[repost of my AMEE post on Energy Identity]
Since AMEE’s inception in 2005, we have recognised that the emerging sets of data needed for carbon calculation and energy assessment present huge privacy issues.
Combined with the automation of data capture through smart-meters, mobiles, purchases and other “digital identity” sources there is a real need to address some fundamental issues.
As we help to glue together the instrumented world, what are the outcomes and what are the risks?
Energy Identity = The digital embodiment of
your physical consumption
(from slide 32 of my eTech presentation)
This concept applies to everything from individuals to businesses to countries, a product to a supply-chain, a home to a bank.
The good news is that we’ve “seen this movie before”. In the 1990s we stumbled online, throwing our digital identity information all over the place, in an unstructured manner, and didn’t consider these points until it was too late. Initiatives such as OpenID and OAuth are only now trying to re-invent control mechanisms to address what we all need.
With energy, we have an opportunity to pre-emptively declare the rules of engagement. Some activity is already evident in this space (e.g. Google Powermeter testifing to congress). In the UK, since we have the UK Government as a client, I was able to seed some of these ideas some time ago (the UK is also gifted with the presence of MySociety).
To summarise, the issues include:
This should really default to you/your business (i.e. the source of the consumption).
The EULA of your service provider should ensure that you own your data and have expressly given permission to use it. Standard stuff really, but we’re a long way from that in this emerging dataverse.
From AMEE’s perspective, when we hold your data it’s subject to the EULA of the provider you are coming through (e.g. Dopplr) and defaults to you otherwise.
As with other services, the default should be to use a series of seperate silos.
AMEE holds each client’s data in separate silos (e.g. Google in one silo, Morgan Stanley in another). This allows for both digital separation and, if required, physical separation. AMEE can shard to enable this.
Further we anonymise the data on the way in – in fact we insist that clients don’t use AMEE to store e-mail addresses etc, and just use the anonymous key AMEE provides to link their user data. This key is held in their user database and points to the anonymized “AMEE Profile”. Given how much personal data is stored about businesses and individuals in AMEE we wanted to pre-emptively push away this risk, and instill confidence in our clients that even if AMEE were compromised, their users would remain anonymous.
Having established that ownership and privacy are the two foundation stones, we can then acknowledge that the ability to share information is extremely important. To do so opens a lot of issues, which we’ve been working on for a long time now, but we are confident that AMEE’s model enables extremely rich data portability without compromising ownership and privacy, by pushing control back to the data owners.
Thanks to effective anonymisation and security, we also believe that data mining and interpretation can be carried out without compromising privacy. Because AMEE has an effective security strategy in place, we can interpret and analyse the Energy Identities of, and on behalf of, our clients, and their clients, in an aggregate fashion, without becoming a “big green brother”.
The results of this research can be used to track the impact of policies regarding energy generation, distribution and use; and to confirm and develop carbon accounting protocols.
Thankfully most of the these issues are recognisable trends in the online development.
The challenge, and more importantly, the opportunity is to pre-emptively address these issues as we move to a deeper interconnected world.
The potential is for all of us to become involved in the development of our low-carbon economy, the democratization of energy and sustainability and, we hope, to avoid mass extinctions.