We contribute to the collection of our personal details every time we use a debit or credit card, a cell phone, when we go to the doctor, pay our utility bills and taxes, or go online (Stalder 2002). (For a comprehensive list of actions that leave a trail see Gandy 1996 p. 139).
In principle we give our details away with consent, but to what extent are we free to decide whether we give them away or not? Can we refuse to give away any of our data and still be part of the society we live in? For example, can we exercise our right to vote without providing our personal data?
In any case, once our personal details are recorded, they are analysed and stored in huge databases, and then correlated with more data of ours stored in other databases – and the picture gleaned from our actions get finer and fatter (Stalder 2002).
This essay tries to answer questions like, are we living in a “Big Brother” society? Where did it all begin? It’s easy to get paranoid, but we need to know for what purposes our data are collected, and what means are used for those purposes.
History of Surveillance
Mass surveillance, defined by Bennet (1996) and Clarke (1997) as the systematic investigation of the actions of large groups of people, appeared in western history in the 16th century. As the nation-state emerged, it began to have both the need and the means to gather and use information of its subjects (Giddens 1981). It was not long before western societies became more and more “policed” – state and commercial agents gained control over wide social areas (Marx 2002).
The 19th and 20th centuries saw the growth of bureaucracy within the ‘welfare state’. Surveillance stretched out to detailed personal information on a mass scale. Information technology played an important role in the development of surveillance, dramatically changing its nature (Gandy 1989).
Today, “personal information is necessary for the coordination of the capitalist system in all its spheres of activity: production distribution, consumption and governance” (idem, p.65).
Marx (2002), Lyon and Zureik (2002), and Dandeker (1990) maintain that surveillance is a central component for the functioning of the western modern capitalist state, although it is not the most important (Lyon and Zureik)
The surveillance of personal data has been recently named ‘dataveillance’. Dataveillance, as defined by Clarke (1998), is “the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons’ – or, in short, the massive electronic collection of personal data (Bennet 1996).
How is this done?
Our personal data are collected, digitalised, categorised and stored in carefully arranged electronic lists called databases (Poster, 1996). Graphically, a list is divided vertically into fields, for items like name, address, income or frequent websites visited, and horizontally into records or entries – typically, one for each person.
Supermarkets’ reward cards, for instance, help record and store customers’ purchases directly into a database. If a customer keeps handing the reward card every time s/he customs, in the course of time the retailer will have a rich portrait of that customer’s buying habits in its database (Poster idem).
Companies use this information mostly for marketing purposes, but they can also trade their databases to other companies. The company that buys a database can then link it with its own database, in a process known as data matching.
Data matching means that two databases are linked by one field and merged into one bigger database. This resulting database can be also matched with another database, and the process can go as far as creating a de facto national database (Bennet idem).
Some databases have the ability to combine with other databases built into their structure, (Poster, idem), but in principle any database can be linked with another one by just one field (EFF 2002).
In countries where national identity number systems operate (like Germany, France Spain or Portugal, where the ID card is used for every day transactions) such field is usually the national identity number. This number can link social security and tax records, credit card purchases and census among others.
As Bennet (1996) says, although “officials argue that data matching could not happen in Britain because the country has no extensively applied national identification number like the social insurance number in Canada or the tax file number in Australia (…), the British national insurance number, like its equivalents overseas, is not subject to any specific statutory restriction, and thus has crept incrementally into a variety of uses for which it was not originally intended.” (Bennet 1996, p.247)
One giant result of data matching is Claritas Corporation, which in 1991 claimed to be using “over 500 million individual consumer records from several leading databases (“Claritas Corporation – An Overview”. Advertising material. 1991 – Cited in Poster 1996) For a data processing program to be most useful it will allow the user to search for entries from any field – for example, ‘please tell how many (or show all) customers that didn’t buy any meat or animal products in the past five years’. In this instance the computerised database is functioning as “a search engine to retrieve identities” (Poster 1996, p.186)
Increasingly, it is not individual identities that surveillance is focused on, but on communities or groups categories of persons or behaviours (Gandy 1989; Clarke 1997 and Bennet 1996), which are then regarded “in terms of the economic, social and political characteristics” of their members. (Gandy 1989 p.62)
Some authors maintain that dataveillance is not always negative: it can be used to discover citizens who are entitled to benefit programs but have never applied, or to identify public mismanagement or corruption (Bennet 1996). It can also be used to deter crime, or at least to appear to do “something” about terrorism, as has been the case especially after the September 11th attacks (EFF 2002).
