Focusing public attention on emerging privacy and civil liberties issues

Department of Energy Smart Grid FOIA Documents

DOE Smart Grid Investment Grant Program (SGIG) Background

On June 10, 2010 EPIC submitted a Freedom of Information Act (FOIA) request to the Department of Energy (DOE). EPIC sought agency records concerning the DOE Smart Grid Investment Grant Program (SGIG).

Originally authorized by Section 1306 of the Energy Independence and Security Act of 2007 and then modified by the American Recovery and Reinvestment Act of 2009, SGIG is a DOE program intended to accelerate the country's transition to a modern electric transmission and distribution system by promoting investment in smart grid technology. SGIG seeks to accomplish this goal through competitive grants whereby DOE will provide up to 50% of the cost for new projects implementing the smart grid. These grants range in size from a minimum of $300,000 to as much as $200 million.

In June 2009, the DOE issued its initial announcement opening up the SGIG application process. As part of this process, the DOE required applicants to submit a Project Plan describing how the project would address cybersecurity concerns. The plans needed to include summaries of:

  • The cybersecurity risks of the project and how such risks would be mitigated throughout the project lifecycle
  • The cybersecurity criteria utilized for vendor an device selection
  • The relevant cybersecurity standards and best practices that the applicant intended to follow
  • How the project would adapt to new cybersecurity standards that may emerge

A DOE Spokesperson has asserted that the plans were subsequently reviewed by two cybersecurity experts, however neither the names of the experts nor details of the plans themselves have been released to the public. In October 2009, President Obama announced that 100 winning applicants would receive a total of $3.4 billion in SGIG funding. Of the $3.4 billion awarded through SGIG, approximately $2.8 billion will go to making and deploying smart meters.

Privacy Issues

Smart meters have the capability to monitor and report on customer electricity consumption in near real-time. Such monitoring might reveal sensitive personal behavior patterns. For example, smart-meter data could distinguish between when the consumer is engaged in housework or personal hygiene. Similarly, it might reveal that a consumer has a serious medical condition that requires use of medical equipment every night or that his house is vacant all day. Experts predict that, as research progresses, increasingly detailed information will be discoverable through an individual's electricity consumption profile, down to the ability to track the use of individual appliances. "With the whole of a person's home activities laid to bare, [appliance-usage tracking] provides a better look into home activities than would peering through the blinds at that house."

In the wrong hands, such information could even leave the customer exposed to physical danger, either from burglars or vandals able to determine the best time to strike an unguarded home or from stalkers given another tool to track their victims.

EPIC's Freedom of Information Act Request

EPIC requested the following DOE records:

  • All cybersecurity plans submitted by SGIG grantees.
  • Any evaluation criteria used by the agency to assess the cybersecurity plans submitted by SGIG grantees.
  • Any final reports submitted by cybersecurity experts evaluating the cybersecurity plans of SGIG grantees

The agency requested more information regarding EPIC's request for a waiver of fees. After EPIC provided this information, the agency did not respond and EPIC appealed. Subsequently, the DOE began providing the requested documents.

DOE Smart Grid Investment Grant Documents

The DOE has provided so far:

1. DOE criteria for evaluating cybersecurity plans submitted by SGIG grantees 2. Cybersecurity plans submitted by SGIG grantees - there are 100 in total; they will be posted here as they are received.

Smart Grid Resources