Smart grid could turn appliances into spies, experts warn
Do you want your fridge talking about you behind your back?
With the rapid adoption of a North American "smart grid" aimed at helping consumers conserve electricity, it's also possible that smart appliances will be able to transmit information about their activities (and yours) through the power lines. Your electricity utility may not yet be able to determine when you snack, do laundry or shower, but privacy advocates are sounding the alarm that systems need to be put in place to guard details about a household's electricity usage from prying eyes.
A paper released last November by the Office of the Information and Privacy Commissioner of Ontario and the U.S.-based Future of Privacy Forum proposes building privacy controls right into the smart grid before the system is fully rolled out.
Although different utilities define the smart grid in different ways, the key feature is a two-way communication system between a household's meter and the electricity utility so that energy consumption can be tracked with incredible — sometimes even minute-by-minute — detail.
"The Smart Grid will enable third parties to peer into your home," says commissioner Ann Cavoukian. "You can imagine how tempting the marketing opportunities will be."
So-called smart meters are the first step in creating a smart grid. In Canada, Ontario has been first off the mark. The province has already installed 1.1 million smart meters and plans to have one in every household by the end of 2010. In the U.S., Boulder, Colo., has taken the lead to become the first city with smart meters for every customer.
"Our expectation is that this network will be 100 or 1,000 times larger than the internet," Marie Hattar, vice-president of marketing at U.S.-based Cisco Network Systems Solutions, said when the company announced last year that it intended to make communication equipment for the smart grid. "If you think about it, some homes have internet access, but some don't. Everyone has electricity access — all of those homes could potentially be connected."
How it works
In its most basic form, the smart grid allows utilities to read meters without sending out an employee; instead the meters send a reading back to the utility automatically. But Ontario's push into smart meters has been aimed at changing consumer behaviour, so the launch in that province goes further.
"The Ontario government wanted to get price transparency into the hands of the consumers," says Rick Stevens, director of distribution development at Ontario's Hydro One. "So we're building all the back-office systems to allow customers to get better price transparency through time-of-use rates, which is something we'll be rolling out in the next few months."
Many households with smart meters can already go online and log in to an energy-use account to see how much energy they used during a specific time period. By giving people more detailed information about their electricity usage, the assumption is that they will be willing to reduce their consumption or re-schedule it to off-peak hours when the rate may be cheaper.
Things get trickier from a privacy perspective if the system offers real-time statistics, since electricity use is a good indication of whether someone is at home at that very moment and what they are doing - if they're awake or asleep, for example.
Eventually, utilities will have the ability to allow consumers to see how their energy use compares to that of their neighbours, information that, if not sufficiently protected, could reveal many things about your neighbours' comings and goings as well.
Utilities promise this data will be encrypted and assigned an anonymous number that can't be tracked back to an individual customer. But the cyber security co-ordination task group that has been addressing smart grid privacy concerns in the U.S. has warned, "there is a lack of formal privacy policies, standards, or procedures by entities who are involved in the smart grid and collect information."
It added that, "comprehensive and consistent definitions of personally identifiable information do not generally exist in the utility industry."
Stevens, who has been in touch with Cavoukian and has read the smart grid report, says Hydro One has both hardware and software safeguards in place to preserve customer privacy.
"Hydro One's approach is to build security requirements right up front and put them into our tender documents so that safeguards are integrated as part of the overall design," says Stevens. "Privacy by design is what we live and breathe."
Hydro One has policies in place that prohibit it from selling customer information to third parties. But the pressure for third-parties to access power-usage information will only increase.
Many companies are working on new products — electric vehicles, smart appliances and energy-production systems like solar panels — that have the potential to take advantage of the smart grid's two-way communication system to send usage information from individual appliances and devices to a central office where it can be accessed by the utility or by the user. Whirlpool Corp., for example, announced in January it would produce one million smart appliances by the end of 2011 and make all its appliances smart grid-compatible by the end of 2015.
Device-specific information would be useful to the consumer to get credit, for example, if they were feeding electricity back into the grid from solar panels or a windmill. Some appliances could adjust their own energy consumption according to the time of day or by monitoring what other appliances were running in the home.
This kind of information could help make a home more efficient in terms of energy consumption, but it would also be tempting information for marketers, governments and even thieves. The Future of Privacy report suggests that extensive information could be gleaned from the grid — everything from when you shower or watch TV to which appliances and gadgets you have in your home, and when you use them.
The report urges that any third-party access to the information should not be a deal between the utilities and the third parties, but between the consumers and the third parties. As well, third parties should agree not to correlate data with data obtained from other sources or the individual, without the consent of the individual.
"There always needs be a policy to provide levels of protection, or at least transparency, about how the data will be used," says Christopher Wolf of the Future of Privacy Forum. "It's not the technology that's bad, it's the use of the technology."
Stevens says it's hard to predict how smart appliances and vehicles will interact with the grid. For example, in the future you may be able to plug your electric vehicle into a friend's meter and, by keying in your code, have it billed to your account. This system could make it easier for a person's whereabouts to be tracked, but right now it's just an idea.
"It's not that we're not thinking about it — it's just that we don't build cars, so we have to watch the car makers to see where they're going," says Stevens. "We can't start building functionality because we don't know the requirements at this point."
Ontario privacy commissioner Cavoukian has been calling for companies, governments and other agencies to build their information systems with privacy as the default mode. "If privacy is to live well into the future, we can no longer rely on regulatory compliance. Smart privacy is about having a whole arsenal of protections. That includes having regulations, but they're not going to be enough for the future."