But sadly surveillance is also used for other, not so altruistic purposes. The following are but some:
Social control is one of them. Gandy, Stalder and Bennet agree in the importance that surveillance plays in social control: “Surveillance has always been a part of the technology of control” (Gandy 1989, p.60); “Access to large data-sets of personal information is a prerequisite for social control” (Stalder 2002, p.121); “Surveillance is a social control system” (Bennet 1996 p. 254); “Dataveillance is a manifestation of how technology may bolster bureaucracy’s capacity for social control” (idem, p. 238).
Extreme accounts of the role that electronic surveillance can play in social control can be found in Black’s book “IBM and the holocaust” and in Orwell’s futuristic tale “1984”. Nowadays, in western societies, the most common purpose of social control is to maintain order (Poster, 1996).
Gandy (1989) found that power or social control were not part of the common popular discourse of privacy. People generally accepted the gathering of information provided that it had a purpose.
However, the public ‘are’ concerned (Stalder 2002, Clarke 1997, Poster 1996, Bennet 1996). And, there are some good reasons for concern, too (Bennet 1996). One of the reasons for social concern is surveillance’s capacity to gather data in a routine, secret or barely visible, and involuntary manner (Marx 2002 and Gandy 1989).
This makes the phenomenon of information gathering and use highly non-accountable (idem).
Being the process so secretive, most citizens will never know how much of their personal details and history of transactions are in what computer, or in whose control. This makes it impossible for citizens to check the accuracy of the records kept on us (Poster 1996), which means that we have lost all control of what others know about us, be it correct or incorrect – a most basic privacy right, as advocated by Bennet (1992).
According to Stalder (2002) and Gandy (1996), surveillance also helps the application of discrimination. The most common aim of commercial organisations when keeping or buying records of customers is to find those who are most likely to purchase their products and advertise directly to them (normally via junk mail), but personal information can also be used to exclude individuals from life opportunities like jobs, insurance, housing or even education. Gandy (1989) sees criminal records with concern given their regular (although banned) use for purposes of employing.
Given the fact that ethnic minority youths are much more likely to get criminal records for minor offences linked to poverty, it is of little surprise that, as Lyon and Zureik (1996) point out, it is the poorer classes the most concerned about surveillance.
Surveillance can also be a means of exclusion from political participation. From the information that one or various databases provide, a government can easily know in which areas or communities a particular project will not gain sufficient support. Gandy (1989) suggests that the pursuit of cost efficiency will deter political actors from informing people about matters they are likely to oppose.
An immediate example of this is the lack of publicly available information about record held of citizens – with the direct consequence that this is not yet a prominent political issue (Poster 1989).
Davies (1996) warns that surveillance is jeopardising our individual dignity and rights. (Gandy 1989) states: “when we can no longer control what is revealed about our capacities and limits, we suffer a loss of autonomy, our dignity and our willingness to join with others in struggle” (p. 64).
Davies (1996) sees that the time where people took action for privacy has passed; Gandy (1989) maintains that resistance has been ignored, but he sees that people are less and less willing to provide information of themselves – in fact, resulting in lower rates of response to opinion surveys.
Stop responding to surveys we are not so sure about is what citizens can do. But what are our governments doing?
Personal data protection legislation began to be enacted in the 70s in western states (Bennet 1996).
Generally laws on treatment of databases are based on a set of “fair information principles”, one of which is the principle of relevance, meaning that information collected for one purpose should not be used or disclosed for another (Clarke 1997) – i.e. that databases should not be transferred between organisation, matched with other databases to create bigger ones.
Bennet (1996) gives various examples of national regulations on the subject and how the law is observed:
In the case of the UK, the government has ignored the problem of massive sharing of data – there is no specific legislation about the matching of databases.
In the USA, the 1988 Computer Matching and Privacy Protection Act (CMPPA) require an explicit written agreement between the source and matching agencies before any computer matching can take place. But the published matching agreements do not provide meaningful information, and they are rarely read by either the public or the responsible oversight committees of the Congress. (For a report on this see Regan, P. “data integrity Boards: institutional Innovation and Congressional Oversight”
Government Information Quarterly 10, no.4: 443-59.)
In Canada, the regulatory policy is ignored by the majority of federal agencies.
