Foreword

Recognizing that a multiplicity of forces act upon an organization’s ability to protect its customer’s data or subject’s privacy, I developed the term SmartPrivacy to describe the holistic approach necessary to realizing the objective of all encompassing data protection.

SmartPrivacy represents a broad arsenal of protections, encapsulating everything necessary to ensure that all of the personal information held by an organization is appropriately managed. These include: Privacy by Design; law, regulation and independent oversight; accountability and transparency; market forces; education and awareness; social norms; data security; and fair information practices. Each of these elements is important, but my concept of Privacy by Design represents its sine qua non. Those who fail to envision privacy requirements early in the development of technology, business practices or physical space and infrastructure will be less likely to provide comprehensive protection, despite the presence of the other elements.

Privacy by Design or PbD is a concept I developed in the ’90s. Building on the elements discussed, it ensures the protection of privacy through the use of privacy-enhancing technologies—embedding them into the design specifications of information technology, business practices, physical environments and infrastructure—making privacy the default. Recently, I evolved the concept of PETs, extending it to PETs Plus by adding a new dimension of a positive-sum (win-win) paradigm to replace the traditional zero-sum approach. Building on PETs Plus we advance the view that it is not necessary to trade off privacy against equally important goals such as security, transparency or other functionality.

The objectives of Privacy by Design—ensuring privacy and personal control over one’s information and, for organizations, gaining a sustainable competitive advantage—may be accomplished by practicing the seven foundational principles outlined in Appendix A.

I am pleased to have collaborated with the Future of Privacy Forum in preparing this report. The Future of Privacy Forum is a think-tank made up of Chief Privacy Officers, privacy advocates, and academics interested in promoting responsible data practices. We believe that taking a Privacy by Design approach to the Smart Grid will benefit from cross-industry and cross-discipline co-operation.

Ann Cavoukian, Ph.D.

Information and Privacy Commissioner

Ontario, Canada

Introduction

The current electrical grid is seen by some as the greatest engineering achievement of the 20th century, and is the considered to be the largest machine on the planet. However, it is increasingly out of date and overburdened, leading to costly blackouts and brownouts. For example, the 2003 blackout in the northern and eastern U.S. and Canada caused a $6 billion loss in economic revenue (U.S. Department of Energy 2008). Utility providers struggle to monitor the grid’s performance, and in many areas, they depend on customers to report power outages. This is because the grid was designed to meet one main goal—to ensure that the lights kept glowing—before much of the technology that depends on it existed. It was not originally designed to incorporate other goals such as energy efficiency, reduced environmental impacts, incorporating alternative energy sources, allowing for more consumer choice, and robust cyber security.

Modernization efforts are underway to make the current electrical grid “smarter.” The infrastructure that will support the future Smart Grid will be capable of informing consumers of their day-to-day energy use, even at the appliance level. While this is beneficial and supports valuable efforts to curb greenhouse gas emissions and reduce consumers’ energy bills, it introduces the possibility of collecting detailed information on individual energy consumption use and patterns within the most private of places—our homes. We must take great care not to sacrifice consumer privacy amidst an atmosphere of unbridled enthusiasm for electricity reform. Information proliferation, lax controls and insufficient oversight of this information could lead to unprecedented invasions of consumer privacy. We recognize the value of the information on the grid, which will give consumers more control over their electricity usage and give utilities the ability to manage demand requirements, but the dissemination of data must be done in a trustworthy and transparent manner.

Customers’ relationships with power utilities are generally borne out of necessity—unless an individual can generate their own power, they must either obtain power from a utility or go without it. The expectation, however, is that the utility will supply electricity only, and not to monitor customers’ behaviours and activities. Much in the same way that we do not expect the postman to look inside our windows when he is delivering the mail, or the cable person to monitor the TV shows we watch after he has completed the cable installation, so too do customers not expect there to be any surreptitious profiling of their in-home energy-related behavioural patterns.

