Excerpt from Comments by the Utility Consumers' Action Network and Privacy Rights Clearinghouse on the Assigned Commissioner's February 8th Scoping Memo
Submitted March 5, 2010
Public Utilities Commission of the State of California
The Privacy Problems Inherent in the Smart Grid
Implementation of the smart grid has significant implications for personal privacy. UCAN's program, the Privacy Rights Clearinghouse, presents the following privacy analysis.
The infrastructure that will support the Smart Grid will be capable of informing consumers of their day-to-day energy use, right down to the appliance level. This sophisticated infrastructure has the potential to curb greenhouse gas emissions and reduce consumers’ energy bills. However, it introduces the possibility of collecting detailed information on individual energy consumption usage and patterns within consumers’ homes, traditionally the most private of places. Industry and regulators must take great care not to sacrifice consumer privacy in the process of developing and implementing the Smart Grid.[1]
Utility regulators play an important role in setting best practices for electricity generation and distribution. The National Association of Regulatory Utility Commissioners’ (NARUC) passed a resolution in 2000 on the privacy of utility customer information. NARUC clearly stated that “customers should be permitted to choose the degree of privacy protection, both with respect to information outflows and inflows.” [2]
However, if privacy regulations make customer usage information too difficult or expensive to obtain, this might inhibit development and growth of the Smart Grid. A balance must be struck that will address any privacy concerns related to Smart Grid information, which is ultimately founded upon who has access to customer usage information, and what they can do with it. [3]
The information collected on the Smart Grid comprises a rich dossier of personal information. Mishandling of such information would lead to the invasion of consumer privacy. However, the exchange of information lies at the heart of the promise of the Smart Grid. Regulatory tools can be employed to strike a balance between privacy risks and energy policy considerations associated with information control restrictions. Regulations seeking to protect consumer privacy must satisfy the dual function of not hindering the development of Smart Grid technologies, while taking care not to sacrifice consumer privacy.[4]
Rather than falling under a comprehensive single law, the Smart Grid intersects with a number of different existing federal and state laws regarding the privacy of activities occurring within the home, the handling of business records and identifiable customer information, the privacy of electronic communications, and access to computer systems.[5]
Smart Grid Development in Other Jurisdictions
Several Smart Grid pilot projects are either underway or soon to be launched in the U.S. Many are funded by ARRA “stimulus” grants.[6] Others are public-private partnerships.
In Europe, Italy is considered to be in the forefront in Smart Grid implementation. Italy’s ENEL Telegestore Project appears to be the first and largest Smart Grid project. Telegestore provides advanced metering and communications involving 27 million meters.[7]
The Italian Regulatory Authority for Electricity and Gas is an independent body established in 1995 to regulate and control the electricity and gas sectors. Among the Authority's many functions, there is not a single reference to privacy.[8]
In North America, Ontario is the Smart Grid leader. Ontario provincial government directed all local distribution companies to install smart meters in every home and small business in the province by 2010.[9] To date, one million smart meters have been installed. Time and use billing is to begin in 2010. Privacy protection measures are also in the early stages. Yet the absence of an explicit regulatory structure dealing with privacy issues is apparent given the concerns expressed by Ontario Information and Privacy Commissioner Ann Cavoukian.[10]
General Principles Essential for Protecting Privacy of Smart Grid Information
The industry lacks a clear set of privacy principles to govern Smart Grid technologies. A comprehensive approach including a regulatory framework is needed. Any regulations must reflect the realities of a Smart Grid in which consumers are active contributors of sensitive personal data.
The National Institute of Standards and Technology has noted that the benefits anticipated by Smart Grid systems come with privacy risks that must be addressed. The Smart Grid will be not only an energy management system, but also a multi-directional always “online” communication network.
A lack of consistent and comprehensive privacy standards throughout the states, government agencies, utility companies, and supporting entities that will be involved with Smart Grid information collection and use creates a very significant privacy risk. The ability to access, analyze, and respond to a much wider range of data from all levels of the electric grid is a major benefit of the Smart Grid, but it is also a significant concern from a privacy viewpoint, particularly when the data, resulting analysis and assumptions, are associated with individual consumers.
Some privacy advocates have raised serious concerns about the type and amount of billing, usage, appliance, and other related information flowing throughout the various components of the Smart Grid. The privacy implications of frequent meter readings being fed into the Smart Grid networks could provide a detailed time line of activities occurring inside the home. This data may point to a specific individual or give away sensitive data.
The constant collection and use of smart meter data has also raised potential surveillance possibilities posing physical, financial, and reputational risks that must be addressed. Many more types of data will be collected through the Smart Grid than the standard monthly meter readings. Moreover, numerous additional entities outside of the energy industry may be accessing such data (e.g., entities that are creating applications and services specifically for smart appliances and smart meters).
Additionally, privacy issues arise from the question of the legal ownership of the data being collected. With ownership comes both control and rights with regard to usage. If the consumer is not considered the owner of the data obtained, he/she may not receive the privacy protections provided to data owners under existing law.[11]
Privacy and security expert Rebecca Herold has identified ten potential data privacy concerns that need to be addressed within the Smart Grid. These privacy concerns are as follows:
- Identity theft
- Determine personal behavior patterns
- Determine specific appliances used
- Perform real-time surveillance
- Reveal activities through residual data
- Target home invasions
- Provide accidental invasions
- Activity censorship
- Decisions and actions based upon inaccurate data
- Reveal activities when used with data from other utilities[12]
Given the potential for the Smart Grid to capture sensitive information about individual and household activities, it is vitally important that utility customers control and own that information. For the purposes of protecting personal information, a time-tested approach to policy development is to utilize the Principles of Fair Information Practices (FIPs).
