AustLII Home | Databases | WorldLII | Search | Feedback

University of New South Wales Law Journal

Faculty of Law, UNSW
You are here:  AustLII >> Databases >> University of New South Wales Law Journal >> 1998 >> [1998] UNSWLawJl 47

Database Search | Name Search | Recent Articles | Noteup | LawCite | Author Info | Download | Help

Kirby, Michael D --- "Privacy in Cyberspace" [1998] UNSWLawJl 47; (1998) 21(2) UNSW Law Journal 323

Privacy in Cyberspace [*]

THE HON JUSTICE MICHAEL KIRBY AC CMG[**]


I. A NEW DYNAMIC

Time passes. Twenty years ago in the Organisation for Economic Cooperation and Development (OECD) work was beginning towards guidelines on the protection of privacy in the context of transborder data flows.[1] Ten years ago work towards the later OECD guidelines on security of information systems was commenced.[2] I chaired the two expert groups which prepared those successive principles. That work opened my eyes to the enormous implications of modern technology for the law and human rights in every society. And to the capacity of international institutions to help municipal law makers respond to global problems. The work of the OECD on the social and legal issues presented by informatics illustrates the way in which the international community is slowly but inexorably constructing a mutually compatible legal order on the foundation of “respect for human rights and fundamental freedoms”.[3]
Ten years ago, I suggested[4] that what was lacking at the international level, as in domestic jurisdiction, was a perception of the relevance of scientific developments for the concept of human rights. This was because of the fragmentation of priorities, the dominance in the debates on human rights of lawyers (often ignorant of science), the limited perspective of specialised institutions and the highly controversial nature of many of the moral dilemmas posed. It is useful, I think, to repeat my conclusion:[5]
[T]here has been little endeavour to reflect the major scientific and technological developments of the last fifty years, and their impact on human rights, in a conceptual way. Instead, old human rights instruments developed for earlier times are scrutinised for their possible utility in solving the controversies presented by the new technology. Piece-meal legislation is enacted. No Luther of jurisprudence has emerged to pull together the implications of nuclear physics, informatics and biotechnology for twenty first century man and woman.
In the decade since those words were written, the fundamental problem remains unresolved. The urgency of finding solutions has increased. In informatics, there has been a rapid convergence of technologies. Telecommunications have merged with computerisation linked with other systems of communication.[6] Connections have been forged between nuclear physics, informatics and biotechnology. The Star Wars system proposed by President Ronald Reagan had a worrying potential to link nuclear weaponry and informatics. The Human Genome Project would not be possible but for the linkages of information technology and biological research.[7] It is important to realise the interconnections of scientific advances and to study their impact on human rights. For example, the privacy of genetic information is as much an issue for human rights in the context of informatics as it is in the context of biotechnology. Principled responses, defensive of the rule of law, human rights and fundamental freedoms, will necessarily have common themes.
In the twenty years since the OECD Guidelines on Privacy were formulated, the Internet has been launched. It expands at an astonishing rate with world wide users doubling every twelve months.[8] William Gibson’s vision of cyberspace[9] is fast becoming a reality. Starting with 8.5 million users in 1995, the Internet is expected to reach over 142 million users by the year 2000.[10] For a pertinent analogy, it is necessary to go back to Gutenberg’s printing press.[11]
Look ahead. Imagine the way in which, in the future, the lives of human beings will be altered as the global network of interconnected users of information technology becomes bigger and even more powerful. Already, informed writers are offering their predictions. Edward Cornish, for example,[12] has sketched ninety two ways in which, he claims, the lives of ordinary people will change over the next thirty years as a result of the Internet. Global culture, education, employment, production and even crime will be affected. Local cultures and languages may decline. Increased drug use and the risks of cyber crime and terrorism will be larger problems. Privacy, it is argued, will be harder to maintain. Not unconnected with this, interpersonal relationships of human beings will be increasingly unstable. Cornish’s conclusion is that the unprecedented power to choose will often result in less sensible action and greater conflict. Governments will have limited control over cyberspace and over the pace at which globalisation of the interconnected human consciousness is occurring.

II. ENDANGERED PRIVACY

Many of the problems for privacy which were identified in the 1980s are now enlarged, or altered, by the development of the Internet. The speed, power, accessibility and storage capacity for personal information identifying an individual are now greatly increased.[13] Some of the chief protections for privacy in the past arose from the sheer costs of retrieving personal information; the impermanency of the forms in which that information was stored; and the inconvenience experienced in procuring access (assuming that its existence was known). Other protections for privacy arose from the incompatibility of collections with available indexes and the effective undiscoverability of most personal data. These practical safeguards for privacy largely disappear in the digital age.[14] A vast amount of data, identified to a particular individual, can now be collated by the determined investigator. The individual then assumes a virtual existence which lives in cyberspace instead of in what is sometimes described as ‘meat space’.[15] The individual takes on a digital persona made up of a collection of otherwise unconnected and previously unconnectable data.
This quantity of personal information about individuals is likely to increase rather than decrease.[16] Access to this information is what occasions the contemporary fragility of privacy – a human attribute that has been steadily eroded over the past century.[17] To the extent that the individual has no control over, and perhaps no knowledge about, the mass of identifiable data which may be accumulated concerning him or her, and to the extent that national law-makers, despite their best endeavours, enjoy only limited power effectively to protect the individual in the global web, privacy as a human right, is steadily undermined.[18]
It is not always appreciated by users of the web that without specific initiatives on their own part, their visits to particular websites can usually be resurrected: presenting a profile of their minds. These visits may illustrate the subjects in which they are interested: their inclinations, political, social, sexual and otherwise.[19] An early indication of the potential of this form of surveillance to pry on the individual occurred during the confirmation hearings in the United States Senate considering the nomination of Judge Robert Bork to the United States Supreme Court. A reporter retrieved the record of Judge Bork’s video rentals as itemised by computer.[20] Nor is this a theoretical danger. Senior Petty Officer Timothy McVeigh, a naval officer stationed in Hawaii, was discharged from the United States Navy after he came under investigation following the search of his America On Line (AOL) profile which included the word “gay”. An acquaintance turned the profile over to Mr McVeigh’s command. The latter treated it as a breach of the United States Government’s policy about the sexual orientation of service personnel, described as “Don’t ask. Don’t tell”. Mr McVeigh did not tell: but AOL did.[21]
One of the particular dangers of data profiling is the human tendency to assume that because information comes out of an automated system it must be accurate. Data profiles have a potential to magnify and endlessly reproduce human error.[22] There are many studies of the mistakes which can occur. The brother who once paid a defaulting sibling’s rent and found himself black listed as an unreliable tenant. The network user whose facilities are used by someone else to make a visit to a child pornography website or to download child pornography whilst the user is away.
The damage that can be done through defamation on the Internet is illustrated by a recent case in Western Australia. A message from an anthropologist appeared on the World Wide Computer Network Bulletin Board defending a university decision not to grant academic tenure to the plaintiff. The message mentioned an accusation of sexual misconduct which thereupon became available to approximately 23 000 academics and students, within the relevant speciality, having regular access to the bulletin board. Defamation was found and damages awarded.[23]
It is not accurate to say that the Internet is a law free zone. Much local law applies to the activities occurring there. But it is true to say that there is no global authority which controls the Internet. There is no uniform global regime to regulate and enforce standards.[24] To some extent the absence of a controlling and enforceable law facilitates free expression, the communication of ideas and notions of individual liberty which are themselves important human rights. However, such values are not the only human rights, as a glance at the Universal Declaration of Human Rights and its progeny of international law will demonstrate. There are other fundamental human rights which sometimes compete, or conflict, with the right of free expression. The right to privacy and to reputation and honour, and the confidentiality of communications must also be protected.[25] In the world of the Internet, technological capacity tends to favour the spread of information. The protection of competing values is decidedly weak.
With the Internet have come additional problems. Because of the growing use of information systems by business and government, and because these are connected to the Internet, many transactions by individuals in every country will now be potentially inter-connected and examinable. This will afford means of distributing data about the individual to remote places and, often, to persons or organisations with which the individual may have no other connection. The advent of search engines, robots, wanderers and Internet indexes presents a new dimension to the isolation of personally identifiable data profiles. The extensive indexes of Internet sites such as Yahoo[26] and the launch in December 1995 of the Altavista search engine[27] (with the subsequent proliferation of email, telephone, address and Usenet directories) change forever the personal profile potential of the individual. In his essay “Private Lies”,[28] John Hilvert describes Altavista in these terms:
[It] was introduced as a free service back in December [1995] to show [Digital Equipment Corporation’s] ability to handle the Internet, no matter how it scaled ... [It] gobbles and disgorges in a very accessible way the entire catalogue of some 22 million web pages (12 billion words) and about two months of the content of 15 000 news groups. It handles 5 million search requests a day. Impressed with Altavista’s remarkable speed. The subject tried Altavista on the news groups and was sickened. What I found ... using my name or email address as search parameters, was a copy of almost every post I’ve made to Newsnet news groups since the first week in January ... That includes my posts to these two news groups, and all rejoinders from anyone here who included my name in his or her reply. Make out of that what you wish. My reaction to it is somewhere between disgust and fury. What I do not expect is that the news group clubhouse is bugged and that what is said there, by any of us, will be recorded and made available to any person on the Internet, for whatever reason persons might have. The irony of this is: I came across [this] ... using the Altavista search engine.
Users commonly think that, because they do not enter their names or other details to gain access to web pages, this means that there is a high degree of privacy in their use of the Internet, in other words, that it is virtually anonymous. However with most web browsing software, such as Netscape and Microsoft Explorer, any request to a website discloses the network identity of the machine used to access the web, the web page immediately previously accessed, together with related ‘cookies’, such as information stored by the web server on the computers of users who have accessed it, the list of previously accessed web pages or transactional information generated while accessing those web pages.[29] If this does not cause anxiety about the potential loss of privacy of Internet users, nothing will.
Of course, this is not a reason, Canute like, to hold up the hand against progress. On current trends we can scarcely prevent the rapid continuing growth in Internet users. Nor would one wish to do so. But it does present a challenge to those who would defend fundamental human rights (including privacy) and those who realise that false, distorted, damaging, hurtful and intrusive information that can be compiled about an individual based upon data received from a multitude of digital sources and given an apparent authenticity by digital delivery. Web crawlers, spiders, robots and trawlers introduce a new dimension to the
info-privacy debate. They also challenge the applicability, in today’s technology, of some of the OECD Guidelines prepared in the context of the technology of earlier decades, when such intense dataveillance was not foreseen.[30]

