Putting a price on privacy

Too much of the privacy conversation focuses on secrecy when it should be really looking at the use/abuse of personal data. Secrecy is a lousy control.

In the Australian state of Victoria, detailed information about electricity customers’ power usage, which gives insights into when a house is occupied, is being shared with third parties including mail houses, debt collectors, data processing analysts and government agencies.

This is exactly what Gartner has predicted: a blurring of social and operational technologies (OT) resulting in new compliance and risk issues.

Some have speculated on the ability to infer home occupant activity based on patterns in electrical usage.  You’d not only be able to tell when the house was occupied, but you’d be able to track a lot of activities, because of their distinct energy use signatures.

I know of someone who publishes her home energy use on her blog using the monitor system that came with her solar system. That’s a screaming advertisement for occupancy. The level of risk that this form of attack represents is debatable, but it’s a question that’s worth asking. 

I’m sure that I’m not the only person who avoids posting anything on social networks that sends the message “our house is unoccupied.”  Sure, the common thief is not sophisticated enough to take advantage of FB—yet. But it has already happened in the US.

The big risk is not about social media or social networks but about the accessibility of devices to/via a public network. Whether a device sends/receives tweets presents only a slightly different risk from that device handling email, SMS, voice recognition, etc. The specific vector for transmission is a minor issue. Accessibility of the device is the core risk.

Too much of the privacy conversation focuses on secrecy. People are lousy at keeping secrets and community is based on shared information and the demonstration of a willingness to share personal data. The privacy conversation should focus on the use/abuse of personal data. Secrecy is a lousy control.

You might find it a bit absurd to discuss privacy concerns about power usage in a society where people (at least some) tell you where ALL of their tattoos are and who they’re sleeping with in their Facebook account, or brags about all of the technology they have in their home on Twitter. This isn’t a technology problem, it’s about the use of the intelligence derived from said technology.

For the energy and utility companies, this will no doubt be a topic for policy changes regarding customer data, but utilities are used to that kind of discussion and have been for decades. It’s a question of doing it rather than being aware of it.

The primary beneficiary of data derived from a number of “Internet of Everything” (IOE) points like smart meters for utilities will be the titans of commerce. Understanding patterns of behaviour of actual and potential customers just feeds the commerce engine like nothing else can. No doubt a new class of statisticians and analysts will arise to big-data mine IOE endpoints and weave the story of life together for potential customer profiles.

We voluntarily (for now) give the electric utility more detailed information about our electrical usage to give ourselves a benefit – the utility will theoretically charge us less because it can build less generating capacity because it is monitoring usage more closely, and it can turn off our appliances remotely to cut demand in peak periods and so on. The decision on how to share the benefit – what proportion of the gain will go to the “greedy” utility and what to the “greedy” consumer – will be settled in a complex negotiation among consumers and utilities. Government is the referee in this discussion.

Already in the US your insurance company will lower your car insurance bill if you agree to have an on-board device that allows it to monitor your driving habits. We move into George Orwell’s 1984 voluntarily to save $ 250 per year. In the future, maybe only the rich or the very poor will be able to afford privacy (when you having nothing, there is not much to monitor and not much reason to monitor you).

So we may be selling our privacy at too low a price. Gartner wrote a research note  on the “information based” utility of the future. It makes for interesting reading. My colleague Kristian Steenstrup is the man to talk to about this – he has led much of Gartner’s research on OT, particularly in the energy and utilities sector.

Ian Bertram is a managing vice president at Gartner Research. You can see his other work here.