Living in a Glass House: Privacy Implications of Smart Meter Data
December 3, 2013
By Sam Bursten
Smart meter technology presents the opportunity to save consumers money, allow utilities to run a more efficient grid, and reduce overall energy usage. However, the wealth of information that these meters collect can make privacy-concerned consumers uneasy. You may not want to live in a “glass house” where a third-party could monitor every action you take that uses electricity. This concern about data privacy and the broader legal and policy landscape are key issues to our project, particularly as we consider how the data inputs to energy analytics might be shared (or not) among households, utilities, and third-party service providers.
Because smart meters are a relatively recent introduction to the market, current laws do not address the privacy implications of smart meter technology specifically. However, several laws may still be relevant. Where the government is involved, the Fourth Amendment protects the “right of people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures.” Then we must consider whether the consumer had a socially reasonable expectation of privacy, which is a murky standard. Courts decided in Kyllo v. United States that using thermal-imaging technology to look inside a home violated the Fourth Amendment and in United States v. Karo that monitoring a tracking device inside a private residence did so as well. The courts determined that the technologies used were not in general public use. The detailed information smart meters contain could provide consumers with a reasonable expectation of privacy; however, as they become mainstream, they also enter general public use, raising concerns yet again.
In purely private situations where the government is not involved, privacy laws are even less clear. Traditionally, the “third-party doctrine” has provided no Fourth Amendment protection for information consumers share with a business as part of their business dealings, such as bank documents (Miller v. United States) and phone records (Smith v. Maryland). According to United States v. Starkweather, a person does not have a reasonable expectation of privacy in utility records. This decision is only binding under the Ninth Circuit’s jurisdiction, therefore, federal privacy laws must be considered.
Finally, several statutes relating to privacy do not settle the issue, either. Statutory protection of smart meter data may exist in the Electronic Communications Privacy Act, the Stored Communications Act, and the Computer Fraud and Abuse Act; however, if one party (such as a utility) authorizes access to the data, there is no violation of these laws. The Federal Trade Commission Act gives the FTC authority to take action against “persons, partnerships, or corporations” that violate their own privacy policies or engage in deceptive or unfair privacy practices, but it is not clear that the FTC is concerned with smart meter data. Lastly, the Federal Privacy Act of 1974 protects records maintained by federal agencies, so the records of federally owned utilities may be protected.
Luckily, we are not the only group concerned with this issue. Both the National Institute of Standards and Technology (NIST) and the Department of Energy are working to determine how consumer privacy rights will be protected with advanced metering infrastructure. The NIST has created the Smart Grid Interoperability Panel and Cyber Security Working Group to develop privacy and security standards for the smart grid. The DOE’s Office of Electricity Delivery and Energy Reliability and Federal Smart Grid Task Force are working to develop a Voluntary Code of Conduct that will address privacy issues related to consumer data from advanced meter infrastructure and smart grid technologies.
Smart meters pose important questions about who owns consumer data, who can gain access to that information, and how it is protected. No consensus exists regarding energy data ownership in the US. NIST states that utilities own the data generated by advanced metering infrastructure, however, the Texas Utilities Code grants ownership to consumers.
Though privacy and data ownership are important factors, access and data sharing are essential components to realizing the full benefits from smart meter technologies. Third party access to consumer data may help utilities improve efficiency and consumers save energy and money. Green Button is an industry-led initiative made up of utilities and third parties that enables consumers to access their energy data easily online and share it with third parties. Though consumers must download their data in order to share it, in the future, third parties could be granted direct access to the information with consumer consent, enabling consumers to benefit from the data analysis technologies that third parties are developing to increase energy efficiency, identify faulty electronics, and save money on utility bills.
For more information, follow the links below.
NIST Smart Grid Interoperability Panel
NIST SGIP Cyber Security Working Group
DOE Voluntary Code of Conduct