Working with law students at UC Berkeley's Samuelson Law, Technology, and Public Policy Clinic, CDT recently submitted comments in a FCC proceeding on the implications of Smart Grid Technology, highlighting the need to protect consumer privacy and implement critical security protocols in developing the modernized electrical grid.
At the core of the new grid's functionality is the collection and use of highly detailed data about consumer energy consumption, including realtime consumption data about specific appliances (such as, air conditioners, microwaves or home healthcare equipment). This granular usage data reveals deeply personal information about consumer habits, and about consumer activities within the private space of the home. Given both the sensitive nature and high commercial value of this data, utilities and third-party businesses will be eager to make use of it, as will law enforcement investigators and, unfortunately, criminals.
For example, if your thermostat is set at 55 degrees for 3 days in the winter in New England, that is a good signal that you are away from your house. As such, a lack of care around this data will pose serious privacy and security risks for consumers. These issues are further complicated by the reality that the Smart Grid, at present, is governed by a patchwork of state and federal laws Realizing the likely benefits of the Smart Grid, including improving energy efficiency, reducing utility bills, and protecting the environment, will require consumers to trust that these new technologies will be protective of personal information and secure against threats.
CDT urged the Commission to ensure that privacy is integrated at every point in the network via appropriate technological design at the outset, so that privacy and security do not have to be later retrofitted onto the system. Further, the collection and use of consumer data by utilities or third-party providers should follow Fair Information Practice (FIPs) principles, including providing consumers with: transparent notice about data collection practices, meaningful choice regarding the use and disclosure of usage information, and reasonable access to, and the ability to correct or dispute, all usage information.