Tuesday, November 10, 2009

The Smart Grid and Privacy

At a now annual gathering of privacy advocate leaders in Sacramento yesterday I was given the opportunity to address our state and nation's transition to a smart grid system and the privacy challenges it poses. I have written about the subject on this blog here and here. As such, I thought I'd share the general outline of that presentation, particularly in light of the the approaching decision by the California Public Utilities Commission as to whether separate privacy specific hearings will be held on smart grid.

What is a Smart Grid?

The ubiquitous deployment of monitoring technologies (called smart meters) that will allow utilities to collect detailed info about electricity consumption habits of homes. As such, they will be able to determine how to operate appliances more efficiently, i.e. ice makers will operate only when the washing machine isn't, TVs will shut off when viewers leave the room, 'air conditioner and heater levels will be controlled”, etc.

Similarly, utilities will be able to adjust home energy usage based on times of the day and temperatures and there will be an increased ability to ensure renewable sources of energy are distributed more efficiently.

All of these home gadgets will be wirelessly connected to the Internet so consumers can access detailed information about their electricity use (although when and how this will be done is not decided).

The benefits of such a system are self evident: Reduce energy use and CO2 emissions (maybe 20% per home), prevent blackouts, spur development of renewables, and improved service because utilities will know when service down immediately (among others)

(Note: the system has just ran into its first major hiccup in California, as the energy bills of smart grid homes in the state have skyrocketed, resulting in a lawsuit against PG&E.)

Up to three-fourths of the homes in the United States are expected to be placed on the “Smart Grid” in the next decade. Already, some 8 million "Smart Meters," have been installed in U.S. homes. There will be nearly 50 million by 2012. PG&E installing 13000 per day in California, and overall, three major utilities will deploy 12 million by the end of 2012.

Let me also be clear, I used to work on climate change and other related energy and environmental issues, so the need for such innovations as smart grid represent a critical step forward and an important component to any comprehensive global warming and sustainability strategy. This however, in no way means we should rush its implementation without considering unintended consequences, particularly related to privacy.

Privacy Implications/Threats

The paradox of a smart grid system is that what will ostensibly make it an effective tool in reducing energy usage - information - is precisely what makes it a threat to privacy: Information (ours).

It is this paradox that has led some to suggest that privacy might even be the “Achilles’ heel” of the Smart Grid.

So what's being done to implement the system and develop proper rules and regulations? The Energy Information and Security Act of 2007 asked state PUC’s to answer a series of smart grid implementation and regulation questions. The data access issue (as in who has it), both a consumers right to their information (ideally in real time) as well as a third party's access to it, was addressed - but privacy was not mentioned.

So what are the unintended consequences of such a system? Privacy issues routinely arise when data collected is harmless in isolation, but becomes a threat when combined with other data, or examined by a third party for patterns.

Bob Sullivan, who covers Internet scams and consumer fraud for MSNBC.com, explains this dilemma well:

...others see a darker side. Utility companies, by gathering hundreds of billions of data points about us, could reconstruct much of our daily lives -- when we wake up, when we go home, when we go on vacation, perhaps even when we draw a hot bath.

They might sell this information to marketing companies -- perhaps a travel agency will send brochures right when the family vacation is about to arrive. Law enforcement officials might use this information against us ("Where were you last night? Home watching TV? That's not what the power company says … ”).

Divorce lawyers could subpoena the data ("You say you're a good parent, but your children are forced to sleep in 61-degree rooms. For shame ...").

A credit bureau or insurance company could penalize you because your energy use patterns are similar to those of other troublesome consumers. Or criminals could spy the data, then plan home burglaries with fine-tuned accuracy. Space-aged visions of talking appliances may seem farfetched. They're not.

Data creep will inevitably happen. Already, some consumers are getting statements that compare their use to neighbors' usage -- and "overusage" premium pricing isn't far behind. But what if the comparisons aren't fair? Most families would want to be compared to similar families -- how much power do three teen-ager daughter households use?

Jules Polonetsky, director of The Future of Privacy Forum, states: "The potential benefits of the Smart Grid are fabulous. I just think that it's critical that sober and adequate thinking be done at this stage. We must do this right or we could hamper the rollout of the Smart Grid and you could have folks unwilling to participate...We are trying to help before it's too late...Knowing what’s going on in people’s homes…this strikes at some of our most core values."

Let's also not forget perhaps the greatest threat of all: Hackers. We must consider the potential of the falsification of power usage, passing on charges to a neighbor, disconnecting someone else from the grid, etc.

It's also not hard to envision RFID tagged food and prescriptions filling our refrigerators and cabinets in the future which could be read by these smart meters. Could that information be sold to marketers too?

Could our health insurance go up because we eat too much unhealthy food? Might we start receiving brochures about other prescription drugs that the company believes they might be able to convince us we need based on others we are taking?

Policy Challenges and Solutions

With all that said, here's a few questions we should all be asking:

How much information should you give up to the grid?

Who gets access to that information and why?

How long does that information remain in a database?

And how do we protect it once in the grid?

Ideally, we'd take the European approach, which binds companies to collect as little information as is necessary to complete a transaction, and they must delete the data as soon as it is no longer needed – known as “Data Minimization”. That's unlikely, however.

So a more likely indicator, and an excellent case study, is what's been going on in Colorado. The state public utility commission there was convinced by Elias Quinn CEES, Uni. Colorado Law School, and author of "Privacy and the New Energy Infrastructure", to hold separate hearings dealing with privacy concerns related to the smart grid. He (and likewise Colorado now) breaks down privacy challenges into four general categories including accompanying policy proposals:

1. Who has Access to Data?
Consumer consent requirements may vary depending on who is seeking your information. Three categories of interests seeking that data were discussed in Colorado, and different approaches were taken for each:

A. Electric Utilities: Opt-Out because the information is critical to the deployment of smart grid networks and to operating the next generation distribution systems, so when people sign-up for service, they can decline to participate.

B. Automation vendors, smart appliance manufacturers, or other related-but-not-essential companies: a one time Opt-In per manufacturer.

C. Entities wholly unrelated to electricity provision: Opt-In in case-by-case (and I'd add proof of good reason to be able to even ask us). So if insurance carrier seeks to examine a customer's usage data, the customer has to be contacted for her informed consent first, and every time.

And let me add a fourth: Law enforcement should be prohibited, by law, from routine access (but of course can subpoena the data when they have a warrant signed by a judge based on already existing reasonable suspicion).

2. How Data Managed? The EU's Data Directive has been cited as a good model, though again, we are far from realizing this here in the states: [1] processed fairly and lawfully, [2] sought or collected for specified purposes, and analyzed only for those purposes, [3] merely adequate and not excessive for the purposes motivating its collection, [4] kept accurate, and [5] kept in a form allowing for identification for no longer than necessary.

Electricity customers should have rights of access or to audit the information for accuracy, or perhaps the right to be given the information in a timely and usable manner, that they might seek their own, third party partners in home automation.

3. How Data Protected?: Utilities should be mandated by law, with strong penalties, to protect information against anyone who would like to monitor/steal/subvert it. That means how to best protect: 1. Security of the Database and 2., Security of the Data in Transit (which could be trickier as it is wireless).

Ideally the data at point of transmission in home would be encrypted, but that is expensive and needs to be done as the system built, not after. We may look back at this missed opportunity with regret.

4. Data Breach Notification: There should be notice requirements such that an electricity consumer is notified in the event that personal information is somehow obtained by a party without the requisite consent.

Update on Progress Here in California

As the California Public Utilities Commission decides on a regulatory framework for a smart grid system in our state, CFC has joined with TURN in urging for a more comprehensive review of the privacy threats such a system poses by holding separate hearings on the subject.

We expect a decision in December. It's too late for other groups to file now in this regard, but the PUC is preparing another notice with a new set of questions that we urge more organizations to participate in, and to certainly contribute if possible to any privacy specific hearings that might be granted.

If privacy concerns are not taken into proper consideration than pursuing a legislative solution may be appropriate.

No comments: