Smart meters touted for ability to help conserve, but critics are skeptical

Smart meters touted for ability to help conserve, but critics are skeptical

Argus Leader

Thom Gabrukiewicz

November 10, 2009

Empowering electric customers to save money through conservation is the government’s great hope for smart metering, but not everyone buys into the technology.

Some have concerns about just who would benefit financially, consumer or utilities.

Others are anxious about an intelligent grid that collects and stores billions of bits of data – like when you get home, take a vacation or even microwave a bag of popcorn.

Proponents say fears of price gouging and creation of a “Big Brother” state are unfounded.

Quotes from Jules Polonetsky:

“Clearly, there are huge benefits to society as a whole with a functional smart grid,” said Jules Polonetsky, co-chair and director of the Future of Privacy Forum, a think tank in Washington, D.C., that looks to promote responsible data practices. “But there is going to be huge amounts of data created. They may not realize it yet, but utility companies are about to become the leader in data collection and storage. And these companies need to figure out the rules now, before this avalanche of data comes. I think (Commerce Secretary Gary Locke) was correct when he said privacy concerns could be unintentional Achilles’ heel of the smart grid. Those decisions concerning data collection need to be thought out now because it’s hard to layer them on later.”

Figuring out ‘what to do with all this data’

On the same October day as Obama spoke about modernizing the grid, the Information Trust Institute at the University of Illinois announced its partners had been tapped by the U.S. Department of Energy and the U.S. Department of Homeland Security to pay for an $18.8 million, five-year study to secure it.

Their charge, reports Wired, is to make the modern grid resistant to hackers and all other attackers.

“Security issues are getting a lot of attention,” Polonetsky said. “Privacy issues are not the same thing. Utilities have to figure out what to do with all this data – should it sit around forever? Should it be destroyed in a timely manner? And somehow, they need to deliver their intentions clearly so that consumers are comfortable with it.”

Click here to read the full article.

IAPP Practical Privacy Series

Jules and Chris will be attending and speaking at the IAPP Practical Privacy Series on December 8 and 9 in Washington, DC. On Tuesday, December 8 IAPP will host a conference devoted exclusively to the Federal Trade Commission and privacy protection. On Wednesday, December 9 IAPP will host a workshop for government privacy professionals, with a special focus on the practical aspects of the latest e-Government initiatives.

Click here for more information or click on the Privacy Calendar.

The 2009 Conference on Cross Border Data Flows, Data Protection and Privacy

Jules will moderate a discussion on November 18th called the “Privacy and Social Networking Services” Panel, from 10:30 to 11:45 a.m., at the 2009 Conference on Cross Border Data Flows & Privacy, hosted by the Department of Commerce in conjunction with the European Commission.

Click here for more information on the conference or visit the Privacy Calendar.

New 'Smart' Electrical Meters Raise Privacy Issues

New ‘Smart’ Electrical Meters Raise Privacy Issues

Agence France Presse

By Daniel Silva

Friday, November 6, 2009

MADRID (AFP) – The new “smart meters” utilities are installing in homes around the world to reduce energy use raise fresh privacy issues because of the wealth of information about consumer habits they reveal, experts said Friday.

The devices send data on household energy consumption directly to utilities on a regular basis, allowing the firms to manage demand more efficiently and advise households when it is cheaper to turn on appliances.

But privacy experts gathered in Madrid for a three-day conference which wraps up Friday warned that the meters can also reveal intimate details about customers’ habits such as when they eat, what time they go to sleep or how much television they watch.

Christopher Wolf quoted:

“The collection and storage and retention of the data makes it vulnerable to security breaches as well as to government access,” Christopher Wolf, the co-chairman and founder of the Washington-based Future of Privacy Forum, told AFP.

“It is really an issue of how much information about us can be collected by a third party, how much do they really need, how long do they need to keep it, what should the rules be on retention and when should destruction of it occur.”

To view the entire article please click here.

Online Age Verification for Our Children

Today, Jules is in Madrid presenting at the 31st International Conference of Data Protection and Privacy Commissioners on online age verification. Protecting the privacy and safety of children and ensuring they do not access inappropriate content or environments continues to be a priority for parents. Service providers, educators, governments and others are working to ensure that children can obtain the benefits of technology while being shielded from the excesses. What are the current techniques being used to establish the age of Internet users and are they effective? What are the emerging techniques that may be available in the future? What are the adverse consequences or the new opportunities provided by new technologies? And how can we ensure that our efforts are relevant to the lives of this first generation of digital natives? The presentation and report provide an overview of the privacy issues of age verification.

Click below to view the presentation and report. Let us know if you have any thoughts.

Full Report: Age Verification for Our Children: A Report on Tools and Resources Available for Safeguarding the First Generation of Digital Natives

Presentation: Age Verification for Children: A Survey of Resources and Tools

How Privacy (Or Lack of It) Could Sabatoge the Grid

How Privacy (Or Lack of It) Could Sabatoge the Grid

SmartGridNews.com

By Jules Polonetsky and Christopher Wolf

In October, President Obama announced $3.4 billion in federal grants to help build our nation’s Smart Grid. The President said that the technology that will make up the Smart Grid will make the nation’s power transmission system more efficient, encourage renewable energy sources and give consumers better control over their electricity usage and costs.

The potential benefits are clear. Far less obvious to many is that the smart power grid is also a smart information grid, a system that Cisco’s CEO has predicted will be bigger than the Internet. But while Internet privacy issues are limited to the Web activities of users, the Smart Grid will involve the collection of information about what goes on at people’s homes. As Commerce Secretary Gary Locke stated this September, “The major benefit provided by the Smart Grid… is also its Achilles’ heel from a privacy viewpoint.”

To view the entire article click here.

Privacy and the Smart Grid: New Frontiers, New Challenges

Today, Jules is in Madrid presenting at “Privacy by Design: The Definitive Workshop” on privacy issues and the Smart Grid. While upgrading our power system by introducing two-way data flows could lead to a cleaner environment, reduced power costs, and more reliable utility service, there are data privacy issues that must be addressed if consumers are going to accept these new “smart” technologies. Pressing for early attention to Privacy by Design could ensure a future of smart power and smart privacy. The presentation provides an overview of the electricity grid, specific privacy concerns at each component of the grid, and Smart Grid construction underway across the world.

Click below to view the presentation. Let us know if you have any thoughts.

microsoft-powerpoint-smart-grid-privacy-madrid-powerpoint-jp-final1

Privacy's Zietgeist Moment

This second guest post from FPF Advisory Board member Professor Danielle Citron is cross-posted with Concurringopinions.com, one of the top legal blogs. Check out Concurringopinions.com for regular legal and policy from top privacy scholars, including among others FPF Advisory Board members Daniel Solove, Frank Pasquale and Danielle Citron.

Privacy’s Zietgeist Moment

By Danielle Citron

Privacy has seemingly come center stage. Companies like Google, Microsoft, and eBay have joined forces to support a federal law that would impose uniform standards for the collection, use, and transfer of information across the private sector. Activists and officials hope to update the Privacy Act of 1974 for the twenty-first century. Senator Leahy has a renewed interest in data breach legislation, proposing the Personal Data Privacy and Security Act in July. The American Recovery and Reinvestment Act of 2009, the stimulus bill, includes a data breach notification requirement for health providers. The Federal Trade Commission recently published its final rule on data breach notification for e-health records.

Strengthening the nation’s commitment to privacy is crucial. But, as Paul Schwartz’s engrossing Preemption and Privacy essay (Yale Law Journal) illuminates, a unitary federal information privacy statute should give us pause. Today’s information privacy law landscape is mainly comprised of federal sector-specific statutes and stronger state regulation. Schwartz makes a compelling case for remaining on that course, rather than adopting a uniform federal privacy statute. As Schwartz underscores, a uniform federal approach would likely preempt stronger state law rules, eliminating successful experimentation at the state level. California exemplifies this trend: its privacy innovations include allowing consumers to freeze their credit in the face of identity theft among others. New York and Connecticut are now considering bills that would set limits on companies that track consumers across websites to deliver targeted advertisements based on their online behavior. A uniform federal law would likely extinguish state-driven innovations whereas most federal sectoral privacy laws, such as the Gramm-Leach-Bliley Act, only provide a federal floor for information privacy and security, not a ceiling. Schwartz highlights the possibility that a comprehensive information privacy law may ossify, thus making the loss of state experimentation all the more grave. The piece also spearheads an important discussion about whether the centralizing forces at work today undermines the contributions of competitive federalism.

Schwartz’s piece is a must read. Here is the abstract for Preemption and Privacy:

A broad coalition, including companies formerly opposed to the enactment of

privacy statutes, has now formed behind the idea of a national information privacy law. Among the benefits that proponents attribute to such a law is that it would harmonize the U.S. regulatory approach with that of the European Union and possibly minimize international regulatory conflicts about privacy. This Essay argues, however, that it would be a mistake for the United States to enact a comprehensive or omnibus federal privacy law for the private sector that preempts sectoral privacy law. In a sectoral approach, a privacy statute regulates only a specific context of information use. An omnibus federal privacy law would be a dubious proposition because of its impact on experimentation in federal and state sectoral laws, and the consequences of ossification in the statute itself. In contrast to its skepticism about a federal omnibus statute, this Essay views federal sectoral laws as a promising regulatory instrument. The critical question is the optimal nature of a dual federal-state system for information privacy law, and this Essay analyzes three aspects of this topic. First, there are general circumstances under which federal sectoral consolidation of state law can bring benefits. Second, the choice between federal ceilings and floors is far from the only preemptive decision that regulators face. Finally, there are second-best solutions that become important should Congress choose to engage in broad sectoral preemption.

Ensuring that We Leave Children Behind

This guest post from FPF Advisory Board member Professor Danielle Citron is cross-posted with Concurringopinions.com, one of the top legal blogs. Check out Concurringopinions.com for regular legal and policy from top privacy scholars, including among others FPF Advisory Board members Daniel Solove, Frank Pasquale and Danielle Citron.

Ensuring that We Leave Children Behind

October 29, 2009 by Danielle Citron

Talk about children, their educations, and security abound. Politicians declare their devotion to children’s issues. Singers and actors assure us that “children are our future.” Books enlist villages to raise them. But when the rubber hits the road we routinely fail children in so many ways, including privacy. Today, Joel Reidenberg’s Center on Law and Information Policy released a report attesting to our utter inability to protect the privacy of children’s educational records. Reviewing publicly available information from all 50 states, the CLIP study found that states collect information far in excess of what law requires, including data about pregnancy, mental illness, family wealth, jail sentences, and Social Security numbers. Despite the sensitive nature of the information collected, state databases have weak privacy protections. The study found that oftentimes the flow of information from local schools to state departments of education failed to comply with the privacy requirements of the Family Educational Rights and Privacy Act.

This appalling state of affairs cannot stand. Such databases are ripe for identity thieves and hackers who will enjoy plundering the Social Security numbers. They can lead to discrimination based on inappropriately shared health information. The CLIP study has offered a number of wise recommendations, including the minimization of data collection, adoption of clear retention policies, and maintenance of audit logs. It also suggests the anonymization of data through the use of dual database architectures, which I wonder if Paul Ohm’s important work on the myth of anonymity would question. Otherwise, this study must be read and heeded.

Facebook announces new privacy principles for developers of apps.

Here are Facebook’s revised privacy principles for app developers.  They make some very good points,and many apps are going to have to do some work to comply – many apps dont even have a privac policy, something now required to be easily available.

Keeping on top of the million developers globally is going to be quite a task.  Everyone in the eco-system will need to help!

Principles

  1. Be trustworthy
    • Respect privacy
    • Don’t mislead or surprise users
    • Don’t spam – encourage authentic communications
  2. Create a great user experience
    • Build social and engaging applications
    • Give users choice and control
    • Help users share expressive and relevant content

Policies

  1. Presenting Your Policies
    1. You must provide a link to your privacy policy and any other applicable policies in the Info section of your application’s Profile page and on every page of your application.
  2. Features and Functionality
    1. You must not confuse, mislead, surprise, or defraud anyone.
    2. You must not violate any law or the rights of any individual or entity, and must not expose Facebook or Facebook users to harm or legal liability as determined by us in our sole discretion.
    3. You must not use a user’s session key to make an API call on behalf of another user.
    4. You must not include functionality that proxies, requests or collects Facebook usernames or passwords.
    5. You must not circumvent our intended limitations on core Facebook features. For example:
      1. You must not notify a user that someone has removed the user as a friend.
      2. You must not track visits to a user’s profile, or estimate the number of such visits, whether aggregated anonymously or identified individually.
    6. You must not significantly alter the purpose of your application such that users would view it as entirely unfamiliar or different.
    7. To change the name of your application, you must use one of the following formats for 30 days before completely switching to your new application name: “New name (formerly ‘old name’)” or “New name (renamed).” For example, “App 2 (formerly App 1)” or “App 2 (renamed).”
  3. Storing and Using Data You Receive From Us
    1. You must not store or cache any data you receive from us for more than 24 hours unless doing so is permitted by the offline exception, or that data is explicitly designated as Storable Data.
    2. You must not give data you receive from us to any third party, including ad networks.
    3. You must not use user data you receive from us or collect through running an ad, including information you derive from your targeting criteria, for any purpose off of Facebook, without user consent.
    4. Unless authorized by us, your ads must not display user data – such as users’ names or profile photos – whether that data was obtained from us or otherwise.
    5. You cannot convert user data you receive from us into Independent Data (e.g., by pre-filling user information with data obtained from the API and then asking the user to save the data).
    6. Before making use of user data that may be protected by intellectual property rights (e.g., photos, videos), you must obtain permission from those who provided that data to us.
    7. You must not give your secret key to another party, unless that party is an agent acting on your behalf as an operator of your application, but you must never give your secret key to an ad network. You are responsible for all activities that occur under your account identifiers.