Utility regulators have an important role in setting best practices for electricity generation and distribution, such as the National Association of Regulatory Utility Commissioners’ resolution passed in 2000 on the privacy of utility customer information (NARUC 2000). As the Smart Grid develops and the nature of information exchanges on it become clearer, utility regulators can look to the insights gained in other areas where technology has prompted a privacy debate and can learn from their successes and mistakes.

This paper will introduce the reader to the Smart Grid and its benefits, as well as the questions that should be explored regarding privacy. SmartPrivacy will also be explained and applied to the Smart Grid scenario. Now is the time to bake privacy into the Smart Grid, while it is in its nascent stages.

What is the Smart Grid?

“Smart Grid” refers to the modernization of the current electrical grid so that there is bi-directional flow of information and electricity in order to achieve the following goals: provide consumers with more choices on how, when, and how much electricity they use; self-heal in case of disturbances, physical and cyber attacks, and natural disasters; link with a wide array of energy sources, in addition to energy produced by power plants, such as renewable energy producers; provide better power quality, and more efficient delivery of electricity. Communications technology and infrastructure is at the heart of improvements to the electrical grid, which will collate data provided by smart meters, sensors, computer systems, and many other devices into understandable and actionable information for consumers and utilities (Building the energy internet 2004; Building the smart grid 2009).Footnote 1 The overall vision for the Smart Grid is that it will possess the following qualitiesFootnote 2:

  • Intelligent—capable of sensing system overloads and rerouting power to prevent or minimize a potential outage; of working autonomously when conditions require resolution faster than humans can respond and cooperatively in aligning the goals of utilities, consumers and regulators

  • Efficient—capable of meeting increased consumer demand without adding infrastructure

  • Accommodating—accepting energy from virtually any fuel source including solar and wind as easily and transparently as coal and natural gas; capable of integrating any and all better ideas and technologies—energy storage technologies, for example—as they are market-proven and ready to come online

  • Motivating—enabling real-time communication between the consumer and utility so consumers can tailor their energy consumption based on individual preferences, like price and/or environmental concerns

  • Opportunistic—creating new opportunities and markets by means of its ability to capitalize on plug-and-play innovation wherever and whenever appropriate

  • Quality-focused—capable of delivering the power quality necessary—free of sags, spikes, disturbances and interruptions—to power our increasingly digital economy and the data centers, computers and electronics necessary to make it run

  • Resilient—increasingly resistant to attack and natural disasters as it becomes more decentralized and reinforced with Smart Grid security protocols

  • “Green”—slowing the advance of global climate change and offering a genuine path toward significant environmental improvement.

Smart Grid technologies are expected to produce valuable cost and energy efficiencies all along the electrical distribution system. One of the first and most important will be to meet peak energy demand more efficiently and with less detriment to the environment. Since storage of electricity is currently very costly, electricity must be consumed the moment it is created. As a result, estimating the correct amount of demand of electricity is very difficult. Without the benefit of this knowledge, electricity providers must use “peaker plants” when energy demand threatens to exceed supply levels. Peaker plants tend to be older, expensive to bring online, and require fuel to operate, which further creates greenhouse gases.Footnote 3

Additional benefits of the Smart Grid will include: incorporating into the grid cleaner sources of energy; providing consumer control over energy usage and cost; bringing more transparent pricing strategies that can lead to up to 5 to 15% in energy consumption reduction; increasing reliability of power supply meaning fewer power outages, and outages that are shorter in length (currently, half a million Americans spend a minimum of two hours without electricity every day); lessening power quality fluctuations; and lowering expenses for grid operators who are better able to use their assets, and more efficiently run the grid (Illinois Smart Grid Initiative 2009).Footnote 4

Consumers are an important focus of grid improvements because they represent almost a quarter of all energy consumed (Energy Information Administration 2008). So how does the Smart Grid vision relate to identifiable individuals?Footnote 5

With Smart Grid technology people will be able to:

And they will do it by:

Understand how their household uses energy, manage energy use better, and reduce their carbon footprint.

1) Logging into their energy use account and seeing how much energy they are using in real time, and as compared to their neighbours, as reported by smart meters installed at each household.

