Rebate for IoT thermostat requires that you give permission to your utility to read "all data"


#1

[Read the post]


#2

I live in Austin and i believe the same terms are offered with the City of Austin’s electric utility. However this is optional, if you don’t like the idea of sharing your data then don’t apply for the rebate. It does however help the city see when peak demand hits the grid and allows them to warn a homeowner’s thermostat, so you can ease up on your cooling/heating to save some money and it’ll switch back on when demand lowers or the house reaches a temperature threshold where it’s too hot or cold.
How safe is the whole set up? I don’t know… the city regulates its utility pretty closely so i hope the data is secure.


#3

But technology is cool - what’s the worst that could happen?


#4

Okay, yes, this should be better spelled out.

But, this will ultimately improve the efficiency of the grid. If your power company can better forecast load, it could lead to perhaps an investment in transmission, as opposed to new generation (think power plant).

Even better, imagine a world where your power company can tell your thermostat “if you don’t run in the next 30 minutes, we’ll rebate you $XX” because the market price is very high versus your contract price.

Totally should be better spelled out. I hate sneaky ToS. But what this enables will help us move to a more efficient (less-carbon) electric future.


#5

By your signature and acceptance of energy efficiency incentive(s) you acknowledge that the data collected through the use of the wireless enabled thermostat may be shared with your electric and/or gas distribution company.

I acknowledge that it may, but keeping my info in your database just means that I can access it and read other neat stuff.

Seriously, this is awful legalese. Acknowledging the possibility of something is in no way the same as giving explicit permission.


#6

Total waste of time in San Diego, the heat goes on 3-5 days a year, and it’s 72 degrees on July 5th, so the AC is just about as dormant too.


#8

That is, if they actually send the owner these alerts. And even if they do at first, they probably cease, while still slurping on the customer’s data for perpetuity.


#9

Uh, I first read you as saying it would be good if the elec. co. could bribe/blackmail you into jogging…or not jogging or something.


#10

It’s automated for the most part. They can adjust your thermostat with a range you can set, or you can do it manually. It works fairly well, a co-worker who is very fastidious with saving energy has been happy with it. On the flip side I don’t know how difficult it is to opt out of the program, but I can’t imagine it’d be difficult, like I mentioned previously the city regulates what the electric utility does pretty closely.


#11

Yes this is a lovely idea, and reasonable if the consumer is properly informed. However, burying this kind of information in paragraph 22 of a 5 point font ToS agreement is inherently deceptive. Online ToS contract addenda that are more than ~2000 words in length shouldn’t be permitted to be part of contractual agreements – as a matter of public policy. Not just for privacy issues, but generally.

It is widely recognized that these over-long, dense documents are ignored by most of the consuming public. They are too dense for the medium in which they are presented, and therefore deceptive by the very nature of their presentation.


#12

So why not simply offer the rebate through the power company? That way you know what is the actual relationship between the activity and the compensation.


#13

Is it really more temperate than WA? It’s been over 80 at least 15 or so days this year so far I think.


#14

Would I be a filthy luddite for idly musing about how long the list of entities with access to the thermostat data is even if you turn down this particular offer? It’s hardly as though the data go uncollected if you ignore the utility rebate program.


#15

It is from the power company. Note the link to Mass Save.

“Mass Save® is an initiative sponsored by Massachusetts’ natural gas and electric utilities and energy efficiency service providers.”


#16

What I think is needed is an anonymising service for IoT, something like the way Android Pay (for instance) works in which your credit card is stored on one side and a different token is given to the vendor. The utility company would only be able to get your information anonymised, and any messages they sent you would be relayed. They would merely be aware that token no. XYZ referred to a customer in such and such a locality with no precise address, name or contact details. Of course the anonymising service is a potential point of attack, but it would expose a tiny attack surface as it wouldn’t be part of other services. Also, two distinct attacks (on both the anonymising service and the utility) would be needed to provide identifiable information. Perhaps not even that if the anonymising service was paid for itself by an anonymised transaction system. Of course you would have to pay for it, and perhaps not many people would.
But some solution is needed for IoT because otherwise data aggregation will allow criminals to obtain very detailed information about targets.


#17

The IOS abbreviation is already taken though.


#18

Huh, so it is. Then it’s weird that the data sharing stuff quoted is written in the third person.


#19

Seriously. What is the worse that could happen?

I’d sign that form.


#20

I agree there should be an infrastructure for this-- if the current arrangement isn’t fixed, we’ll end up either banning data collection or banning privacy. But the problem with a commercial anonymization service is that the best way to make money from data is to connect as many different datasets as possible, and that’s exactly what makes anonymization fail. If AnonCo can tell you stuff like “User 39419048319 shops at Macy’s, votes Republican and uses lights between 7:30 and 11:25pm”, then it doesn’t matter how securely they separate IDs from real names; the data on its own will be enough to infer your identity.

There’s been serious research on the problem recently, since it’s become apparent that the state of the art in anonymization-- even for medical data-- is hopelessly ineffective. The conclusions seem to be (1) there’s a direct trade-off between privacy and commercial usefulness, and (2) everyone collecting data on individuals has to be spending real resources on anonymity; there’s no turnkey solution you can just bolt onto existing processes.

Both those things will cost businesses money, for something they’re already getting for free (if you don’t count the cost to the public, which they don’t). So I think it’ll have to be done by regulation, and in my fantasy scenario legislators will grasp this, and get ahead of the issue for once, with a broad, simple, well thought-out privacy law that gives us both meaningful privacy and all the economic and public-health benefits of mass data mining. LOL


#21

having read stories about companies that share your information without your knowledge and without compensation, it’s refreshing to read one where the company will actually pay you for it.