I just heard a segment of Living on Earth in which Kevin Doran described the privacy concerns raised by smart meters that read the energy signatures of your appliances and report back to the grid. For example, an insurance company might see that you routinely come home and turn on lights at 2AM when the bars close.
Fair enough. But these kinds of stories always seem to end like this:
And as policy makers figure out how to approach this entire new terrain, they need to be cognizant of the fact that there are serious privacy concerns out there, and much of the legislation and statutes that deal with privacy have no idea what to do when it comes to the smart grid because this is so new.
Yes, the smart meter will introduce a new capability, and yes, it will raise issues. But that doesn’t mean that we have to start from scratch every time with “no idea what do to” about those issues. There are core principles; they don’t change; we can use them to navigate the terrain of the new.
There’s no mystery about how this should work. My smart meter will relay data that I own to a service in the cloud that I control. I’ll tell my service who can access my data, and on what terms. We don’t need new rules for every new scenario. We just need one basic rule about data ownership. And then, of course, a data services ecosystem in which we can apply the rule. That’s the goal, and this kind of reporting isn’t helping us get there.
I wish mainstream media’s tech coverage would stop being dazzled by shiny new things and start helping our society learn to think like the web.
It’s always the simple things that will never happen. Do you really think there will come a time when you own your data? Do you really think there will come a time when there is one data interchange standard that allows your vision to come to fruition? The reality is that it will never happen and the reporting is a more accurate reflection of reality than your hope of applying core principles.
Do you really think there will come a time when you own your data?
Not completely, of course not. But we can certainly own and operate personal data stores in the cloud, route stuff to them, and prefer to do business on those terms.
Do you really think there will come a time when there is one data interchange standard that allows your vision to come to fruition?
Nope, nor is one data interchange standard a requirement. What is a required, as enumerated in the 7 principles, is data that is structured in some regular way. There isn’t one standard for blog feeds, more like a half dozen, but that hasn’t been a showstopper.
The reporting is a more accurate reflection of reality than your hope of applying core principles.
Perhaps. However, I notice we are no longer a society that owns slaves, prohibits women from voting, etc. Things do change, and generally in the right direction.
Of course, someone could watch my house now and see when I turn on my lights. Better yet, they could see me stumble in when the bars close at 2 am. The issue isn’t that private information is being made public, it’s that the cost of gathering and aggregating public information is being drastically reduced.
Without smart meters, it might cost someone hundreds or thousands of dollars to hire a private detective discover my drinking habits. My estranged spouse might be willing to spend that money in a custody case, but my life insurer wouldn’t find it to be cost-effective. With new sources of low-cost data like that from smart readers, the calculation might be different.
The issue isn’t that private information is being made public
Often not for the reasons you state. But in this case I think it is. That meter’s output goes somewhere private. As things stand currently, we assume it goes to the power company, and then maybe if we’re lucky we can get it back. We need to create the option to flip that model on its head: it goes to /my/ private store first, where I am always guaranteed to have access to it, and thence to the power company and wherever else. Of course I have no technical means of preventing downstream misuse once I authorize access, only a possible legal recourse. But creating new expectations — that it’s my stuff, that I always can get to it, and that I explicitly delegate access to others — would be huge.
Jon,
I agree completely. I phrased my response incorrectly–the information about my bar hopping has always been public, but the detailed data about my electricity use is new.
Ah. Yep, that’s true — and in all areas of life. I could always be seen going to the liquor store, but the data was recorded only in the brains of whoever saw me. Now it’s recorded by cameras, stored in databases, etc. We inevitably shed trails of data as we move through life, and can never hope to control all or even most of it. But data that we produce, for our own purposes, in our own physical and virtual spaces, can still be ours in some meaningful and useful sense.
Echoing a useful comment from ycombinator (http://news.ycombinator.com/item?id=2267891)
It’s looking likely that the EU will issue some sort of regulation on power-meter data, though I agree the likelihood of that happening in the US is fairly low. Here’s an interim report by one of the EU’s working groups: http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/expert_group2.pdf
The main things that seem likely are: 1) consumers will be guaranteed some sort of free access to their own usage data, partly in hopes that increased information about one’s power usage will encourage people to use less; 2) there will be some sort of restriction on how personally identifiable, non-aggregate data can be used, e.g. the power company won’t be allowed to infer things about your lifestyle based on power usage patterns, and then sell that data to advertisers.
What would help is if the US adopted Data Protection laws similar to the EU. That would help from the privacy point of view. However the ownership question is still up in the air.
John, your post provokes several responses:
Why do we assume smart meter data won’t be anonymous? Surely our data is more valuable aggregated with other data that by itself. This is equivalent to the notion that Google knows just about everything about us, but doesn’t care who we actually are.
We’ve known for years how to implement user-controlled private data stores. Since the early days of Shibboleth and esp. with SAML, system architects have understood the role of attribute authorities: services that source user-controlled data for various purposes. The problem lies with creating usable “dashboards” for controlling the use of data that users will understand. If Joe User can’t handle her Facebook privacy settings, how can she handle the more indirect implications of releasing their consumption metadata?
Hosting and managing our personal data needs to be as easy as blogging. This is a big of a tangent…As we users become more referentially literate — I believe that’s your concept — we will demand that commodity platforms deliver “data blog” capabilities. You’ve used the example of calendar feeds in your talks, but what’s needed is more than that; users will need to publish and manage individual endpoints as easily as we blog or publish Google Docs.
Hosting and managing our personal data needs to be as easy as blogging
Yes, exactly.
In some cases, ironically, it already is, but nobody knows it. When you publish a Google or Hotmail calendar, for example, you’re creating a hosted data service. But in almost all cases you don’t know that you are, or what that enables.
But it won’t be that long before we see examples of people who do get it!
For example, most linked data publication workflows today start with “rectangular data” — CSVs — that are self generated or dump online by e.g. government data transparency initiatives. But each of us has the ability to go to Google Docs, publish and share a spreadsheet. It won’t be long, especially following Google’s recent acquisition of Freebase, until it will be trivially easy for individual users to contribute to the linked data cloud.
Of course, for this to work users must use linked entities in the construction of their datasets. This is where Google Refine comes in, looking over “messy” assertions ans suggesting canonical concepts, thus helping with linking. But this requires a level of data comprehension and referential literacy that we’re a ways away from today…
“I wish mainstream media’s tech coverage would stop being dazzled by shiny new things and start helping our society learn to think like the web.”
The problem here is the mainstream media knows the fastest way to commit harakiri is to start discussing things like “core principles.”
Jon, you may be interested to know that posting data in Semantic Web- and Linked Data -formats just became a bit easier. The people at DropPages have just officially included RDF, TTL and CSV in their list of accepted formats.
This means that in addition to enabling people to publish web documents using the “drag-to-DropBox” model, DropPages enables individuals now also publish their data this way!
Disclaimer: I have no connection to DropPages or DropBox, but was a small part of a Twitter campaign to encourage them to open their model to the linked data-friendly formats.