Wednesday, April 4, 2012

Smart Grid Privacy for Real

I find I like reading stuff by Jeff St. John at Greentech Media, because he covers all the bases. Almost a month ago he did a piece around San Diego Gas & Electric (SDG&E)'s use of the Ontario's "Privacy by Design" principles to ensure proper protections for their customers, and hopefully, in-so-doing, meet the requirements of the California PUC's privacy rules for the big 3 Investor Owned Utilities (IOUs).

I'll give him a little grief for this section:
... customers ... are worried that their smart meters will allow hackers, data thieves or other nefarious parties to know when they’re home and when they’re away, or to piece together other personal information. Sure, people tend to give away lots more personal information when they’re surfing the internet -- but they do so by choice, whereas smart meters are being installed on their homes without their direct permission. 
IMHO the additional behavioral information that can be gleaned from Smart Meters is incremental, not a game changing tidal wave of previously unknowable, super personal dirty laundry. And though no one, including the government, is making people: buy computers and smart phones, and no one is forcing them to use the web to buy things, consume entertainment, stay in touch with loved ones, get educated, find new friends, share secrets, do their banking, and even adjust their electrical plans, it would take an army to take that all away from folks now.

Survey after survey says they demand more self service, more flexibility and more options from their service providers. Smart Meters will eventually enable all of that and then some, so for me saying their having the meters forced on them is a bit of a rhetorical red herring. Like saying ATMs were forced on people. You want them gone too cause you weren't asked up front?

But I began by saying I generally like Jeff's stuff and this article is no exception. He handles citations from Ontario's Privacy Commissioner, Ann Cavoukian, with aplomb. I particularly like this one:
... the real threat utilities should be worried about is the dreaded privacy breach, Cavoukian said. Measured against the public relations and political ramifications for the smart grid of the possibility of a major loss or theft of customer data, “utilities shouldn’t be asking how much money it costs -- they should be asking how much money it will save,” to invest in privacy protection upfront, she said.
I won't throw numbers at you here, but suffice it to say that when you read about the weekly exposure of personal account information from successful cyber breaches of banks, retails, credit card companies, etc., one thing the public isn't exposed to are the amazing (and amazingly expensive) gyrations those companies go through to try and make things right. Picture boatloads of attorneys. Picture the mass combustion of 55 gallons drums worth of midnight oil. In other words, Cavoukian's got a point.

This is an interesting international collaboration between a Canadian province and an entity regulated by a US state. One thing they have in common is that both are very forward leaning in a number of ways, not the least of which is in their enthusiasm for modernizing the grid and grid systems. It's good to see that both acknowledge the responsibility to their citizens that comes with that.

And by the way, the other 2 California IOUs, Southern California Edison (SCE) and Pacific Gas & Electric (PG&E) are moving out on privacy and protection of customer data as well.

I'll leave it at that for now. Best thing you can do is read St. John's article yourself which you can do by clicking HERE. And be careful about what you put on Facebook ...