its policy which favoured voluntary guidelines as the principal means of protecting privacy, with remedial legislation where such guidelines failed. The Committee believes such a reassessment would be of value in the light of its 7 years of experience, in handling over 15,000 complaints and producing 53 research reports. The Committee believes that the range and extent of privacy invasions in the area of information privacy, where most complaints arise, makes it no longer feasible to leave the bulk of privacy protection to voluntary guidelines. The potential for serious invasion of privacy is large and increasing rapidly. Legislation is now necessary, not merely as a remedial response to existing violations of privacy rights, but as a general preventative means of protecting privacy rights and laying down privacy protection standards.²¹⁴

3.95 In England a decade earlier, the Committee on Privacy and Related Matters had delivered its report (chaired by David Calcutt QC) on the measures needed “to give further protection to individual privacy from the activities of the press”.²¹⁵ The Committee concluded that the impact of the Press Council on intrusions by the press into privacy had been limited,²¹⁶ and recommended “that the press should be given one final chance to prove that voluntary self-regulation can be made to work.”²¹⁷ Even so, it recommended replacing the Press Council with a new body, the Press Complaints Commission which “must be seen to be authoritative, independent and impartial”.²¹⁸ Although the Committee reaffirmed the importance of self-regulation,²¹⁹ it threatened that if the press was “not prepared to put and keep its own house in order, further legislation must follow.”²²⁰ A second report²²¹ chaired by Calcutt in 1993, gave the following assessment of the Press Complaints Commission:

The Commission, as constituted, is, in essence, a body set up by the industry, financed by the industry, dominated by the industry, operating a code of practice devised by the industry and which is over-favourable to the industry.²²²

United States

3.96 The American experience does not appear to have been happier, despite a preference for relying on self-regulation. Angela J Campbell concludes that, after analysing past uses of self-regulation in broadcasting, children’s advertising, news, alcohol advertising, comic books, movies, and video games, “self-regulation rarely lives up to its claims, although in some cases, it has been useful as a supplement to government regulation.”²²³ According to another report, self-regulation has “failed abysmally”.²²⁴

3.97 The Federal Trade Commission (“FTC”) has monitored online privacy for the past few years. In June 1998 it reported:

Effective self-regulation remains desirable because it allows firms to respond quickly to technological changes and employ new technologies to protect consumer privacy. Accordingly, a private-sector response to consumer concerns that incorporates widely-accepted fair information practices and provides for effective enforcement mechanisms could afford consumers adequate privacy protection. To date, however, the Commission has not seen an effective self-regulatory system emerge. As evidenced by the Commission’s survey results, and despite the Commission’s three-year privacy initiative supporting a self-regulatory response to consumers’ privacy concerns, the vast majority of online businesses have yet to adopt even the most fundamental fair information practice (notice/awareness).²²⁵ (emphasis added)

Because self-regulatory initiatives to date fall far short of broad-based implementation of effective self-regulatory programs, a majority of the Commission has concluded that such efforts alone cannot ensure that the online marketplace as a whole will emulate the standards adopted by industry leaders. While there will continue to be a major role for industry self-reg in the future, a majority of the Commission recommends that Congress enact legislation that, in conjunction with continuing self-regulatory programs, will ensure adequate protection of consumer privacy online.²²⁷

2. Para 2.77-2.79.

3. Para 2.78-2.79.

4. Criminal Procedure Act 1986 (NSW) s 108.

5. R Wainwright, “Union Claims CityRail Spied on Employees” Sydney Morning Herald (3 November 1999) at 10.

6. NSW Council for Civil Liberties, Submission at 1.

7. NSW Council for Civil Liberties, Submission at 2.

8. Some evidence of support from various sections of the public can be gleaned from newspaper reports. “Calls for the urgent introduction of surveillance cameras into Wagga’s main street received overwhelming support at an anti-violence meeting in the city last night”: Daily Advertiser (Wagga Wagga) (4 April 1997) at 1. “Principals at schools suffering from violent incidents want surveillance cameras installed”: Sun-Herald (Sydney) (29 June 1997) at 11. “Cab drivers in Sydney are pressing for trials of a camera in their taxis, offering them protection by photographing their passengers”: Sun-Herald (Sydney) (10 May 1998) at 5.

9. Clarke and Weisburd cited in R V Clarke (ed), Situational Crime Prevention: Successful Case Studies (2nd edition, Harrow & Heston, Albany NY, 1997) at 32.

10. See para 3.71.

11. Poyner cited in Clarke at 32.

12. Poyner cited in Clarke at 32.

13. M Hansen, “No Place to Hide” (August 1997) 83 ABA Journal 44 at 46.

14. Passive millimetre wave imaging, for example, relies on variations in the electromagnetic rays emitted by the body and by objects on or around it to produce an image of the objects against a contrasting image of the body. Back-scattered x-ray imaging uses a low-energy x-ray beam to scan the body surface. The reflection of the beam off the skin is combined with advanced computer image-processing techniques to create a display of the person and any concealed weapons: Hansen at 47; J Collins “Privacy or Safety: A Choice You Soon May Not Be Able to Make” «205.243.76.8/rcreader/19cov.html».

15. National Law Enforcement and Corrections Technology Center, “Handheld Acoustic System for Concealed Weapons Detection” «nlectc.org/techproj/nij_p38.html»; Hansen at 47.

