Belatedly, I’ve spotted a good post on the Big Brother Watch blog, here, on the subject of smart metering of utilities such as electricity, gas and water. I tried to leave a comment, but for some reason it got rejected… so here you go:
An awful lot of this debate needs to hinge on transparency. If smart metering is ‘something “they” do to “us” for “their” reasons and benefit’, it will run into considerable opposition, fail to generate the buy-in of household energy consumers, and therefore ultimately fail to reduce energy consumption/carbon footprint etc.
That principle has to guide the energy companies, as they consider design factors such as:
– what are the full range of purposes for which energy consumption data is collected, processed and shared with other organisations?
– what’s the balance of interests between the householder, the energy supplier and third parties?
– exactly what data items are collected by the meters?
– how much of that data is transmitted to the energy supplier?
– how much of it is visible to the householder?
– what degree of control does the householder have over what data is sent and what is kept solely for the householder’s use/convenience?
I really worry when I see the Director of Energy UK, on behalf of the UK Energy Industry, quoted as saying, essentially, “consumers’ security is paramount, and all information will be handled in strict accordance with the Data Protection Act”.
Frankly, if those are the success metrics, the privacy outlook is grim.
1 – Security is not the same as privacy, and a system can be designed to provide great security but trample all over users’ privacy. Privacy needs to be an explicit design goal in its own right from the outset.
2 – Data Protection law applies to the subset of data currently classed as “personally identifiable”… and there is still plenty of argument over what that means. As others have pointed out, you don’t need to personally identify someone in order to burgle their house when energy consumption data indicates they are not at home. DP law is an interesting starting point, but is not sufficient to guarantee a privacy-respecting implementation which protects householders from the range of possible threats.
I am also increasingly wary of promises such as that offered by Mark Daeche of First Utility, who says that information should be “secure and anonymous”. The work, particularly, of Vitaly Shmatikov and Arvind Narayanan has made it increasingly clear that anonymisation of consumer data is extremely hard to guarantee. Their papers should be required reading for anyone involved with supposedly “anonymised” datasets – required, but probably not reassuring. (See Arvind’s excellent blog here, aptly named “33 Bits of Entropy”, for well-informed and well-reasoned thoughts on data and privacy).
The question of “entropy” in personal data is going to be a key one, as we speed ever faster into the world of grids, sensors and smart devices. As I mentioned in a Tweet earlier today, it means that, as a perverse consequence, the more users pare their electricity consumption down to the bare essentials, for instance, the more identifiable the resulting usage pattern will be.