EFF Advises California PUC on Smart Grid Privacy Protections
California and other states are moving towards a "Smart Grid" -- touted by the federal government as a way to boost reliability, security, and conservation in America's electrical systems. But while a Smart Grid has great potential for consumers, there are still critical questions unanswered about the privacy and security of customers' information.
How much energy you use -- and when you use it -- can reveal surprisingly detailed information about your daily life. This wasn't true when energy usage was only measured once a month. But with shorter intervals and more frequent metering, the picture of your home life is remarkably clear. An executive with Siemens Energy recently told the Smart Grids and Cleanpower conference in Britain, "We, Siemens, have the technology to record it (energy consumption) every minute, second, microsecond, more or less live...From that we can infer how many people are in the house, what they do, whether they're upstairs, downstairs, do you have a dog, when do you habitually get up, when did you get up this morning, when do you have a shower: masses of private data." It's a virtual window into the home. The Smart Grid Interoperability Panel–Cyber Security Working Group recently issued a report on "Privacy and the Smart Grid" that covered these issues in depth.
EFF has been following Smart Grid and Smart Meter issues very closely because of the critical privacy issues at stake. Earlier this year, we asked the California Public Utilities Commission to adopt strong rules to protect this energy usage information. Friday, we filed a joint proposal with the Center for Democracy and Technology, outlining policies and procedures to ensure these important protections. The Samuelson Law, Technology, and Public Policy Clinic at UC Berkeley Law School drafted the comments for CDT.
Under EFF and CDT's proposed policies, California customers would be able to better understand what energy usage information is collected, how the information may be used and shared, and how to exercise meaningful control of the use of the data. Law enforcement would also be required to get a warrant before accessing energy usage information, and utilities would regularly report to the PUC on how often it received these requests. Our proposed rules aren't, of course, a complete answer; it would be better if energy management systems were designed to keep information about our household activities within the home in the first place.
Without strong protections, energy data can and will be used in ways that will hurt consumers. Marketing companies will desperately want to access this data to get intimate new insights into your family's day-to-day routine, and it's not hard to imagine an insurance company interpreting the data in a way that allows it to penalize you. Our privacy rights should be strongest in our home. The states -- and the federal government -- should ensure that energy customers get the protection they deserve.
UPDATE: EFF and CDT filed similar comments with the Department of Energy on November 1.