2) Using smart devices, such as a smart thermostat that shows minute-by-minute price of energy. The thermostat could be programmed to make decisions about the house’s heating and air conditioning levels. If the price of energy is high, and no one is home, the thermostat could be set to adjust automatically to use less energy. Smart appliances could also be programmed to run when energy is cheaper, such as a dishwasher running at night.

3) At peak energy usage times, allowing the utility to lower energy consumption of smart devices, such as adjusting a house’s air conditioner by a few degrees.

Control expenditure on electricity.

1) Accessing their account balance, and seeing how many units are being used per day, and which appliances are costing the most money.

2) Taking advantage of energy saver plans offered by the utility to keep energy use in line with a person’s budget. For example, if a heat wave hits and the price of electricity peaks, the individual could be notified that they may exceed their budget. The individual would then be in control regarding whether the utility could adjust the temperature of the air conditioning a few degrees when peak energy consumption occurs.

Experience fewer and shorter power outages, and to be notified when the power will come back on.

1) Having the Smart Grid pinpoint the location of the outage and dispatch workers to the scene immediately. Power will be routed around the outage, so that less individuals are affected by the power outage.

2) Signing up to receive alerts when the power goes out via text message to a mobile phone regarding when the power will be back on. Additional messaging services could provide alerts regarding a loved one’s energy restoration time.

Control energy devices in the home.

1) Tying all energy devices that give energy back to the grid, such as a plug-in hybrid vehicle and solar panels, to a central household control which provides up-to-the-minute indication of energy use.

2) Monitoring whether their home is using more energy than it is producing, and adjusting devices so they use less energy. The smart meter tracks this activity, and any surplus in energy shows up as a credit on the person’s utility bill.

3) Controlling smart devices and account information over the Internet, allowing individuals to monitor and adjust their house’s energy usage remotely.

Significant development towards achieving a vision for a Smart Grid is occurring widely in North America and Europe. For example, the U.S. economic stimulus plan included the passing of the American Recovery and Reinvestment Act of 2009,Footnote 6 which is allocating billions of dollars to fund improvements to the electrical grid. The Department of Energy has dispersed 3.4 billion in Smart Grid grants which will lead to the rollout of 18 million smart meters, 1 million in-home management systems, and advanced load management devices (Fehrenbacher 2009). In Boulder, Colorado, Xcel Energy has instituted “SmartGridCity”, a joint consortium of eight information technology companies to develop and implement Smart Grid technologies for Boulder’s residents (Smart Grid City 2009). Homes will be outfitted with smart metering devices and each ratepayer will have access to an in-home energy management website, which will monitor energy use and provide information and recommendations for lowering energy use and costs (Proctor 2009). Xcel Energy has also installed infrastructure that will protect against blackouts and reroute power around electricity bottlenecks (Proctor 2009). In Europe, the European Parliament passed the 3rd Energy Package in April 2009 which proposes that 80% of electricity customers have smart meters by 2020 (EU Energy Package comes into force 2009).

Ontario is pursuing a culture of conservation by encouraging Ontarians to lower their consumption of electricity during peak periods, and to incorporate alternative energy sources such as wind and solar. The Government of Ontario has committed to installing a smart meter in all Ontario homes and small businesses by the end of 2010, and passed legislation to facilitate the program.Footnote 7 It is estimated that the cost of grid improvements in Ontario will be approximately $320 million in the first 5 years (Ontario Smart Grid Forum 2009). Several conservation and grid initiatives are already underway. For example, Toronto Hydro has energy saving programs (clothesline giveaway, LED Festive Light Exchanges and CFL rebate), as well as load management programs (Peaksaver and PowerShift). Toronto Hydro also has a Renewable Energy Standard Offer Program where residential customers generate electricity which they sell back to the grid.Footnote 8 The Ontario Centres of Excellence have 14 projects relating to Smart Grids with investments at approximately $12 million.Footnote 9

Smart Grid technology is also being supported by significant private investment. Companies are pursuing new products in the area of electric vehicles, smart appliances, and energy production technology, such as solar panels for household roofs, as well as new service offerings in the management of energy capacity, location, time, rate of change and quality. Significant private sector investment is occurring with Smart Grid venture capital, valued at over $900 million between the years 2000 and 2008 (U.S. Department of Energy 2009).Footnote 10 Morgan Stanley estimates that the Smart Grid market will be $100 billion in 2030 (Wiser wires 2009).