16. “Longer term [regarding applications for holographic imaging radar], scientists at Pacific Northwest are working on perfecting “x-ray specs”. Concealed vest-mounted units that allow images to be displayed on a visor or via specially designed glasses could help security personnel to covertly monitor crowds for weapons”: Ingersoll-Rand Company, “Nowhere to Hide” Compressed Air Magazine October/November 1996 «ingersoll-rand.com/compair/ octnov96/radar.htm».

17. This face recognition software system, launched by Newham Council in the United Kingdom in October 1998, was designed to identify “target faces” amongst crowds of people: London Borough of Newham Communications Unit, “Newham Council Launches ‘Face Recognition’ in the UK” «www.newham.gov.uk/press/julythrunov98/ facereg.html»; Visionics Corporation, “Visionics FaceIt is First Face Recognition Software to be Used in a CCTV Control Room Application” «www.faceit.com/Newsroom/PRs/98newham.htm».

18. See para 3.11.

19. D H Sinnott, “The Development of Over-the-Horizon Radar in Australia” «www.dsto.defence.gov.au/corporate/publicity/brochures/ othr/othr1.html».

20. J Marsh, “$124m Plan Targets Illegal Migrant Scam” Sydney Morning Herald (28 June 1999) at 1.

21. See para 1.16.

22. Biometric Consortium, “Government Applications and Operations” «www.biometrics.org/REPORTS/CTSTG96».

23. G Safe, “Fingerprints to Beat Bank Fraud” The Australian (4 January 2000) at 1.

24. Biometric Consortium. INSPASS (Immigration and Naturalization Service’s Passenger Accelerated Service System) was designed to allow faster admission for frequent travellers to the United States, uses hand geometry to verify identity, and has been installed at, for example, John F Kennedy Airport, New York. CANPASS (the Canadian version of INSPASS) uses fingerprint biometric, and is designed to facilitate transfer of persons and goods between Canada and the United States. PORTPASS is another Immigration and Naturalization Service system, and it monitors people in vehicles at borders through a voice recognition biometric. It is currently in use at the US border with Canada, with planned introduction on the border with Mexico.

25. Biometric Consortium.

26. Biometric Consortium.

27. Biometric Consortium.

28. SJB Services, “Biometric identity system applied to an entire country” (news release) «www.sjb.co.uk/pr/19079601.txt».

29. Nevertheless, “[w]hen electronic fingerprinting was introduced five years ago, it caught the imagination of politicians who saw it as the ultimate high-tech weapon to fight welfare fraud. ... Yet there is little evidence that so-called finger imaging – intended to deter would-be double-dippers using fake identity papers – has had any significant impact in preventing fraud. In fact, a study by the state three years ago found that other welfare changes had made finger imaging largely superfluous from the outset. But the state has refused to make that $658,000 study public, and now calls it outdated and flawed:” N Bernstein, “Experts Cast Doubt on Worth of New York Plan to Fingerprint for Medicaid” New York Times (30 August 2000) «www.nytimes.com/library/tech/00/08/biztech/ articles/30finger.html».

30. Biometric Consortium. “It is anticipated that all of Spain’s citizens will have their own cards by the end of this century.”: Unisys, “Spain Selects Unisys as Partner for National Social Security Identification Card Project” (news release) «corp2.unisys.com/AboutUnisys/ PressReleases/1996/jan/01175960.html».

31. Automated Fingerprint Image Reporting and Match, introduced in 1991, to reduce fraudulent and duplicate welfare benefits. A saving of $5.4 million was reported following the first six months’ use, and this is still growing. The system has been extended to other parts of California: Biometric Consortium. New York, New Jersey, Connecticut, Massachusetts and Pennsylvania are among other states that are or will be using similar programs: Committee on Banking and Financial Services, US House of Representatives, “Statement by Jeffrey S Dunn, Chairman, Biometric Consortium” «www.house.gov/banking/52098jd.html».

32. Committee on Banking and Financial Services, US House of Representatives, “Statement by Jeffrey S Dunn, Chairman, Biometric Consortium” «www.house.gov/banking/52098jd.html».

33. For example, J Heywood, “Were Says Two Men in Dealer Row Have Quit” Sydney Morning Herald (25 August 1998) at 27; J Rouw, “Were Find ‘Clean as a Whistle’” Sydney Morning Herald (8 August 1998) at 92.

34. Sydney Futures Exchange Limited, Submission at 1. The SFE also operates, with the knowledge of its members, a computerised trading system, Sydney Overnight Computerised Market (or SYCOM), which is monitored by SFE surveillance staff to ensure no rules have been breached.

35. Section 1137(1) of the Corporations Law (Cth) states: “A futures exchange ... shall, to the extent that it is reasonably practicable to do so, take all steps, and do all things, necessary to ensure an orderly and fair market for dealings in futures contracts on a futures market of the futures exchange.”

36. Sydney Futures Exchange Limited, Submission at 1-2.

37. Sydney Futures Exchange Limited, Submission at 2. The client also has the right to listen to any recording in the event of a dispute.

38. A software product produced by WinWhatWhere Corporation.

39. According to the president of WinWhatWhere, two Australian government departments hold 62 Investigator licences and a further 60 are held by various Australian companies: M Bryan, “Every step you take, every move you make …” Australian Financial Review (4 March 2000) at 27.

