Privacy in the Smart Grid: An Information Flow Analysis
Author(s): Deirdre K. Mulligan
Smart meters, smart devices, and gateways allowing automated control of in-home devices are linchpins in an ambitious vision of creating a Smart Grid that will increase efficiency, improve grid resilience and reliability, and reduce peak demand. The collection, retention, and use of detailed usage data, however, put individual privacy at risk. Utilities, commercial third parties, law enforcement agents, parties in civil litigation, and criminals can discern from usage patterns whether a home is occupied and, to some extent, what is occurring inside.
The two-way communication channel also supports remote control of appliances to manage load. The ability to remotely control in-home electricity use through controlling devices within the home raises new security and privacy issues.
The Smart Grid is developing rapidly. Smart Grid systems are generating, collecting, and processing information that is far more voluminous and revealing than traditional meter data. Decisions about how best to address the emerging privacy issues – whether through technical design, best practices, or regulation – lag behind development of the system infrastructure.
This report documents the Smart Grid information flows and considers the laws and agencies that protect, or could protect, privacy in this new technological landscape. Legal sources of privacy protection are highly varied, ranging from state public utilities commissions to the Federal Trade Commission. The extent and level of privacy protection depends critically upon the route information takes from source to destination. Though state utilities regulators have traditionally played a strong role in protecting customer privacy, like other regulators, their jurisdiction is limited. Changes in the architecture of the energy grid that create new data flows and empower new players to handle data threaten to render some privacy provisions obsolete and others ineffective. Given the proliferation of data, industry players, and usage models, new laws and privacy-protecting technical designs are necessary to afford privacy, comparable to that enjoyed today, to users of tomorrow’s energy network. Considering privacy upfront, rather than after technologies are deployed, will help build privacy protections into the Smart Grid while supporting other energy policy goals.
Keywords: Smart Grid, privacy protection