Personal information and the Smart Grid

“Personal information” refers to any recorded information about an identifiable individual. In addition to one’s name, contact and biographical information, this could include information about individual preferences, transactional history, record of activities or travels, or any information derived from the above, such as a profile or score, and information about others that may be appended to an individual’s file, such as about family, friends, colleagues, etc. In the context of the Smart Grid, the linkage of any personally identifiable information with energy use would render the linked data as personal information.

Modernization of the current electrical grid will involve end-user components and activities that will tend to increase the collection, use and disclosure of personal information by utility providers, as well as, perhaps, third parties. The following are some of those components:

Smart meters

A smart meter is a meter that can record and report electricity consumption information automatically. Smart meters identify consumption in greater detail than a conventional meter and communicate that information back to the electrical utility for monitoring and billing purposes. Smart meters will range in terms of interaction with the utility and the distribution component of the grid, from relaying information on a daily, hourly or real-time basis. Smart meters are more tamper-resistant, can be remotely connected or disconnected, help with the detection of outages, as well as unauthorized removal and meter bypass. The data may be sent to the utility provider either over the wires or wirelessly. As mentioned above, in Ontario, every home and business will have a smart meter by the end of 2010.Footnote 11 In the United States, more than 8.3 million smart meters have already been installed (St. John 2009), and the number is projected to reach 52 million by 2012.Footnote 12

Smart appliances

Smart appliances may be configured by the end-user to communicate information directly to the utility operator for efficient and more productive use of electricity. Consumer investments in “smart” devices could save them money on energy consumption in the future. Smart devices include thermostats, clothes washers, dryers, microwaves, hot water heaters, and refrigerators. “For example, a ‘smart’ water heater could be equipped with a device that coordinates with a facility’s energy-management system to adjust temperature controls, within specified limits, based on energy prices.”Footnote 13 This practice is called “dynamic pricing.”

Many smart appliances are designed to communicate frequently with the grid to indicate how much energy they are using, as well as understand and respond to price incentives, which will provide detailed information on their use and status. Several major appliance manufacturers are already working on appliances to be used on a Smart Grid. General Electric Co. will introduce smart water heaters by the end of 2009 and will roll out “smart” versions of each of its appliances over the next several years (Smith 2009). Whirlpool Corporation will produce one million smart clothes dryers by 2011 (Smith 2009). These appliances will be able to automatically turn off during times of high electricity demand and will be equipped with software that will allow the appliance to communicate with metering devices and other appliances in the home (Smith 2009). The technologies will work in conjunction with tiered electricity pricing to allow the consumer to use power in a cost-efficient manner (Smith 2009).

Dynamic pricing

Dynamic pricing is a type of economic incentive, and the consumer’s response to those incentives is called “demand participation” or “demand response.” Dynamic pricing uses technology that will provide the customer with pricing information for current or future time periods, and will allow the customer to modify his/her demand in accordance with this pricing information. Dynamic pricing can take the form of (Smith 2009, p. 15):

  • Time-of-use pricing: Energy prices are higher at pre-designated peak times.

  • Critical peak pricing: The most critical peak hours are identified and a much higher price level is set for those hours, however the total number of hours with higher prices is a comparably smaller number of hours than time-of-use.

  • Real-time pricing: Prices vary by the hour according the utility’s cost to purchase the energy.

Consumer access to energy-related information

Consumers will have access to energy pricing information, status of their usage, and other energy-related information. Companies are advancing energy use tracking tools and software applications so consumers may monitor their electrical consumption with a view to saving money and reducing their carbon footprint (e.g., Google’s PowerMeter, Microsoft’s Hohm, and GridPoint Inc.). Hydro providers are also setting up their own customer web interfaces.

Load management

Load management will grant active or passive control of customer smart appliances such as air conditioners, water heaters, and pool pumps to the utility company so it may reduce or smooth demand for electricity during peak energy demand periods. Please see Appendix B for additional description of Smart Grid components.

