The Smart Grid and Privacy
Concerning Privacy and Smart Grid Technology
- California Protects the Privacy of Smart Meter Data: The California Public Utility Commission has established new rules to protect information about consumer use of "smart meter" electrical services. The California decision, the first in the country, establishes fair information practice requirements, including a consumer right of access and control, data minimization obligations, use and disclosure limitations, and data quality and integrity requirements. Electric utilities and their contractors, as well as third party who receive electricity usage data from utilities are subject to the new rules. EPIC submitted extensive comments to the Public Utility Commission regarding privacy safeguards for consumer energy usage data. For more, see EPIC Smart Grid Privacy. (Aug. 6, 2011)
- Consumer Groups Recommend Privacy Safeguards on "Smart Meter" Services: The Trans-Atlantic Consumer Dialogue (TACD), a coalition of consumer groups in Europe and North America, adopted a report on privacy and electrical services at the 12th Annual TACD meeting held recently in Brussels. The Smart Meter White Paper warns the "dramatic increase in the granularity of data available and frequency of collection of household energy consumption means that the smallest detail of household life can be revealed." The TACD report sets out recommendations to protect the privacy of users of new energy services. For more information, see EPIC - Smart Grid and Privacy. (Jun. 27, 2011)
- NIST Publishes Smart Grid Privacy Guidelines: Guidelines for Smart Grid Cyber Security: Privacy and the Smart Grid is now available from the National Institute of Standards and Technology. The NIST Smart Grid Guidelines address privacy concerns that arise from the "many new data collection, communication, and information sharing capabilities related to energy usage." EPIC coordinated extensive comments for the agency from a group of 23 NGOs, legal, and technology experts. EPIC also worked closely with the NIST Cyber Security Working Group's subcommittee on Privacy on the project. For more information, see EPIC's The Smart Grid an Privacy. (Sep. 17, 2010)
- EPIC Testifies in Congress on Smart Grid Privacy: EPIC Associate Director Lillie Coney testified before the House Committee on Science and Technology regarding Smart Grid Architecture and Standards: Assessing Coordination and Progress. In her prepared statement, Ms. Coney told Congress that the "basic architecture of the Smart Grid presents several thorny privacy issues" and explained how smart meters and appliances transmitting user data wirelessly introduced threats to consumers. She also described how strong security and privacy standards can address the risks of identity theft, unauthorized access, and individual surveillance. EPIC has submitted comments to NIST and the state of California, urging stronger privacy standards for Smart Grid services. For more information, see EPIC Smart Grid. (Jul. 1, 2010)
- EPIC Recommends Consumer Privacy Protections for California Smart Grid: In formal comments to the California Public Utility Commission, EPIC said that utility customers should control the use of personal information generated by Smart Grid services. EPIC warned that companies will otherwise use the data for purposes not related to electricity delivery, consumption management, or payment. EPIC urged the California Commission to include a requirement that limits the use of personal data by third party providers offering energy management services. The Commission acknowledged EPIC's March 2010 comments and EPIC's April 2010 comments in the proposed California Smart Grid plan. For more information, see EPIC Smart Grid. (Jun. 14, 2010)
- FCC Release National Broadband Plan, Privacy Strategy Unclear: The Federal Communications Commission (FCC) released its National Broadband Plan today. The FCC notes that “many users are increasingly concerned about their lack of control over sensitive personal data" and warns that "Innovation will suffer if a lack of trust exists between users and entities with which they interact over the internet.” The FCC makes several recommendations, but there is no clear plan to address growing concerns about cloud computing, smart grids and unfair and deceptive trade practices. Last year, EPIC urged the FCC to develop a comprehensive strategy for online privacy as part of the national broadband strategy. (Mar. 17, 2010)
- EPIC Recommends Privacy Safeguards for Smart Grid Services: In formal comments, EPIC urged the California Public Utility Commission to adopt privacy safeguards for Smart Grid systems to protect consumer electricity usage information from unauthorized collection, use, and disclosure. Smart Grid networks uniquely identify individual electrical appliances, and create new privacy risks. EPIC recommended that policies be established to protect consumer data, including limitations on data collection, new security standards, and independent oversight. For more information, see EPIC: Smart Grid. (Mar. 12, 2010)
- EPIC, Coalition and Experts Champion Privacy Safeguards for Smart Grid Data: EPIC, members of the Privacy Coalition, and privacy and security experts urged a federal agency to establish safeguards for Smart Grid systems that protect consumer electricity usage information from unauthorized collection, use, disclosure, or sale. Smart Grid networks, which uniquely identify individual devices and appliances, create new privacy risks and could reveal intimate details of home life. EPIC recommended that policies be established to safeguard consumer privacy, including limitations on data collection, enforceable privacy practices, new security standards, and independent oversight. See EPIC Smart Grid and Privacy. (Dec. 2, 2009)
- EPIC Urges Government to Protect Privacy in the Smart Grid: Today, EPIC filed comments with the National Institute of Standards and Technology (NIST), urging it to implement robust privacy protections in the Smart Grid. The Smart Grid refers to a host of technologies that will allow unprecedented communication between American energy providers and energy consumers. However, it will also dramatically transform the ability of providers of power services in the United States to track the activities of consumers. For that reason, EPIC urged NIST to establish comprehensive privacy regulations that limit the collection and use of consumer data. For more information, see EPIC Smart Grid and Privacy. (Nov. 10, 2009)
- NIST Seeks Public Comments on Smart Grid Standards. The National Institute for Standards and Technology is seeking 2 categories of comments from the public on its draft Framework and Roadmap for Smart Grid Interoperability Standards. The first type of comments sought are on the overall document, and on the document's chapter 4 "Guidance for Identifying Standards for Implementation." Comments are due to the agency on or before November 9, 2009.
On December 19, 2007, the Energy Independence and Security Act of 2007 was enacted as Public Law 110-140. The bill, among other things, directed that Smart Grid technology be studied for its potential "to maintain a reliable and secure electricity infrastructure that can meet future demand growth."
"Smart" is often used to describe new features or capabilities found in inanimate applications or technologies. These technologies are not human smart, but innovative in that they often provide multi-directional real-time or near real time communication with the user device and provider(s) of a benefit or service(s).
The term "Smart Grid" encompasses a host of inter-related technologies rapidly moving into public use to reduce or better manage electricity consumption. Smart grid systems may be designed to allow electricity service providers, users, or third party electricity usage management service providers to monitor and control electricity use. The electricity service providers may view a smart grid system as a way to precisely locate power outages or other problems so that technicians can be dispatched to mitigate problems. Pro-environment policymakers may view a smart grid as key to protecting the nation's investment in the future as the world moves toward renewable energy. Another view of smart grid systems is that it would support law enforcement by making it easier to identify, track, and manage information or technology that is associated with people, places, or things involved in an investigations. National security and defense supporters may see the efficient and exacting ability of smart grid systems to manage and redirect the flow of electricity across large areas as critical to assuring resources for their use. Marketers may view smart grid systems as another opportunity to learn more about consumers and how they use the items they purchase. Finally, consumers, if given control over some smart grid features, may see smart grid systems as tools to assist them in making better informed decisions regarding their energy consumption.
Smart meter technology is the first remote communication device designed for smart grid application. These meters have moved into the marketplace and are poised to change how data on home or office consumption of electricity is collected by service providers. Additional changes that smart grid systems may bring are not limited to meters but extend to monitoring other devices, e.g. washing machines, hot water heaters, pool pumps, entertainment centers, lighting fixtures, and heating and cooling systems. Consuming electricity will take on new meaning in the context of privacy rights. A Fayetteville, NC smart grid pilot project in claims that it can manage over 250 devices within a customer's home. The system would be able to selectively reduce demand among its 80,000 customers by turning off devices in homes that are part of the smart grid program.
