… And What Your Utility Company Doesn’t Want You to Know about Smart Meters
by K.T. Weaver, SkyVision Solutions
In what was likely a little publicized workshop conducted in November 2013 by the Federal Trade Commission (FTC) on privacy and security issues concerning the Internet of Things (IoT), I found some invaluable insight offered in the FTC video archives on the subject of smart meters.
A presentation was made at the FTC workshop by Lee Tien, senior staff attorney for the Electronic Frontier Foundation (EFF). Key statements in the presentation and follow-up panel discussion include the following:
“I’m not really a cheerleader for the Internet of Things. To me, it raises a huge number of privacy and security issues, to the extent that IoT devices entail ubiquitous collection of large amounts of data about what people do.”
“And you are also concerned about — or should be concerned about the environmental collection, sort of a non-targeted dragnet collection from devices in the environment.”
“Smart meters are a good example.”
“As Justice Scalia said in the 2001 Kyllo thermal imaging case, in the home, our cases show all details are intimate, because the entire area is held safe from prying government eyes.”
“… when large, large amounts of consumers’ information is stored … it either gets monetized or it gets made accessible to the government.”
“… when you look at it from a law enforcement perspective, the Internet of Things is an infrastructure of surveillance.”
Selected excerpts from the November 2013 FTC workshop are provided in the video below. The video is immediately followed by a more complete written transcript of the video content. It is highly recommended to spend the 7+ minutes to watch the video.
As made clear by Mr. Tien, most consumers are not aware of the ‘dragnet’ type of data collection performed by smart meters and how these massive amounts of private data can later be analyzed to reveal much more information about them, more than they could have ever expected.
What is necessary now is that we somehow break through this lack of consumer awareness barrier so that smart meters and those who promote them can receive the full and appropriate level of public outrage that they deserve.
Transcript of Selected Excerpts from the November 2013 FTC Workshop
Mr. TIEN: Good morning. I’m not really a cheerleader for the Internet of Things. To me, it raises a huge number of privacy and security issues, to the extent that IoT devices entail ubiquitous collection of large amounts of data about what people do. And I mean, I think that’s the main thing, that what we are talking about is collecting data about people’s activities, and therefore that’s always going to raise some very serious privacy issues. …
You are talking about, as Mike was saying, about your own devices. You are also concerned about being targeted by other people’s devices. And you are also concerned about — or should be concerned about the environmental collection, sort of a non-targeted dragnet collection from devices in the environment. And the full range of privacy and security concerns about the Internet of Things has to be thought of in that complete context.
So with respect to the home, my starting point is probably pretty conventional. As Justice Scalia said in the 2001 Kyllo thermal imaging case, in the home, our cases show all details are intimate, because the entire area is held safe from prying government eyes. Now we’re not discussing government surveillance today, but I think all consumer privacy advocates, anyone who thinks about the privacy issues thoughtfully, is going to have an eye on what data about household activities or personal activities the government could end up obtaining, either directly from the devices or from IoT providers, whether using legal process or other less savory means.
Smart meters are a good example. This is an area where EFF has been very active … recognizing in California that there was a lot of serious privacy issues around the granular energy usage data. I like to use this quote from Siemens in Europe a few years ago where they said, you know, we, Siemens, have the technology to record energy use every minute, second, and microsecond, more or less live. From that, we can infer how many people are in the home, what they do, whether they are upstairs, downstairs, do you have a dog, when do you usually get up, when did you get up this morning, when you have a shower. Masses of private data. And obviously, this is a European perspective, which is especially solicitous of privacy, and yet the ability to make those kinds of inferences from energy usage data is clearly there. …
The thing that is interesting here is that, while there are real privacy risks, very, very few consumers seem to be aware of them.
Indeed, when I spoke at a public utility lawyers’ conference about a month ago and we talked about the subject, along with the utility representatives, nobody in the room had any idea that there were privacy issues.
And so the thing that — one of the issues I think we have to face is that the modern consumer just doesn’t know that much about what can be learned from their data and therefore a lot of the notice and choice issues that we normally rely on for consumers to protect themselves, that’s going to be a problem. … People have a tendency to underestimate what can be done with it. …
Mr. EICHORN: Lee, let me follow-up on a point that you raised earlier about the dragnet, because a lot of the products we have been talking about here for the home are products where I, as the consumer, go out and affirmatively seek it out and hook it up and connect it to my smart phone or whatever. So, talk about the dragnet a little bit.
Mr. TIEN: Well, I mean obviously I have been working in a smart meter environment, so that’s one where, certainly in California, consumers don’t have a whole lot of choice. The PUC has basically allowed PG&E and the utility to simply install smart meters. So that is sort of the classic example where you are instrumenting homes, with or without consumers’ real consent. And it becomes part of what sociologists would call the furnished frame, as opposed to something that you deliberately chose to bring into the home environment; it’s just there.
The variation on a furnished frame in the Internet of Things is that you don’t really understand what it is that you brought into the home. You know you brought in an internet connected device, but as I mentioned before, you have no idea what the implications of it are. … People just don’t understand how various kinds of big data operations can analyze the data to bring much more out of it than you ever would have expected.
And so this is not necessarily — and it’s not targeted because it’s not like, gee, I want to know about you. It’s that here’s a lot of data that’s become available, through the fact of embedded sensors. And I’m — it’s really a larger issue in the built environment overall. … But it just produces these very, very large masses of data, which you can do all sorts of really fascinating analysis of, but the implications of that are that, even if you’re not being targeted, it can be figured out, many, many interesting things about you, that you might not want, or probably don’t want, anyone who has access to the data to be able to figure out.
Mr. EICHORN: So, there were a couple of reports that came out yesterday, white papers basically, and they both suggested a similar thing which is that the Internet of Things presents some new challenges to notice and choice. And one conclusion that they both supported was that basically, because of the potential new uses of information that may occur to companies after collection, that sort of the idea of specifying the purpose for what you are collecting information is sort of passé.
What do you all think of that?
Mr. TIEN: Let me jump in here for a second. I mean, the predictable things that happen when large, large amounts of consumers’ information is stored is that they — it either gets monetized or it gets made accessible to the government. And the question of government access which was raised by an earlier question is a very significant one, especially when you — because what you are essentially talking about is that an infrastructure — when you look at it from a law enforcement perspective, the Internet of Things is an infrastructure of surveillance.
And so the only question is, how do you, is there a way to actually govern government access to that kind of information?
Source Material for this Article
FTC Workshop on Privacy & Security in a Connected World, November 19, 2013; a public workshop to explore consumer privacy and security issues posed by the growing connectivity of devices; refer to https://www.ftc.gov/news-events/audio-video/video/internet-things-privacy-security-connected-world-workshop-part-1 and http://bcove.me/qf3c21jv (2 hrs 16 minutes).
The video and transcript for the content featured in this article were captured and/or downloaded from the Federal Trade Commission (FTC) website at ftc.gov/news-events/audio-video/ftc-events.
As stated at the FTC website at: https://www.ftc.gov/site-information/website-policy
“Most material on the FTC’s Web site is considered work of the United States Government, meaning that the material is in the public domain and is not subject to copyright restrictions. (17 U.S.C. 105). The use, duplication, or redistribution of such material should be accompanied by appropriate attribution, where feasible (e.g., Source: United States Federal Trade Commission, www.ftc.gov).”
No FTC endorsement or affiliation with the website maintained by SkyVision Solutions is implied by use of FTC materials used within the context of this article.