Monday, November 30, 2009

The Privacy Implications and Challenges of a Smart Grid Electrical System

My article on this subject was published in the California Progress Report yesterday, so I'm going to reprint it here today:

A critically important debate has emerged regarding the privacy implications and challenges that a transition to a smart grid system for electricity poses and how such concerns can be addressed.

In California, as in states across the country, the Public Utilities Commission (PUC) is currently considering how to implement a smart grid electrical system. In response to this rulemaking, and the lack of attention being paid to consumer privacy to date, the Consumer Federation of California (CFC) recently joined The Utilities Reform Network(TURN) in urging the Commission to allow for a more comprehensive review and debate regarding such concerns.

In response, the PUC has agreed to hold separate privacy specific hearings - with accompanying workshops and public comments - at a date to be determined in mid December. While this is a temporary victory for privacy and consumer advocates, enormous challenges remain.

What is a “Smart Grid” and why is it needed?

The ‘smart grid’ is a system which will track each kwh of electricity from the generator to an individual’s home through a series of automated devices. The smart grid will come into our homes through a ‘smart meter’ and a ‘home area network’ which monitors the kwh we use.

This deployment of ubiquitous monitoring technologies will allow utilities to collect, and possibly distribute detailed information about household electricity consumption habits (e.g. ice makers will operate only when the washing machine isn't, TVs will shut off when viewers leave the room, air conditioner and heater levels will be operated more efficiently based on time of day and climate, etc.) in hopes of reducing and/or better managing electricity usage.

Home gadgets and appliances will be wirelessly connected to the Internet so consumers can access detailed information about their electricity use, and reduce their carbon footprint appropriately.

The "Smart Grid" has been trumpeted by former Vice President Al Gore for years, and our nation's transition to such a system has accelerated since President Obama announced his plan to repair our country's crumbling infrastructure - which included $ billions to construct a nationwide "smart grid".

The potential benefits of a system that allows for such monitoring of electricity flow and control over it are self evident, including: Reducing energy use and CO2 emissions (maybe 20% per home), preventing blackouts, spurring development of renewable energy sources, and improving customer service by locating trouble spots and dispatching maintenance teams to fix the problem (among others).

According to President Obama (and other environmental experts), a smart grid system "will save us money, protect our power sources from blackout or attack, and deliver clean, alternative forms of energy to every corner of our nation."

A variety of interests – in addition to consumer and environmental – also have tangible reasons to support such a transition:

Utilities could sell, if permitted, the massive amounts of household data they will be capable of gathering; Law enforcement could be able to more easily identify, track, and manage information associated with people, places, or things involved in investigations; and marketers could access consumer data that will enable them to more effectively target their products.

(Note: smart meters have recently received some bad press due to a number of customers in one California town discovering that their energy bills have skyrocketed. A lawsuit has been filed against PG&E.)

Rest assured this transition is already underway: Up to three-fourths of the homes in the United States are expected to be placed on the “Smart Grid” in the next decade. Already, some 8 million "Smart Meters," have been installed in U.S. homes. There will be an estimated nearly 50 million by 2012. PG&E is installing 13,000 per day in California, and overall, the three major state private utilities will deploy 12 million by the end of 2012.

Privacy Implications of a Smart Grid System

The paradox of a smart grid system is that what will ostensibly make it an effective tool in reducing energy usage and improving our electric grid - information - is precisely what makes it a threat to privacy: Information (ours). It is this paradox that has led some to suggest that privacy might even be the “Achilles’ heel” of the “Smart Grid”.

What are the unintended consequences of such a system? Personal privacy issues routinely arise when data collected is harmless in isolation, but becomes a threat when combined with other data, or examined by a third party for patterns. A few principles we should keep in mind as we develop a regulatory framework for such a transition will be consumer control,
transparency, and accountability.