III. CHALLENGES TO DEMOCRATIC GOVERNANCE

In addition to the foregoing concerns an even deeper malaise must be addressed. It relates to the capacity of presently existing law making institutions to respond adequately to the problems which the new technology presents. Privacy is only one attribute of the Internet in which challenges arise for established values. Organised crime, terrorism, infringement of intellectual property rights, unconsensual or under age infiltration of pornography are some of the other problems examined in the literature.[31] So are the implications of the Internet for the integrity of financial markets, for tax avoidance and tax havens.[32] Equally controversial is the impact of the Internet upon cultural sovereignty and diversity[33] which is of such concern to societies struggling to preserve and defend their language, religious or spiritual values, moral norms and distinct social diversity.
In striking down the censorship provisions of the Communications Decency Act of the United States,[34] the Supreme Court of that country itself recognised that the practical consequence of its decision would reach far beyond the borders of the United States of America:[35]
Once the provider posted its content on the Internet it could not prevent that content from entering any community. Thus, when the UCR/California Museum of Photography posts to its website nudes by Edward Weston and Robert Mapplethorpe to announce that its new exhibit would travel to Baltimore and New York City those images are available not only in Los Angeles, Baltimore and New York City but also in Cincinnati, Mobile or Beijing – wherever Internet users live. Similarly, the safe sex instructions that ‘Critical Path’ posts to its website written in street language so that the teenager receiver can understand them, are available not just in Philadelphia, but also in Provo and Prague.
People in every country are therefore, in a sense, beneficiaries of decisions made upon the First Amendment to the United States Constitution. Not all societies, and certainly not all governments, necessarily share the social values reflected in the United States court decisions. In a number of countries attempts have already been made by law to control the Internet.[36] Thus a draft law in Thailand purports to prohibit dissemination through the Internet of information that is against “public peace and order and may lead to disunity of the nation or deterioration of international relationships”; “immoral information”; “information disparaging religion” or “highly respected persons” and “inappropriate information” concerning the King of Thailand, the Thai Royal Family and also “Heads of State of friendly foreign countries”.[37] This law was roundly criticised when it was published in January 1998, on the ground the last-mentioned provision would create criminal offences for disseminating sexual information concerning President Clinton of the United States. The subsequent publicity given to allegations against the President, and its dominance of much of the global news media, demonstrated once again the difficulty (and possibly undesirability) of censoring the international flow of data of this kind.
Another illustration lies in the efforts of the British Government to prohibit publication of information and commentary which might endanger the fair trial of Mrs Rosemary West. She was accused of involvement in notorious serial killings. Such efforts of control might have been effective in the traditional news media. But they were wholly ineffective for the Internet.[38] The earlier attempts by the British Government to suppress the publication of the book Spycatcher by Mr Peter Wright failed in the courts of several countries outside the United Kingdom.[39] It was not even attempted in the United States of America. The case illustrated the effective powerlessness of most national courts to enforce, in a truly effective way, local norms and values affecting global information.
Governments and legislatures are not wholly powerless in the face of the Internet and global media. But the force of the technology (and the vast audiences which it gathers up) suggest that common global standards will tend, in time, to swamp local susceptibilities. At least in the case of most countries, there will be little which they can do to influence the information flow except to enact laws enforceable in their courts in the comparatively rare instances in which they can catch those who offend against such laws within their jurisdiction.
Some will say that this limitation on the capacity of national law makers to respond to the challenge of the Internet is nothing but an illustration of globalisation, which technology more generally renders irreversible and inevitable. The contribution of the Internet to free expression, democratic practice and individual liberty cannot be denied. But in the interval between the receding power of national law and the lack of effective international law, lie certain dangers. As I have shown, they are dangers for those human rights which compete with the free flow of undigested data. They are also dangers to stable social regulation on the part of those who see the impact of the new values which multimedia and the Internet bring and object to aspects of what they see.

IV. AN AGENDA FOR ACTION

The result of this review is that the extraordinary development of informatics continues to present puzzles and challenges both to the international community and to the law making institutions of the nation states which make it up. A number of things can be done.

A. Review and Debate of Current Regulations

Every jurisdiction needs to review its applicable laws and policies to adapt them to the new technology. In the United States a constitutional amendment has even been proposed to update some of the present legal guarantees and to permit courts to fashion new principles in harmony with the new technology and new values.[40] In Australia, in the space of a year or two, three discussion papers have been produced by official bodies. There is currently a Senate inquiry on self regulation in the information and communications industries.[41] It is highly desirable that in every jurisdiction legislators, governments, academics and the community generally should be debating the social implications of the new technology, including the Internet. Such debates need to be supplemented by international initiatives which seek to devise principles as global as the technology itself. Otherwise, we will persist with a legal patchwork of dubious effectiveness[42] and more and more business and other communications will take place in extra- and supra- jurisdictional space.

B. Formulation of Standards

The development of ‘cyber manners’, of Internet standards and the initiatives of bodies such as the Global Internet Liberty Campaign,[43] as well as domestic initiatives to advocate endangered values such as privacy,[44] deserve support.

C. Review of OECD Privacy Principles

There is an urgent need, in the light of technological change and the enhanced capacity of the Internet, for a review to be conducted of the information privacy principles developed by the OECD twenty years ago. There are serious gaps in those principles. Informed writers are already suggesting that new privacy principles are needed, such as:

D. Openness and Transparency

A common theme of many of the proposed revisions of the OECD Privacy Guidelines is the need to render “data collection practices ... fully visible to the individual ... Any feature which results in the collection of personally identifiable information should be made known prior to operation and ... the individual should retain the ability to disengage the feature if he or she so chooses”.[48] Whilst some observers would contest such an absolute statement of the right of disengagement (and others might question the marginal utility of undemanded notification of all identifiable information about an individual without any initiative on the part of that individual) clearly the openness principle of the OECD Guidelines is one of the weakest in the collection. The advent and potential of the Internet requires that there be new attention to it.[49]

E. The Role of Governments

The role of national governments as the defenders of privacy and of fundamental rights also needs careful consideration, given the past record of many of such governments as intruders into such fundamental rights. This, together with commercial concerns, provides the explanation for the strong resistance to the Clipper Chip proposed by the United States Government in 1993. That proposal had the ostensible purpose of allowing government to override individual encryption, allegedly to protect society from “gangsters, terrorists and drug users”.[50] The first two words are loaded. The third, at least now, engenders a legitimate international debate concerning the proper strategy to respond effectively to the drug epidemic. Whilst society needs to be shielded from clearly antisocial conduct, there are strong arguments for permitting, and protecting, the anonymity of most website visits[51] and providing ‘dungeons’ and ‘chat rooms’ in the web where people can communicate without fear that their interests, attitudes, beliefs and concerns will be monitored either by public or the private sector snoops.[52]

F. Responsible Reporting

One feature of Internet reporting is the intensification of the competition for getting the ‘news’ first. This puts great pressure upon modern journalistic standards. The kind of reporting which has lately affected public personalities such as Diana, Princess of Wales, and President Clinton, in respect of their private lives is, in part, a product of the new technology. No public figure is entitled to protection in relation to aspects of private life which may have relevance to public duties. But unless public figures can enjoy a private zone where their lawful family, sexual, health and other data belongs to them and is respected by others, the result will be a serious erosion of the quality of persons offering to serve.

V. CONCLUSION

A second generation of information privacy principles, in harmony with the development of the Internet, should therefore be drawn up without delay. The Internet should develop in a way respectful to fundamental human rights and democratic governance. Its expansion should reflect global values and human diversity. This is a mighty challenge. Yet the Internet itself was conceived in the minds of human beings. It should be possible for humanity to devise and apply just rules for its operation.[53] If it cannot, that fact has serious implications for the notion that human rights are universal. It has profound consequences for the future of the rule of law in cyberspace.

[*] This is an abbreviated and amended version of a paper to be published in International Dimensions of Cyberspace Law by the United Nations Educational, Scientific and Cultural Organisation (UNESCO), Paris in 1999.
[**] Justice of the High Court of Australia. Lately President of the International Commission of Jurists. One time Chairman of the OECD Expert Groups on Privacy (1978-80) and Data Security (1991-2).
[1] OECD, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, Paris (1980).
[2] OECD, Guidelines on Security of Information Systems, Paris (1992).
[3] Preamble to the Charter of the United Nations. See LM Gruderidge and E Hambro, Charter of the United Nations: Commentary and Documents (2nd ed, 1949) p 87.
[4] MD Kirby, “Human Rights and Technology: A New Dilemma” (1988) 22 University of British Columbia Law Review 123 at 127.
[5] Ibid at 130-1. Cf AES Tay, Teaching Human Rights, Australian National Commission for UNESCO (1981) p 2.
[6] J Bond, “Telecommunications is Dead, Long Live Networking” (1997) 3(3) I-Ways 26.
[7] R Cook-Deegan, The Gene Wars, Norton (1994) pp 283ff; MD Kirby, “The Human Genome Project: Promise and Problems” (1994) 11 Journal of Contemporary Health Law and Policy 1. See now UNESCO, Universal Declaration on the Human Genome and Human Rights (1997), especially articles 7, 8 and 9.
[8] R Miller, The Internet in Twenty Years: Cyberspace, the Next Frontier?, OECD (1997).
[9] W Gibson, Neuromancer, cited in MS Borella, “Computer Privacy vs First and Fourth Amendment Rights” <http://www.eff.org/pub/Privacy/comp_privacy_4th_amend.paper> . As Miller notes, note 8 supra, cyberspace will eventually come to life on the Internet infrastructure as a range of information and services spanning, at least for a few analysts, almost all aspects of human experience. Cf E France, “Can Data Protection Survive in Cyberspace?” (1997) 8(2) Computers and Law 20.
[10] R Miller, note 8 supra.
[11] Five hundred years ago Francis Bacon, writing about Gutenberg’s printing press, commented on how the very way humans think would be rearranged, changed and as he put it “the appearance and state of the world” would be altered. Cf S Harris cited in S Williamson, “Legal Pot-holes in the Information Super Highway” (1995) 69 Law Institute Journal 1213.
[12] E Cornish, “The Cyber Future: 92 Ways our Lives will Change by the Year 2025” (1996) 30(1) The Futurist 27, abstracted in OECD, note 8 supra, p 12.
[13] A Cavoukian and D Tapscott, Who Knows: Safeguarding your Privacy in a Networked World, Vintage, (1996); SD Balz and O Hance, “Privacy and the Internet: Intrusion, Surveillance and Personal Data” (1996) 10(2) International Review of Law, Computers and Technology 219.
[14] G Greenleaf, “Privacy and Cyberspace: An Ambiguous Relationship” (1996) 3(5) Privacy Law and Policy Reporter 88.
[15] Ibid at 89.
[16] Ibid at 88.
[17] R Wacks, “Privacy in Cyberspace: Personal Information, Free Speech and the Internet” in P Birks (ed) Privacy and Loyalty, Oxford (1997) at 93.
[18] R Wacks, ibid at 110; SD Balz and O Hance, note 13 supra at 220.
[19] SD Balz and O Hance, ibid at 222. Most Internet users do not seem to appreciate that an image of a site they may have visited many weeks earlier could be stored in their personal computer and easily viewed by another person having access to the computer.
[20] Ibid at 228.
[21] Human Rights Campaign: “Human Rights Campaign Learns Pentagon Postponing Expulsion of Sailor with ‘Gay’ in his Profile” <http://www.hrc.org/feature1/mcveigh.html.> . A judge has granted temporary relief to Mr McVeigh against dismissal.
[22] T Miller, “Law, Privacy and Cyberspace” (1996) 1(4) Communications Law 143 at 145; H Wright, “Law, Convergence and Communicative Values on the Net” (1996) 7 Journal of Law and Information Science 54 at 65.
[23] Rhindos v Hardwick (unreported, Supreme Court of Western Australia, Ipp J, 31 March 1994) noted in: G Hughes, “Nowhere to Hide? Privacy and the Internet” (1996) 29 Computers and the Law 21 at 22; B Todd, “From Village Pump to Superhighway: Internet and the Modern Law of Defamation” (1996) 1 Media and Arts Law Review 34; P Bartlett, “Internet & the Legal Tangle” (1995) 1(4) Computer Law and Practice 110.
[24] T Miller, note 8 supra, p 145.
[25] Universal Declaration of Human Rights, Article 12; International Covenant on Civil and Political Rights, Article 17.1. See generally HH Perritt and CJ Lhulier, “Information Access Rights Based on International Human Rights Law” (1997) 45 Buffalo Law Review 899 at 906 ff.
[26] G Greenleaf, note 14 supra at 88. A catalogue of Internet privacy issues may be found at
<http://www.anu.edu.au/people/Roger.Clarke/DV/Internet.html> .
[27] Altavista home page at <http://www.altavista.digital.com> .
[28] J Hilvert “Private Lies” Information Age, May 1996, pp 18-23 cited in G Greenleaf, note 14 supra at 89-90.
[29] G Greenleaf, note 14 supra at 91-2. Without spiders and robots it would be very difficult to find information on the web. These “devices” continually travel the millions of Internet servers on the web and index every significant word or phrase on each one. Web “masters” can prevent their sites from being so indexed. The awareness of the danger and the ways of meeting it has heightened in recent times. In 1994, an attempt was made to draft a Robot Exclusion Standard. See <http://web. nexor.co.uk/mak/doc/robots/norobots.html> .
[30] R Clarke, “Profiling and its Privacy Implications” (1994) 1(7) Privacy Law and Policy Reporter 128 at
128-9; R Wacks, note 17 supra at 93-7.
[31] C Downey, “The High Price of a Cashless Society: Exchanging Privacy Rights for Digital Cash?” (1996) 14(2) John Marshall Journal of Computer and Information Law 303.
[32] R Wacks, note 17 supra at 111.
[33] S Davies, “Strategies for Protecting Privacy in the New Information Structure” in (1995) 2(2) Privacy Law and Policy Reporter 23; cf (1997) 3(4) I-Ways 9.
[34] Reno v American Civil Liberties Union, 138 L Ed 2d 574 (1997), noted in (1997) 13 (5) Computer Law and Security Report 371.
[35] Reno, ibid at 372.
[36] China, Singapore and Germany have introduced laws. See R Wacks, note 17 supra at 99.
[37] Internet Promotion Bill 1998 (Thailand) (Draft 4) noted in the Bangkok Post, 12 January 1998, pp 1-2.
[38] T Miller, “Law, Privacy and Cyberspace” (1996) 1(4) Communications Law 143 at 145.
[39] See for example, Attorney General (UK) v Heinemann Publishers Australia Pty Ltd [1988] HCA 25; (1988) 165 CLR 30.
[40] See Professor Laurence Tribe’s suggestion noted in R Wacks, note 17 supra at 99.
[41] The three initiatives of the Australian Government are explained in T Hughes, “Regulation of the ‘Net’” in Australian Law Reform Commission (1997) 71 Reform 23 at 24. They concern privacy protection, copyright reform and the regulatory framework for on-line services. Subsequently the Australian Government withdrew an electoral commitment to enact privacy legislation governing the private sector. See S Davies, “Privacy Law - Australia” (1997) 16(6) Computer Law and Security Report 429. At the time of writing the Australian Senate Select Committee on Information Technology is conducting an inquiry on self regulation in the information and communications industries.
[42] G Greenleaf, “Privacy Principles: Irrelevant to Cyberspace?” (1996) 3(6) Privacy Law and Policy Reporter 114 at 118-19. The European Union has proposed a process that could lead to an “International Communications Charter” by the end of 1999. See (1998) 4(1) I-Ways 1 and <eif@bxl.dg13.cec.be>.
[43] G Greenleaf, ibid at 119.
[44] The Australian Privacy Charter Council is a non-governmental organisation established to promote the protection of privacy. It has issued a Privacy Charter. See (1995) 2 Privacy Law and Policy Reporter 44. See also the European Union’s Data Directive (Directive 95/46/EC). Cf G Greenleaf, “European Commission tests adequacy of our privacy laws” (1998) 4(8) Privacy Law and Policy Reporter 140; and S Lau, “Observance of the OECD Guidelines and the EU Directive in Asia” (1998) 4(8) Privacy Law and Policy Reporter 145.
[45] See OECD, Guidelines for Cryptography Policy, 27 March 1997 (OECD Doc:C(97) 62/FINAL) which include eight principles relevant to this discussion. Principle 2 relates to users’ rights to choose cryptographic methods. Principle 5 relates to the individual’s rights to privacy including secrecy of communications and protection of personal data. Cf J Adams, “Encryption: The Next Big Thing?” (1998) 2 Computers and Law 39 at 39-40.
[46] G Greenleaf, “Privacy Principles - Irrelevant to Cyberspace?”, (1996) 3(6) Privacy Law and Policy Reporter 114 at 118.
[47] R Clarke, note 30 supra at 129. See also R Clarke, “Beyond ‘Fair Information Practices’: A new Paradigm for 21st Century Privacy Protection” at <http://www.anu.edu.au/people/Roger.Clarke/DV/BeyondFIP.html> .
[48] HH Perritt and CJ Lhulier, note 25 supra. See also G Greenleaf, note 14 supra at 92. Cf M Rotenberg, “Privacy and Protection: A US Perspective, Data Protection in the United States: A Rising Tide?” (1998) 14(1) Computer Law and Security Report 38 at 38-40.
[49] S Davies, note 33 supra at 38. The Australian Privacy Commissioner has issued new National Principles for the Fair Handling of Personal Information, February 1998, which include an anonymity principle. See <http://www.privacy.gov.au/news/p6_4_1.html> .
[50] R Wacks, note 17 supra at 107.
[51] Ibid at 100.
[52] Ibid at 98.
[53] B Phillips (Canadian Federal Privacy Commissioner) cited in E France, “Can Data Protection Survive in Cyberspace?” (1997) 8(2) Computers & Law 20 at 24.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/UNSWLawJl/1998/47.html