FAQ: Privacy Issues

 _________________________________ BACK TO FAQ INDEX

Q: I’ve seen a video describing how “smart” meters will make it possible for anyone to hack in and know all about my private life. Is this true?

There appear to be varying degrees of security protection the systems of different utilities. People who study vulnerabilities in electronic systems have identified clear weaknesses in “smart” metering systems. We aren’t security experts and can’t say what your risks are, but having your utility usage information broadcast via wireless network from a fixed location seems like a set-up just asking for trouble. Even Homeland Security said our electric grid should not be dependent on wireless systems, which are by their nature extremely vulnerable. We understand that police will be allowed to subpoena the data that the ‘smart’ meter collects from utility companies.  In addition, third party corporations will be able to access and analyze your private household appliance use data without your knowledge or consent.  For example, if your health insurance company found out from your utility that you opened your fridge often in the middle of the night, they may raise your premium to cover their liability for your unhealthy lifestyle.

The CPUC has issued a requirement to CA utilities to “secure” the data they gather with “smart” meters (July 2011). Other states PUCs may be addressing this issue as well. Many people have become accustomed to disclosing private information on the internet, and may not be bothered by the prospect of one more packet of their private life traveling over a wireless network. Little do they realize how close to home these incursions into private life are coming, with ‘smart’ meter transmissions.

You have a choice about other types of internet use—whether you get on Facebook and post last night’s exploits, have a GPS tracking device activated in your smartphone following you around everywhere, whether you do your banking while stumbling down the street, eyes glued to your tiny little screen. This kind of choice is not part of “smart” meter deployments.

A “smart” meter is not a consumer device. Utilities have made a grave miscalculation about 1) the public’s absolute acceptance of 24/7 wireless technology as harmless; 2) the public’s sustained interest in vast amounts of electronic data about something they can with their own eyes (e.g. the lights are on); and 3) apathy in the face of monopoly intimidation when it comes to health, home, and privacy.

Here’s a poll showing how people do care about internet privacy.

Q: Is the data from a “smart” meter secure? Will they sell this data?

In California, the CPUC has asked the utilities to secure data collected with “smart” meters and to require ratepayer’s permission before giving or selling it to a third party. Some privacy groups like EFF however are not satisfied with these watered down regulations. If you have information on other public utilities commissions’ ‘smart’ meter privacy requirements, please contact us.

There has recently been quite a bit of news on this. A recent piece showed that even utility executives are unsure about who owns the data--though only 23% think that you the consumer own it!. Here’s another article. The overlap between basic utility service for the public, and plundering commercial opportunism seems ever blurred in the issue of ‘smart’ meters.

Let them know they’ve overreached, and you are not for sale. Contact your utility to demand to know what their policy is regarding your data; file a complaint with the PUC of your state; contact local media if there has been no coverage in your area. We have contacts for many areas of the US.

 BACK TO FAQ INDEX

20 Responses to FAQ: Privacy Issues

  1. Redi Kilowatt says:

    Here is the data being transmitted from the new smart meters on the radio networks (both mesh and mobile phone data collectors/ repeaters), it is a meter number, and total electric usage on that meter number reported every 4 hours to the utility company.
    Every meter is manufactured with a serial number in a foreign country, it is shipped here to the U.S. and installed on customers private meter enclosures. When the installer completes the install, he enters that meter serial number on a handheld device which is uploaded at the end of each day in the office to the utility company.
    That number does not have any personal information at all, no names, no street addresses or medical records numbers.
    The personal information that the utilities have is in their databases in the revenue collection department. Just like all meters, even the old analog ones, the monthly bill sent out by the utility companies is based on total electrical usage is billed to the customer based on readings of a meter number, and that meter number is on every bill sent to the customers by the utility company. This is the best way to know if a customer is being billed for the correct meter.
    So, any transmissions only contain a meter number and total watt hours used, nothing else. Those numbers are encrypted, but even if someone somehow was able to crack the encryption code keys and decrypt the transmission, all it would be was numbers, and there is no way for them to find out any names or addresses.
    Of course, the new meters are just like the old ones, they are watt hour meters showing total electrical usage on one circuit, the circuit that feeds the customers load center, sub panels and everything else. There is no way that the meter knows what you are using the electricity for, or what kind of appliances are being used, I don’t know who made that up, but it sure is a popular misconception.