Privacy implications for smart grid technology deployment centers on the collection, retention, sharing, or reuse of electricity consumption information on individuals, homes, or offices. Fundamentally, smart grid systems will be multi-directional communications and energy transfer networks that enable electricity service providers, consumers, or third party energy management assistance programs to access consumption data. Further, if plans for national or transnational electric utility smart grid systems proceed as currently proposed these far reaching networks will enable data collection and sharing across platforms and great distances.
A list of potential privacy consequences of Smart Grid systems include:
- Identity Theft
- Determine Personal Behavior Patterns
- Determine Specific Appliances Used
- Perform Real-Time Surveillance
- Reveal Activities Through Residual Data
- Targeted Home Invasions (latch key children, elderly, etc.)
- Provide Accidental Invasions
- Activity Censorship
- Decisions and Actions Based Upon Inaccurate Data
- Unwanted Publicity and Embarrassment
- Tracking Behavior Of Renters/Leasers
- Behavior Tracking (possible combination with Personal Behavior Patterns)
- Public Aggregated Searches Revealing Individual Behavior
Plans are underway to support smart grid system applications that will monitor any device transmitting a signal, which may include non-energy-consuming end use items that are only fitted with small radio frequency identification devices (RFID) tags may be possible. RFID tags are included in most retail purchases for clothing, household items, packaging for food, and retail items.
The purpose of an RFID system is to enable data to be transmitted by a portable device, called a tag, which is read by an RFID reader and processed according to the needs of a particular application. The data transmitted by the tag may provide identification or location information, or specifics about the product tagged, such as price, color, date of purchase, etc. The use of RFID in tracking and access applications first appeared during the 1980s. RFID quickly gained attention because of its ability to track moving objects. As the technology is refined, more pervasive-and invasive-uses for RFID tags are in the works.
In a typical RFID system, individual objects are equipped with a small, inexpensive tag which contains a transponder with a digital memory chip that is given a unique electronic product code. The interrogator, an antenna packaged with a transceiver and decoder, emits a signal activating the RFID tag so it can read and write data to it. When an RFID tag passes through the electromagnetic zone, it detects the reader's activation signal. The reader decodes the data encoded in the tag's integrated circuit (silicon chip) and the data is passed to the host computer for processing.
RFID tags come in a wide variety of shapes and sizes. Some tags are easy to spot, such as the hard plastic anti-theft tags attached to merchandise in stores. Animal tracking tags which are implanted beneath the skin of family pets or endangered species are no bigger than a small section of pencil lead. Even smaller tags have been developed to be embedded within the fibers of a national currency.
Many of these advances will take years to integrate into the smart grid system as new technologies and applications are developed. The granularity of control of electricity use could be down to the appliances or devices located within a home or office.
Smart grids may also affect consumers who adopt the of use of solar and wind power. The smart grid could make it possible to transfer excess electricity from power-generating users to others during peak periods.
The types of personally identifiable information that may be collected include details on battery charging information, i.e. amount of life remaining, date, time, location of last recharge, etc; type of personal device; a unique item identification number as well as personalized information, i.e. user name, address etc; location where the item was recharged as well as how long the device was connected to the power source. Initially the information collection may be limited to very basic information, but over time these technologies will mature, which may not be apparent to users as they upgrade technology.
Innovation in other technologies, such as cellphones, televisions, computers, personal digital devices, and household appliances will enable smart grid muti-directional communication among service providers for information on products that may be as mobile as individuals or tied to fixed locations within homes or offices. For several decades work on "Smart House" technology has evolved to increase users' ability to monitor, manage, and control use of electricity service. Discussions about smart grid systems include consideration of wireless communication devices and the Internet's use to support communication transmission.
Public electric utility companies are installing new meter technology and offering smart meters to monitor customer consumption of electricity. Some utilities are offering lower utility rates in exchange for customers agreeing to the installation of smart meters. What might not be well known is the capacity of these new data collection systems to monitor electric utility use within a home or office space. This can include consumption of new appliances fitted with technology that would allow the monitoring their use inside homes and businesses. The move from an Internet of people to the "Internet of things" means that many appliances would come with unique Internet protocol addresses and wireless communication applications. How these devices might be used to collect information on their use, and who would have access to that information, and for what purpose is still unknown. The key to privacy protection is to have the user maintain control over the collection, use, reuse, and sharing of personal information including their use of electricity.
- How to learn more about smart electric meters, Bill Mego, Napervville Sun, January 18, 2012
- Smart meter installation begins, Naperville Sun, January 5, 2012
- No final decision yet on Smart Grid referendum, Hank Beckman, Naperville Sun, January 3, 2012
- Naperville smart meter opponents sue, Jack McCarthy, Chicago Tribune, December 30, 2011
- What’s the smart-energy outlook for 2012?M, Greengang the Smart Technologies Network, December 28, 2011
- California Makes Strides With Grid Modernization, RenewGridMag.com, December 28, 2011
- Report issued on smart meters, WLTribune.com, December 23, 2011
- Smart Grid Security Threatened By Fragmented Control, J. Nicholas Hoover, Information Week, December 6, 2011
- California adopts nation’s first privacy and security rules for smart grid customer data, InfoSecurity, August 5, 2011
- Attacking home automation networks over power lines, CNET News, August 5, 2011
- Smart Meter Privacy Rules Adopted By Calif., Earth Techling, July 29, 2011
- White House smart grid policy report includes loans, new programs, Platts-McGraw Hill, June 13, 2011
- California Lays Out Smart Meter Privacy Rules, Jeff St. John, GIGAOM, May 6, 2011
- Energy Department warns over smart grid privacy, Computer World, Oct. 15, 2010.
- Smart Grid Data: Too Much For Privacy, Not Enough For Innovation?
Jeff St. John, earth2tech.com
- FCC National Broadband Plan, Federal Communications Commission, March 16, 2010
- New 'smart' electrical meters raise privacy issues, Daniel Silva, The Sydney Morning Herald
- Your Smart Meter Is Watching, Op-ed, Toronto Star, November 19, 2009.
- How Privacy (Or Lack of It) Could Sabotage the Grid, Jules Polonetsky and Christopher Wolf, Smartgridnews.com, November 9, 2009
- U.S. Electrical Grid Gets $3.4 Billion Jolt of Stimulus Funding, Michael A. Fletcher, Washington Post, October 28, 2009
- Get Smart: Team Obama’s $3 Billion Smart Grid Push, Keith Johnson, Wall Street Journal, October 27, 2009
- What will talking power meters say about you?, Bob Sullivan, MSNBC, October 9, 2009
- Smart Grid Project Cuts Electricity Usage, Todd Woody, New York Times Blog, September 21, 2009
- Utilities' Smart Meters Save Money, but Erode Privacy, Andrew Maykuth, Philadelphia Inquirer, September 6, 2009
- Smart grid spying worries privacy advocates, John Dodge, Smartplanet.com, June 2, 2009
- Cisco: Smart Grid Will Eclipse Size of Internet, Martin LaMonica, CNET, May 18, 2009
- The Smart Grid Faces Off Against Privacy Rights, Environmental Leader, April 9, 2009
- 'Smart Grid' May Be Vulnerable to Hackers, CNN, March 21, 2009
- White House Office on Science and Technology Programs and NIST Launch Forum for Views on Consumer Interface to Smart Grid
- NIST Framework and Roadmap for Smart Grid Interoperability Standard Document 2nd Draft
- NIST Framework and Roadmap for Smart Grid Interoperability Standards Release 1.0 (Draft), September 2009.
- NIST - Smart Grid Cyber Security Strategy and Requirements, September 2009.
- Policy Brief -- Department of Engineering and Public Policy at Carnegie Mellon University, July 2009.
- The Smart Grid: An Introduction, Department of Energy, 2008.
- What the Smart Grid Means to Americans, Department of Energy, 2008.
- Smart Grid System Report, Department of Energy, July 2009.
- SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation, Privacy by Design, November 2009.
