Computer matching is a powerful data surveillance tool widely used by government agencies since its emergence in 1976. Computer matching involves the merger of data from multiple sources: data gathered for different purposes, subject to different definitions, and of variable quality. It is a mass dataveillance technique2 , for its purpose is to generate suspicions that errors, misdemeanors or fraud have occurred. For many years, computer matching activities were carried on in semi-secrecy. The purpose of this paper is to propose a framework within which effective regulation can be imposed on this dangerous technique. This article commences by providing background to computer matching's origins and nature. Its impacts are then discussed, in order to establish that there is a need for controls. Intrinsic controls are assessed, and found wanting. A set of features for a satisfactory external control regime is then presented. This article provides a basis for evalut Roger A. Clarke is the Reader in Information Systems in the Department of Commerce at the Australian National University. He has been involved in information privacy and data surveillance matters since 1972, holding the positions of Director of the Australian Computer Society's Community Affairs board, and Vice-Chairman of the Australian Privacy Foundation. The research underlying this paper was undertaken during a protracted period. The author's literature search and analysis are supplemented by considerable field work, undertaken primarily in the United States and Australia. 1. Roger A. Clarke, Computer Matching and Digital Identity, Address at Proc. Conf Computers, Freedom & Privacy, Ass. Comp. Machinery (San Francisco, March 1993). 2. Symposium, Surveillance, Dataveillance, and Human Freedom, 4 COL. HuM. RTs. L. REv. 1 (1972). 586 JOURNAL OF COMPUTER & INFORMATION LAW ating the protective measures which are in force in at least four jurisdictions, and guidance for legislators in others.
[1]
G. W. Greenleaf,et al.
Database Retrieval Technology and Subject Access Principles
,
1984,
Aust. Comput. J..
[2]
James A. Thom,et al.
Privacy Legislation and the Right of Access
,
1983,
Aust. Comput. J..
[3]
Roger Clarke,et al.
JUST ANOTHER PIECE OF PLASTIC FOR YOUR WALLET: THE ‘AUSTRALIA CARD’ SCHEME
,
1987
.
[4]
Nancy Reichman,et al.
Computer Matching: Toward Computerized Systems of Regulation
,
1987
.
[5]
J. Rule.
Private Lives and Public Surveillance; Social Control in the Computer Age
,
1974
.
[6]
Simon Davies.
Big brother: Australia's growing web of surveillance
,
1992
.
[7]
W. Dutton.
: Dossier Society: Value Choices in the Design of National Information Systems
,
1988
.
[8]
Gary T. Marx,et al.
Routinizing the Discovery of Secrets
,
1984
.
[9]
W. Madsen.
Handbook of personal data protection
,
1992
.
[10]
A. Westin.
Information technology in a democracy
,
1971
.
[11]
Richard P. Kusserow.
The government needs computer matching to root out waste and fraud
,
1984,
CACM.
[12]
Jon Alexander,et al.
Regulating Privacy: Data Protection and Public Policy in Europe and the United States Colin J. Bennett Ithaca: Cornell University Press, 1992, pp. xix, 263
,
1993,
Canadian Journal of Political Science/Revue canadienne de science politique.
[13]
Roger Clarke.
The resistible rise of the national personal data system
,
1992
.
[14]
James B. Rule,et al.
Documentary Identification and Mass Surveillance in the United States
,
1983
.