Russell's Blog

After six months of using Google Latitude, I've amassed about 7108 location updates, or about 38 a day. It would probably be a lot more if I hadn't managed on occasion to break the GPS or automatic updating by fiddling with the software.

It's actually quite useful to have this data, especially if it's correlated with some richer information. For example, I've consulted the data to answer questions like, "Where was that awesome sandwich place I ate at last month?" It's also extremely useful to be able to share this data with Google because it allows me to quickly cross-reference location coordinates with Google's database of businesses and addresses. You can also download your complete location history in one giant blob (just ignore the warning that the History map only displays 500 datapoints, and download the KML file). Once you have the KML file, you can do whatever you want with it. For example, I uploaded mine to Indiemapper to map my wanderings for the last six months (Indiemapper is cool, but I quickly found that this dataset is really much too big for a Flash-based web application).

Not surprisingly, I spent most of my time in California, mostly in Davis and the Bay Area, with a few trips to Los Angeles via I-5, the Coast Starlight, and the San Joaquin (the density of points along those routes is indicative of the data service along the way).

The national map shows my trip to visit my dad's family in New Jersey and Massachusetts, as well as a layover in Denver that I'd completely forgotten about.

I have somewhat mixed feelings about this dataset. On one hand, it's very useful to have, and sharing it with my friends and with Google is very useful. It's also cool to have this sort of quantitative insight into my recent past so easily accessible. On the other hand, I'm not particularly happy with the idea that Google controls this data. I chose the word controls deliberately. I don't mind that they have the data -- after all, I did give it to them. As far as I know, Google has been a good citizen when it comes to keeping personal location data confidential. The Latitude documentation makes their policy pretty clear :

Privacy

Google Location History is an opt-in feature that you must explicitly enable for the Google Account you use with Google Latitude. Until you opt in to Location History, no Latitude location history beyond your most recently updated location if you aren't hiding is stored for your account. Your location history can only be viewed when you're signed in to your Google Account.

You may delete your location history by individual location, date range, or entire history. Keep in mind that disabling Location History will stop storing your locations from that point forward but will not remove existing history already stored for your Google Account.

...

If I delete my history, does Google keep a copy or can I recover it?

No. When you delete any part of your location history, it is deleted completely and permanently within 24 hours. Neither you nor Google can recover your deleted location history.

So, that's what they'll do with it, and I'm happy with that. What bothers me is this: Who owns this data?

This question leads directly to one of the most scorchingly controversial questions you could ask for, and there are profound legal, social, economic and moral outcomes riding on how we answer it. This isn't just about figuring out what coffee shops I like. If you want to see how high the stakes go, buy one of 23andMe's DNA tests. You're giving them access to perhaps the most personal dataset imaginable. In fairness, 23andMe has a very strong confidentiality policy.

But therein lays the problem -- it's a policy. Ambiguous or fungible confidentiality policies are at the heart of an increasing number of lawsuits and public snarls. For example, there is the case of the blood samples taken from the Havasupai Indians for use in diabetes research that turned up in research on schizophrenia. The tribe felt insulted and misled, and sued Arizona State University (the case was recently settled, the tribe prevailing on practically every item).

You can't mention informed consent and not revisit HeLa, the first immortal human cells known to science. HeLa was cultured from a tissue biopsy from Henrietta Lacks and shared among thousands of researchers -- even sold as a commercial product -- making her and her family one of the most studied humans in medical history. The biopsy, the culturing, the sharing and the research all happened without her knowledge or consent, or the knowledge or consent of her family.

And, of course, there is Facebook -- again. Their new "Instant Personalization" feature amounts to sharing information about personal relationships and cultural tastes with commercial partners on an op-out basis. Unsurprisingly, people are pissed off.

Some types of data are specifically protected by statute. If you hire a lawyer, the data you share with them is protected by attorney-client privilege, and cannot be disclosed even by court order. Conversations with a psychiatrist are legally confidential under all but a handful of specifically described circumstances. Information you disclose to the Census cannot be used for any purpose other than the Census. Nevertheless, there are many types of data that have essentially no statutory confidentiality requirements, and these types of data are becoming more abundant, more detailed, and more valuable.

While I appreciate Google's promises, I'm disturbed that the only thing protecting my data is the goodwill of a company. While a company might be full of a lots of good people, public companies are always punished for altruistic behavior sooner or later. There is always a constituency of assholes among shareholders who believe that the only profitable company is a mean company, an they'll sue to get their way. Managers must be very mindful of this fact as they navigate the ever changing markets, and so altruistic behavior in a public company can never be relied upon.

We cannot rely on thoughtful policies, ethical researchers or altruistic companies to keep our data under our control. The data we generate in the course of our daily lives is too valuable, and the incentives for abuse are overwhelming. I believe we should go back to the original question -- who owns this data? -- and answer it. The only justifiable answer is that the person described by the data owns the data, and may dictate the terms under which the data may be used.

People who want the data -- advertisers, researchers, statisticians, public servants -- fear that relinquishing their claim on this data will mean that they will lose it. I strongly disagree. I believe that people will share more freely if they know they can change their mind, and that the law will back them up.

Update

The EFF put together a very sad timeline of Facebook's privacy policies as they've evolved from 2005 to now. They conclude, depressingly :

Viewed together, the successive policies tell a clear story. Facebook originally earned its core base of users by offering them simple and powerful controls over their personal information. As Facebook grew larger and became more important, it could have chosen to maintain or improve those controls. Instead, it's slowly but surely helped itself — and its advertising and business partners — to more and more of its users' information, while limiting the users' options to control their own information.

PG&E is no angel, but it deserves credit for making what looks like a good-faith effort to get California off of carbon. It's serious enough to have quit the US Chamber of Commerce to distance itself from the group's extremist views on climate change.

PG&E still owns six coal burning power plants, curiously located in Florida, New Jersey and Pennsylvania (presumably it uses them to swap power with other generators). It generates about 46% of its electricity from hydroelectric dams.

Rucker Creek dam, a small PG&E facility in Nevada County

One of the more interesting projects PG&E is undertaking is improving the resolution of its demand monitoring using SmartMeters. There is a lot of hype about the "Smart Grid," but basically it boils down to realtime use monitors, like these :

that are wired up to report the data somewhere. It's basically an off-the-shelf Tweet-A-Watt.

According to the PG&E web site, they are using SmartSynch meters, which use TCP/IP over some kind of wireless network. It's difficult to find information about the hardware itself, probably on account of the assorted idiots wetting their pants about people h4X0ring their refrigerators (actually, I don't know if Bill Mullins is an idiot, but his article about smart meters is depressingly typical).

Yes, it is possible for a bad person to break into your PG&E account to obtain this data.¹ But so what? Power meters are inductively coupled to the circuit they measure. They can look, but they cannot touch. IOActive, a security research firm, claims that they can break into certain smart meters and "cut off power." I suppose we are meant to construe this as "cut off power to the house," but that isn't what power meters do. That is what those huge knife switches, with the lock-out-tag-out rings, are for. I'm skeptical that a certified electrician would work on a residential circuit with a computer controlled on-off switch. I certainly wouldn't. What "cut off power" probably means is that they can shut down the microcontroller, and stop the meter from collecting or reporting data. We're left to speculate, though, because the report is confidential. I speculate that they are hyping a buffer overflow exploit to gain as much attention as possible.

Nobody is going to h4x0r your refrigerator and reprogram it to be an E. coli chemostat. If you are worried about your personal data floating around on the big bad internets, your worries are better directed at your bank and your health insurance provider. The bad guys don't care that you left your bathroom light on all night last Thursday; they just want the routing number for your savings account.

While the data isn't very valuable for nefarious purposes, it is extremely valuable in the noble (if mundane) pursuit of frugality. Here's what PG&E shows you if you've been upgraded to a smart meter :

Having the graphs is neat, but the usability of the site is poor. Fortunately, they let you download the data as CSV files, although you have to go a week at a time. It's all very 1995. Happily, Google.org is working on a real-time data browser tool called Power Meter which will make this a lot nicer. For now, I just wish I had an XML-RPC interface.

I've already learned something from this data. On the 29th and 30th, I was at the Granlibakken conference center for the UC Davis Host Microbe Interaction conference. Those days show dramatically less power use between about 22:00 and 2:00, which is when I'm usually hacking at my desktop machine. One more reason to start thinking about replacing this behemoth.

1. Actually, it's stupidly easy to gain access to someone's PG&E account if you have their account number. Just create a new web account, type in the account number, and there you go! Now you can really fuck with them by paying their bill, which is about all you can do with a PG&E account.

I finally got fed up with the pathetic official Android release from T-Mobile, and rooted my G1 and installed the CyanogenMod firmware. Cyanogen feels about twice as responsive as Cupcake! It's like a whole new device.

Also, the tethering app is awesome. It turns your G1 into a WiFi base station and routes traffic from WiFi to 3G. Since I'm still waiting for broadband at my new apartment, it's a lifesaver.

I suppose tethering (and rooting the phone) technically violates T-Mobile's TOS, but I'm convinced that T-Mobile will allow both sooner or later. It's just too awsome, and it would help them sell more contracts.

It's kind of difficult to abuse tethering anyway; it sucks down the battery very quickly, and the latency is significant. It's the sort of thing you'd only use in a pinch. Those happen to be the situations where a little benevolence or selfishness from a big company can shape a customer's opinion forever. T-Mobile seems to be more sensitive to that kind of thing than the other networks. I know they've got their reasons for banning tethering apps, but I think they could be convinced to change their minds. (You can download various petitions from the Android Marketplace.)

Openness is where Google and T-Mobile could really go after the unwholesome, anticompetitive and un-American AT&T/iPhone alliance. The open nature of Android is a step in the right direction, but T-Mobile needs to get its legal department on the Open Access bandwagon if it wants to press the advantage.

After all, if some random people on the internet can roll better firmware for the G1 than their in-house developers, isn't it a strategic business advantage to let them?

A guy in my apartment building just fell down the stairs right in front of my bedroom window. I put my glasses on and saw a puddle of blood slicking the concrete walkway, about ten feet from my pillow. About half the blood was coming out of his forehead, the other from a seep in his shirt where his collarbone is.

I went outside to see if he was moving. He wasn't. He didn't respond when I spoke to him. So, I did the logical thing -- I grabbed my phone and I called 911.

And it fucking crashed. So, I tried again, and it crashed again. I was in the process of ripping out the SIM card and charging up my old phone when the Davis 911 dipatcher called back. The good news is that the EMTs were fast. As soon as the dispatcher hung up, I stepped out to the street to wait for them, and I could already see the lights coming up the street.

So, listen here Google, T-Mobile and HTC: FUCK YOU. Fix your shit.

Interesting thing of the day : If you plug the following nucleotide sequence into Google :

"gctagttaaa aaaggaaatt catacccaaa"

The only hit you will find is the Swine Flu genome. Google is a sequence homology tool!