    • Redi Kilowatt says:

      I forgot to add that the total electrical consumption data is only valuable to the utility companies for revenue collection purposes, it has no value to anyone else and should not be worried about.
      If people are worried about law enforcement getting their hands on it, the law is still the same. Any utility records requested by law enforcement must be done with a search warrant, and using electricity alone is not a reason that a judge would sign an affidavit for a search warrant, there has to be a probable cause to issue a search warrant If a person was charged with a crime based on evidence illegally obtained by a law enforcement agency, the case will be tossed.

    • Jim says:

      Manufacturer source you are quoting?

      Which specific meters? Which program is uploaded to it? Has your local utility changed the settings for the time period it transmits in? What about Florida? They have a lot of different power companies and meter types.

      Do you think that it could maybe store the information for a resolution of 1 minute in memory and transmit 4 hours worth in a data packet every 4 hours?

      If not, then have you confirmed this for all meters everywhere, or are you only talking about your area?

      If you had data with a resolution of maybe 5 minute intervals do you think you could tell if someone is in the house or not? Would you be able to tell if someone turned on and off lights? Run the 1000W microwave? Turned their computer on? Take a shower and cause the electric water heater to come on? Are any of those considered “appliances”?

      At one hour intervals, could you still tell? Could you put together daily patterns FROM REMOTE, possibly MILES AWAY and also monitor hundreds of other people using a high gain antenna?

      If I did that would a marketing company be interested in paying me for that data? Maybe criminal organizations?

      Could the cops do that without a warrant? It’s broadcast data going out over public airwaves. What if they do that and discover a “grow” operation, but then put surveillance on the home to wait and observe so they can have probable cause for a warrant?

      Is that valuable data for law enforcement? Could they get more and more funding for their department if that was possible to do? You do understand that government loves to grow don’t you?

      Do you realize that they do that now with normal meters and the power company is glad to give that data out?

      As for figuring out which meter signal is coming from which house, it’s called driving by. Or using binoculars and reading the sticker, the meter readers do that.

    • maureen says:

      http://spectrum.ieee.org/energy/the-smarter-grid/privacy-on-the-smart-grid

      IEEE Spectrum Magazine (flagship publication of the IEEE) reports that “of more than 9,000 consumers polled in 17 countries, about one-third said they would be discouraged from using energy-management programs, such as smart metering, if it gave utilities greater access to data about their personal energy use.” They go on to say that “each appliance—the refrigerator, kettle, toaster, washing machine—has its own energy fingerprint, or ‘appliance load signature,’ that a smart meter can read. Anyone who gets hold of this data gets a glimpse of exactly what appliances you use and how often you use them. 

      http://csrc.nist.gov/publications/nistir/ir7628/introduction-to-nistir-7628.pdf

      The Smart Grid will greatly expand the amount of data that can be monitored, collected, aggregated, and analyzed. This expanded information, particularly from energy consumers and other individuals, raises added privacy concerns. For example, specific appliances and generators may be identified from the signatures they exhibit in electric information at the meter when collections occur with great frequency as opposed to through traditional monthly meter readings. This more detailed information expands the possibility of intruding on consumers’ and other individuals’ privacy expectations.

      The Supreme Court in Kyllo (533 U.S.) clearly reaffirmed the heightened Fourth Amendment privacy interest in the home and noted this interest is not outweighed by technology that allows government agents to “see” into the suspect’s home without actually entering the premises. The Court stated, “We think that obtaining by sense-enhancing technology any information regarding the interior of the home that could not otherwise have been obtained without physical intrusion into a constitutionally protected area, constitutes a search” and is “presumptively unreasonable without a warrant.”

  2. maureen says:

    Privacy Concerns Challenge Smart Grid Rollout, Reuters, Jun 25, 2010

    “We, Siemens, have the technology to record it (energy consumption) every minute, second, microsecond, more or less live,” said Martin Pollock of Siemens Energy, an arm of the German engineering giant, which provides metering services.

    “From that we can infer how many people are in the house, what they do, whether they’re upstairs, downstairs, do you have a dog, when do you habitually get up, when did you get up this morning, when do you have a shower: masses of private data.”

    “Such data might be used in ways that raise privacy concerns. For example, granular Smart Grid data may allow numerous assumptions about the health of a dwelling’s resident in which some insurance companies, employers, newspapers (when regarding public figures), civil litigants, and others could be interested. Most directly, specific medical devices may be uniquely identified through serial numbers or MAC addresses, or may have unique electrical signatures; either could indicate that the resident suffers from a particular disease or condition that requires the device.”

    • Redi Kilowatt says:

      I’m sure glad that we don’t use Seimens meters in the here in the U.S, and that we don’t have a “smart” grid like they do in Europe either.
      There are some scientists and engineers who say that our old power grid in the United States is actually much safer that the new “smart” grids in Europe, because they can’t be hacked.
      A CIA cyber security analyst reported that the new “smart” grids in Europe have already been compromised by hackers.
      Europe has a completely different power system , over there, they do not use a neutral and everything is 220 volts. Here we have 240/120 volt single phase with neutral. Most of our appliances operate at 120 volts. In order for a powerline carrier to communicate between the two 120 volt phases, there has to be a signal bridge installed in the customers distribution panel, and often times an amplifier/repeater. That would be too expensive a system to do here for the utilities. That my friends is a good thing ! We are safe for at least 10 years in most areas.
      I read that in part of Nebraska, they have upgraded part the grid with electronic transformers (like they have in Europe) and that their new “smart” meters are able to utilize a powerline carrier to communicate billing information to the utility. They said that even using a powerline carrier, the meters operate the same as the radio meters. They send the usage information once every 4 hours, and the customers can go online and see how much electricity that they used the day before, exactly the same as PG&E says (once they get the system working). Whoopie !, what good is that going to do ? How is that suppose to save energy ? It’s all sales and marketing hype !

    • Redi Kilowatt says:

      Maureen, I had to look up that article that you posted.
      There is not a whole lot of truth to it pertaining to what we have here in the United States, and just because Martin Pollack says that Seimens has the technology, doesn’t say that they are using it anywhere.
      To me , it’s more European BS that does not even apply to us here, but thanks for the funny article. It really did not say very much anyway, just more marketing hyperbole.

  3. Redi Kilowatt says:

    Correction, what I should have wrote was that I’m sure glad that we don’t use Siemens residential watt hour meters in PG&E. PG&E uses meters made by Landis+Gyr and GE, and uses the Silver Springs Networks for the mesh network that reports to the mobile phone networks that transmit to the revenue collection dept.
    I have been using Siemens products for decades here. Siemens is a large corporation from Germany that makes a myriad of electrical and electronic products.
    I have used their big motor starters, lighting contactors, many parts for traffic signal controllers and also the full gamut of electric meters and test equipment. They also make MV90 electric meters for commercial and industrial operations that are capable of performing many complex tasks. Supposedly Siemens was going to build a factory in Sacramento to build train cars.
    For people who are worried about privacy of electrical usage, you need to know this.
    Here is another excerpt from the sales brochure sent to me from PG&E, word for word.
    “How to track your energy use online.
    1) Go to http://www.pge.com/myaccount
    2) The first time, you will click on ‘Sign Up’
    3) Fill in the required information. You’ll need your PG&E account number and the primary phone number on your account.

    Once you’ve established your online account, you can ‘Login’ and access your gas and electric use right up to the previous day at http://www.pge.com/myaccount.

    Once you’ve logged in, click on ‘Usage’ on the left navigation bar.

    Select ‘Usage History’ to see your month-by-month energy use and compare your monthly bills.

