Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Framework for Surveillance Analysis'

The Regulation of Surveillance

Version of 16 February 2012

Roger Clarke **

© Xamax Consultancy Pty Ltd, 2007-12

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at


Surveillance technologies offer potentially substantial benefits, but harbour enormous threats. In such circumstances, a regulatory regime is clearly essential. A rational public process to develop a balanced regulatory regime needs a set of normative principles that can be used to assess proposals, and - where the regime is installed later than the schemes - that can be used as a means of evaluating what adjustments need to be made to existing schemes.

The organisations that sponsor and use surveillance schemes are in many cases very powerful, and seek exemption from, or failing that very special treatment within, regulatory regimes. A further set of principles is accordingly needed, in order to ensure that a rational public process even comes about.


1. Introduction

The first section presents a set of principles to be applied when a proposal to apply surveillance technologies is being evaluated, and more generally, when a regulatory regime is being devised.

The second section presents a set of principles to be applied when - due to parliamentary and public service apathy, or more likely due to resistance by powerful organisations that seek to use surveillance technologies unimpeded by laws - there is a need to mount a preliminary campaign to force users of surveillance technologies to be subjected to a regulatory regime.

2. Regulatory Principles

A normative set of principles is needed, as a basis for evaluating the adequacy of existing and proposed regulatory regimes.

A version of the following set of principles was published by the Australian Privacy Foundation in APF (2009), with the author of this paper acting as lead-author of the team.

Exhibit 1A: Regulatory Principles - Overview

  1. Justification
  2. Proportionality
  3. Openness
  4. Access Security
  5. Controlled Use
  6. Controlled Disclosure
  7. Controlled Publication
  8. Non-Retention and Rapid Destruction
  9. Review
  10. Withdrawal

Exhibit 1B: Regulatory Principles - Detail

1. Justification

Demonstrated benefits

2. Proportionality

Benefits demonstrated to be commensurate with the disbenefits and risks

3. Openness

Transparency of plans

Prior consultations with affected parties

Overtness of operation

Covertness only with authority, and authorisation requires more substantial justification

Any resulting data are personal data and available for subject access

4. Access Security

Access to resulting data tightly controlled

Controls audited

Breaches subject to sanctions, and addressed promptly and effectively

5. Controlled Use

Purposes clearly defined

Use for any other purpose precluded

Controls audited

Breaches subject to sanctions, and addressed promptly and effectively

6. Controlled Disclosure

Purposes clearly defined

Disclosure for any other purpose precluded

Controls audited

Breaches subject to sanctions, and addressed promptly and effectively

All provisions apply to all parties, including law enforcement and national security agencies

7. Controlled Publication

Publication must be justified

Publication must be the minimum necessary to achieve the aim

'Innocent bystanders' / incidental participants must be anonymous or anonymised

Controls audited

Breaches subject to sanctions, and addressed promptly and effectively

8. Non-Retention and Rapid Destruction

Retention only for the defined purposes, not 'just in case'

Controls audited

Breaches subject to sanctions, and addressed promptly and effectively

9. Review

Operations subjected to review, periodically and when warranted

Review reports published

Controls audited

Breaches subject to sanctions, and addressed promptly and effectively

10. Withdrawal

Operations that are no longer justified or proportional are cancelled

Controls audited

Breaches subject to sanctions, and addressed promptly and effectively

3. Counterveillance Principles

The preceding set of principles is presaged on the assumption that a rational process of public policy development will be adopted to the design and implementation of surveillance schemes.

Generally, however, the deployment of surveillance technologies has run far ahead of the law, and schemes have been implemented subject to laws that date from earlier and much simpler times. In such circumstances, regulatory regimes have to be retro-fitted, in an environment in which users of the technologies claim a fait accompli, and lobby fiercely against the application of new laws that constrain their activities.

Moreover, a great deal of surveillance is undertaken by law enforcement agencies and national security agencies. These agencies regard themselves as 'special cases' that should be freed from the responsibilities of transparency and accountability, and trusted to regulate themselves.

To reinforce this philosophy and practice, they take advantage of 'law and order' issues when they arise, such as knives discovered in cinema precincts, gang warfare, 'bikie gang' lawlessness and spates of 'drive-by shootings'. The national security extremist lobby has gained powers and avoided scrutiny, for a decade, following the terrorist attacks on New York and Washington, London, Madrid and Bali, despite the almost complete absence of evidence of either significantly increased terrorism activity in Australia or inadequacies in existing investigative powers.

For these reasons, a further set of principles is needed, as a means of forcing the application of public policy norms into the debate about the use of surveillance technologies.

A version of the following set of principles was published in Clarke (2007).

Exhibit 2A: Counterveillance Principles - Overview

  1. Independent Evaluation of Technology
  2. A Moratorium on Technology Deployments
  3. Open Information Flows
  4. Justification for Proposed Measures
  5. Consultation and Participation
  6. Evaluation
  7. Design Principles
    1. Balance
    2. Independent Controls
    3. Nymity and Multiple Identity
  8. Rollback

Exhibit 2B: Counterveillance Principles - Detail

(1) Independent Evaluation of Technology

Surveillance of the intensive kinds that are drastically altering our society are heavily dependent on technologies. The assertions of technologists and marketers must be viewed with scepticism, and subjected to testing. That testing must not be warped, and must not be conducted by participants in the field of play (such as the FBI, NSA, NIST, and, in Australia, the Defence Science & Technology Organisation - DSTO). Normal science and technology must be resumed. Rather than 'Government policy' driving and twisting outcomes, rational consideration of technologies and their applications is essential.

(2) A Moratorium on Technology Deployments

Some years ago, I called for a moratorium on biometric implementations in Australia (Clarke 2003). I did not do so idly. I argued that "[a] ban must be imposed on the application of biometrics technologies until and unless a comprehensive and legally enforced regulatory regime has been established". My rationale was not only that applications of biometrics had quite gross, negative impacts, but also that a moratorium might well be the only means of saving an industry that has promised much for years and delivered very little.

There are enormous impediments to the adoption of 'advanced technologies'. In the majority of cases, their dysfunctions are considerable, and the extent to which they achieve their primary objectives is in serious doubt. The identification and authentication schemes for the APEC meeting in Sydney were as much of a farce as the traffic control system that let The Chasers' convoy through beyond the point of embarrassment.

(3) Open Information Flows

The antidote to inappropriate deployments of inadequate technologies is openness. The public needs facts about the context in which surveillance schemes are to be deployed. They need a statement of the scheme's objectives. They need to know sufficient about the design features that they can apply reasonable tests to the scheme's feasibility, and assess its effectiveness under varying circumstances. They need the opportunity to apply systemic reasoning, in order to evaluate whether the design features can give rise to the claimed benefits.

(4) Justification for Proposed Measures

No measure should not be implemented unless its negative impacts are demonstrated to be outweighed by its benefits. It seems extraordinary that a case has to be mounted in support of such a straightforward contention. Yet national security and law enforcement agencies (NS&LEAs) have been permitted to make untested assertions about both threats to public safety and the benefits of surveillance measures in addressing those threats. The sacred cow of blind trust in NS&LEAs has to be put to death. Those organisations must be required to present their arguments, and defend them in public.

(5) Consultation and Participation

A further critical aspect of an open society is the ability of the public to participate in the debate. This enables testing of the information and arguments. But it also brings the many perspectives of a complex society to bear on the information and the declared objectives.

(6) Evaluation

Another form of normal service that needs to be resumed is the application of established techniques to the available information, in order to provide a basis for comparison among financial costs and benefits, on the one hand, qualitative factors on the second, and risks (and especially remote ones) on the third.

The technique of Privacy Impact Assessment (PIA) has been making headway during the last few years, and has attracted support now from such inherently conservative institutions as the Senate, the Privacy Commissioner, and in September 2007 the Australian Law Reform Commission (ALRC). An even broader notion of social impact assessment is crucial to the survival of an open society.

(7) Design Principles

One of the key features of the vignettes was the existence of positive instances of surveillance, both for individuals and society. Surveillance is not itself evil. The problem has been the presumptiveness of its proponents, the lack of rational evaluation, and the exaggerations and excesses that have been permitted.

Proponents of surveillance have Design Principles that guide the creation of their systems. An alternative or complementary set of Design Principles is required, which guides the conception of schemes that do not threaten free society from within. Key examples includes the following:

Nymity encompasses both anonymity and pseudonymity, and is addressed in depth in Clarke (1999a). Geniune anonymity precludes the link being discovered between an identity and the entity or entities using it. It carries with it the risk of non-accountability. With pseudonymity, the link can be made, but its effectiveness depends on legal, organisational and technical protections, to ensure that the link is not made unless pre-conditions are fulfilled.

(8) Rollback

Restoring sanity to the processes whereby schemes are evaluated and designed is crucial, but far from sufficient. The depredations of the last 5 years are so great that rollback of the great majority of anti-freedom provisions enacted by Parliaments is necessary. The valuable Parliamentary Library catalogue of the actions of the federal parliament is frightening for its sheer length, even without consideration of its depth.

This is not to suggest that every provision of every amendment act must be overturned. National security and law enforcement agencies were, as they claimed, confronted by a variety of barriers that were accidental and inappropriate and needed to be overcome. On the other hand, inadequately brisk processes for the issue of warrants are not properly solved by creating extra-judicial warrants, but rather by a faster, online judiciary. And although telephonic interception warrants based on old, fixed-line numbering are inappropriate in the modern era of mobile phones, the balanced solution is person-based interception warrants, not the removal of controls.


APF (2009) 'APF Policy Statement re Visual Surveillance, incl. CCTV' Australian Privacy Foundation, original version of September 2009, at

Clarke R. (2007) 'What 'Überveillance' Is, and What To Do About It' Proc. 2nd RNSA Workshop on the Social Implications of National Security - From Dataveillance to Überveillance, October 2007, University of Wollongong. Revised version published in IEEE Technology and Society 29, 2 (Summer 2010) 17-25, PrePrint at

Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Research School of Computer Science at the Australian National University.

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 5 August 2007 - Last Amended: 16 February 2012 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy