Sun | Sep 15, 2019

Nadine Maitland | Threats from invisible data gathering

Published:Wednesday | June 12, 2019 | 12:15 AMNadine Maitland/Contributor

The practice of invisible data gathering by many organisations in Jamaica is growing and there are no clear policies enacted to provide protection for individuals or organisations against this practice. Smart meters, smartphones and many other smart devices are creating a ‘digital footprint’. We should not go blindly into this digital world because doing this will expose us to many dangers that are lurking in this fast-paced global space.

Power companies and telecommunication companies are custodians of a large volume of data and continue to collect data from unsuspecting customers without established regulations on how this information should be used and protocol for securing this information.

Smart meters are now being installed in our homes and it is projected that by 2021, all Jamaica Public Service (JPS) customers should have smart meters installed.

How much do we know about their capabilities? Was there a public educational campaign launched to sensitise customers about the pros and cons of accepting these devices? Moreover, do customers have a choice in the matter? These are questions that should be answered.

Smart meters collect more than just overall electric energy consumption. They collect hourly consumption and this information can be used for many other purposes. This type of data, if it gets into the wrong hands, can have far-reaching implications for security from both data and the individual perspective. The potential for secondary use of this data puts individual privacy at risk. Do individuals not have a right of privacy?

The right of privacy is defined as an individual legal right. Privacy is a liberty right and, therefore, it protects an individual’s choice and gives them the freedom to share what they want with whom they want to. I posit, therefore, that based on the Jamaican Constitution outlined below any arbitrary digital surveillance can be classified as ‘interference’ and can result in a threat in some way to some sectors of society.

THE RIGHT TO PRIVACY

This right is protected within domestic and international law. Chapter three of the Jamaican Constitution, The Charter of Fundamental Rights and Freedoms, has given protection to this right. Article 17 of the International Covenant on Civil and Political Rights (ICCPR) provides that no one shall be subjected to an arbitrary or unlawful interference with his or her privacy, family, home, or correspondence, nor to unlawful attacks on his honour and reputation, and that everyone has the right to the protection of the law against such interference or attacks.

Therefore, we should pay careful attention to these practices in various forms and put in place legislations to protect our citizens from the breach of this right.

While smart meters are said to provide customers with array of benefits such as, but not limited to, the elimination of manual monthly meter readings (that are prone to errors), providing real-time data that is useful for balancing electric loads while reducing power outages (that is, blackouts) and greater and more detailed feedback regarding energy use. The additional information that these meters collect can be used secondarily, and if it gets into the wrong hands could prove to be dangerous.

Customers are not aware of the custodians of this data, the security of this data and who will have access to this data. According to reports, there are some factual merits to this argument regarding smart meters infringing on citizens’ civil liberties (personal privacy) as these meters record not only how much electricity you consume but also records the periods that most of this consumption takes place.

According to the JPS, smart meters have the ability to “report this data much more efficiently, easily, and immediately”. However, the real concern is that it can be used to monitor individuals or even be sold to other parties. One such example is that it has been reported that in one country, law enforcement agents have used data collected via smart meters “to identify indoor marijuana-growing operations”.

This reiterates the point made earlier about the secondary use of data that is collected via these smart meters, the far-reaching implications that this can have and the potential of the secondary use of this data.

BREACH OF RIGHTS

In the April 12, 2019 court ruling regarding NIDS in the Supreme Court judgment/ruling, it pointed out, and I quote, “Informational Privacy does not deal with a person’s body but the recognition that an individual may have control over the dissemination of material that is personal to him or her and where the unauthorised use of such information may lead to infringement of that right” and, “Privacy of Choice: which protects individual autonomy over personal choices”.

The compulsory installation of smart meters and the lack of choice and knowledge by customers infringe on these rights. With no clear data privacy protocols and guidance that outlines who will be the custodians and who should be held accountable for any unauthorized dissemination, there are several concerns that should be answered by the company.

In my layperson’s opinion, this hinges on a breach of both the informational privacy rights and privacy of choice rights of the citizens of this country. On this information super highway, where a simple mistake can have catastrophic consequences, it is very important that these questions are answered. It is equally important that the Government understands and manages organisations that require collection of data/information and the process be guided and managed, to prevent the secondary use of people’s information without their knowledge and consent.

All technology has its benefits and drawbacks. While smart meters are said to have many benefits, they also present privacy challenges to customers. We live in a country where anecdotal evidence reveal that scamming is the career aspiration of many young people and crime is spiralling out of control. If this information gets into the wrong hands, we could be in serious trouble.

We are fast becoming a ‘Panopticon’ society; however, ‘Who will guard the guards’? With the Data Protection Act yet to be enacted and recent reports out of Parliament indicating that the committee has not met for over one year, it is obvious that someone needs to prioritise their priorities.

Today, many companies are just collecting data to their ‘whims and fancy’ and in all honesty, many are not aware that they are breaching the privacy rights of their customers. In my opinion, we need to lock down the ‘talk shops’ and the Government should move with some alacrity to implement and enforce laws that will protect the privacy of data and ensure that the laws are obeyed.

Nadine Maitland is a senior lecturer/programme director at the School of Computing, University of Technology, Jamaica. Email feedback to nadinmland@utech.edu.jm and columns@gleanerjm.com