Dataveillance is a serious issue that needs attention, and to understand it, it is useful to look at the various matters related to it.
A worrying one is that in the countries home to the biggest corporations and governmental bureaucratic systems, data matching, and in consequence massive data surveillance, effectively goes unchallenged by the law.
Giant databases with our personal details are continuously built and updated as we go along our daily lives: records of our education and employment history, income, bank savings, financial transactions, tax returns, driving and other offences, health, housing, travel reservations, periodical subscriptions, social and political affiliations, etc. (Gandy 1996).
Records with this extensive information are kept of virtually every individual in society, without our full consent or knowledge.
These information, once gathered and processed is regarded by the holder as their private property, feeling free to use or sell it, while hose whose data are being held have no option to even correct inaccuracies about themselves.
Although this is not yet a prominent political issue, the public is becoming aware of this issue and are starting to think twice before giving away personal information.
It is important to stress that, as Clarke notes, that what the public concern is not about information technology being a mysterious evil, but about the ways that information technology is used by organisations (Clarke 1997) – namely, the way and purposes for which data are gathered and handled.
The functions and possibilities of information technology are available, as the references on this essay illustrate, in print and electronically on the Internet. To find out the true purposes of those using that technology is not so easy.
Bennet, C. J., 1992. Regulating Privacy. Ithaca, N.Y.: Cornell University Press (cited in Lyon, D. and Zureik, E (1996)).
Bennet, C. J., 1996. The public Surveillance of Personal Data: A Cross-National Analysis. In Lyon, D. and Zureik, E. (Ed.) Computers, surveillance, and privacy. Minneapolis: University of Minnesota Press, 1996: 237-259.
Claritas corporation, 1991 “Claritas Corporation – An Overview”. Advertising material. Cited in Poster (1996) p.186.
Clarke, R., 1997. Roger Clarke’s Home Page (as seen at http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html, on 25/03/2003)
Clarke, R., 1998. Roger Clarke’s pages (as seen at http://www.anu.edu.au/people/Roger.Clarke/DV/DVNZ03.html and
http://www.anu.edu.au/people/Roger.Clarke/DV/CACM88.html on 25/03/2003)
Davies, S.G., 1996. Surveying Surveillance: An Approach to Measuring the Extent of Surveillance. In Lyon, D. and Zureik, E. (Ed.) Computers, surveillance, and privacy.
Minneapolis: University of Minnesota Press, 1996: pp. 260-273.
Dandeker, C., 1990. Surveillance, power and modernity. Cambridge: polity. (Cited in Lyon, D. and Zureik, E(2002)
EFF 2002. Electronic Frontier Foundation Releases Reports. Press Release of 13June 2002 (as seen at http://www.eff.org/Privacy/20020613_eff_privacy_pr.html, on 25/03/2003)
Gandy, O.H., 1996. Coming to Terms with the Panoptic Sort. In Lyon, D. and Zureik, E. (Ed.) Computers, surveillance, and privacy. Minneapolis: University of Minnesota Press, 1996: pp. 132-155.
Gandy, O.H., 1989. Information Privacy and the Crisis of Control. In Raboy, P. and Bruck, P.A. (ed.) Communication For and Against Democracy. Montreal. Black Books, 1989: pp. 59-74.
Giddens, A., 1981. A contemporary Critique of Historical Materialism, vol. 1, Power, Property and the State. Berkeley: University of California Press (cited in Lyon, D. and Zureik, E.1996).
Lyon, D. and Zureik, E. 1996. Surveillance, Privacy and the New Technology. In Lyon, D. and Zureik, E. (Ed.) Computers, surveillance, and privacy. Minneapolis: University of Minnesota Press, 1996: 1-18.
Marx, G. T. 2002. What’s New About the “New Surveillance”? Surveillance & Society. (Issue 1 Vol.1): 9-29. (as seen at http://www.surveillance-and-society.org/, on 22/03/2003).
Poster, M. (1996) Databases as Discourse. In Lyon, D. and Zureik, E. (Ed.) Computers, surveillance, and privacy. Minneapolis: University of Minnesota Press, 1996: (175-192)
Stalder, F. 2002. Privacy is not the antidote to surveillance. Surveillance & Society. (Issue 1, Vol. 1): 120-124. (as seen at http://www.surveillance-and-society.org/, on 22/03/2003).