Every data point is sacred

My surprising lessons from one innocuous piece of data

Every data point is sacred

Despite living much of my life in public on the web, I’ve always understood the importance of personal privacy in the abstract. I’ve kept up on the world of privacy and since I run a large community I’ve paid special attention to the idea of data privacy. That said, I’m not a guy that only buys things in cash as I understand the benefits of tracking my own purchase data for later analysis. I know my credit card statement shows a rich history of parking, eating, entertainment, and the patterns of where I go each day, but I don’t lose sleep at night worried about data breaches revealing my purchase patterns. That all said, it wasn’t until a couple summers ago that the idea of protecting each and every last piece of data, even those that seem inconsequential, became important to me. This is the story of a family trip, a new house alarm, a house sitter, and a house cleaner.

When my (US-born, but 100% Italian) mom was diagnosed with breast cancer in 2011, I promised to take her and her sister (my Aunt) on a trip to Italy when she was done with chemo, as a gift and a treat and something to look forward to despite her diagnosis (my Mom always dreamed of taking an Italian trip someday). A quick couple months later, she lost her battle with cancer and after the funeral I told my Aunt of our plans for the trip. She thought it was a wonderful gesture that she would have loved to be a part of, and right then and there I proposed that we take the trip in honor of my mother (with my wife and daughter tagging along) as a tribute and celebration of my Mom’s impact on our lives.

Plans were made, flights booked to Rome, hotels reserved in Florence and Venice, and through the months of planning I didn’t count on two of my neighbors having their houses robbed just a couple weeks before we were to leave. I work in a home office so security was never a big concern until we realized we’d soon be gone for two weeks and our temporary house sitter was a college student with a greater-than full time job.

We decided to get a house alarm to put our minds at ease while abroad. Amid the bevy of options were backup batteries, keychain fob controllers, and a GPRS connection to alarm company central (in case phone wires were cut, it could still phone home). That last option meant I could control my alarm via a generic iPhone app, which seemed like a nice convenience, so I paid extra for it.

Our house alarm was installed and configured just hours before we were leaving for the airport, and I briefly met (for the first time) my wife’s student friend that would be staying at the house during our vacation. We set off, setting aside additional keyfob remotes for our house cleaner.

We had the time of our lives in Italy, soaking in the rich history and beautiful architecture, and during one of our down times a week into the trip I noticed the “History” tab on my alarm controlling iPhone app. I clicked it and it brought up a log of all the times the alarm had been turned off, turned on to “stay” mode (when you’re inside the house sleeping), and turned on to “away” mode (which kicks on the motion detectors). The history logs also showed which users of the system were invoking which commands.

After we returned from two weeks of vacation I revisited the history log files and showed my wife how this innocuous set of data painted quite a picture. We could see when our house sitter left for work every morning (around 8am), when she returned after work and after visiting her boyfriend (usually around 10pm). We could see when she went to sleep (around midnight), and when she woke up (before 7am). We could also see when our house cleaner popped in every Wednesday, and how long she spent cleaning the house since it showed when she turned the alarm off and back on again. The alarm logs showed she finished in about 45 minutes when we weren’t there (understandable, since only a spare bedroom was being used by the house sitter).

I thought about this data for some time after. An innocuous log file of accesses, but this one small data point of alarm off/on status gave somewhat invasive looks into my housesitter's time in my house, our cleaning lady, and my own family. I had two weeks of rich data about someone I barely met for thirty seconds and I also had future total surveillance powers over my house cleaner that made me a little uncomfortable. I thought about the local security company that installed the system, how they have my patterns of coming and going as well as every other local customer's patterns and could know quite a bit about how we live (I hope I signed a privacy policy saying they won’t sell our aggregate data at some point). Finally I thought about the larger alarm companies these local outfits contract out from have even more data about potentially millions of peoples' lives — everyone that uses their generic house alarm apps —that fills a database somewhere.

We create so much data as we move through the world in a typical day that it seems like overkill to be firm on the privacy of all of it, but you never know what a single piece of data will say about you. I realized after looking at my own data and accidentally learning about other users of my system I'm not entirely comfortable with this knowledge. I don't know if I trust security companies in this business, and it dawned on me that it's worth fighting for the personal privacy of everyone's data, and not just obvious things like the most sensitive health-related test results but each and every single innocuous thing a company logs about our lives because you never know who could be looking at it and what kind of impact that may have.