Smart Grid Data: Too Much For Privacy, Not Enough For Innovation?

When it comes to smart grid data, how much is enough — and how much is too much? That question could pit the IT industry’s hopes to use smart grid data to help people save energy — and make money — against customer privacy and data security advocates worried that the same data could be abused by everyone from criminals to the government. Utilities, regulators and consumers could well be caught in the middle of that argument.

That’s the gist of a discussion last week about smart grid privacy at the California Public Utilities Commission, which is forming policies for how the state’s utilities implement smart grid systems. One of the issues that the CPUC is tackling is how utilities should be required to deliver power usage and pricing data to smart meter-enabled customers. But beyond the technical and cost questions, there’s the looming question of what to do with the data in order to protect utility customers from having their information used against them.

Less Data?

One way to do that is “data minimization,” said Jim Dempsey, Vice President of Public Policy for the Center for Democracy & Technology, which advocates for open Internet policies. In other words, only collect the data you need for specific goals, and keep it for as short a time as possible, to avoid the chances for it being lost or misused.

This and other concepts are part of a broader set of “Fair Information Practice Principles” that Dempsey would like both federal and state smart grid plans to adopt. The National Institute of Standards (NIST), the federal agency putting together a national smart grid plan has said security and privacy is a key concern as well. “These are the questions you have to ask yourself — what information are you collecting, how long will you store it, who will you share it with?” Dempsey said Friday.

But that push to minimize data could fly in contrast to the idea of an open energy information world, in which third parties can develop new tools to help consumers save energy. Both Google (s GOOG) and Microsoft (s MSFT) are working on opening their home energy management systems to third party developers and a host of startups are working on devices and software that will interact with smart grid data.

Privacy Management

Certain utility customer data used inappropriate ways could lead to that data playing a part in “discriminatory, anti-competitive or illegal uses,” said Karin Hieta, a staff analyst for the Division of Ratepayers Advocates, a state agency. Numerous consumer protection and privacy groups have raised their concerns about potential abuses, such as letting burglars see when household power is off to choose which homes to rob, law enforcement agencies spying on people’s household activities without warrants, or marketers getting ahold of appliance usage data to make unwanted targeted sales pitches.

But setting very specific management and protocols for all sensitive data could help avoid such an unfortunate scenario. Ed Lu, the former astronaut in charge of Google’s PowerMeter program, reiterated Google’s rules in dealing with data in his Friday presentation at the CPUC. First, the customer owns the data and has control over who has access to it, he said. Second, they “know who that data has been shared with,” and third, they can opt out at any time, and can have their data completely erased — “It may take a few minutes, because we back up the data, but we will remove every last bit of it,” he said.

Google is a well-known company and has faced the issue of privacy and data numerous times throughout the years. But what about a third party startup that nobody’s heard of? That raises the question of how to oversee, audit and enforce utility customer data information privacy policies across the board.

Of particular concern is how to keep third parties from turning around and selling that data to fourth, fifth and even more parties down the line, Hieta said. Because the CPUC doesn’t regulate those third parties, it has to use the authority it has over utilities to impose its privacy and security goals, perhaps by requiring any third party to sign a contract with the utility it gets data from, she said.

That might not sit well with utilities. Paul De Martini, Southern California Edison’s vice president of advanced technology, gave a presentation to the CPUC on Friday with a slide that made it clear that SCE would prefer that “utilities have no obligation to monitor, supervise or control” how third parties deal with data customers have approved them to use. Utilities don’t want to be forced to act an an IT firm.

Careful Balance

Just how these kinds of restrictions might be seen by third parties is still an open question. So is the matter of how they might react to the idea that data should be restricted to specific, known purposes, rather than being collected in a wider net in the hopes that future applications will find uses for them. “You have to balance the social need for giving people more tools to conserve energy with all these other needs,” said Michael Terrell, Google’s policy counsel.

Giving consumers as much control as possible over which data they authorize for utilities and third parties to use, as well as informing them as clearly as possible about what’s being done with it, was a common theme during Friday’s discussion. Just how the CPUC will balance these concerns against its desire to put smart grid data to practical use as quickly as possible will be an interesting topic to follow as it develops its energy policy over the coming months.

While federal efforts on this issue are also underway, “There’s no need to wait here for the federal government to act on this question,” Dempsey said. At the national level, US Rep. Edward Markey this week introduced a bill, the Electricity Consumers’ Right to Know Act (or e-KNOW), that would mandate giving Americans “free, timely and secure data about their electricity prices and usage patterns” as part of the National Broadband Plan released by the Federal Communications Commission last week.

But Dempsey said he didn’t believe the e-KNOW bill addresses privacy concerns effectively — and noted that California’s state privacy laws have tended to be more protective of consumers than federal laws.

For more related research check out GigaOM Pro (subscription required):

Smart Meter Security: Not Up To Par

The Developer’s Guide to Home Energy Management Apps

Who Owns Your Data in the Cloud?

Image courtesy of woodleywonderworks ‘ photostream Flickr Creative Commons.