Smart meters and privacy

Belatedly, I’ve spotted a good post on the Big Brother Watch blog, here, on the subject of smart metering of utilities such as electricity, gas and water. I tried to leave a comment, but for some reason it got rejected… so here you go:

An awful lot of this debate needs to hinge on transparency. If smart metering is ‘something “they” do to “us” for “their” reasons and benefit’, it will run into considerable opposition, fail to generate the buy-in of household energy consumers, and therefore ultimately fail to reduce energy consumption/carbon footprint etc.

That principle has to guide the energy companies, as they consider design factors such as:

– what are the full range of purposes for which energy consumption data is collected, processed and shared with other organisations?

– what’s the balance of interests between the householder, the energy supplier and third parties?

– exactly what data items are collected by the meters?

– how much of that data is transmitted to the energy supplier?

– how much of it is visible to the householder?

– what degree of control does the householder have over what data is sent and what is kept solely for the householder’s use/convenience?

I really worry when I see the Director of Energy UK, on behalf of the UK Energy Industry, quoted as saying, essentially, “consumers’ security is paramount, and all information will be handled in strict accordance with the Data Protection Act”.

Frankly, if those are the success metrics, the privacy outlook is grim.

1 – Security is not the same as privacy, and a system can be designed to provide great security but trample all over users’ privacy. Privacy needs to be an explicit design goal in its own right from the outset.

2 – Data Protection law applies to the subset of data currently classed as “personally identifiable”… and there is still plenty of argument over what that means. As others have pointed out, you don’t need to personally identify someone in order to burgle their house when energy consumption data indicates they are not at home. DP law is an interesting starting point, but is not sufficient to guarantee a privacy-respecting implementation which protects householders from the range of possible threats.

I am also increasingly wary of promises such as that offered by Mark Daeche of First Utility, who says that information should be “secure and anonymous”. The work, particularly, of Vitaly Shmatikov and Arvind Narayanan has made it increasingly clear that anonymisation of consumer data is extremely hard to guarantee. Their papers should be required reading for anyone involved with supposedly “anonymised” datasets – required, but probably not reassuring. (See Arvind’s excellent blog here, aptly named “33 Bits of Entropy”, for well-informed and well-reasoned thoughts on data and privacy).

The question of “entropy” in personal data is going to be a key one, as we speed ever faster into the world of grids, sensors and smart devices. As I mentioned in a Tweet earlier today, it means that, as a perverse consequence, the more users pare their electricity consumption down to the bare essentials, for instance, the more identifiable the resulting usage pattern will be.

Advertisements

2 thoughts on “Smart meters and privacy

  1. Very interesting. Smart meter security & privacy is a topic I've been wanting to study (from the technical perspective). If you could recommend a good place to start that'd be very helpful. Also if you have any pointers to specifics of the data collected and retained either in the scrapped Dutch plan or in the UK…And thanks for the kind words 🙂

  2. John says:

    Warden has already done some impressive analysis of this data at an aggregate level, and I know researchers would love to get their hands on it. And like the “Tastes, Ties, and Time” Facebook project, Warden wants to release the dataset to the academic community. online high school | online high school

Comments are closed.