How Privacy (Or Lack of It) Could Sabotage the Grid
By: Guest Editorial
By Jules Polonetsky and Christopher Wolf
In October, President Obama announced $3.4 billion in federal grants to help build our nation’s Smart Grid. The President said that the technology that will make up the Smart Grid will make the nation's power transmission system more efficient, encourage renewable energy sources and give consumers better control over their electricity usage and costs.
The potential benefits are clear. Far less obvious to many is that the smart power grid is also a smart information grid, a system that Cisco’s CEO has predicted will be bigger than the Internet. But while Internet privacy issues are limited to the Web activities of users, the Smart Grid will involve the collection of information about what goes on at people’s homes. As Commerce Secretary Gary Locke stated this September, "The major benefit provided by the Smart Grid... is also its Achilles’ heel from a privacy viewpoint.”
This fall, the National Institute of Standards and Technology (NIST) identified several potential data privacy concerns involving Smart Grid technology. They include the threat of identity theft, the possibility of personal behavioral patterns being recorded and real-time surveillance.
Clearly, a significant amount of new and intimate consumer data will be available through Smart Grid technology. There are numerous potential users of the data, including utility companies, smart appliance manufacturers, and third parties that may want the data for further consumer interactions. Moreover, data that can be collected through smart meters and integrated home networks and appliances has significant value. For example, Smart Grid systems may incorporate advanced broadband and data flow metering functionality, which can collect information about how much electricity an individual uses, which rooms he or she uses most, when, and how often. Armed with this data, utility companies will be able to manage load requirements better and create a more efficient electricity distribution system. In addition, device manufacturers will be able to understand better how their devices are used, allowing them to serve their customers better. These Smart Grid features, however, raise questions about which entities will have access to individual user data and whether individual devices may be identified or tracked.
Potential Smart Grid data users, including utility companies and device manufacturers, must engage in responsible data management practices that build consumer confidence and trust. Such trust can only be achieved if consumers feel that they are receiving sufficient information about and are in control of how their personal Smart Grid data is used. Thus, Smart Grid data users must consider carefully how they will protect the integrity, privacy, and security of the Smart Grid data obtained from consumer usage patterns. In addition, Smart Grid data must be gathered responsibly, securely, and with a measure of transparency and consumer control.
Only if consumers have confidence about how their data is used will there be the critical growth in Smart Grid technologies. An individual consumer must be assured that information about his or her behavioral habits will be used only for the purposes understood and agreed to by that consumer and that it will be protected from improper use. Without such responsible data management practices, there likely will be consumer resistance to Smart Grid technologies and a loss of consumer trust that could hinder Smart Grid deployment efforts, leading to lower demand for new products and reduced innovation.
Utility regulators and government policy-makers have highlighted the need for customer permission in using data from the Smart Grid. However, requesting permission for data use and even communicating data management policies to users can be challenging. Industry, academia and policy groups need to begin the research to determine how best to convey information to users regarding the privacy decisions they will make in incorporating Smart Grid technologies into their homes and lives. Utilities and manufacturers should integrate the principles of Privacy by Design, a concept pioneered by Ontario Privacy Commissioner Ann Cavoukian, into the construction of their data infrastructures.
Taking key privacy concerns into account, before millions of dollars are spent, will ensure that the Smart Grid safeguards the future of our power system and our personal privacy.
The Future of Privacy Forum (FPF) is a Washington, DC based think tank that seeks to advance responsible data practices. The forum is led by Internet privacy experts Jules Polonetsky (former CPO to AOL and DoubleClick) and Christopher Wolf (Partner and chair of the privacy practice at Hogan and Hartson, LLP). FPF also maintains an advisory board comprised of leading figures from industry, academia, law and advocacy groups. FPF was launched in November 2008. More information about FPF is available at www.futureofprivacy.org
Also on SGN:
The Dangers of Meter Data (Part 1)