In particular: How much information should we give up to the grid? Should it be up to the customer to decide? If not, who gets access to that information, for what reason, and what will they be allowed to do with it? How will this information be managed (i.e. how long stored?)? And how well will it be protected from those that might seek it unlawfully? Can it even be fully protected given the increasing success and technical expertise of hackers?

Because technological innovation will only accelerate, we would do well to consider more than simply the immediate privacy threats posed by current technologies, but also what we know to be just around the corner.

For instance, while the tracking of mere energy usage in one’s home may be of less concern, as home devices become increasingly “smarter”, one can easily envision a technology convergence in which a myriad of gadgets could be used to track more sensitive information. Security technology already exists to monitor presence in homes to detect break-ins.

What else will smart appliances "tell" others about what we do and when we do it in our homes?

Such concerns are already being debated by academics and privacy advocates. In addition to taking into account existing privacy protection laws, companies that develop smart grid technology would be wise to anticipate consumer reaction to any system that invades the most precious private space we occupy: our homes.

Utility companies could reconstruct much of our daily lives, from when we wake up, when we go home, when we go on vacation, and when we hit the hot tub to relax. Now consider how much money that information will be worth to third party marketing companies?

Specific examples of “unintended consequences” that may arise if proper attention is not paid to privacy include:

• Travel agencies might start sending you brochures right when your annual family vacation approaches.
Law enforcement officials might use our information against us. Where were you last night? Home listening to music, huh? That’s not what PG&E told us. Or what about the predictable desire of police to locate in-home marijuana growers by monitoring household power usage?
Lawyers might seek to subpoena your data in a divorce trial, "You say you're a good parent, so why is the television on so late on school nights? Were you with someone in the hot tub at 2 AM on Saturday when the kids were gone?"
Insurance companies, always seeking to maximize profits by denying coverage or raising premiums, might start developing connections between energy use patterns and unhealthy tendencies.
Hackers and criminals might seek to falsify power usage, pass on their charges to a neighbor, install a virus and take down the entire system, disconnect someone else from the grid, and plan burglaries with an unprecedented degree of accuracy.
• Some consumers are already getting statements that compare their use to their neighbors. Could we see a system develop in which some are penalized unfairly for “wasteful” usage? Will details such as the number of occupants and their occupations (i.e. someone who telecommutes and is on computer all day) be properly taken into account?
Landlords might be interested in knowing what's happening inside their properties.
• If recent revelations regarding warrantless wiretapping, Patriot Act abuses and increasingly intrusive surveillance techniques are an indicator, we should also expect government agencies to vigorously pursue this data.
It's not hard to envision RFID tagged labels – read by smart meters - on the food and prescription drugs that fill our refrigerators and cabinets. Could that information be sold to marketers too? Could our health insurance go up because we eat too much unhealthy food? Might we start receiving targeted brochures from Big Pharma for prescription drugs based on the content of our medicine cabinets?

The privacy implications of such a grid strike at the very heart of the Fourth Amendment and a core American value: our right to keep private what goes on in our homes.

Policy Challenges and Solutions

Ideally, the CPUC would adopt the European approach, which binds companies to collect as little information as is necessary to complete a transaction, and they must then delete that data as soon as it is no longer needed – known as “Data Minimization”. But in America, where information itself is a big money industry – and government tends to be pro-business - such an approach is unlikely.

A superior indicator, and a useful case study, can be found in Colorado. The state public utility commission there was convinced by Elias Quinn, from the Center for Environmental and Energy Security (CEES), at the University of Colorado Law School, and author of "Privacy and the New Energy Infrastructure", to hold separate hearings dealing with privacy concerns related to a smart grid system. Mr. Quinn enumerated four general categories of personal data and its usage, including policy proposals for the Commission to consider adopting that would more adequately protect consumer privacy.

