What will an Australian Bill of Rights do for you?  
Stephen Alexander

Public debates about loss of privacy are back in the news. Not simply because some public intellectuals want a Bill of Rights, but because governments everywhere are not sure what to do with a global technology that can now capture your entire identity. Government adviser, Stephen Alexander explores the dangers. 

Have you noticed the sudden interest in an Australian Bill of Rights? Politicians, human rights activists and the legal profession have started debating how to protect our civil and humanitarian rights in the 21st century.

But why all the fuss now, and what is motivating politicians in particular to suddenly want to protect us? Just as important, what do they want to protect us from?

According to Sir Ken Macdonald QC, the outgoing Director of Public Prosecutions in the UK, there are two interconnected drivers. First, governments are introducing sweeping laws that could give the state “enormous powers” to access knowledge and information about ordinary people’s lives, and second, all Western governments are adopting new technologies that can join up the information they already have about any given person.

The combined software available today provides the potential right now to interpret and combine all the information that’s held by different government and semi-government instrumentalities under the one data “roof”.

For example here in Australia, databases are linked between Centrelink, the ATO, births, deaths and marriages, and border control, providing Centrelink with profiles and changes of circumstances of recipients and their dependants. The system can then automatically adjust payments accordingly.

So, over time identity (ID) systems are ‘making sense’ of what was previously unconnected and therefore, unrelated information. There is now an increasing capacity to interpret all this combined knowledge in real time. So it then becomes possible to predict the likely behavior of people, groups or even bogus identities with a high level of certainty.

Now, I am not suggesting we are entering the netherworld of Orwell’s 1984, because up until now the legitimate use of this power has been primarily targeted at tracking or predicting criminal or terrorist activity – activities most of us have concurred with, if a little uneasily at times.

But what is now concerning the human rights intelligentsia is the fine line between protection from criminality and terrorism and outright invasion of privacy and personal liberty. Many commentators from the software industry and advocates of human rights are warning that the legislators and politicians do not understand what is possible today, let alone in five years time.

Sir Ken Macdonald warned, “We need to understand that it is in the nature of state power that decisions taken in the next few months and years about how the state may use these powers, and to what extent, are likely to be irreversible. They will be with us forever. And they will, in turn, be built upon.”

Sir Ken Macdonald’s advice was that, “We should take very great care to imagine the world we are creating before we build it. We might end up living with something we can’t bear.”

Much of the justification for using identity technology to erode personal privacy centres around national security and, as I say, most of us have gone along with that development in the aftermath of 9/11.

However, on another level there is a strong motivation to join up the many government computer systems with their personal records in order to manage and deliver services more efficiently. Governments at local, state or federal levels simply cannot afford to go on managing services in ‘silos’. Just like the banking industry years ago, governments are having to modernize their systems around industry models.

We’re already moving in that direction with state and federal governments striding the information and e-transaction pathway, spending massively on major capital projects like e-health records, smart cards for drivers licenses or public travel payments. As well, many of us now use online whole-of-government service delivery where we can pay our bills and manage our own accounts.

The technology to join up all these information dots has existed and been used for years, but imagine extending the Centrelink model to include access to bank and credit card accounts, mobile phone networks with GPS data of where each person is, online voting and medical records, to name but a few.

This correlated data would then predict your patterns of social, financial and political activity, as well as that of your network of mates.

It may sound like a Big Brother scenario, but the point that Sir Ken Macdonald makes is that once the computer systems are linked for legitimate or fear-oriented reasons then it’s not a big step to analyse that combined data for other more socially intrusive purposes. As a result, Pandora’s box of civil and human rights is thrown open.

So what is government doing to protect us all from itself and from other private interests, such as religious groups and some corporations which are designing databases to enfold us all? Well, the first line of defence, we are assured, is a raft of state and federal government privacy legislation. Queensland will have its own draft early in 2009 (hopefully without the mooted proviso that citizens and government employees lose all their privacy rights if they became a whistle blower).

One element of protection is to take your identity out of the data – ‘de-identifying’ you from your records. Theoretically then, whoever holds that data doesn’t need your consent to pass it on. For example, information from the patient management software in many GP practices has been sold to the USA without the consent of the patient on the basis that it was ‘de-identified’ and therefore  required no consent from you.

In Australia the GP notes actually belong to the GP and not you, which adds a layer of complexity to any attempt by a patient to control access to medical records.

Technologists say the new identity software can reconstruct “de-identified” information about us which smashes the core notion of protection that underpins privacy law. So, the obvious challenge for an Australian Bill of Rights is how to protect our privacy against the increasing sophistication of ID technology.

More broadly how will a Bill of Rights guarantee the same personal protection from the Crown, government or corporations as the British achieved with the Magna Carta in 1215 and then its Bill of Rights in 1689?

How do we accomplish this in a digital age where, for example, the right to own the knowledge of yourself such as your DNA or what you choose to do or say, could be taken away, and, as the argument goes, leave us with the same status of a medieval surf.

Stephen Alexander advises state and federal governments at department head and ministerial level on the ramifications of ID management, and how to keep public and private institutions more accountable.