- Elias Leake Quinn - Privacy and the New Energy Infrastructure
- Rebecca Herold, SmartGrid Privacy Concerns
- How Privacy (Or Lack of It) Could Sabotage the GridJules Polonetsky and Christopher Wolf, Smartgridnews.com, November 9, 2009
- Feds’ Smart Grid Race Leaves Cybersecurity in the Dust, MacRonin, Privacy Digest, October 28, 2009
- Smart Grid Privacy: Laws and Implications, Rebecca Herold, Realtime - IT Compliance, October 21, 2009
- From Smart Grid to Big Brother?, Michael Graham Richard, Treehugger.com, October 14, 2009
- 10 Things To Know About Smart Grid Security, Katie Fehrenbacher, Earth2tech.com, October 9, 2009
- Smart Grid Privacy: Is The Road to Ruin Paved With Good Consumer Market Intentions?, Don McDonnell, The McDonnell Group, October 6, 2009
- NIST, smart grid privacy and social networking for security pros, Alexander Howard, IT Compliance Advisor, October 2, 2009
- 10 Smart Grid Consumer-to-Utility Privacy Concerns; Are There More?, Rebecca Herold, Realtime IT-Compliance, September 25, 2009
- Smart grid privacy and security, Carbon-pros Analyst Blog, August 20, 2009
- Data Privacy and Security Issues for Advanced Metering Systems (Part 2), Mark F. Foley, Smartgridnews.com, July 1, 2008
- The Dangers of Meter Data (Part 1), Mark F. Foley, Smartgridnews.com, June 2, 2008
- Privacy Challenges Could Stall Smart Grid, Susan L. Lyon, Matternetwork.com, June 1, 2009
- Security and Privacy Challenges in the Smart Grid, Patrick McDaniel & Stephen McLaughlin, IEEE Security & Privacy, May/June 2009 (subscription required)
- Smart In Home Monitoring System
- Multimedia Content Identification Through Smart Meter Power Usage Profiles, Ulrich Greveler, Benjamin Justus, and Dennis Loehr, Computer Security Lab Mu ̈nster University of Applied Sciences D-48565 Steinfurt, Germany
- Privacy-preserving smart metering, Alfredo Rial K.U.Leuven & IBBT, Leuven, Belgium, George Danezis Microsoft Research, Cambridge, United Kingdom, WPES '11 Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, ACM, October 17-21, 2011
- Privacy for Smart Meters: Towards Undetectable Appliance Load Signatures, Kalogridis, G.; Efthymiou, C.; Denic, S.Z.; Lewis, T.A.; Cepeda, R.;2010 First IEEE International Conference on Smart Grid Communications, October 4-6, 2010
- Smart Grid Privacy via Anonymization of Smart Metering Data, Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on Smart Grid Communications, Efthymiou, C.; Kalogridis, G.; Telecommun. Res. Lab., Toshiba Res. Eur. Ltd., Bristol, UK, Pages 238 - 243, October 4-6, 2010
- The new frontier of communications research: smart grid and smart metering, Zhong Fan Telecommunications Research Laboratory, Bristol, UK, Georgios Kalogridis Telecommunications Research Laboratory, Bristol, UK Costas Efthymiou Telecommunications Research Laboratory, Bristol, UK, Mahesh Sooriyabandara Telecommunications Research Laboratory, Bristol, UK Mutsumu Serizawa Telecommunications Research Laboratory, Bristol, UK Joe McGeehan, e-Energy '10 Proceedings of the 1st International Conference on Energy-Efficient Computing and Networking, ACM
- Security and Privacy Challenges in the Smart Grid, IEEE Security and Privacy, Volume 3, Pages 75-77, McDaniel, P.; McLaughlin, S., University of Pennsylvania, May-June 2009
- SmartPrivacy for the Smart Grid: embedding privacy into the design of electricity conservation, Cavoukian, A.; Polonetsky, J; Wolf, C., Computer Science, Volume , Number 2, 275-294, DOI: 10.1007/s12394-010-0046-y
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.