1. Who has access to your data? As one might expect, consumer consent requirements may vary depending on who is seeking your information. Those seeking access to this data were broken up into three categories - with different approaches taken for each (this does not necessarily represent a full endorsement of each of these approaches):

A. Electric Utilities: The consumer must opt-out if they choose to prevent electric utilities from accessing their data because this information is critical to the deployment of smart grid networks and to operating the next generation distribution systems. Thus when people sign-up for service, they can decline to participate in sharing any data that isn’t necessary to run the system itself.
B. Automation vendors, smart appliance manufacturers, or other related-but-not-essential companies: A one time Opt-In per manufacturer.
C. Entities wholly unrelated to electricity provision: Access is only available if the consumer Opts-In on a case-by-case basis. Perhaps such third party entities should also need to demonstrate a good reason to be able to even ask us for that information before bombarding us with requests. So if an insurance carrier seeks to examine a customer's usage data, the customer will have to be contacted for his/her informed consent first.
I would add an additional category of “data seekers” that deserves special consideration:
D. Law Enforcement: Law enforcement should be prohibited, by law, from access to our data unless they have a warrant signed by a judge based on already existing reasonable suspicion.

2. How is your data managed? The European Union's Data Directive has been cited as a good model and consists of the following core principles: [1] data processed fairly and lawfully, [2] sought or collected for specified purposes, and analyzed only for those purposes, [3] merely adequate and not excessive for the purposes motivating its collection, [4] kept accurate, and [5] kept in a form allowing for identification for no longer than necessary.

Electricity customers should also have the right to access or audit their information for accuracy - ideally in real time.

3. How is your data protected? Utilities should be mandated by law, with strong penalties, to protect information against anyone who would seek to monitor/steal/manipulate it. The challenge here then is how to best protect the 1. Security of the Database and 2. Security of the Data in Transit (which could be trickier as it is wireless).

4. What happens if your data is breached?: Consumers should be notified immediately in the event that personal information has been obtained by a party without the requisite consent.
Privacy vs. Environment? Or Data Owners vs. Data Profiteers?

How best to implement a Smart Grid system is an issue (“Pay-As-You Drive” is another) in which privacy and environmental interests might on the surface appear to bump heads. The good news is this “conflict” is unnecessary, and easily avoided.

The only real interest “clash” will be between those that want to protect privacy and the right to control one's own data versus those that seek to profit off or benefit from accessing, buying and selling it.

The fact is that smart and effective environmental policy does not, and should not, conflict with the individual’s right to privacy. It is paramount then that our state’s transition to a smart grid system addresses the potential privacy pitfalls while we are in the early stages of its implementation.

Rapid technological advancement - without the requisite regulatory safeguards – poses a significant threat to the individual's right to privacy. This threat is epitomized by the "Smart Grid". We must embrace a thorough, thoughtful and deliberative public policy process that must include ironclad privacy protections that above all else gives the individual absolute control over, and ownership of his/her data.

Establishing tough consumer privacy protections won't hamper the implementation of a smart grid system. In fact, it will increase its chances of acceptance and success by addressing the rightful privacy concerns consumers will inevitably have.

Elias Quinn, CEES, University of Colorado Law School summed up the challenge to privacy smart grid poses well:

"Here—as with all attempts at anticipating problems—the solution must involve, first and foremost, drawing attention to the potential privacy problem posed by the massive deployment of smart metering technologies and the collection of detailed information about the electricity consumption habits of millions of individuals.

From there, efforts to devise potential solutions must progress in parallel paths, the first in search of a regulatory fix, the second a technological one. The first protects against the systematic misuse of collected information by utilities, despite new pressures on their profitability, by ensuring the databases are used only for their principle purposes: informing efficient electricity generation, distribution, and management.

Such regulatory fixes are not difficult. In the final analysis, the privacy problem posed by smart metering is only a difficult one if the data gets unleashed before consequences are fully considered, or ignored once unfortunate consequences are realized. But to ignore the potential for privacy invasion embodied by the collection of this information is an invitation to tragedy."

If interested in keeping track of how this issue progresses, particularly what transpires at the upcoming PUC hearings on smart grid and privacy, regularly check back to this blog.

No comments: