Does my smart meter know when I’m on the loo? The verdict on smart meter privacy, security and health concerns
- 22 Jun 2012, 10:00
- Ros Donald
Will the UK government's planned rollout of smart meters leave
homes vulnerable to marketing companies desperate for us to
overshare information about our most personal habits? Will an
information grid linked to energy delivery systems be open to
hackers, leaving whole districts vulnerable to disruption? Will
smart meters really create a "spy in every home", as the
Daily Mail reported last week? We take a look at the
risks.
Smart meters give people detailed information about how much
energy they use and when. The theory is that this can help reduce
bills, and level out peak-time stresses on the grid. As such, the
UK
Department of Energy and Climate Change (DECC) is promoting
smart meters as a tool for helping the country to reduce its
greenhouse gas emissions, and plans to ensure one is installed in
every home starting from 2014.
Privacy: will my smart meter be able to track what I do at
home?
The short answer is yes - as long as you're using electricity.
Energy meters show which appliances use the most electricity so
that you can plan energy use effectively. Because of the different
ways that appliances use electricity, such data could, for example,
reveal whether you use medical devices or baby monitors, or even
show the TV programme you're watching. And obviously, it can give
information on when you're in or out, or track when you toilet
light goes on. So, technically, it might know when you are on the
loo.
The
Mail reports that this information will be "will be collected
every 30 minutes and beamed from a box in the home to the central
databases." Some groups are worried about this. The European
Data Protection Supervisor (EDPS), which tracks privacy issues
in Europe, produced a report last week warning that smart
meter rollout will "
enable massive collection of personal data which can track what
members of a household do". EDPS is concerned that patterns and
profiles could be mined for marketing and advertising, or price
discrimination, and is asking the European Commission to consider
legislating to protect consumers.
It does sound pretty alarming. However, the government appears to
have taken some of these worries to heart already, outlining
plans in April designed to ensure consumers have control over
how much data they share with suppliers and third parties.
Suppliers will be able to collect monthly electricity usage data
for billing purposes, and to avoid fraud. They will also be able to
collect daily data, which will give a more detailed picture of
household energy use. They will not be able to use this information
for marketing, and customers will be able to opt out of providing
it.
Finally, half-hourly data collection will also be possible, and
suppliers will be able to use information from smart meters for
marketing, or share it with third parties such as comparison
websites, but only with customers' express permission. Consumer
body
Consumer Focus points out sharing your consumption data with
your supplier could help it suggest ways to save energy or give
advice on the best tariff.
Anna Fielder at Privacy International says her organisation wants
the government to make sure consumers only give information beyond
that required for billing and regulatory purposes
with explicit consent and full understanding of what the data
is being used for. "The current mix of opt-in and
opt-out will result in confusion; government must mandate that
consent, when required, is specific, explicit and freely
given. The policy at the moment will
ensure daily collection of data by the back door"
The verdict on privacy: Although the potential for over-sharing is
there, in practice the system shouldn't be as intrusive as you
might think. But there's room for improvement, and market
regulators like Ofgem may have to be more vigilant about utilities'
pricing practices.
Security: will smart meters enable the modern "equivalent
of a nuclear strike"?
The Mail has quoted Cambridge IT professor Ross Anderson saying
that smart meters pose a strategic risk to the UK, because the
government plans to build the ability to connect and disconnect gas
and electricity supplies remotely into the system. DECC says this
will allow consumers to switch easily between providers and fight
energy theft, but according to Anderson the function could create a
"strategic
vulnerability" to blackouts from "a nation state attacker, a
terrorist or even a criminal group". He suggests the government's
listening service GCHQ is also concerned about the risk.
Earlier examples of viruses that have attacked networked
infrastructure suggest the risk is real. The
Stuxnet virus, discovered in 2010, takes over industrial
equipment manufactured by Siemens to monitor and control processes
in places like factories. So a similar virus could possibly monitor
power usage and shut off electricity or gas supplies. But is the
risk really the cyber equivalent of a nuclear strike, as
Anderson says? That's probably rhetoric - but hackers turning off
electricity and gas supply could undoubtedly be extremely
disruptive.
The government will require companies to fulfil a set of data
security requirements to combat
identified risks before they can gain licenses to provide smart
metering services. Companies will have to carry out security risk
assessments, and there will be annual checks from independent data
security auditors.
Equipment that interacts with the smart metering system will
have to be guarded, and suppliers will have to have emergency
procedures in place to help them deal with any incidents. According
to
Consumer Focus households that install smart meters before the
2014 rollout may have fewer protections and may not meet future
security standards.
The verdict on security: Any networked infrastructure is in theory
vulnerable to potentially disruptive cyber-attack, and smart meters
look like being no exception. It will take robust security for
people to feel confident about the integrity of smart energy
monitoring.
Will smart meters harm your health?
MPs and campaigners have claimed smart meters could harm peoples'
health. The Telegraph ran a piece in February repeating complaints
that the electromagnetic field from smart meters
pose a health risk from radiation, which says:
"Some people claim to be sensitive to
electromagnetic fields, saying it gives them symptoms such as
nausea, fatigue and headaches."
It goes on to say people in the US claiming to have been harmed
by the electromagnetic field from smart meters have filed class
action laswuits.
Er, well. DECC says it hasn't yet decided on the specific
technology that will be used for the smart meter rollout, but notes
that the power density of existing smart meters is well
below that of mobile phones or wi-fi networks - meaning their
electromagnetic field will also be weaker. It says : "Smart
metering systems will have to comply with relevant regulations and
international standards, including those on exposure to
electromagnetic fields set by the International Commission on
Non-Ionizing Radiation Protection."
Guardian columnist Ben Goldacre tackled whether or not
electromagnetic fields really fry peoples' brains back in 2007
when the same accusations were flying around about wireless
internet. He points out that in 33 out of 36 published studies on
electrosensitivity - the complaint described in the Telegraph
article, subjects were unable to tell whether an electromagnetic
signal was present or absent. It suggests that electrosensitivity
may not be caused by electromagnetic fields.
The verdict on health: The science on the risks of signals from
electrical devices might change. But at the moment it doesn't look
like there's much chance your smart meter will make you ill.
The real risk: not reducing demand
Ross Anderson revealed to us that although he has some concerns
about the security of the smart grid, he's more concerned that it
won't achieve what it's intended to.
He says the government's decision to allow energy companies to
control meters is "folly" because they will use them to "shave peak
demand at most, not reduce demand overall". This makes sense - at
the moment energy companies' profit interests certainly conflict
with the government's desire to cut consumer energy bills.
Possibly more worrying is another concern Anderson highlights:
DECC's plans to create a centralised government-controlled database
to collect smart meter data - the
Data and Communications Company. Big publicly-funded software
projects don't have a very reassuring track record according to
Anderson. He says that only around 30
per cent of such schemes actually succeed - that's
compared to a 70 per cent success rate in the private sector.
Anderson also complains the government has excluded "potentially
critical academics" and the "technical staff of the meter
suppliers" from meetings to decide on the specifications of smart
metering equipment.
These probably aren't the concerns that are going to sell the most
newspapers. But unless they're taken seriously, they could cause a
much bigger, more expensive headache for the government than any
we're likely to experience from exposure to smart meters'
electromagnetic fields.
UPDATE 22/06/2012 11.00: We've updated our paragraph on Ben
Goldacre's Bad Science column to clarify that the tests were
carried out to determine whether electromagnetic fields caused
electrosensitivity.