As we predicted, we now have a case of abuse of smart meters
September 24, 2012
We've previously reported about the threat to our privacy that "smart meters" present. These are the electric meters being installed, ostensibly to allow the power company to control load on the electric grid. They do so by allowing the company to turn off certain devices from a central location. That's an oversimplification of the technology but the essential thing everyone should know is that the smart meter technology is simply a network. That is, it allows two-way communication into and out of you home.
Another problem is the potential abuse that comes from snoopers taping into the smart meter network to surreptitiously siphon data and information about what is going on in your home. Mark our words, the day will come when we will learn that criminals have found a way to use the network.
As we've written before one of the major problems is that this network can be easily abused, not only to monitor electrical use but it can become eyes and ears for anyone with the know-how and motivation to bug our homes. It can be done with video and/or audio. Mark our words again. The day will come when we learn that someone has put a video bug in somebody's bedroom and used the smart meter network to record what goes on. Wireless bugs have to be monitored fairly close by but the smart meter network can be tapped anywhere in the network to pick up illegitimate signals once a transmitter is installed.
But even if such intrusions are absent, another invasion of privacy can come in what the power company itself does with the data it collects. Now we have an actual, not theoretical, example of such abuse. The Australian website theage.com is reporting:
DETAILED information about electricity customers' power usage, which gives insights into when a house is occupied, is being shared with third parties including mail houses, debt collectors, data processing analysts and government agencies.
Customers with smart meters who sign up for Origin Energy's online portal must consent to their data being shared with a string of third parties. The data is stored in Australia but shared with US company Tendril, which is described by Origin as a smart energy technology provider.
Australia's privacy watchdog said the technology could threaten people's privacy. ''We are starting to see people voicing concern about the level of data that these meters can collect,'' federal Privacy Commissioner Timothy Pilgrim said.
Smart meters were a common concern among Age readers who responded to our series on privacy.
Mr Pilgrim said electricity companies had a legal responsibility to delete or ''de-identify'' personal information that was no longer needed. However, an Origin spokesman said the company kept former customers' data for retrospective queries and ''tax and compliance purposes''.
The state government aims to install smart meters - which log electricity use every half-hour - in all Victorian homes by the end of next year.
At the beginning of the year Electricity distributors Jemena and United Energy released trial web portals that connect to smart meters and more retailers are expected to follow suit.
Origin's online portal was released last month and lets people monitor their electricity costs using smart meter data collected from energy distributors. Customers can provide information about the size of their home, whether they rent or own, the number of adults and children in their family, if anyone stays in during the day and what appliances they own. The portal then calculates how much energy is used in the kitchen, laundry and for heating.
An Origin spokesman said the portal was fully compliant with Australian privacy legislation. He said the additional information requested about each household ''adds to the richness of the Origin Smart experience''.
Customer information can only be accessed by staff involved in billing. He said the electricity retailer only shared information with third parties when they had a ''legitimate business need to do so in order to meet our service obligations to our customers''.
Changes to the Privacy Act being debated in Parliament would restrict companies from sending customer data overseas unless the receiver was founded or controlled in Australia.
'More than 1000 people have signed up to United Energy's portal. UE spokeswoman Lisa Drought said the distributor only provided smart meter data to customers and energy retailers, and would not sell the information to third parties. She said the portal also had ''internet bank-like security'' to prevent privacy breaches.
I work for a smart meter company, and I have a pretty good understanding about what our smart meters are capable of.
While there are legitimate security concerns with any network (think cell phones and the internet), the notion that smart meters will be used to record/send video/audio from the customer's home is just plain paranoid.
1 - Smart meters are installed outside the home, not inside. The idea that someone is going to break into your home, install a camera, then send that video/audio through the smart grid network is pretty far fetched. There are much easier ways for a thief/pervert to do this, which I will outline later.
2 - The data that smart meters can store is very specific. In the case of electricity meters, it is storing data about the power consumed, the quality of the power, etc. It does not store the customer name, address, or anything like that. All of the customer specific information is contained within the Utility's network/database, which is separate from the smart grid network. For identify thieves, the point of attack will be the Utility's network/database, not the smart grid network.
3 - The format of the data stored on the meter is very specific. It is not like the hard drive on your computer, which can store any kind of data, in any kind of format. The meters simply do not have the capability to store video/audio files (or any other type of file that you would typically find on your computer or cell phone).
4 - Ok. I promised to outline how a pervert/thief could surreptitiously record video/audio of you. Most cell phones and computers come with a camera. People store very personal data on both devices. This personal information is of high value to a thief/pervert, so these devices are under constant attack. It would be much simpler for a thief/pervert to infect your device with a virus, turn on the camera without your knowledge, and send that information back to themselves. Why bother to break into a home and install a camera, when it is much simpler to attack a camera enabled device through the internet? Don't think that it is possible to turn on your camera without your knowledge? Google "school spying on students via web cam" and you will find articles detailing how a Philadelphia school did exactly that to their students: http://www.nbcphiladelphia.com/news/local/School-Spies-on-Students-at-Home-with-Webcams-Suit-84712852.html.
Ok, so does all this mean that the smart grid network won't be a point of attack? No, it sure doesn't. But people who attack the smart grid are going to be looking for ways to get their electricity for free (i.e. replace their actual billing data with fake data), or for ways to disrupt the power grid. When it comes to getting your personal information, the point of attack will continue to be your internet connected computer and cell phone.
Nick
Editor's response: You are misleading the readers. The "problem," as we have said, is not the meter. It's the network. And yes, as this article shows, the problem is with the database. You're fooling yourself if you believe both will not be abused. Sure, cell phones are a risk also. But the big difference is that we have a choice about cell phones. We have no choice if the power company forces us into the smart grid. And we believe that is what it really comes down to. If N. C. would allow as much choice in who/how we buy power as it does in cell phones we would have no complain. But it doesn't. The government imposes the power company on us and takes away our right to choose. If I don't want to be connected to any network, I should have my right to opt out protected. You may trust those who run the network and you may think it will not be abused. But don't try to force that nonsense on the rest of us.
Reader Feedback Submission
Use this form to submit Reader Feedback. Your submission will be reviewed by our staff before appearing on the Web site.
Mostly Cloudy 65°