40. Bryan at 27. See also «http://www.winwhatwhere.com».

41. J Flanagan, “Restricting Electronic Monitoring in the Private Workplace” (1994) 43 Duke Law Journal 1256 at 1260.

42. New South Wales, Privacy Committee, Invisible Eyes: Report on Video Surveillance in the Workplace (Report 67, 1995) at 31.

43. Privacy Committee (1995) at 31.

44. Flanagan at 1260.

45. L Hartman, “The Rights and Wrongs of Workplace Snooping” «www.depaul.edu/ethics/monitor.html».

46. A Westin, “Monitoring and New Office Systems” Part II of “Employee Privacy, Monitoring and New Technology” Chapter 6 of Arbitration 1988: Proceedings of the Forty-First Annual Meeting of the National Academy of Arbitration (Bureau of National Affairs, Washington, DC, 1989) at 169.

47. Privacy Committee (1995) at 31.

48. D J Freeman, “Legal issues concerning e-mail” «www.djfreeman.co.uk/ pubs/m-email.htm»; McCann FitzGerald “Libel and Internal E-mail Systems: The impact of the Norwich Union case” «www.mccann-fitzgerald.ie/legal_briefing/litigation_arbitration/email_libel.html».

49. A Carson and D Farrant, “Saving Private E-mail” The Age (4 March 2000) at 3; S Silverstein, “Survey finds more than one-third of employers snoop on workers” Los Angeles Times (23 May 1997) «seattletimes.nwsource.com/extra/browse/html97/altpriv_052397.html».

50. J Rolfe, “Office email abusers run riot” Daily Telegraph (24 March 2000) at 101. See also S Long, “Think before you click and forward” Australian Financial Review (15 November 2000) at 51.

51. The Special Branch was disbanded in 1997 following criticism by the Police Royal Commission (“the Wood Commission”). Opening the files for inspection by people who were the subject of Special Branch activities, the Premier, Mr Bob Carr, said: “People ought to be able to do what you can in a democracy – stand outside a government building or a courthouse with a protest sign without having their names recorded by people pretending they are Special Branch agents in the FBI”: D Murphy, “Special Branch Files Now Marked Open for Inspection” Sydney Morning Herald (10 March 1999) at 6. Examples include a street protest in the early 1980s by “Women Behind Bars”, a group advocating rights for female prisoners, which resulted in the compilation of a file on those present: D Murphy, “Special Branch Files Now Marked Open for Inspection” Sydney Morning Herald (10 March 1999) at 6.

52. M Hansen, “No Place to Hide” (August 1997) 83 ABA Journal 44at 47.

53. Ingersoll-Rand Company, “Nowhere to Hide” Compressed Air Magazine October/November 1996 «ingersoll-rand.com/compair/ octnov96/radar.htm».

54. However, concern has been expressed at the degree of intrusiveness made possible by the technology. According to one unnamed critic, cited by Hansen, a radar skin scanner is being developed which is able to produce an anatomically correct image so precise it can reveal whether or not a man has been circumcised: Hansen at 46.

55. In America, constitutional issues have been raised, such as whether using such devices can constitute a search, and, if so, whether the failure to obtain a warrant for their use violates the Fourth Amendment. The Fourth Amendment provides: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

56. See also para 4.46.

57. An earlier application by the Casino for an injunction to prevent the screening was unsuccessful as it was held to be in the public interest: C Egan, “Casino Video Sees Call for a Code” The Australian (5 July 1994) at 4.

58. C Egan, “Casino Seeks Ban on Secret Footage” The Australian (4 July 1994) at 3.

59. F Walker, “Love in Lift Spy Row” Sun-Herald (11 June 1995) at 5.

60. Q Burrows, “Scowl Because You’re on Candid Camera: Privacy and Video Surveillance” (1997) 31 Valparaiso University Law Review 1079 at 1100.

61. C Edwards, N Savage and I Walden (eds), Information Technology and the Law (2nd edition, Macmillan, London, 1990) at 2.

62. Edwards, Savage and Walden at 2; Australian Broadcasting Corporation, “In the Pipeline: Alphabetical Glossary” «www.abc.net.au/ pipeline/radio/programs/glos2.htm»; R Hinton, Information Technology and How to Use It: A Handbook of Effective Practice (ICSA Publishing, Cambridge, 1988) at 2.

63. Edwards, Savage and Walden at 3.

64. Sections 4(1) and 4(2) of the Privacy and Personal Information Protection Act 1998 (NSW) define “personal information” as “information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion” and includes fingerprints and genetic characteristics.

65. For example, the use of a digital camera for roadside traffic enforcement has many advantages over a traditional camera, which requires film to be changed, processed, and kept secure. Images captured by digital cameras can be downloaded to a computer, and, with the use of number plate recognition software, the vehicle’s owner can be identified almost immediately: United Kingdom, House of Lords Select Committee on Science and Technology, Digital Images as Evidence (Fifth Report, 1997-98, HL 64) at 1.4. Digital cameras have, incidentally, been installed in the tunnel of Sydney’s Eastern Distributor: S Gee, “Secret Cameras: Hidden Speed Checks in Tollway” Daily Telegraph (6 June 2000) at 1, 3.

66. “If the technology continues to develop as expected it may in the future be possible to match data from the digitised passport photographs that are coming into use with other databases, enabling the rapid identification of individuals who were, for example, attending a football match”: United Kingdom, House of Lords Select Committee on Science and Technology, Digital Images as Evidence (Fifth Report, 1997-98, HL 64) at 4.18.

