However, as we all began to explore and see the changes, we learned there was a big catch. Along with strengthening some privacy features, Facebook actually relaxed or completely removed others. Electronic Frontier Foundation (EFF) was quick to criticize the changes as having an overall negative effect on privacy. Another privacy group, Electronic Privacy Information Center (EPIC) filed a complaint with the Federal Trade Commission (FTC) in December.

Now, five Facebook users have filed a class-action lawsuit on behalf of all users. The lawsuit alleges that Facebook was deceptive in its portrayal of the changes as being positive for privacy. Among other things, the claims are made:

• At one time Facebook users had “exclusive” control of privacy.
• Facebook now characterizes the following user information as “publicly available information:” name, profile, friends list, pages the user is fan of, gender, geographic region, and networks the user belongs to.
• In addition, the lawsuit notes that Facebook by default sets the privacy setting of certain information to “everyone.”
• Tools and information provided by Facebook are misleading and do not help users interested in privacy.
• Facebook permits third-party application developers to access more information than they were previously allowed. In fact, all applications will now have access to “publicly available” information such as Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages.

In addition to damages and restitution, the lawsuit is seeking an injunction with the following remedies:

• That Facebook notify its users that it set the privacy settings to an “unreasonably low level”
• Change default privacy settings
• Improved privacy help including: an 800-number hotline for privacy, a simple PowerPoint presentation in plain English and Spanish explaining the settings, and a complete redraft of the privacy policy.
• Require third-party developers to display a privacy settings page for every application when the user signs in to the application for the first time.

Here is the full filing as hosted by Courthouse News Service.  (PDF reader required)

The “smart meters” that are deemed an inherent part of the new power grid will be able to collect and relay very detailed information about our electricity consumption. This information may then be shared, stored, and retained not only by your power-utility but also other third parties. Google and Microsoft already have products targetting this market.

A lot of information about our private lives can be derived from this usage data. For illustration purposes, consider the diagram below.

Smart Grid Privacy*

We’ll have more to post on this topic later.

For more information, please visit:

• Smart Grid NISTIR 7628: A draft Intra-Agency Report on Smart Grid Security, including mention of privacy issues.
• Smart Grid Privacy Concerns: October 2009 – A detailed catalog of privacy smart grid threats authored by Rebecca Herold (The Privacy Professor). Rebecca is also a member of an NIST working group working on the privacy-related issues within NISTIR 7628.
• NIST – Smart Grid Interoperability Standards Project.

* Source for image: Elias Leake Quinn, Smart Metering & Privacy: Existing Law and Competing Policies, A Report for the Colorado Public Utilities Commission, Spring 2009.