We have our view on the privacy implications of flash cookies
– as well as what pretty clearly constitutes misuse. So it’s
good to see this issue coming to the front and generating publicity.
From our view, Adobe’s (belated) effort to provide Flash cookie
controls can’t come soon enough. If the flash cookie stores user
preferences, with the user’s permission, then it’s a good addition.
But if it’s doing anything else — especially including behavioral
tracking — then it’s a real problem. We’ll let you know when we find
out more about Adobe’s timetable.
NIST Calls Data Privacy "Achilles' Heel" of the Smart Grid
Commerce Secretary Gary Locke today released the draft NIST Framework and Roadmap for Smart Grid Interoperability Standards. The draft highlights privacy as an issue that must be addressed as Smart Grid technologies continue to be implemented. Key points from the report include:
“The major benefit provided by the Smart Grid, i.e. the ability to get richer data to and from customer meters and other electric devices, is also its Achilles’ heel from a privacy viewpoint. Privacy advocates have raised serious concerns about the type and amount of billing and usage information flowing through the various entities of the Smart Grid…that could provide a detailed time-line of activities occurring inside the home.”
“There is a lack of consistent and comprehensive privacy policies, standards, and supporting procedures throughout the states, government agencies, utility companies, and supporting entities that will be involved with Smart Grid management and information collection and use which creates a very significant privacy risk that must be addressed.”
“Future research is necessary to keep up with the multitude of use cases of the various technologies and business processes created for the Smart Grid. Legal and regulatory frameworks can be further harmonized and updated as the Smart Grid becomes more pervasive.”
The Future of Privacy Forum is assembling a working group of companies, advocates, and academics who want to ensure that new data collected will empower users as it enables the technologies of the grid. It has been heartening to hear companies committing to consumer control during GridWeek presentations in Washington, but lessons from other areas of consumer data collection make it clear that communicating with consumers about data use is not easy. Now, before billions are spent to roll out new types of data collection, is the time to begin the needed research to understand the privacy expectations that consumers will have for the grid of the future.
Live Blogging From GridWeek
Round Two:
Updates today will be from our smart grid privacy fellow Matt Gruenberg:
Session on end user perspectives: do utilities truly understand their customers?
Ohio Consumers Counsel J.M. Ostrander only way demand response can work is if consumer understand it
Viktor Mayer-Schönberger on forgetting in a digital age http://bit.ly/NfALa Are grid folks thinking about data retention policies?
Val jensen of Con edison: debate among utilities and regulators as to who “owns” the customer
IBM Survey: Green is important but 90% of customers will not pay for it. (so here enter the data companies?)
Smartgrid Security: not everything requires same level of protection; It’s really CONTROL we need to protect. & DATA
Alabama Power: Will the consumer want all their electric usage analyzed?
Greenbox Technology: Home power usage details MUST be Opt-In.
Future of Privacy Forum: Great to hear everyone talking opt-in, but don’t think that talking to consumers about choices is easy. Research to learn how to engage users is critical, or consumers will be worrying about the grid version of cookies and web bugs.
GridWeek Day One
US CTO Aneesh Chopra at GridWeek says “democratize the data for smart grid apps”. FPF: OK, but these apps better behave, not like some socnet apps! You can also follow realtime at twitter.com/julespolonetsky
CNT Energy: Some ask: Why should power company send a bill telling you how you spend compared to peers. Credit card company doesn’t.
Austin Energy: Data has always belonged to customer. Feds need to play a role so AGs around the US don’t have different rules for obtaining user data
CNT Energy: With meter outside house, mos tpeole are already making power usage public
Tendril: Display power data to users in a way they understand, live power bars on cell fone.
Gridweek: Tom Casey of Current Group: McKinsey said 80 plus % of smart grid benefit gained on the grid side, not the consumer side. Major benefit to users has been reduced outages.
Tendril: Adrian Tuck Save money, save the planet, beat your neighbors. So use game theory to create competition between types of users. In his house, kids run around turning off power to beat the neighbors.
Tendril: But many users don’t care. So for them, make sure the smart devices are not disruptive.