67. T B Kearns, “Technology and the Right to Privacy: the Convergence of Surveillance and Information Privacy Concerns” (1999) 7 William and Mary Bill of Rights Journal 975 at 996-97.

68. Australia, Australian Transaction Reports and Analysis Centre, Annual Report 1998-99 at 7.

69. Kearns at 998.

70. K Crawford, “Beep on the Street: it’s the Internet” Sydney Morning Herald (14 January 2000) at 1-2.

71. The Privacy Amendment (Private Sector) Act 2000 (Cth), commencing late in 2001, will have some impact on this situation as regards large companies.

72. Since 1980, there seems to have been “a shift in the perception of privacy and privacy invasion, rather than a diminution of public concern. The effect is an ambivalence that retards consumer and political activism over even the most blatant privacy intrusions. In many countries, fundamental changes have taken place in society’s approach to traditional privacy issues.”: S G Davies, “Re-Engineering the Right to Privacy: How Privacy Has Been Transformed from a Right to a Commodity” in P E Agre and M Rotenberg (eds), Technology and Privacy: The New Landscape (MIT Press, Cambridge, Massachusetts, 1997) at 143-165. In a series entitled “The Surveillance Society”, which appeared in The Village Voice during September-October 1998, Mark Boal notes “Surveillance scholarship was hip in the ‘60s and ‘70s, but academic interest has dropped noticeably in the past 20 years”. He cites one reason for this “apathy” as being dependence by academia on government funding, which is less likely to be forthcoming for surveillance research than for surveillance hardware: M Boal, “Part One: Spycam City” The Village Voice «www.villagevoice.com/features/ 9840/boal/shtml».

73. S G Davies, “Re-Engineering the Right to Privacy: How Privacy Has Been Transformed from a Right to a Commodity” in P E Agre and M Rotenberg (eds), Technology and Privacy: The New Landscape (MIT Press, Cambridge, Massachusetts, 1997) at 144.

74. Davies at 159.

75. “The Income Tax Assessment Act 1936 (Cth) does not require a taxpayer to quote a tax file number, but provides for the imposition of the highest prescribed rate of tax where a tax file number is not quoted. Employees may lodge an employment declaration with their employer in which they may quote their TFN. Where an employee has declined to quote their TFN, the employer is required to deduct tax from the employee’s salary or wages at the highest prescribed rate. ... Investors may quote their TFNs to the investment body connected to their investment. Where an investor has declined to quote his or her TFN, the relevant investment body is required to deduct tax from the investment income at the highest prescribed rate”: Halsbury’s Laws of Australia (Butterworths, Sydney, 1996) Volume 25 at [405-31445].

76. C Ho, “Libertarians Cry Foul at DNA Tests for Rape Investigation” Sydney Morning Herald (10 April 2000) at 8.

77. The first data protection law was enacted in Hesse, Germany, in 1970, followed by national laws in Sweden (1973), the United States (1974), Germany (1977) and France (1978). From these evolved two international instruments, the Council of Europe’s 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, and the OECD’s Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data. More recently, the European Union has enacted stronger data protection in its European Data Protection Directive (Directive 95/46/EC), with each EU State required to enact complementary legislation by October 1998, although this process has not been completed. “The key concept in the European model is ‘enforceability’. The European Union is concerned that data subjects have rights that are enshrined in explicit rules ... Every EU country will have a Privacy Commissioner or agency that enforces the rules”: “Privacy and Human Rights 1999: An International Survey of Privacy Laws and Developments” «www.privacyinternational.org/survey/Overview.html#Heading6». The full text of the directive can be found at «europa.eu.int/eur-lex/en/lif/dat/1995/ en_395L0046.html».

78. The Act incorporates the National Principles for the Fair Handling of Personal Information, developed by the Federal Privacy Commissioner, setting out standards for the collection and use of personal information by business and other private sector organisations.

79. Directive 95/46/EC also provides that data should only be transferred to a non-EU country if adequate safeguards are in place: European Union, “Media, Information Society and Data Protection” «europa.eu.int/comm/dg15/en/media/dataprot/news/925.htm». For an example of measures being taken by non-EU countries to comply with this “adequacy” provision, see United States, Department of Commerce, “Draft International Safe Harbor Privacy Principles” «www.ita.doc.gov/td/ecom/Principles1199.htm»: “While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from ... [the European Union’s comprehensive privacy legislation]. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation.”

80. Davies at 144.

81. R Clarke, “The Resistable Rise of the National Personal Data System” «www.anu.edu.au/people/ Roger.Clarke/DV/SLJ.html».

82. R Clarke, “The Resistable Rise of the National Personal Data System” «www.anu.edu.au/people/ Roger.Clarke/DV/SLJ.html».

83. Australia, Australian National Audit Office, Management of Tax File Numbers: Australian Taxation Office (Audit Report 37, AGPS, Canberra, 1998-99) at para 1.10 and appendix 1.

84. Jack Straw, UK Home Secretary, quoted by P Newton, “‘Spy’ Cameras Backed” Daily Telegraph (London) (13 May 1999) at 8.

85. “Identity Checks Test Big Brother Fears” (editorial) The Australian (4 January 2000) at 10.

86. Scott McNealy, chief executive officer of Sun Microsystems, at a product launch in January 1999, responding to concerns that various computer operating systems contain unique identification numbers which make it possible to track individual users: quoted in various sources eg J Markoff “Growing Compatibility Issue: Computers and User Privacy” New York Times (3 March 1999) at A1.

