This past March, SkyVision Solutions released a report entitled, “A Perspective on How Smart Meters Invade Individual Privacy.”
The report has now been updated with new information regarding investor owned utilities (IOUs) as well as addressing a White House report concerning “big data” issued in May 2014.
The 75-page report issued by SkyVision Solutions is likely the most comprehensive document of its kind on the topic of smart meter privacy invasions. Through a step-by-step logical approach, it is demonstrated that the collection of incremental energy-related data for residential electric customers using smart meters represents an unreasonable invasion of privacy and, for applicable jurisdictions, constitutes an unreasonable search in violation of the Fourth Amendment of the United States Constitution.
Based upon the information presented in the updated privacy document, it is established that utilities expose consumers to unnecessary risks by collecting massive amounts of smart meter-related data not necessary for billing purposes simply because “they can” and do so without regard to consumer privacy and security interests.
Smart meter data, consisting of granular, fine-grained, high-frequency type of energy usage measurements, can be used by others either maliciously or inadvertently using existing or developing technology to infer types of activities or occupancies of a home for specific periods of time. Analysis of granular smart meter energy data results in or may result in:
- Invasion of privacy and intrusion of solitude;
- Near real-time surveillance;
- Behavior profiling;
- Endangering the physical security of life, family, and property; and
- Unwanted publicity and embarrassment (e.g., public disclosure of private facts or the publication of facts which place a person in a false light).
More specifically, analysis of smart meter data or manipulation of smart meter data/firmware can be used for the following purposes:
- Determine how many people are home and at what times;
- Determine your sleeping routines;
- Determine your eating routines;
- Determine what appliances you use when, e.g., washer, dryer, toaster, furnace, A/C, microwave, medical devices … the list is almost endless depending on the granularity of the data;
- Determine when a home is vacant (for planning a burglary), who has high-priced appliances, and who has a security system;
- Law enforcement can obtain information to identify suspicious or illegal behavior or later determine whether you were home on the night of the alleged crime;
- Landlords can spy on tenants through an online utility account portal;
- For consumers with plug-in electric vehicles, charging data can be used to identify travel routines and history;
- Utilities can promote targeted energy management services and products;
- Marketers could obtain information for targeted advertising;
- Hackers could wirelessly update smart meter firmware and remotely disconnect users. This could also allow attackers to corrupt the smart meters of individual homes, running up bogus charges or cause an electrical system to malfunction, shut down, or surge (frying all of your outlets and anything connected to them). Cyber assaults could involve hackers causing networked thermostats and appliances to malfunction possibly causing physical harm, especially to vulnerable populations. [Reference: “The Future of Crime” article, dated May 14, 2014];
- In combination with smart water meter data, exact times for taking a shower or bath can be determined and, with even greater accuracy, when is a home vacant and susceptible to undetected burglary.
With regard to informing consumers of smart grid risk-related information, utilities and manufacturers have no incentive to inform consumers of these risks since such action would create an even greater consumer backlash against the deployment of the smart grid technologies. Risk-related information is being deliberately suppressed by the smart grid industry, and the public is being provided misinformation which would indicate that there are no additional privacy or security risks related to smart meters as compared to the old analog meters.
Smart Meter Privacy Invasions by Investor Owned Utilities (IOUs)
It is broadly stated that the Fourth Amendment applies only to acts by the government. However, if an investor owned utility (IOU) company is ordered by a state public utility commission to install privacy invading smart meters as part of a mandate or otherwise ordered to charge a penalty fee for those refusing smart meters, then the private utility arguably becomes an “instrument or agent of the state” and must abide by Fourth Amendment provisions.
The legal argument runs along the lines that if the state public utility commission orders the utility to record larger quantities of data than is customary, then Fourth Amendment provisions apply. A key point in the argument is that the “customary” data set is that necessary for calculating a monthly utility bill, i.e., a once per month meter read. When a private “investor-owned” utility is ordered by a state public utility commission to install granular data collecting smart meter technology and/or to charge tariffs for those customers refusing such installations, then such orders constitute “state action.” As such, the state utility commission and private utility company are now subject to the limitations of the Fourth Amendment.
If the actions are further determined to constitute an unreasonable invasion of privacy, then those organizations have violated the Fourth Amendment rights of the affected customers.
The White House Report on Big Data and Privacy
In May 2014, a White House report was issued from the Executive Office of the President, entitled, “Big Data: Seizing Opportunities, Preserving Values.”
Somewhat remarkably, if one reads the White House report and a referenced paper to be quoted below, one will discover that the content is consistent with the assertions of the privacy report prepared by SkyVision Solutions.
The White House report recognizes the necessary protection of citizen privacy interests where it states:
“A legal framework for the protection of privacy interests has grown up in the United States that includes constitutional, federal, state, and common law elements. ‘Privacy’ is thus not a narrow concept, but instead addresses a range of concerns reflecting different types of intrusion into a person’s sense of self, each requiring different protections.”