Tendril: Zigby enabled GE fridge. Not disruptive. Looks like normal fridge, no space age screens. But usually makes ice at 3 a.m. because it gets a power price signal. Fridge talks to wash machine to be sure it doesn’t make ice when washing machine is running, avoiding peek usage.
Privacy and the Power Grid
Grid Week 2009 comes to Washington, DC this week and this year’s gathering features some of America’s top policymakers: Secretary of Energy Steven Chu, Secretary of Commerce Gary Locke and Aneesh Chopra, the Obama Administration’s CTO. In the coming years, these officials and their departments will make critical decisions about the future of smart grid technology.
We firmly believe in the potential benefits of enabling our electric power system to become “smart”. More efficient management of the power supply could bring down consumption, enable green technologies and help consumers save money. The many ways in which data about consumer demand will be used for smarter electricity provision have the potential to revolutionize the electricity industry and to benefit society. However, this very same information about consumers will create major concerns if consumer-focused principles of transparency and control are not treated as essential design principles from start to end of the standards development process. Principles of privacy by design must be part of the overall design for smart grid data flows.
We are pleased to announce that we have signed an agreement with the Gridwise Alliance (sponsors of Gridweek) to collaborate on projects involving data privacy and the smart grid.
We have also begun “construction” of *SmartGridPrivacy.org* (expired), a site that we hope will serve as a clearinghouse for information about the Smart Grid and privacy issues. And we are planning a conference that will be devoted to privacy issues related to the smart grid.
Contact Matthew Gruenberg, FPF smart grid policy fellow, at
[email protected] to get involved with any of our smart grid privacy efforts.
Future of Privacy Forum Advisory Board News
FPF is delighted to welcome several new members to our Advisory Board
Paul Ohm, associate professor at the University of Colorado Law School. Prof. Ohm is an expert in information privacy, computer crime law, intellectual property, and criminal procedure. To access his most recent paper, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization,” please click here.
Ryan Calo, residential fellow at the Center for Internet & Society at the Stanford Law School. Calo’s expertise is on the intersection of privacy and technology. A Dartmouth grad with a JD cum laude from the University of Michigan Law School, Ryan was a contributing editor to the Michigan Law Review. To read his most recent paper, “”People Can Be So Fake: A New Dimension to Privacy and Technology Scholarship,” please click here.
Allen Brandt, corporate counsel, data privacy and protection Graduate Management Admission Council (GMAC). Allan Brandt advises colleges on data retention and privacy.
Terry McQuay, president, Nymity. Nymity is a global privacy and data protection research firm whose products are used more than 1,000 privacy professionals.
And A Fond Farewell
Two esteemed members of FPF’s Advisory Board have recently departed for higher callings. This summer, Peter Swire joined the Obama Administration as Special Assistant to the President for Economic Policy at the National Economic Council. A professor at Ohio State’s law school and an internationally recognized privacy expert, Peter had acted as the “White House Counselor for Privacy” during the Clinton Administration. His counsel to FPF has been invaluable.
Daniel Weitzner is now the Associate Administrator for the Office of Policy Analysis & Development at the Commerce Department’s National Telecommunications and Information Administration. As Director of the Decentralized Information Group MIT Computer Science and Artificial Intelligence Laboratory and Technology & Society Policy Director at the World Wide Web Consortium,,Danny still found some time to help shape our thinking about privacy.
Both Peter and Daniel joined the FPF Advisory Board at our inception. Our nation is well-served by having these two luminaries join the Administration.
Jodie Bernstein, Lifetime Achiever
A richly deserved tip of the hat is due to FPF Advisory Board member Joan “Jodie” Bernstein. Citing her “brilliant legal skills,” American Lawyer last week bestowed upon her its prestigious “Lifetime Achiever” award. This award goes to a select group of attorneys who, in the opinion of the magazine, have transformed the practice of law through leadership in public service and private practice.
In our view, it’s a fitting tribute for someone whose six decades of legal service have made her one of the nation’s most respected voices for consumer rights and privacy.
FTC to Dig Deeper on Privacy Issues
Back in August, the new head of the Bureau of Consumer Protection at the Federal Trade Commission, David C. Vladeck, sent a strong message that the Commission continued to be troubled by the state of consumer privacy in the U.S. and the current enforcement model. At that time, Vladeck said, “The frameworks that we’ve been using historically for privacy are no longer sufficient.”
It is our understanding that the announcement yesterday by the FTC that it would be holding a series of “day-long public roundtable discussions to explore the privacy challenges posed by the vast array of 21st century technology and business practices that collect and use consumer data” is an outgrowth of those comments. The commission is apparently particularly interested in hearing about new ideas for privacy models. What would be a better model that the current focus on protecting against harm or deception? What could work better than privacy policies? How can the government or industry play a role is assuring the “dignity” of online citizens?
As many are probably aware, the first of these meetings will take place on December 7th in Washington. We look forward to the Commission’s additional exploration of these issues…
Flash Cookie Confession?
I was pretty stunned to read this piece posted on MediaPost today. It usually takes a subpoena to obtain documents with comments like this:
“When Tatto began to develop its core behavioral frameworks and algorithms, it believed Flash cookies would remain the best way to slow the ability of consumers to delete cookies from their computers. Flash cookies are no different than regular cookies in terms of user privacy, but on average remain on a person’s computer for more than three months.”
Huh? Mr. Miao, please talk to a privacy professional ASAP. And read our previous post advising companies against misuse of flash cookies!
Behavioral Economics
Michael Sanserino’s column on behavioral economics in yesterday’s Wall Street Journal is a timely reminder about the benefits and the risks of new kinds of personal data uses. Take the Sacramento Municipal Utility District which since April 2008, according to Sanserino, has sent monthly notices to 35,000 customers showing how their usage compares with their neighbors and with the area’s most-efficient customers:
“Customers who received the additional information cut their energy use by 2%, compared with a similar group of users who didn’t get comparison data.”
The behavioral economic theory which shows the powerful effect of information about others on influencing individual behavior is popular among many economists and in 2002, proponents Daniel Kahneman and Vernon Smith won the Nobel Prize for their work in this area. Encouraging people to conserve energy is clearly a societal good. But from a privacy perspective, the use of this type of data raises many questions. Will my usage be shared publicly? Will it be analyzed by marketers? Can it be used against me?
The same article cites a start-up company that has created a prescription drug container with lights that glow when it’s time for a pill, and a radio chip that transmits information about how often the medicine is taken. Again, great value in such data when used for the benefit of helping people manage their medications, and for the families or guardians of those helping support those in need of assistance.
But the new risks of potential misuse of this and similar technologies highlight the challenges and need for responsible practices raised as new data uses move from laboratories to living rooms.
In the Chinese language, the characters for “challenge” and “opportunity” are remarkably similar. As Sanserino’s article makes clear, business decisions are increasingly guided by principles involving shared information. That’s a great opportunity – but from a privacy perspective, it’s also a tremendous challenge.
Behavioral Advertising in Europe
Some news just in from our friend Kirsten Bock of the data protection agency of Schleswig-Holstein in Germany. Schleswig-Holstein manages the EuroPriSe privacy seal, a privacy certification backed by many European data authorities. This week, the EuroPriSe seal was awarded to nugg.ad, a behavioral advertising company active throughout Europe. For our readers who, like us, are deep in the weeds of online ad policy, the public report is important reading. Note that the company does not have users opt-in, but rather is strict about not logging IP addresses, strictly limits health and other sensitive targeting and expires cookies after 26 weeks. Some lessons for the U.S.? We have just conducted a detailed interview with nugg.ad’s CEO, so stay tuned for a more detailed discussion of how one of the leading European online ad companies is succeeding at both personalization and privacy.
From our lips to the Senate's ears…Cass Sunstein receives confirmation
On Wednesday, we wrote on our blog that Congress could help ensure that privacy issues are given the utmost priority by confirming Cass Sunstein as the new administrator for the Office of Information and Regulatory Affairs. OIRA is the office at OMB that helps oversee government agency privacy issues. As luck would have it, we learned late yesterday that the Senate has confirmed Sunstein’s nomination. FPF believes this is a very important move in the Administration’s goal of protecting American’s privacy interests. As Peter Orszag, the Director of OMB, said on his blog, “Cass is the type of data-driven, creative thinker that we need in public life.” FPF congratulates him on this new position and we look forward to working with him in the days ahead on emerging privacy issues.
