Privacy on the Smart Grid
Are smart meters spies? They don't have to be
5 October 2010—Back in 2007, when the Dutch government announced that all 7 million homes in the Netherlands would be equipped with smart meters by 2013, it anticipated little resistance. After all, who wouldn’t welcome a device that could save both energy and money? But consumers worried that such intelligent monitoring devices, which transmit power-usage information to the utility as frequently as every 15 minutes, would make them vulnerable to thieves, annoying marketers, and police investigations. They spoke out so strongly against these ”espionage meters” that the government made them optional.
A report released this past April by the New York City–based consulting company Accenture found that the Dutch are hardly alone. Of more than 9000 consumers polled in 17 countries, about one-third said they would be discouraged from using energy-management programs, such as smart metering, if it gave utilities greater access to data about their personal energy use. And in a comprehensive report on smart grid privacy released in September, the National Institute of Standards and Technology (NIST) compiled a list of scenarios that consumers fear if their energy data got into the wrong hands.
It all sounds less paranoid when you consider that each appliance—the refrigerator, kettle, toaster, washing machine—has its own energy fingerprint, or ”appliance load signature,” that a smart meter can read. Anyone who gets hold of this data gets a glimpse of exactly what appliances you use and how often you use them. But with a little clever engineering, utilities could protect consumer privacy without compromising the benefits of smart meters, say researchers at Toshiba Research Europe in Bristol, England.
The researchers propose two technical fixes that could appease consumers and help smart meter programs get successfully under way. Georgios Kalogridis and Costas Efthymiou of Toshiba will present the solutions this week at the first IEEE International Conference on Smart Grid Communications, in Gaithersburg, Md.
The first is a smart grid variation on a technique that’s already used to protect private information collected for health care databases or by Internet services like Google and Amazon. The concept is what’s known as data anonymization. In order for the smart grid to do smart things, such as distribute power more uniformly, it needs to have detailed and frequent information about energy use and a general idea about which geographical areas are using power, the researchers say. But the utility doesn’t necessarily need to know to whom this data belongs. Energy data, in other words, doesn’t need to be tied to a specific household to be useful in managing the grid. Toshiba’s system would hide a smart meter address before sending energy-usage data to utilities, the same way an anonymous Internet proxy server can hide a computer’s IP address before sending data to other networks.
But who or what will do the anonymizing? The problem with giving utilities this responsibility is that many consumers don’t trust them, the researchers say. Indeed, Accenture’s April report found that less than a third of consumers surveyed said they trust their electricity providers to give them good advice about using energy. Trust is particularly low in countries such as Germany and the United Kingdom, where electric utilities have been deregulated and consumers regularly switch providers.
”The reason customers aren’t trusting isn’t because they think their utility is doing something dubious,” says Greg Guthridge, managing director of Accenture’s Utility Customer Care Practice. Rather, customers distrust utilities because they have few interactions with them, most of which are unpleasant—reporting a power outage, for example, or contesting a high power bill. Guthridge believes utilities can still gain consumer trust if they communicate clearly and more frequently about their privacy policies.
The Toshiba researchers propose having a third-party escrow service take charge of anonymizing and managing detailed energy-usage data. In this case, only the escrow service–it could be the smart meter manufacturer or other trusted party–would be able to communicate with the encrypted data-collecting components embedded in the smart meter, the researchers explain. The only identifiable information a utility would get directly from the smart meter would be the information it already gets: billing information and monthly energy use. Of course, this solution would require protocols and standardization, the researchers say.
Their second solution takes an entirely different approach: It anticipates a time in the not-so-distant future, when many people will drive electric and plug-in hybrid cars and having an extra rechargeable battery (or two) around the house won’t be such a novelty. The Toshiba researchers suggest that running a few appliances—or as many as you want—partially off a battery, rather than directly off the grid, would hide the fact that those appliances are in use.
It works like this: If you connect the battery to your electricity supply and intelligently route power from both the battery and the grid to the appliances, then the smart meter will record a very different load signature—one that doesn’t identify appliances. The Toshiba researchers admit that some electricity will be lost in the diversion, so there would be a trade-off of some efficiency for privacy. They are still figuring out how best to optimize both cost and privacy using such a system. On the upside, they point out, storing electricity in a battery would allow the utility to charge it at times when electricity generation is high and demand is low, reducing the risk of blackouts.
It’s a clever idea, says Rebecca Herold, a privacy consultant who heads the NIST smart grid privacy subgroup. ”But it’s important to recognize that whenever you have data that reveals information about people, you still have to have robust policies in place to help guide how it’s used and shared.” In other words, you just can’t engineer your way out of everything.
|Who wants smart meter data?||How could the data be used?|
|Utilities||To monitor electricity usage and load; to determine bills|
|Electricity usage advisory companies||To promote energy conservation and awareness|
|Insurance companies||To determine health care premiums based on unusual behaviors that might indicate illness|
|Marketers||To profile customers for targeted advertisements|
|Law enforcers||To identify suspicious or illegal activity*|
|Civil litigators||To identify property boundaries and activities on premises|
|Landlords||To verify lease compliance|
|Private investigators||To monitor specific events|
|The press||To get information about famous people|
|Creditors||To determine behavior that might indicate creditworthiness|
|Criminals||To identify the best times for a burglary or to identify high-priced appliances to steal|
Source: ”Potential Privacy Impacts that Arise from the Collection and Use of Smart Grid Data,” National Institute of Standards and Technology, Volume 2, pp. 30–32, Table 5-3.
*In the 2001 legal case Kyllo v. United States, the government used monthly utility bills to ”show that the suspect’s power usage was ’excessive’ and thus ’consistent with’ a marijuana-growing operation.”
A correction to this article was made on 06 October 2010.