Privacy concerns

Modernization of the grid will increase the level of personal information detail available as well as the instances of collection, use and disclosure of personal information. Instead of measuring energy use at the end of each billing period, smart meters will provide this information at much shorter intervals. Even if electricity use is not recorded minute by minute, or at the appliance level, information may be gleaned from ongoing monitoring of electricity consumption such as the approximate number of occupants, when they are present, as well as when they are awake or asleep.Footnote 14 For many, this will resonate as a ‘sanctity of the home’ issue, where such intimate details of daily life should not be accessible.

There are many significant privacy concerns and issues relating to the U.S. Smart Grid according to a high-level privacy impact assessment (PIA) by the Privacy Sub-Group of the Cyber Security Coordination Task Group responsible for addressing privacy on the Smart Grid, particularly in the area of consumer-to-utility information exchanges. The PIA stated that (U.S. Department of Commerce 2009a; U.S. Department of Commerce 2009b; U.K. Department of Energy and Climate Change 2009):

  • the privacy implications of the Smart Grid are not yet fully understood

  • there is a lack of formal privacy policies, standards, or procedures by entities who are involved in the Smart Grid and collect information

  • comprehensive and consistent definitions of personally identifiable information do not generally exist in the utility industry

  • distributed energy resources and smart meters will reveal information about residential consumers and activities within the house

  • roaming Smart Grid devices, such as electric vehicles recharging at a friend’s house, could create additional personal information

  • smart meters and the Smart Grid network will be able to use personal information in unlimited numbers of ways

  • despite the 2000 resolution adopted by the National Association of Regulatory Utility Commissioners urging the adoption of privacy principles, few state level utility commissions have begun to assess privacy and the Smart Grid

  • future research is necessary and conducting further PIAs is crucial.

Privacy concerns arise when there is a possibility of discovering personal information such as the personal habits, behaviours and lifestyles of individuals inside dwellings, and to use this information for secondary purposes, other than for the provision of electricity. Electric utilities and other providers may have access to information about what customers are using, when they are using it, and what devices are involved. An electricity usage profile could become a source of behavioural information on a granular level.Footnote 15

For example, it is suggested that the following information could be gleaned with the introduction of end-user components (these issues will become more practical concerns as appliances and devices become part of the grid): Whether individuals tend to cook microwavable meals or meals on the stove; whether they have breakfast; the time at which individuals are at home; whether a house has an alarm system and how often it is activated; when occupants usually shower; when the TV and/or computer is on; whether appliances are in good condition; the number of gadgets in the home; if the home has a washer and dryer and how often they are used; whether lights and appliances are used at odd hours, such as in the middle of the night; whether and how often exercise equipment such as a treadmill is used. Combined with other information, such as work location and hours, and whether one has children, one can see that assumptions may be derived from such information. For example: the homeowner tends to arrive home shortly after the bars close; the individual is a restless sleeper and is sleep deprived; the occupant leaves late for work; the homeowner often leaves appliances on while at work; the occupant rarely washes his/her clothes; the person leaves their children home alone; the occupant exercises infrequently (Quinn 2009).

The use of identifiable information beyond the primary purposes for which it was originally collected requires special considerations from a privacy perspective. There may be the temptation to bundle such information into several different data products such as energy usage or appliance data, either in identifiable customer-level, anonymized or aggregate form. Other “temptations” may include utilities and third parties using the data to seek consent for other services, and third parties seeking to engage the user directly for commercial gain (e.g., targeted advertising). Though our primary concern is with personally identifiable information, even data that is anonymized may still raise privacy issues. As has been the case in the behavioural advertising arena, users can be treated differently or marketed to specifically based on individual, but not personally linked data, raising the need for enhanced privacy protections (FTC Press Release 2009). In addition, researchers have documented the ease of identification of users, even when a minimum of non-personal information about them is available (See Ohm 2009).

It is not yet clear who along the grid will have access to a user’s personal information and where on the grid such access will be possible. Some utilities have indicated that they have no need or desire for device level electricity usage for their grid management needs. In some current Smart Grid environments, consumers have already begun to receive information about their own electricity use, as compared to other consumers in their geographic area. When these data points become more specific (i.e., perhaps broken down by income, age, household size, etc.), what are the benefits and risks to the dissemination of more granular data? In the United States, many states already have regulations for utilities with respect to account data. It is yet unclear how this new information will be treated under the current regulatory regimes. It is important to research further the potential for such access and the treatment of personal information, given the vast information sharing components of the Smart Grid.

Information sharing components of the Smart GridFootnote 16

Concerns exist that personal information on the Smart Grid could be used to make important decisions regarding individuals without their consent, such as in the case of determining insurance risk. As a result, earning the trust of consumers in the modernization of the electrical grid into the Smart Grid will be key.Footnote 17 Since the future Smart Grid relies on consumers to use and invest in smart technologies, the Smart Grid itself is dependent on ensuring that consumers see the value of such time and investment.Footnote 18 If the Smart Grid and smart appliances become synonymous with privacy invasion, visions of the Smart Grid may slow or stall altogether. However, there is another way, it starts by building SmartPrivacy into the Smart Grid.

SmartPrivacy for the Smart Grid

There are a number of important and necessary uses of personal information in the Smart Grid context, such as by a utility provider in the provision of service, price notification, connecting and disconnecting power remotely, and detecting the theft of devices. In addition, the use of personal information may be used to offer beneficial services to consumers, such as energy efficiency analysis and monitoring, and load management. However, other uses of consumer information—those not directly tied to the primary purpose of collecting the data—may raise privacy concerns if consent from the individual has not been obtained.

Without diminishing the benefits of the Smart Grid, it is possible to design privacy directly into the Smart Grid by making it the default (no action would not be an option) in all physical, administrative and technological aspects of the system. The vision of SmartPrivacy can be translated in terms of the vision for the Smart Grid in the following way:

Smart GridFootnote 19

Smart Grid with SmartPrivacy

Intelligent—capable of sensing system overloads and rerouting power to prevent or minimize a potential outage; of working autonomously when conditions require resolution faster than humans can respond and cooperatively in aligning the goals of utilities, consumers and regulators.

Intelligent—capable of collecting the minimum amount of personal information necessary from consumers, without diminishing the quality and range of services offered. Works transparently with consumers to communicate information regarding the collection, use and disclosure of their personal information. Plans in advance how to protect privacy and security, and builds it into the system in advance of its use.

Efficient—capable of meeting increased consumer demand without adding infrastructure.

Efficient—capable of meeting increased consumer demand without compromising the privacy and security of personal information. Securely disposes of personal information when it is no longer needed for the purpose for which it was originally collected.

Accommodating—accepting energy from virtually any fuel source including solar and wind as easily and transparently as coal and natural gas; capable of integrating any and all better ideas and technologies—energy storage technologies, for example—as they are market-proven and ready to come online.

Accommodating—accepting of a variety of consumer preferences with regards to the use, retention, and disclosure of personal information—makes these options easily accessible to the individual.

Motivating—enabling real-time communication between the consumer and utility so consumers can tailor their energy consumption based on individual preferences, like price and/or environmental concerns.

Motivating—enabling communication and notice between the consumer and utility so that consumers can tailor their personal information options, based on individual preferences. Proactively obtains consent before disclosing any personal information to a third party.

Opportunistic—creating new opportunities and markets by means of its ability to capitalize on plug-and-play innovation wherever and whenever appropriate.

Opportunistic—creating new opportunities and markets by means of its ability to capitalize on privacy-enhancing technologies, wherever and whenever appropriate.

Quality-focused—capable of delivering the power quality necessary—free of sags, spikes, disturbances and interruptions—to power our increasingly digital economy and the data centers, computers and electronics necessary to make it run.

Quality-focused—capable of delivering information that is free of inaccuracies, and allowing individuals to access to their personal information and make any corrections necessary.

Resilient—increasingly resistant to attack and natural disasters as it becomes more decentralized and reinforced with Smart Grid security protocols.

Resilient—increasingly resistant to data leakage and breaches of personal information—reinforced with privacy and security protocols, such as privacy by default and breach notification protocol.

“Green”—slowing the advance of global climate change and offering a genuine path toward significant environmental improvement.

“Green”—by ensuring consumer trust in the Smart Grid and its associated technologies, fostering greater participation by individuals leading to environmental improvement.

Specifically in the case of utilities providing personal information to a third party with the express consent of the individual, the following are examples of SmartPrivacy defaults that offer greater protection of privacy:

  • The minimal amount of information should be provided to third parties given the nature of the relevant service. For example, partial location data such as the first few digits of a zip or postal code may be sufficient for services that allow for comparison of neighbourhood averages, and other features such as weather statistics.

  • Pseudonomyze identity, where possible. When sharing data with a third party, consider using a pseudonym such as a unique number, which the individual would be permitted to reset at any time.

  • Third parties should not request information from the utility about consumers, rather, consumers must be able to maintain control over the type of information that is disclosed to third parties by the utility.

  • When data is transmitted, the risk of interception arises. We recognize there are multiple channels of communication, such as home area networks, telecommunication systems, and internet protocols. Appropriate, secure channels of transmission are necessary to ensure strong privacy protection along the Smart Grid, commensurate with the type of data conveyed.

  • Third parties should agree not to correlate data with data obtained from other sources or the individual, without the consent of the individual.

SmartPrivacy’s holistic approach requires that individuals and relevant industries be made aware of how to ensure Privacy by Design. We agree that there should be “documented requirements for regular privacy training and ongoing awareness activities for all utilities vendors, and other entities with management responsibilities throughout the Smart Grid.”Footnote 20 However, even if notice is provided regarding data use and disclosures, communicating the policies to consumers is not easily achieved. The emerging Smart Grid ecosystem is an opportunity for commercial entities to improve the methods by which they convey their data use practices to consumers so that consumers can make fully informed decisions regarding the use of their information.

The public must also be educated about the need to protect their privacy when engaging the Smart Grid services of third parties, who will have access to their energy consumption information. Utility providers and vendors cannot assume that individuals will inherently know how to protect their personal information. We know this is not the case. For example, Facebook has over 250 million active users, however many of them do not make use of the available privacy settings because they are not aware of their availability. The Federal Trade Commission has increasingly recognized that privacy policies are often inadequate methods of disclosing the uses of personal information by commercial entities. Utilities and third party service providers should provide clear instructions to the consumer as to how to use the privacy safeguards offered, such as a secure login and password, as well as how to un-enroll and delete their personal information.

President Barack Obama has stated, “America’s economic prosperity in the 21st century will depend on cybersecurity (The White House 2009).” As such, utility providers’ efforts at identifying threats will become increasingly important as the grid becomes more complex and interconnected. With additional entry points and data paths, the vulnerabilities increase as well, involving “the potential for compromise of data confidentiality, including the breach of customer privacy (Electric Power Research Institute 2009).” As the risk management framework for the Smart Grid continues to develop, designers of the Smart Grid and utility providers must ensure that unauthorized access to personal information traveling through the electrical grid is minimized, as much as possible. For example, a hacker with access to smart meters could tamper with billing information, device control, privacy, identity information and communications. Wireless networks used by the utility to communicate with smart meters can expose control signals and consumption data to such treats as eavesdropping, interception, or message forgery.

Special attention should be paid to insider threats within utilities and those organizations that provide services using consumers’ energy consumption information. The Institute for Information Infrastructure Protection (I3P), is conducting leading-edge research into the area of insider threats (I3P 2009). These threats are unique as to how an organization can prevent, detect and mitigate their occurrence since the insider perpetrating the threat is using legitimate rights and privileges to access personal information, but for unauthorized purposes. Rogue insiders may be found at any level of an organization, including employees, contractors, business partners, auditors, and even alumni. Using a multi-disciplinary approach, I3P researchers are creating methods for the detection, monitoring and prevention of insider threats, and are advancing our understanding of the actions and range of threats posed by insiders.

Examples of preliminary privacy questions regarding individual Smart Grid components

To illustrate the breadth of the privacy issues that may arise relating to the Smart Grid, we highlight a few of the questions that need to be addressed regarding the protection of personal information at the individual Smart Grid component level.

Component

Technology or application

Privacy questions

End User Component

Smart Meters

Remote Connect / Disconnect of Meter

Will disconnection of power be based on any new sources of energy consumption data created by the use of smart meters?

Meter Detects Meter Bypass

While this technology will reduce theft, will it produce false positives and expose innocent individuals to possible fines or criminal proceedings?

Data Collection, Communication and Storage

Will data collection and communication be secure? Will the utility develop proper policies and procedures for maintaining data privacy?

In-home Appliances that Communicate with the Utility Operator

Will information from the home regarding specific appliance use or disuse be relayed directly to the utility?

* Highly sensitive

In-home Devices that Communicate Usage Information to the Customer

Will these devices also share data with third parties, and if so, on what basis? …With the consent of the customer?

Consumer Access to Energy-Related Information

Will access to this information (e.g., username and password) be kept private and secure—not disclosed to or captured by third parties?

Automated Feeder Equipment

Will the automated system communicate directly with smart meters, and potentially disclose personal information regarding electricity use in the home?

Component

Technology or application

Privacy questions

Electricity Distribution Component

Fault Detection

When detecting faults in the Smart Grid, will systems have access to personal information regarding electricity use in real time, without direct interface with the consumer?

Load Management

Will the utility company shut off appliances within the home without the consent of the occupant? Will tenants have less privacy vis-a-vis landlords who participate in load management?

“Load” or Demand Information Communicated to Smart Generators

Will generators have direct access to electricity demand information, and if so, could individual household electricity be discernible?

Electricity Generation

“Distributed” or “On-Site” Generation

When on-site generation is provided back to the power system, will customer information be kept private and secure?

Plug-In Hybrid Electric Vehicles

Will a charging vehicle’s location be shared with the utility operator? In “authenticating” charged vehicles for billing purposes, will the authentication scheme, by necessity (Privacy by Design) address the privacy and security issues? What role will batteries play on the Smart Grid? Will there be restrictions on charging during peak demand? Will batteries exchange power with the Grid?

Conclusion

The inside of a dwelling is the most private of places, and is recognized at the highest judicial levels. The Supreme Court of the United States says: “In the home, our cases show, all details are intimate details, because the entire area is held safe from prying government eyes.”Footnote 21 The Supreme Court of Canada also states: “There is no place on earth where persons can have a greater expectation of privacy than within their ‘dwelling-house’.”Footnote 22 Capturing the flow of electricity into one’s home, and the manner in which it is used over a period of time, may be revealing and highly intrusive. The overarching privacy concerns associated with Smart Grid technology are its ability to greatly increase the amount of information that is currently available relating to the activities of individuals within their homes.Footnote 23

The information collected on a Smart Grid will form a library of personal information, the mishandling of which could be highly invasive of consumer privacy. There will be major concerns if consumer-focused principles of transparency and control are not treated as essential design principles from beginning to end. Once energy consumption information flows outside of the home, the following questions may come to the minds of consumers: Who will have access to this intimate data, and for what purposes? Will I be notified? What are the obligations of companies making smart appliances and Smart Grid systems to build in privacy? How will I be able to control the details of my daily life in the future? Organizations involved with the Smart Grid, responsible for the processing of customers’ personal information, must be able to respond to these questions, and the best response is to ensure that privacy is embedded into the design of the Smart Grid, from start to finish—end-to-end.

As the Smart Grid is only in its early stages of development, now is the time to build SmartPrivacy into the Smart Grid. Consumer control of electricity consumption and consumer control of their personal information must go hand in hand. Doing so will ensure that consumer confidence and trust is gained, and that participation in the Smart Grid contributes to the vision of creating a more efficient and environmentally friendly electrical grid, as well as one that is protective of privacy. This will result in a positive sum (win-win) outcome, where both environmental efficiency and privacy may coexist.