“Big data” is described as “large, diverse, complex, longitudinal, and/or distributed datasets generated from instruments, sensors, Internet transactions, email, video, click streams, and/or all other digital sources available today and in the future.” Such data would include information collected from utility smart meters, and it was recognized that privacy would be affected by such data collection where the White House report states:
“Power consumption data collected from demand-response systems show when you move about your house.”
The White House report further references a document called “A Privacy-Aware Architecture for Demand Response Systems,” by Stephen Wicker and Robert Thomas, January 2011.
The Referenced Wicker and Thomas Paper
What follows are several quotes from the Wicker and Thomas paper referenced in the White House report.
From the abstract:
“We explore the privacy issues implicated by the development of demand response systems. We begin by highlighting the invasive nature of fine-granularity power consumption data, showing that the data collected by Advanced Metering Infrastructure (AMI) reveals detailed information about behavior within the home.”
Quoting section 3 of the paper, “AMI and the threat to privacy”:
“It has been shown that the detailed power consumption data collected by advanced metering systems reveals information about in-home activities. Furthermore, such data can be combined with other readily available information to discover even more about occupant’s activities.”
[Commentary: Utilities typically deny that detailed power consumption data can reveal in-home activities.]
Other sections of the paper emphasize the following key elements of a successful smart meter program:
“Require consent to data collection.”
[Commentary: Almost no utilities are requiring customer consent to data collection when installing smart meters. On the contrary, utilities install the privacy invading equipment and apparently assume consent.]
“Minimize collection of personal data.”
[Commentary: In contrast to minimizing data collection, most utilities appear to be collecting as much data as the purchased equipment can handle.]
“In any case, the utility’s need for consumption data should not be at the level of the individual consumer.”
[Commentary: As indicated in the paper, the utility has no need for consumption data at the level of the individual consumer; therefore there is no basis for its collection and retention unless explicit consent is received from the customer.]
What about this quote from the paper?
“Consumers may become alarmed at the privacy risk, motivating legislation calling for an expensive retooling of the system. Judicial action may also put the program at risk. Whether from public outcry or judicial action, systems that forsake privacy-awareness may find themselves shut down.”
As one can easily see, utilities are deploying smart meters in total disregard of the guidance provided above, ignoring and denying the privacy concerns and interests of consumers, thereby putting them at risk. So, based upon the words in the above referenced paper, we need a “retooling of the system.”
Utilities must immediately change course and respect the rights of the consumer. Otherwise, as stated in the Wicker and Thomas paper, those “that forsake privacy-awareness may [and should] find themselves shut down.”
Could the risks not be more clear? It is not like I am making this stuff up. I am just quoting information right from a paper referenced in a recently released White House report on “Big Data” from the “Executive Office of the President.”
Other selected quotations in the updated privacy document released by SkyVision Solutions (and from a document referenced by the Wicker and Thomas paper) include the following:
“[N]ew data flow [from smart meters] removes a structure that once afforded privacy protection for in-home activities (that is, the walls, combined with a low level of detail about energy consumption) and replaces it with a system that breaches the home’s walls and exposes real-time consumption data.”
“[E]ven the simplest data mining and pattern-matching tools can convert power consumption data into information about events within ‘the sacred precincts of private and domestic life.’”
Wake up people and be a part of the solution mentioned in the Wicker and Thomas paper, whether it be motivating legislation, judicial action, or just holding your utility commission and utility company accountable for ignoring your rights.
Let us protect the “the sacred precincts of private and domestic life” for ourselves and our children. At the very least from a privacy perspective, explicit consent of the customer/citizen must be required prior to granular usage data collection by the utility. Beyond that of course, when one takes into account the various other significant risks related to “advanced” metering, the entire program needs to be halted in its tracks and completely “retooled.”
To download the fully updated privacy invasion report by SkyVision Solutions, click on the hyperlink: Utility Smart Meters Invade Privacy.
Addendum (Commentary Added October 8, 2015)
It has been just over a year since the issuance of the updated privacy invasion report by SkyVision Solutions. In several instances the report makes the assertion that smart meters that collect personal data not required for billing purposes are being imposed upon consumers without their consent. This assertion is central to the argument that such unnecessary data collections result in an unreasonable invasion of privacy.
In July 2015, there was a ruling made by a Federal Judge in the case of NSMA v. City of Naperville that denied an unreasonable search and invasion of privacy claim for smart meters. A full review of the case files for that docket revealed that a key conclusion made by the Judge in this case is that:
“NSMA members are deemed to have consented through their usage of electricity services knowingly supplied by the City.”
SkyVision Solutions maintains that all assertions made within its privacy report remain valid but acknowledges the challenges in getting Judges to apply common sense as well as legal prudence in interpreting what it means to provide consent for an invasion of privacy within the sanctity of the home. For additional insight on the above mentioned ruling, please refer to the following link: