Exaggeration, fears, gradual acceptance, trust and deal-making were identified as among the dynamics of a relationship between sacrifice of privacy and gaining technologically-assisted benefits, at an energetic panel session at last week's biometrics conference in Wellington.
Discussion ranged beyond biometrics to citizens' confidence in "joined-up government" and the shock of finding an Indian helpdesk apparently in possession of personal information entrusted to a US company's Australian branch.
A rational person might find it very difficult to be opposed to the alleged privacy invasion of a biometric "when we've already accepted that we're safer with CCTV cameras in our streets," says privacy lawyer John Edwards. On the other hand, a significant number of citizens had raised objections to their driver's licence photographs being digitised.
"At the heart of it is the deal," says Australian code of practice coordinator Terry Aulich. It's a matter of the privacy citizens are prepared to give up, including their perception of the possibility of subsequent abuse, in return for increased convenience in the transaction or some other kind of "reward".
"Some people are more knowledgeable about the 'deal' they're making than others will be," he said.
In an earlier era, "joined-up government", where one government agency exchanges a citizen's personal information with another, "was seen as a bogeyman. Now [many citizens] see it as a sensible way of easing their burden of compliance with the law."
In practice, "Big Brother" activity is more likely to come from private industry than government, says Aulich; public trust in government to do the right thing is still high, "though it's dropped back a bit recently." Government and the media are two of the few groups exempted from the provisions of Australia's Privacy Act, he notes.
One delegate raised the question of export of personal information overseas. American Express has to abide by financial regulations that say it is not allowed to export Australian customers' data outside Australia; yet a customer asking for help recently had his call answered by an Indian outsourcing company. Biometrics Institute director Terry Hartmann suggests the helpdesk operator could well have been working over a link with an Amex database on Australian soil, so technically no breach would have occurred.
It is possible for a customer to contract out of such regulations by ticking a box on the application form, says a spokeswoman for the Australian Privacy Commissioner's office. The office is currently considering such issues of "what we call 'bundled consent', where a privacy right is surrendered as the only way of gaining some benefit [like 24-hour helpdesk service]."
The bundled consent issue was raised last month by Paul Ducklin of security company Sophos, in connection with users signing licensing agreements for programs knowing they contained adware or spyware.