Fair Information Principles such as “access to one’s personal information,” “security,” and “accuracy” form the basis of several U.S. privacy-related laws. Examples are the Fair Credit Reporting Act (1970) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
In 1980 the Organization for Economic Cooperation and Development (OECD), an international body with 30 member countries, adopted a set of Fair Information Practices consisting of eight principles.[13] The OECD’s FIPs are:
- Collection limitation
- Data quality
- Purpose specification
- Use limitation
- Security safeguards
- Openness
- Individual participation
- Accountability
Key among these for development of the Smart Grid is collection limitation. The potential for privacy to be compromised is minimized if the amount of personal and household information that is captured and retained by the utility is limited. Data retention is an important subset of this issue. Personal information that is collected via Smart Grid systems should be retained only as long as needed for administrative purposes. For research and analysis uses, data should be anonymized and aggregated using methods that effectively obscure personal and household identity.
We recommend that the CPUC adopt a robust set of Fair Information Principles, such as the OECD guidelines, to form the policy framework to protect personal and household information with the implementation of the Smart Grid.
Another constructive approach is provided by the Ontario Information and Privacy Commission in its guide, SmartPrivacy for the Smart Grid, co-authored with the Future of Privacy Forum.[14] Key among the six principles proposed in this document are: privacy as the default, privacy embedded into design, and visibility and transparency. These principles can ensure that key privacy concerns are taken into account before Smart Grid technologies are deployed.
[1] Information and Privacy Commissioner of Ontario, Canada, and The Future of Privacy Forum, "SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation" (November 2009) at 3. http://www.ipc.on.ca/images/Resources/pbd-smartpriv-smartgrid.pdf (accessed February 25, 2010).
[2] National Association of Regulatory Utility Commissioners, “Resolution Urging the Adoption of General Privacy Principles For State Commission Use in Considering the Privacy implications of the Use of Utility Customer Information” (July 26, 2000). http://www.naruc.org/Resolutions/privacy_principles.pdf (accessed February 25, 2010).
[3] Elias Leake Quinn, “Smart Metering and Privacy: Existing Law and Competing Policies—A Report for the Colorado Public Utilities Commission” (Spring 2009) at v. http://www.dora.state.co.us/puc/DocketsDecisions/DocketFilings/09I-593EG/09I-593EG_Spring2009Report-SmartGridPrivacy.pdf (accessed February 25, 2010).
[4] Elias Leake Quinn, “Smart Metering and Privacy: Existing Law and Competing Policies—A Report for the Colorado Public Utilities Commmission” (Spring 2009) at 34. http://www.dora.state.co.us/puc/DocketsDecisions/DocketFilings/09I-593EG/09I-593EG_Spring2009Report-SmartGridPrivacy.pdf (accessed February 25, 2010).
[5] Cyberknowledge and University of California at Berkeley, “Network Security Architecture for Demand Response/Sensor Networks” (Revised June 2006) at 23. http://groups.ischool.berkeley.edu/samuelsonclinic/files/demand_response_CEC.pdf (accessed February 25, 2010).
[6] Greensource, “DOE Awards $620 Million for ARRA ‘Smart Grid’ Pilot Projects” (Dec. 10, 2009). http://greensource.construction.com/news/2009/091210ARRA.asp (accessed March 5, 2010).
[7] National Energy Technology Laboratory for the U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, “Modern Grid Benefits” (August 2007) at 15. http://www.netl.doe.gov/smartgrid/referenceshelf/whitepapers/Modern%20Grid%20Benefits_Final_v1_0.pdf (accessed February 25, 2010).
[8] http://www.autorita.energia.it/it/inglese/about/presentazione.htm#anchor5. (accessed February 25, 2010).
[9] http://www.smartgridnews.com/artman/publish/demand_side/The_Hydro_One_Smart_Network-551.html (accessed February 25, 2010).
[10] Information and Privacy Commissioner of Ontario, Canada, and The Future of Privacy Forum, "SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation" (November 2009). http://www.ipc.on.ca/images/Resources/pbd-smartpriv-smartgrid.pdf (accessed February 25, 2010).
[11] National Institute of Standards and Technology, “NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0” at 118-119. (January 2010). http://www.nist.gov/public_affairs/releases/smartgrid_interoperability_final.pdf (accessed February 25, 2010).
[12] http://www.privacyguidance.com/files/SmartGridPrivacyConcernsTableHeroldSept_2009.pdf (Rebecca Herold) (accessed February 25, 2010).
[13] To read the full text of the OECD’s principles, visit: http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html ("Guidelines on the Protection of Privacy and Transborder Flows of Personal Data," Organisation for Economic Cooperation and Development, 1980.)
[14] Information and Privacy Commissioner of Ontario, Canada, and The Future of Privacy Forum, SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservationhttp://www.ipc.on.ca/images/Resources/pbd-smartpriv-smartgrid.pdf (accessed February 25, 2010). (November 2009) .
