Austrac / CLEB Study

Roger Clarke Roger.Clarke@anu.edu.au
Fri, 4 Oct 1996 08:41:01 +1000


This of for those ICA and link members who may be interested in the Clth
Law Enforcement Board's Task Force on the law enforcement impact of
electronic payments mechanisms.
__________________________________________________________________________

I was asked to comment on one particular paper on social concerns.  I know
one or two other people were as well.

I'd previously indicated that I was not prepared to participate in the
exercise unless it was on a proper consultancy basis, because this is
current expertise that a small number of specialists earn a living from.
Their reply was that they had no money for consultants (so unless they
somehow convince one or more of the few people who have specialist
expertise to work for nix, the quality of the report will have to be
suspect).

Here are a few reactions I provided them with:

NOTE:	These comments are provided gratis, and represent a mere skerrick
in comparison with the effort and expertise that this company would bring
to bear in the event that the Task Force were conducting the matter on a
proper professional basis.

-  The composition and the Terms of Reference of the Working Group and the
Task Force are highly specific.  No claim can be made that the CLEB's
deliberations are anything other than a law enforcement community
perspective, informed by a modest amount of consultation with some
representatives of other interests.

-  Serious limitations are placed on commentators, because of the absence
of information from the other Working Groups and the Task Force.

-  The document has failed to assimilate the information in the ACFF's
Report, and in particular in Appendix 3.  [That's the Aust. Commission for
the Future's Report on Social Impacts of Smart Cards.  Appendix 3 is on
Privacy, and was written by me].

-  Despite my making the reference available to AUSTRAC at the very
commencement of the Task Force's activities, the document has failed to
assimilate the information in my 'data surveillance and information
privacy' web-pages, generally at:
http://www.anu.edu.au/people/Roger.Clarke/DV/
and on specific pages pointed to from that page, such as:
http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html
http://www.anu.edu.au/people/Roger.Clarke/DV/Trails.html
	http://www.anu.edu.au/people/Roger.Clarke/DV/PaperProfiling.html
http://www.anu.edu.au/people/Roger.Clarke/DV/AbstractMatchIntro.html

-  The claim at the top of page 3 ("law enforcement agencies have a legal
responsibility to protect the privacy of individuals") is incorrect,
because the Privacy Act contains very broad exemptions in respect of both
individual agencies and use and disclosure protections in the case of law
enforcement.  A very positive outcome of this Task Force would be a
recommendation that all of these exemptions be removed, and replaced by
appropriate forms of control mechanisms, in order to provide a fair balance
between the law enforcement and the privacy interests.

-  The 'Joint Privacy Committee' mentioned on page 3 is completely new to
me, and I suspect would be to many other people practising in the area.  It
would be valuable for its constitution, terms of reference and activities
to be made much more public.

-  My impression is that the Working Group is overlooking the fact that a
vast proportion of Stored-Value Card transactions will be replacing
transactions that are currently anonymous.

-  The encryption discussion is far too superficial to support the Task
Force's deliberations.  See, for example:
http://www.anu.edu.au/people/Roger.Clarke/II/CryptoSecy.html
	http://www.anu.edu.au/people/Roger.Clarke/II/CryptoConf.html

-  The paper appears to have entirely overlooked pseudonymity as a means of
addressing the needs of both law enforcement and privacy.  See, for example:
http://www.anu.edu.au/people/Roger.Clarke/DV/PaperCFP95
This is one of many areas in which my company would be able to make
substantial contributions to the Task Force's objectives, if the matter
were being conducted in an appropriate manner.

-  The Bibliography is missing many fundamental references, such as Hughes
(1991) and Tucker (1992).


Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel:  +61  6  288 6916                       Fax:   +61  6  288 1472

Visiting Fellow, Faculty of          Email:  Roger.Clarke@anu.edu.au
    Engineering and Information Technology
Information Sciences Building Room 211       Tel:   +61  6  249 3666
The Australian National University
Canberra   ACT   0200   AUSTRALIA            Fax:   +61  6  249 0010