87. See, for example, I Grayson, “Packer Sets Up Big Brother Data Store” The Australian (30 November 1999) at 33.

88. S Mitchell, “Packer Data Shop Sets Off Alarm” The Australian (7 December 1999) at 40.

89. M Hollands, “High Price for Abusing Trust” The Australian (7 December 1999) at 34.

90. The process of discovering patterns in data for the purpose of improving decision-making, usually in a business context.

91. “The enhancement of each customer record with postal, demographic, geodemographic, lifestyle, and psychographic data elements: Appending additional content to each customer record – such as income, age, marital status, home and auto ownership, hobbies and interests, and so forth – helps marketers in many ways. Such data permits construction of customer profiles and models that predict customer or prospect behaviour”: Acxiom, “Data Integration: the Warehouse Foundation” (Acxiom White Paper) «www.acxiom.com.au/whitepapers/wp-11.asp».

92. N Waters, “Why Privacy Laws Must Have Muscle” Sydney Morning Herald (7 December 1999) at 19.

93. Eg C Connolly, “Database Collection is a Valid Question” (letter), The Australian (7 December 1999) at 14.

94. Eg M Hollands, “Law Change Urgent: Expert” The Australian (7 December 1999) at 40.

95. Consumer Reports Online, “Oh, What a Tangled Web” «www.consumerreports.org/Special/ConsumerInterest/Reports/0005pri1.htm». When a customer visits the web site of a DoubleClick customer, a “cookie” is placed on the visitor’s hard drive, allowing DoubleClick to track what he or she is looking at, and build detailed profiles. DoubleClick was able to combine its own anonymous data with the names and purchase histories of 88 million households, held by Abacus Direct, thus helping it to determine the actual identity of the visitor. See also Business Week Online, “Privacy: Outrage on the Web” «www.businessweek.com:/ 2000/00_07/b3668065.htm?scriptFramed».

96. J Rosen, The Unwanted Gaze: The Destruction of Privacy in America (Random House, New York, 2000) at 198.

97. D Reardon, “It’s a Steal: $6 Buys a Criminal History” Sydney Morning Herald (2 May 2000) at 8. The site, at «www.crimenet.com.au» was launched on 1 May 2000.

98. B Hickman, “Virtual Vigilantes” The Australian (6 May 2000) at 24.

99. G Wilkinson, “Net Site Aborts Trial” Herald-Sun (Melbourne) (25 May 2000) at 3.

100. Hickman at 24; Wilkinson at 3; R Ackland, “Jury’s Out on Web We Weave” Sydney Morning Herald (26 May 2000) at 9.

101. “Remember, they are always watching you. Use cash when you can. Do not give your phone number, social-security number or address, unless you absolutely have to. Do not fill in questionnaires or respond to telemarketers. Demand that credit and data-marketing firms produce all information they have on you, correct errors and remove you from marketing lists. Check your medical records often. If you suspect a government agency has a file on you, demand to see it. Block caller ID on your phone, and keep your number unlisted. Never use electronic tollbooths on roads. Never leave your mobile phone on – your movements can be traced. Do not use store credit cards or discount cards. If you must use the Internet, encrypt your e-mail, reject all ‘cookies’ and never give your real name when registering at websites. Better still, use somebody else’s computer. At work, assume that calls, voice mail, e-mail and computer use are all monitored”: “The End of Privacy: Surveillance Society” Economist (1 May 1999) 17 at 11.

102. United States, General Accounting Office (“GAO”), Identity Fraud (Report No GGD-98-100BR, 1998) at 1.

103. GAO at 4.

104. GAO at 49; Privacy Rights Clearinghouse, “Identity Theft: How it Happens, its Impact on Victims, and Legislative Solutions” «www.privacyrights.org/AR/id_theft.htm».

105. Privacy Rights Clearinghouse.

106. GAO at 11.

107. GAO at 4. California is one State which has recently enacted provisions to assist identity theft victims: Penal Code s 530.5, 530.6.

108. Para 2.83-2.85.

109. Australian Direct Marketing Association, “Information and Events – FAQ’s” «www.adma.com.au/consumer/FAQs.htm».

110. In September 1999 a Wall Street Journal/NBC News poll found that the loss of personal privacy is the primary concern of Americans approaching the twenty-first century. “When asked what concerns them the most about the next century, 29% of respondents answered the ‘loss of personal privacy’. Overpopulation and terrorist acts on US soil followed at 23%, racial tensions at 17%, world war at 16%, and global warming at 14%”: Electronic Privacy Information Centre, EPIC Alert (vol 6.15, 23 September 1999) «www.epic.org/alert/EPIC_Alert_6.15.html»; For other US examples, see para 3.50 above, and American Civil Liberties Union, “ACLU Calls on Law Enforcement to Support Privacy Laws for Public Video Surveillance” «www.aclu.org/news/1999/n040899b.html». For UK examples, see National Council for Civil Liberties (UK), “Have You Ever Had the Feeling That You’re Being Watched?” «users.ox.ac.uk/~liberty/appcctv.html»; UK Public CCTV, Surveillance Regulation Campaign, “Watching Them, Watching Us” «www.spy.org.uk/lobby.htm».

111. Andersen Legal, “Internet Privacy Survey 2000: a Survey of the Privacy Practices of Australia’s Most Popular Web Sites” «www.iia.net.au/index2.html» at para 2.4.