    Select ‘Hourly/Daily Usage’ to:
    *review previous days usage data
    *Track your electric use hour-by-hour, or both your gas and electric use day-by-day
    *Compare your energy use month-by-month”
    Note that is not real time data, but the previous days, if one wants real time total usage data, the only way to do that is to take a minute and read your electric meterevery minute if you want to.
    Sooo, one needs to have a computer, monitor and internet connection to view the previous days usage, not real time data at all.
    If people are worried about privacy, then they should think twice about having your usage history being broadcast on the internet, I would imagine that what is sent on the internet from PG&E also contains the personal information like customers name , address, account and phone numbers. We all know that the information sent on the internet can be compromised, but if someone found out your total electrical usage for the previous day, it’s of no value to anyone except PG&E for tallying up your monthly bill. PG&E only bills once a month, not daily.

    • Jim says:

      “*Track your electric use hour-by-hour”

      So much for that 4 hour period you were told by some executive trying to softball figures for the upset crowd. And we still don’t know if it’s logged minute by minute but they only show you hour by hour via the web.

      And with some simple equipment someone could monitor the radio transmissions coming from your meter and if put in the right position in your town, a lot of meters by using the existing mesh network, or with a high gain antenna. Each data packet is identified by a meter number so it’s easy to tell who’s data it is once you connect the meter number (which is printed in plain view on the meter) to the address.

      It would also be possible to receive the Zigbee network “HAN” data from a distance with a high gain antenna, or just by driving by. If you can receive that signal from inside the house through the walls, it travels even further in open clear spaces.

      There’s also a thing called a “TEMPEST” attack (look it up on google), where they monitor the actual RF signals coming from the meter’s internal electronics. More sophisticated but possible, maybe used for high profile people, entertainment actors, politicians or government officials.

      Let’s do a little thinking here people, this is basic well known stuff.

      • Redi Kilowatt says:

        Hi Jim,
        Read the PG&E sales brochure, you can only check your usage from the previous day, hour by hour if you want to, but it is still yesterdays news.
        That won’t tell whether not one is home today, only yesterday.
        Also, many people put timers on lights in their home when they are out of the house to fool burglars into thinking someone is home. Those lights use electricity, and so do many appliances that are left plugged in, even when they are off. So the meter will still show electricity use every day. So if a hacker has your PG&E account number and your phone number, they can look up on the internet to see your previous day usage, hour by hour, so what ?

        • Jim says:

          Read what I said.

          The data came from somewhere for “yesterday”, when did that happen? Today?

          Radio Frequency transmission, you have no idea how many times a day the data is sent OVER THE AIR because only the people who program the meters know that, probably NOT the executives upstairs. And that can change any time they want.

          And just to repeat myself, you have no idea the resolution of the ACTUAL RF TRANSMITTED DATA THAT COMES FROM THE METERS, who cares what is shown on the web page, the power company could have minute by minute data coming in and only show you hourly, DID YOU READ MY POST AT ALL?

          You are starting to do this cause a disservice, please learn something about computer technology and small device programming before you spread incorrect information.

          I like you and I understand after many posts that you are some kind of electrical installer. OK fine, I get that. But that doesn’t mean you know what goes on inside a programmed device or how data processing systems work.

          Someone changing their daily habits could be a sign of them being gone on vacation. Using the meter data (via RF antenna) from many days, and I don’t have to be close by to get the data from the mesh, I can build daily habits and figure out when you have changed that. Things that most people don’t “simulate” with timers include the water heater (showers), TVs, computers and the microwave, electric stove or toaster oven, toaster, coffee pot, etc…

          From this data I could tell easily if you are home or not. This may be better than watching for your cars leaving and easier because you could profile 100’s maybe 1000’s of homes all at once with a computer program and some statistics software.

          • Redi Kilowatt says:

            Jim,
            I take the time to post what PG&E wrote in their brochure ‘word for word’ to help inform the readers on this site what is going on with PG&E’s SmartMeter program. I do not post this information to make you mad.
            If you think what PG&E writes is false information, then instead of personally attacking me, I suggest that you take up your beef with them (PG&E).
            Keep in mind that there are many energy monitoring and management systems and corporations that have been performing these services for decades. Look up Leviton, they are one of the many big ones. Usually, it is only large commercial and industrial operations that utilize these services. Marketing these services to residential customers is a brand new corporate venture that may or may not pan out.
            That’s the way it goes when corporations risk investing in new ventures.
            No doubt that the ZigBee/HomePlug alliance will offer these new residential services to customers as soon as they finish developing the HAN’s, but these monitoring services are expensive. Most customers probably will not use outside monitoring services, and probably can’t even afford the in home HAN monitoring systems.

