Maybe this is all very old news to you, but I’ve been reading a bit about smart meters and smart grids. I don’t know how far down the line they are in Israel, but the EU hopes to see smart meters installed in 80% of homes by 2020.
The smart thing about smart electricity meters (though they could be gas or water meters too) is that they talk to the electricity company about your electricity usage. This means that the electricity company knows exactly how much electricity you use when. In turn, this means that it can have peak and off-peak rates for electricity and charge you accordingly. The benefit of this is that it is expected to encourage people to use electricity more sparingly.
The somewhat surprising privacy implication is that the level of knowledge smart meters can gather is so precise that they can know which devices you are using in your house. Do you cook your food with a microwave oven? How long is your TV on every day? Do you have a big fluorescent light that is growing your home grown weed?
Marketers would love this information. So would the government. And so would insurance companies. The thing is, it could also be very useful for each of us to know more about our energy consumption too.
This would seem to be a field in which privacy awareness is high. The Electronic Frontier Foundation has written a clear explanation of the privacy threats that might be realised through a smart grid, as have The Future of Privacy Forum and the Canadian Information and Privacy Commissioner.
This example is a nice reminder of how technologies can serve other purposes from those for which they were created.
It does say in the name of this blog that I am a sociologist. I think that in some of the posts I write more like a privacy advocate, but this time I’ll try to avoid that. Every day I get a few links from Google alerts – I have an alert set up for “the future of privacy”. Just now I found myself reading some kind of business blog. It included the following paragraph:
Privacy is one of today’s “hot button” issues as technological advances have enabled increased access to, accumulation and manipulation of data on an unprecedented scale. Further, there is a growing societal need to share almost everything; Geolocation services like Foursquare and sites like Blippy and Twitter being but a few examples. There also seems to be a generational divide where, as a rule, those under 30 share anything about themselves without thinking twice about it.
This paragraph concisely expresses what would appear to be the dominant views on privacy today. So let’s do some sociology and unpack these views a little bit.
We can’t argue much with the first sentence. That much is undoubtedly true.
However, I cannot accept that there is a “growing social need to share almost everything”. People share information because they “need” to? No, that will not do as an explanation. I’m not going to pretend to know why people share the information they do, but it is not because they “need” to. It might be because they enjoy getting attention, because they find it helps them form and strengthen relationships with people, because of peer pressure, because they think it’s fun, or for a number of other reasons. I don’t know. But I do know that it’s not because they “need” to. If there’s a social need to use Blippy, for instance, then why isn’t the author of the blog I’m discussing using it? Why isn’t everybody using it? (Hint: because lots of people think that their credit card information is none of anyone else’s business.)
The next sentence refers to the “generational divide” between the under-30s and over-30s, whereby the under-30s indiscriminately share any and all information about themselves. This is a very popular conception, but increasingly research is showing it to be misplaced. For instance, a fascinating article in the New York Times discusses the increasing discretion among younger internet users. Meanwhile, a review of teens’ use of the internet suggests that younger people view privacy in a different way from older people, but that this does not imply a thoroughgoing laissez faire attitude to it. For instance, kids certainly want privacy from their parents. Perhaps paradoxically, it is the kids who use the internet most who are most aware of what they can do to protect their privacy. In any case, lack of knowledge should not be read as a lack of concern.
The idea that the under-30s tell all about themselves is a popular notion, but one that doesn’t really stand up to scrutiny. I expect more and more academic studies to show this in the near future.
I’m doing some research into privacy and technology. I’ve probably mentioned that already. Yesterday, as part of my research, I interviewed an man who has been involved in the internet in Israel since 1994. We had a very interesting chat over a lovely cup of coffee in a very beautiful corner of Tel Aviv (Cafe Ben Ami, if you were wondering).
Our conversation was very interesting, but then it occurred to me that we hadn’t really explicitly defined which aspects of privacy we were talking about. We were mostly talking about how people put more and more stuff online, more and more of which is publicly accessible by other people. In other words, we were talking about privacy in terms of the stuff other people know about you.
This is no doubt interesting, but I’m not sure it’s the main point at all. I think that of more interest is what machines know about you, and how this enables them to target you with certain adverts. For instance, Google’s search logs have been called a “database of intentions”. Put very simply, your past behavior (and your searches are in some ways a proxy for your behavior) might predict your future behavior. If, every Friday, you search for a nice place to go out for dinner that night, how complicated would it be to give you an advert on Friday morning for a restaurant?
This is why Elliot Schrage, vice president for public policy at Facebook, gets it completely wrong in his really quite awkward questions and answers piece in the New York Times. As far as he is concerned, there’s no problem with Facebook sharing your data with other companies because they never share your name or other personally identifiable information. (The issue of de-anonymization is one for another post, so I’ll just put that aside for now.) The point, of course, isn’t that they have my name. The concern isn’t what other people know about me (or at least, that’s not the only concern). The concern is about how knowledge of my past behavior and interests might enable a commercial entity to have too much influence over my future behavior and consumption decisions.
A lot of the talk about privacy nowadays revolves around the ways that the bodies with whom we entrust so much information about our lives might misuse that information.
However, there is another aspect that is to do with the increasing complexity of the tools we use to manage our day to day lives. Sometimes, these tools get so complex that no one really understands exactly how the entire system works. They are so complex that changes to one part of the system are liable to have completely unintended consequences for other parts of the system. And the point is that the system is so big and complex that these consequences cannot all be checked in advance.
Facebook has become such a system. We know this because sometimes it does things that the people in charge of it are completely unaware of. For instance, for a while yesterday there was a security flaw in Facebook that could
expose personal information by enabling your Facebook friends to see both your live chats, as well as your pending friend requests.
Facebook was quick to resolve the flaw, but the point is that it was there, and it had been discovered by people from outside Facebook.
What does this mean? Well, it reminds us of another way in which personal information about ourselves that we entrust to a commercial entity might be accessible by strangers. This is not because of malintent on the part of Facebook, and I’m not even sure I’d say it was because of their negligence, but rather it is a consequence of the complexity of the systems in which we spend so much of our lives.
When you surf the internet, you are, by and large, anonymous. I don’t mean that your online activities can’t be tracked back to you via your IP number and your ISP, but that the site you are visiting doesn’t know who you are. You can log in to the site, and by doing so you are telling the site who you are. But the default is that you are anonymous.
The significance of the recent changes in Facebook that I discussed in the previous post is that they herald the end of anonymity as we surf. So far there are three sites who know who you are when you access them – Pandora, Yelp, and Docs.com. There will be more. What this means is that you will be taking your Facebook identity with you wherever you go on the internet. You will not be anonymous. Our online and offline identities, which are already merged in Facebook, will be united across the entire internet, with Facebook, a commercial company, acting as the go-between.
You can opt out of this. Right now it’s easy enough – there are only three sites you need to do it for. But as Facebook spreads out to more and more sites, it will become harder for us to control. This means that sites will be able to serve us with more personalized experiences (and more individually-tailored advertisements, of course), which for many people may be a worthwhile benefit. Other people may be slightly anxious that a privately-owned company is becoming the mediator between us and the internet.