112. Australian Bureau of Statistics, “8147.0 Use of the Internet by Householders, Australia (May 2000)” «www.abs.gov.au/ausstats/ abs@.nsf/Lookup/NT0000B252». The survey found that, in the year to May 2000, 6% of all adults purchased goods or services for private use through the Internet, despite a finding that 33% of Australian households had Internet access. In the 3 months to May 2000, 8% of all adults used the Internet to pay bills or transfer funds, in contrast with 51% who used the telephone, 67% who used EFTPOS, and 74% who used automatic teller machines.

113. C Norris and G Armstrong, The Maximum Surveillance Society: The Rise of CCTV (Berg, Oxford, 1999) at 150, 196.

114. Norris and Armstrong at 197.

115. American Civil Liberties Union, “ACLU Calls on Law Enforcement to Support Privacy Laws for Public Video Surveillance” «www.aclu.org/news/1999/n040899b.html».

116. F Bianchini, cited by Dr B Simpson, Submission at 4.

117. Dr B Simpson, Submission at 5.

118. Norris and Armstrong at 198.

119. Norris and Armstrong at 201.

120. Privacy Committee (1995) at 31 (referring specifically to video surveillance).

121. International Labour Office (ILO), “Workers’ Privacy Part II: Monitoring and Surveillance in the Workplace” (1993) 12(1) Conditions of Work Digest at 22.

122. Flanagan at 1263.

123. Flanagan at 1263; Privacy Committee (1995) at 52; ILO (1993) at 22.

124. M Levy, “The Electronic Monitoring of Workers: Privacy in the Age of the Electronic Sweatshop” (1995) 14(3) Legal Reference Services Quarterly 5 at 11.

125. ILO, Geneva, 1997.

126. ILO (1997) at 36.

127. ILO (1993) at 99

128. Flanagan at 1264.

129. T Dixon, “Workplace video surveillance – controls sought” (1995) 2 Privacy Law and Policy Reporter 141 at 142.

130. Westin (1989) at 168.

131. Privacy Committee (1995) at 51.

132. Privacy Committee of NSW, Submission at 30.

133. Australian Security Industry Association Ltd, Submission at 2.

134. Retail Traders’ Association of NSW, Submission at 16.

135. Service Station Association Ltd, Submission at 2.

136. NSW Council for Civil Liberties, Submission at 5.

137. NSW Council for Civil Liberties, Submission at 6.

138. NSW Nurses’ Association, Submission at 1.

139. NSW Nurses’ Association, Submission at 2.

140. NSW Nurses’ Association, Submission at 2.

141. M L Sides, Submission at 20.

142. M L Sides, Submission at 20.

143. M L Sides, Submission at 20.

144. B Phillips, “Privacy in a “Surveillance Society” (1997) 46 University of New Brunswick Law Journal 127 at 135.

145. B Brown, CCTV in Town Centres: Three Case Studies (Home Office Police Department, Police Research Group Crime Detection and Prevention Series No 68, London, 1995) at 65.

146. J Ditton, E Short, S Phillips, C Norris and G Armstrong, The Effect of Closed Circuit Television on Recorded Crime Rates and Public Concern About Crime in Glasgow (Scottish Office Central Research Unit, Edinburgh, 1999) at 61. See also New South Wales Law Reform Commission, Surveillance (Issues Paper 12, 1997) at para 4.13-4.15.

147. Ditton at 5 and 29.

148. The Violence Research Group, University of Wales College of Medicine, Cardiff.

149. Cardiff, Swansea and Rhyl.

150. V Sivarajasingam and J P Shepherd, “Effect of closed circuit television on urban violence” (1999) 16 Journal of Accident and Emergency Medicine 255.

151. Vicki Bruce “Fleeting Images of Shade: Identifying People Caught on Video” (1998) 11(7) The Psychologist 331 at 332. Bruce cites the following example: In 1988 police raided a woman’s home, searching for her son, who was a robbery suspect. The woman was shot in the course of the raid. The son was later caught and prosecuted for the robbery entirely on the basis of evidence from a CCTV image showing a young black man. A prosecution witness claimed he could prove that the identities matched by comparing the precise number of pixels (the very small elements that make up a picture) separating key features of the face. The defence’s expert witness, however, stated that if his students had made such elementary mistakes, they would fail. Examples were not correcting for the viewpoints when comparing two images, nor considering the resolution with which the face was depicted. The suspect was acquitted.

152. In May 1998, the Transport Minister, the Hon Carl Scully, announced that all railway stations in Sydney, Newcastle and Wollongong would be included in a $55 million security program to install CCTV and other measures, to be completed by mid-2000: D Humphries, “Cameras, Lights for Rail Stations” Sydney Morning Herald (25 May 1998) at 5.

153. A Patty, “Schools Want Spy Cameras” Sun-Herald (Sydney) (29 June 1997) at 11.

154. A Mitchell, “Look, You’re on Candid Camera” Sun-Herald (Sydney) (10 May 1998) at 5.

155. “Police Car Camera Calls” Newcastle Herald (14 January 2000) at 16; L Hannan, “Call for Police Camera Action” Sun-Herald (Sydney) (13 July 1997) at 34.