  4. Redi Kilowatt says:

    The reason that the utility company has to wait 24 hours to tally up a customers total usage is because the data being sent to them is not real time data, it is sent once every 4 hours.
    Personally I would never go online to PG&E and request yesterdays usage, it is of no use to me, even if I did have a smart meter. Another thing is, if a customer gives PG&E their email address, they will get junk mail, like about signing up for the thermostat program, when I don’t even have an air conditioning unit.
    I am curious if the system is even working yet.
    If someone already has a new SmartMeter, and if that new meter is actually working (meaning that the meter is still not read by a meter reader or bills are estimated), could you please do a test and see what happens. Please report back and post so we all can see. If no one can do that, I would assume that the system is not working, or nobody is interested in yesterdays usage. So that is the big energy saving feature of the meters- what a joke !
    Thank you,
    RKw

    • Enoughisenough says:

      Bless you Redi-Kilowatt you are a naive soul. Brochures by nature are a dummied down sales tools for low informed consumers to present a company’s product or service in the best light in order to promote that product’s sales. PURE MARKETING and not a reliable source of information for deep technical matters such as these. Dig a little deeper please electric man. Do you not see where this will end up? YOUR electric company is fixing to charge you the consumer surcharges for premium use time slots in keeping with the global warming …he who controls the resources (ultimately the Feds) wins agenda. Excuse me but if Siemens Executive says they have minute by minute time stamps i believe him and you can bet his competition does aid well! You can also place a bet that our corrupt law officials will circumvent the constitution by using the technology sans warrant to gather pre-probable cause data as the other blogger pointed out. THINK YOU HAVE NOTHING TO HIDE DEAR FELLOW CITIZENS? That is not how totalitarianism works. We all become criminals for imagined or newly outlawed offenses. Will you be targeted, fined, jailed as an environmental terrorist because you over use electicity? Why give an increasingly abusive central athority the rope to gang us with? And yes your little local power company is tied to the central authority via DOE oversight and the bribes/grants they receive from said agency/so.

  5. Redi Kilowatt says:

    I have a question about what information a utility company can give out to a third party.
    I don’t have PG&E gas at my house, never did, in fact I don’t have any gas at this house.
    I heat my house by burning wood in a wood stove, and since this my only source of heat, I am exempt from the BAAQMD rules about burning on “spare the air days”.
    I know all my neighbors and communicate with them frequently, they know that I am exempt from burning restrictions. I ask everyone if my wood burning is a problem, and never have had one complaint in 31 years at this address.
    None of my neighbors will call the BAAQMD on me, and this a very low density, low traffic area, nobody just wanders up here sniffing for smoke.
    There has never been a complaint lodged against this address, but if there ever was, I will tell the BAAQMD that I am exempt.
    I could prove it by showing the “air czar” my PG&E bill that has the Rate Schedule
    “E1 TH Residential Service” at the top of the bill. The TH means no gas at this account address.
    I would never show my bill to anybody, I don’t have to.
    And any agency or private corporation needs a search warrant to look at anybody’s utility bills. I wonder if I requested, that PG&E could give out my Rate Schedule E1 TH information only, not any usage data, to the BAAQMD if I needed them to to prove that I am exempt from burning on spare the air days.
    Also, something to consider if you are worried about privacy, if one uses this useless feature of signing up with PG&E and viewing up to the previous days usage on the internet, you should be worried about your name, address, account number, phone number and total usage up to the previous day being transmitted on the internet.
    And if you store that data in your home computer, anyone could hack into it and get all that data that would not be there if you didn’t sign up for the program.
    Also, in the future, if the customer decides to purchase a Home Area Network (HAN) monitoring system , that information is for the individual customers “in home use only”, and is not transmitted to the utility over their radio networks. But this “in home” system is connected to your “in home computer and display”, and a hacker could access that information. That’s something to consider if one is concerned about privacy.

  6. Jim says:

    Here’s a YouTube video of some people who are using a “HAN” network “in home monitoring device”to view their power usage in REAL TIME.

    http://www.youtube.com/watch?v=7cS7QYACmug

    These are small devices with a small LCD display that can show you your total home power usage or dollar amount spent for real time power usage.

    They talk about how they can open their fridge door and look over and see the power usage go up. That’s real time usage information.

    The “HAN” network is built into “Smart” Meters. It broadcasts this real time information UNENCRYPTED via radio, and from OUTSIDE your home.

    Meaning it can be picked up easier from OUTSIDE than inside your house. The signal is stronger outside than it is inside!

    Anyone with a high gain antenna will be able to monitor your power usage and tell whether you are home or not, or get your daily patterns. Burglars?

    You don’t have to own a “in home monitoring device” for the HAN to broadcast your private power usage data to the neighborhood. It’s built in and ready to go! It could be broadcasting that data right now!

    The “HAN” also gives hackers another access point to try to hack your meter and possibly change it’s programing from a remote location. You will never know.

    Your “Smart” Meter is the next big ego challenge to hackers. Don’t be part of the problem!

    Call and refuse installation today! Use the example letters at the link on this site above to set up your written complaint so they will be on notice of all the bad things about these meters.

  7. Jim says:

    “Smart meters can track times of use for individual appliances in the home, for instance turning on an electric clothes dryer in the middle of the night, when power is cheap. Gilbert said that opens the door to law enforcement getting the data and more closely tracking what goes on in residents’ homes.

    “It is critically important that law enforcement not be able to obtain Vermonters’ smart meter data without a warrant,” Gilbert said, adding that customers whose usage data are being subpoenaed should be notified and given an opportunity to try to block the subpoena.”

    The Associated Press November 15, 2011 – Smart meters raise privacy, health concerns in Vt.
    http://www.businessweek.com/ap/financialnews/D9R18H083.htm

  8. cathy anderson says:

    This is my question. If the utility owns the wire, and the pole on the roof, and the meter, how can you ban them from access?
    These things come up when you start class action lawsuits.
    How do you find out the fine print of what they say about their right to access your meter to “update” it.
    And the FCC guidelines say a professional has to install it, but they’re not using professionals, and there are resulting fires which they won’t claim responsibility for. If it catches fire, it’s your fault. Email your homeowner’s insurance company so you have written proof that you notified them of the possible danger of this device, and see if they’ll even cover you for a fire caused by these smart meters. The more people notify their insurance company, the more alert they will become, because their job is NOT to pay your claim. And they’re so picky about everything else being inspected, I would think they wouldn’t insure them, which would help the case.

    • Enoughisenough says:

      IT’S THIS THING CALLED THE CONSTITUTION OF THE UNITED STATES OF AMERICA.
      Just because a company sells you a product or owns the transmit of said product does not give them the right to invade the privacy if an American Citizen with out due process or probable cause. Hello? We still have protection of our rights here Americans. Start demanding your precious rights as afforded to you under the document YOUR government agreed to govern by…the Constitution ant the Bill of Rights.

  9. M H says:

    So what restrictions are there on third parties collecting meter readings and using them or selling them? If a wireless network is used, then all that is needed to gather readings is a wireless receiver (and possibly some processing to decrypt/interpret the readings).
    http://hackaday.com/2012/04/09/harvesting-and-graphing-wireless-household-utility-meter-info/
    http://hackaday.com/2014/02/25/using-sdr-to-read-your-smart-meter/

    What, if any, restrictions are there on collecting readings, on using them for ones own purposes, or reselling them?
    Could law enforcement do such collection without a warrant?
    Could companies or private individuals harvest this information out of the air and sell it (bypassing restrictions on what the utility can do with the information)?

Leave a Reply to Jim Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.