Adapted from a blog originally posted in June 2012
Will the UK government’s planned rollout of smart meters leave homes vulnerable to marketing companies desperate for us to overshare information about our most personal habits? Will an information grid linked to energy delivery systems be open to hackers, leaving whole districts vulnerable to disruption? Will smart meters really create a “spy in every home”, as the Daily Mail has reported? We take a look at the risks.
Smart meters give people detailed information about how much energy they use and when. The theory is that this can help reduce bills, and level out peak-time stresses on the grid. As such, the UK Department of Energy and Climate Change (DECC) is promoting smart meters as a tool for helping the country to reduce its greenhouse gas emissions, and plans to ensure one is installed in every home starting this week.
Privacy: will my smart meter be able to track what I do at home?
The short answer is yes – as long as you’re using electricity. Energy meters show which appliances use the most electricity so that you can plan energy use effectively. Because of the different ways that appliances use electricity, such data could, for example, reveal whether you use medical devices or baby monitors, or even show the TV programme you’re watching. And obviously, it can give information on when you’re in or out, or track when you toilet light goes on. So, technically, it might know when you are on the loo.
The Mail reported that this information will be “will be collected every 30 minutes and beamed from a box in the home to the central databases.” Some groups are worried about this. The European Data Protection Supervisor (EDPS), which tracks privacy issues in Europe, produced a report last week warning that smart meter rollout will ” enable massive collection of personal data which can track what members of a household do”. EDPS is concerned that patterns and profiles could be mined for marketing and advertising, or price discrimination, and is asking the European Commission to consider legislating to protect consumers.
It does sound pretty alarming. However, the government appears to have taken some of these worries to heart already, outlining plans in April 2012 designed to ensure consumers have control over how much data they share with suppliers and third parties.
Suppliers will be able to collect monthly electricity usage data for billing purposes, and to avoid fraud. They will also be able to collect daily data, which will give a more detailed picture of household energy use. They will not be able to use this information for marketing, and customers will be able to opt out of providing it.
Finally, half-hourly data collection will also be possible, and suppliers will be able to use information from smart meters for marketing, or share it with third parties such as comparison websites, but only with customers’ express permission. Consumer body Consumer Focus points out sharing your consumption data with your supplier could help it suggest ways to save energy or give advice on the best tariff.
Anna Fielder at Privacy International says her organisation wants the government to make sure consumers only give information beyond that required for billing and regulatory purposes with explicit consent and full understanding of what the data is being used for. “The current mix of opt-in and opt-out will result in confusion; government must mandate that consent, when required, is specific, explicit and freely given. The policy at the moment will ensure daily collection of data by the back door”
The verdict on privacy: Although the potential for over-sharing is there, in practice the system shouldn’t be as intrusive as you might think. But there’s room for improvement, and market regulators like Ofgem may have to be more vigilant about utilities’ pricing practices.
Security: will smart meters enable the modern “equivalent of a nuclear strike”?
The Mail has quoted Cambridge IT professor Ross Anderson saying that smart meters pose a strategic risk to the UK, because the government plans to build the ability to connect and disconnect gas and electricity supplies remotely into the system. DECC says this will allow consumers to switch easily between providers and fight energy theft, but according to Anderson the function could create a “strategic vulnerability” to blackouts from “a nation state attacker, a terrorist or even a criminal group”. He suggests the government’s listening service GCHQ is also concerned about the risk.
Earlier examples of viruses that have attacked networked infrastructure suggest the risk is real. The Stuxnet virus, discovered in 2010, takes over industrial equipment manufactured by Siemens to monitor and control processes in places like factories. So a similar virus could possibly monitor power usage and shut off electricity or gas supplies. But is the risk really the cyber equivalent of a nuclear strike, as Anderson says? That’s probably rhetoric – but hackers turning off electricity and gas supply could undoubtedly be extremely disruptive.
The government will require companies to fulfil a set of data security requirements to combat identified risks before they can gain licenses to provide smart metering services. Companies will have to carry out security risk assessments, and there will be annual checks from independent data security auditors.
Equipment that interacts with the smart metering system will have to be guarded, and suppliers will have to have emergency procedures in place to help them deal with any incidents. According to Consumer Focus households that install smart meters before the 2014 rollout may have fewer protections and may not meet future security standards.
The verdict on security: Any networked infrastructure is in theory vulnerable to potentially disruptive cyber-attack, and smart meters look like being no exception. It will take robust security for people to feel confident about the integrity of smart energy monitoring.
Will smart meters harm your health?
MPs and campaigners have claimed smart meters could harm peoples’ health. The Telegraph ran a piece in February repeating complaints that the electromagnetic field from smart meters pose a health risk from radiation, which says:
“Some people claim to be sensitive to electromagnetic fields, saying it gives them symptoms such as nausea, fatigue and headaches.”
It goes on to say people in the US claiming to have been harmed by the electromagnetic field from smart meters have filed class action laswuits.
Er, well. DECC says it hasn’t yet decided on the specific technology that will be used for the smart meter rollout, but notes that the power density of existing smart meters is well below that of mobile phones or wi-fi networks – meaning their electromagnetic field will also be weaker. It says : “Smart metering systems will have to comply with relevant regulations and international standards, including those on exposure to electromagnetic fields set by the International Commission on Non-Ionizing Radiation Protection.”
Guardian columnist Ben Goldacre tackled whether or not electromagnetic fields really fry peoples’ brains back in 2007 when the same accusations were flying around about wireless internet. He points out that in 33 out of 36 published studies on electrosensitivity – the complaint described in the Telegraph article, subjects were unable to tell whether an electromagnetic signal was present or absent. It suggests that electrosensitivity may not be caused by electromagnetic fields.
The verdict on health: The science on the risks of signals from electrical devices might change. But at the moment it doesn’t look like there’s much chance your smart meter will make you ill.
The real risk: not reducing demand
Ross Anderson revealed to us that although he has some concerns about the security of the smart grid, he’s more concerned that it won’t achieve what it’s intended to.
He says the government’s decision to allow energy companies to control meters is “folly” because they will use them to “shave peak demand at most, not reduce demand overall”. This makes sense – at the moment energy companies’ profit interests certainly conflict with the government’s desire to cut consumer energy bills.
Possibly more worrying is another concern Anderson highlights: DECC’s plans to create a centralised government-controlled database to collect smart meter data – the Data and Communications Company. Big publicly-funded software projects don’t have a very reassuring track record according to Anderson. He says that only around 30 per cent of such schemes actually succeed – that’s compared to a 70 per cent success rate in the private sector. Anderson also complains the government has excluded “potentially critical academics” and the “technical staff of the meter suppliers” from meetings to decide on the specifications of smart metering equipment.
These probably aren’t the concerns that are going to sell the most newspapers. But unless they’re taken seriously, they could cause a much bigger, more expensive headache for the government than any we’re likely to experience from exposure to smart meters’ electromagnetic fields.
UPDATE 22/06/2012 11.00: We’ve updated our paragraph on Ben Goldacre’s Bad Science column to clarify that the tests were carried out to determine whether electromagnetic fields caused electrosensitivity.
The verdict on smart meter privacy, security and health concerns as UK smart meter rollout begins