156. R Morris et al, “Panic Button: Magistrates in Fear of Their Lives” Daily Telegraph (24 August 1999) at 9.

157. M J Rooney, “Liability of a Premises Owner for the Provision of Security: the Massachusetts Experience” (1995) 29 Suffolk University Law Review 51 at 51 and 83. According to the New York weekly, The Village Voice, security cameras “are now an integral part of new construction, along with sprinklers and smoke detectors”: “The Surveillance Society (Part One: Spycam City)” The Village Voice «www.villagevoice.com/features/9840/boal.shtml».

158. Security Industry Association and International Association of Chiefs of Police (“Security Industry Association”), “Informational Brief for Proposed Guidelines on CCTV Monitoring and Recording of Public Areas for Safety and Security Purposes” «www.siaonline.org/cctvinfobrief.html».

159. Pamela B v Hayden (1994) 31 Cal Rptr 2d 147. See also Allison v Rank City Wall Canada Ltd (1984) 6 DLR (4th) 144.

160. Nebel v Avichal Enterprises Inc (1989) 704 F Supp 570.

161. The court held that, for the plaintiff to prove negligence, it needed to show that security measures, such as a CCTV system, would have been likely to deter the criminal activity which caused the plaintiff’s injury: Security Industry Association and International Association of Chiefs of Police, “Legal Issues Related to Silent Video Surveillance” «www.siaonline.org/cctvlegal1.html». Installing a video security system will not be sufficient to avoid liability. It seems necessary that proper policies and procedures be followed and any employees adequately trained (Cohen v Southland Corporation (1984) 203 Cal Rptr 572), and that the system be properly designed, maintained and monitored so as not to create a false sense of security which would encourage visitors, customers etc to take risks they might otherwise not take (Kutbi v Thunderlion Enterprises Inc (1985) 698 P.2d 1044): Security Industry Association (26 October 1999).

162. Morris v Krauszer’s Food Stores Inc 693 A.2d 510 (NJ App 1997).

163. I Newbrun, “‘Dangerous’ Premises”, paper presented at the seminar Occupiers’ Liability and Security Obligations (NSW) (LAAMS, Sydney, 21 February 1997) at 33.

164. D Serghis, “Public venues compo warning” Herald Sun (Melbourne) (7 July 1997) at 10. According to one newspaper report, the NSW Police Minister “said shopping centres had an obligation to their customers to provide secure parking”: “Videos for Car Parks” Sunday Telegraph (20 April 1997) at 25.

165. Armour v G & E Natoli Real Estate Pty Ltd (NSW, District Court, No 51/99, Puckeridge J, 19 June 2000, unreported) at 11. See also Modbury Triangle Shopping Centre Pty Ltd v Anzil [1999] SASC 335 (carpark lighting at night).

166. Shoeys Pty Ltd v Allan (NSW, Court of Appeal, No 40365/90, 3 May 1991, unreported).

167. Shoeys Pty Ltd v Allan at 5 (Mahoney JA).

168. Shoeys Pty Ltd v Allan at 3 (Handley JA).

169. “In the present case, it was not, I think, argued that the defendant’s duty was to have somebody constantly observing each part of the floor, by means of electronic surveillance or otherwise. No suggestion of this kind was put to the witnesses nor was the cost or practicality of it considered at the trial”: Shoeys Pty Ltd v Allan at 7 (Mahoney JA).

170. Brady v Girvan Bros Pty Ltd trading as Minto Mall (1986) 7 NSWLR 241.

171. Brady v Girvan Bros Pty Ltd at 255.

172. Australian Torts Reporter (CCH, Sydney, 1984) Volume 1 at [10-340].

173. Australian Broadcasting Corporation, Submission at 1 (“Code of Practice”); Australian Press Council, Submission at Annexure B (“Statement of Principles”); Australian Security Industry Association Limited, Submission at 1 (“CCTV Code of Ethics”); Insurance Council of Australia Limited, Submission at 1 (“General Insurance Code of Practice”); Motor Traders’ Association of NSW, Submission (copy of submission to Privacy Committee of New South Wales) at 2; Publishing and Broadcasting Limited, Submission at 2 (FACTS (Federation of Australian Commercial Television Stations) “Commercial Television Industry Code of Practice”); Registered Clubs Association of NSW, Submission at 3 (cites the Code of Practice for the Use of Overt Video Surveillance in the Workplace released by the New South Wales Department of Industrial Relations following the deliberations of the Working Party on Video Surveillance which was established in 1996); Retail Traders’ Association of NSW, Submission at 11 (“Shopwatch: An Advisory Code of Practice for the Use of Video Surveillance Equipment in Retail Stores”); Service Station Association Ltd, Submission at 1 (“SSA Policy: Surveillance, Audio/Video”).

174. New South Wales Law Reform Commission, Surveillance (Issues Paper 12, 1997) at para 4.21.

175. Submission at 3.

176. Submission at 21.

177. Submission at 3.

178. M L Sides, Submission at 5.

179. Submission at 1.

180. Submission at 2.

181. Submission at 1.

182. Submission at 2.

183. Submission at 1.

184. Submission at 4.

185. Submission at 2-4.

186. Submission at 10.

187. Submission at 7. NSW Young Lawyers Criminal Law Committee, Submission at 1; Director of Public Prosecutions, Submission at 2; NSW Nurses’ Association, Submission at 1. The joint submission from the NSW Crime Commission (NSWCC), Independent Commission Against Corruption (ICAC), Police Integrity Commission (PIC) and National Crime Authority (NCA) (“Joint Law Enforcement Agencies”) supports the regulation of overt visual surveillance by industry codes of practice or privacy legislation, rather than by the LDA: Submission at 2.

188. Submission at 1-3.

189. Submission at 2-3.

190. Australia, Commonwealth Interdepartmental Committee on Quasi-Regulation, Grey-Letter Law (Canberra, 1997) at ix.

191. Commonwealth Interdepartmental Committee on Quasi-Regulation at 6.

192. The Committee notes, however, that “self-regulation” has also been used to describe industry schemes which have had some degree of government involvement: Commonwealth Interdepartmental Committee on Quasi-Regulation at 6.

193. Commonwealth Interdepartmental Committee on Quasi-Regulation at 7.

194. Australia, Taskforce on Industry Self-Regulation, Draft Report (Department of Treasury, Canberra, 2000) at 22. For an example, see Master Builders Association of South Australia, “The Master Builders Association National Code of Practice and the Constitution” «www.mbasa.com.au/ mbasa/c_o_p.htm».

195. A J Campbell, “Self-Regulation and the Media” (1999) 51(3) Federal Communications Law Journal 711 at 716.

196. Campbell at 716.

197. The inquiry was prompted by stories televised by the Australian Broadcasting Corporation’s “Media Watch” program during 1999, concerning alleged financial dealings between presenters on various commercial radio stations and outside commercial interests.

198. Australian Broadcasting Authority (“ABA”), Report of the Commercial Radio Inquiry (Sydney, 2000) at 74.

199. Ireland, Law Reform Commission, Report on Privacy: Surveillance and the Interception of Communications (Report 57, 1998) at para 4.19.

200. Australia, Senate Select Committee on Information Technologies, In the Public Interest: Monitoring Australia’s Media (Senate Printing Unit, Canberra, 2000).

201. Television stations operate within a co-regulatory environment, where codes of practice are developed and managed under the supervision of a statutory body operating within a legislative framework. The Federation of Australian Commercial Television Stations has developed a code of practice, which has been approved and registered by the Australian Broadcasting Authority: Senate Select Committee on Information Technologies at para 1.22, 3.1 and 3.10.

202. Federation of Australian Commercial Television Stations, Commercial Television Industry Code of Practice (April 1999) at s 4.3.5.

203. Senate Select Committee on Information Technologies at 1.55.

204. M E Budnitz “Privacy Protection for Consumer Transactions in Electronic Commerce: Why Self-Reg is Inadequate” (1998) 49 South Carolina Law Review 847 at 874.

205. Budnitz at 875-76.

206. Australian Broadcasting Authority (“ABA”), Report of the Commercial Radio Inquiry (Sydney, 2000) at 74.

207. ABA at 4. The ABA formed the view “that remedial action is necessary to ensure the commercial radio industry’s compliance with the Act and the Codes”, and suggested that it should determine three standards applicable to commercial radio broadcasting licensees (at 4). It warned, however, “that [the ABA’s] existing powers lack the flexibility and force to properly respond to serious Code breaches and that it lacks sanctions that have immediate effect” (at 5). It proposed various options to remedy this situation, but noted (at 6) that these would require legislative change.

208. Senate Select Committee on Information Technologies at iii.

209. Senate Select Committee on Information Technologies at para 6.1.

210. Senate Select Committee on Information Technologies at para 2.72.

211. Senate Select Committee on Information Technologies at Chapter 6.

212. It is now known as Privacy NSW, and is the Office of the New South Wales Privacy Commissioner.

213. New South Wales, Privacy Committee, Privacy Protection: Guidelines or Legislation? (Government Printer, Sydney, 1980) at 1.

214. New South Wales, Privacy Committee, Annual Report 1982-1983 at 15.

215 England and Wales, Home Office, Report of the Committee on Privacy and Related Matters (HMSO, London, Cm 1102, 1990) (“Calcutt Report”) at para 1.1.

216. England and Wales, Home Office at para 14.37.

217. England and Wales, Home Office at para 14.38.

218. England and Wales, Home Office at para 14.38.

219. England and Wales, Home Office at para 17.14.

220. England and Wales, Home Office at para 17.16.

221. Review of Press Self-Regulation (Dept of National Heritage, Cm 2135, London, HMSO).

222. Review of Press Self-Regulation at para 5.26.

223. A J Campbell, “Self-Regulation and the Media” (1999) 51(3) Federal Communications Law Journal 711 at 772.

224. “The End of Privacy: the Surveillance Society” Economist (1 May 1999) 17 at 19. “A Federal Trade Commission survey of 1,400 American Internet sites last year [1998] found that only 2% had posted a privacy policy in line with that advocated by the commission ... Studies of members of America’s Direct Marketing Association by independent researchers have found that more than half did not abide even by the association’s modest guidelines.”

225. Federal Trade Commission, “Privacy Online: A Report to Congress” (VI Conclusions) «www.ftc.gov/reports/privacy3/conclu.htm».

226. Federal Trade Commission, “Privacy Online: A Report to Congress” (VI Conclusions) «www.ftc.gov/reports/privacy3/conclu.htm».

227. Federal Trade Commission, “Prepared Statement of the Federal Trade Commission on “Privacy Online: Fair Information Practices in the Electronic Marketplace” «www.ftc.gov/os/2000/05/ testimonyprivacy.htm».

228. Andersen Legal, “Internet Privacy Survey 2000: a Survey of the Privacy Practices of Australia’s Most Popular Web Sites” «www.iia.net.au/index2.html».