User Data Ownership & Strong Security Demanded for Smart Home Metering

Today marks the launch of a report containing key policy proposals for any UK deployment of smart energy metering.The title is evocative: “Power to the People! Smarter Metering and the Power to Choose”. This 52-page detailed report...

Share


Today marks the launch of a report containing key policy proposals for any UK deployment of smart energy metering.

The title is evocative: “Power to the People! Smarter Metering and the Power to Choose”.

This 52-page detailed report stresses the criticality of user control, including ownership of data collected relating to their households, and there's strong and detailed emphasis on the security and resilience measures that need to accompany any smart metering roll-out in the UK. It's one of a series of policy oriented technologically grounded reports.

But first some context

Smart energy metering in the home is likely to be the first manifestation for many people of the Internet of Things - smart Internet-linked sensors collecting information and making increasingly autonomous decisions on our behalf.

With continually rising energy costs home consumers naturally want to take more control over their consumption to get a better deal, but they're also seriously frightened of being exploited by their energy suppliers and associated third parties.

Smart meters connected by smart plugs to devices such as kettles, fridges, or televisions, continually monitoring and reporting their power consumption, will undoubtedly help consumers identify how much power they use and where and when to save costs. They could equally be used by energy suppliers to slap on extra tariffs when, for example, boiling a kettle during the break in a peak TV programme. Moreover, fears abound that lifestyle data could be potentially passed to third parties such as insurance companies or even collected by criminals.

So smart energy metering has to demonstrably help the consumer, and with no catches if it's not to rebound socially, economically or politically due to over-hasty or clumsy implementation.


Smart Policy

Therefore there's a strong need for a clear user-oriented policy and clear guidelines for suppliers based on solid technological foundations, especially on user control of their personal data and on effective security design and build in from the outset.

And that's just what the UK technology ginger group - the Conservative Technology Forum - has launched today following widespread consultation.

For me this report is a key starting point for any policy anywhere related to the roll-out of Internet of Things style applications. It's about getting the infrastructure and expectations right from the very beginning with government having an enforcing role for the protection of citizens.  As such it's a strong reference for any smart sensor-based implementation policy.


Smart as a political issue

The report is a unifying one, stressing the the need for policy co-ordination in this area across all relevant government departments.

In the UK technology is a less than neutral political issue. It's rarely a party-political issue. It's generally simply glossed over or ignored! Many politicians are profoundly disinterested, some are even proud of their disinterest, and overt technology awareness is not a path to political advancement.

Against that backdrop, if any technology-grounded Internet of Things related deployment policy has a chance of making it into formal government policy it's this one. It's an active report - being fed to sympathetic ears among those currently holding the levers of power. And that's why this report is essential reading - it has a chance of being acted upon.

Smart deployment: the imperatives

The starting point is that smart meters are not an end in themselves.

The report states that smart meter deployment must clearly demonstrate benefits to consumers, especially the disadvantaged, vulnerable and those on low income. It must also be easy to use, and must enable user control over the information collected.

Government must also actively support inter-operability standards:the report urges that “standards must not be underestimated as these are the key to the successful roll-out of smart meters”. And importantly, sensor devices and associated data and communications networks must be effectively secured and encrypted for resilience as well as privacy and tamper resistance.


Ensuring Power for the Consumer

Among the key consumer-related points made include:

  • Smart appliances must be interoperable and interchangeable so that consumers are not locked into purchasing equipment from the supplier that installed their smart metering system
  • Data between the consumer and the provider must be traceable and normally be anonymised when passed into the supply chain. Any exceptions (e.g. to enable those with power of attorney manage the energy supplies of the most vulnerable) must be explicitly ring fenced.
  • The only assurable means of anonymising data such that it cannot subsequently be de-anonymised by mining and correlation, is to aggregate data from multiple similar consumers and average across the aggregate. It needs to be recognised that this also limits the ability to analyse data for predictive purposes.
  • The customer must own the information about themselves and their consumption while giving consent for it to be used for the purposes of serving their contracted needs. That consent needs to be explicit and linked to incentives.

Ensuring Security and Threat Mitigation from the start

The report also has a comprehensive and powerful section on security and a strong appendix on a wide variety of security threats. Again, this report is a model for the security basis for any smart sensor implementation policy.

Among the issues it stresses:

  • End-to-end smart metering has to be considered and managed as part of the Critical National Infrastructure.
  • It is “imperative” that security must be embedded into the design process for smart meters and their communications systems from the outset.
  • Meter installers should share common network infrastructures
  • Meters must support Quality of Service protocols as well as cryptography and platform integrity assurance.
  • Meters must fall back to “dumb” operation in the absence of data network connectivity - network compromise must never deny provision of metered commodity records.
  • Encryption must be used for all communications across the Grid
  • Smart meters need to be secure, reliable, meet data privacy commitments, remain easy to use by consumers and be fit for purpose.


The Need for Clear Policy for Internet of Things Deployment

This report deserves widespread study and discussion on an international scale as it is a working document and the first step in the UK at drawing up a common, cross government, underlying policy basis for an Internet of Things environment, which will eventually involve billions of smart sensors everywhere..

There is a strong need for such a robust policy from the outside to safeguard the consumer and to stop any gravy trains getting underway in this area. And with good reason. When it comes to government related activities the rapacity of suppliers has sometimes beggared belief (see, for example, the hard-hitting 2011 UK Parliamentary Public Administration Select Committee report: "Government and IT - a Recipe for Rip-offs. Time for a new approach”.


Hope for a Consumer Led Future?

Finally, energy suppliers are doubtless looking to supply smart meters free of charge in return for data and subtle forms of lock in. I cannot imagine they would naturally want to make it easy for consumers to constantly change supplier according to dynamically changing tariffs and special offers.

It strikes me that these policy guidelines do not preclude smart meters being developed by non-aligned third parties, or even in the future via the fast growing open hardware/software community.

It even strikes me that we could eventually even achieve the consumer Nirvana of being able to continually secure best deals not just from one primary supplier but being able to change that primary supplier whenever and as often as we want, while at the same time retaining ownership and being adequately rewarded for use of their personal data. Or is this a pipe-dream too far?

Find your next job with computerworld UK jobs