managing privacy in the smart grid jennifer m. urban assistant clinical professor of law director,...
TRANSCRIPT
Managing Privacy in the
Smart Grid
Jennifer M. Urban
Assistant Clinical Professor of Law
Director, Samuelson Law, Technology & Public Policy Clinic
UC Berkeley School of Law
Source: Lawrence Berkeley National Laboratory-Smart Grid Technical Advisory Project
Two Demand Response Models
Direct Load Control (PCTs)• Radio signal tells appliances to
– cycle– shut-off– change set-point on thermostat
Utility Residence
Residence UtilityAdvanced Metering Infrastructure (AMI)• Automated meters
• Advanced Meters and Smart Meters• Linked to management systems at the utility• No meter reader: wireless or powerline
• Smart Meters (and consumer devices)– “Interval Data” to sub-one-minute
– Home Area Network and Smart Appliances– Data on individual appliances– Sometimes gateway, sometimes direct communication– Who controls the HAN gateway and where is it placed?
Non-Intrusive Appliance Load Monitoring (NALM)
• NALM: fundamental tool for extrapolating activity
Interval Data• 3000 data points per month for 15-minute intervals – vs. 1 • Virtual biography of household activity in near real-time• Adding specific appliance data (e.g., smart dryers, PEVs)
adds even more detail
Lig
hts, sh
ow
er, tv
AC
, din
ner, lig
hts,
tvDaily Patterns Weekly Patterns
3 days a weekworking in LA
Rob Me
NowAssault
Me Now
New data flows• Granular energy usage data that can be very revealing of home life • Transmission in real-time or near real-time
-Wardriving?-Wiretapping?
• New relationship between utility and consumer• Data flowing to new players and systems
New data flows• Granular energy usage data that can be very revealing of home life • Transmission in real-time or near real-time
-Wardriving?-Wiretapping?
• New relationship between utility and consumer• Data flowing to new players and systems
New players and business models• 3rd parties – device manufacturers and service providers (TED, Google PowerMeter, Microsoft Hohm)• Monetization (advertising, etc.)• 3rd party access to information held by new parties
-Law enforcement-Private parties (subpoenas, business interests)
New players and business models• 3rd parties – device manufacturers and service providers (TED, Google PowerMeter, Microsoft Hohm)• Monetization (advertising, etc.)• 3rd party access to information held by new parties
-Law enforcement-Private parties (subpoenas, business interests)
New risks• Networks
-Many points of attack-Web-based access: security?
• “Smart” meters, with limited physical security• Sensor networks making inside visible/controllable remotely• Applicable regulation/legal protections unclear
New risks• Networks
-Many points of attack-Web-based access: security?
• “Smart” meters, with limited physical security• Sensor networks making inside visible/controllable remotely• Applicable regulation/legal protections unclear
Privacy implications
Managing Privacy Implications
• Baseline privacy standards should be drawn from Fair Information Practice principles
• All Smart Grid entities and practices should be covered: Third party access to and use of revealing usage data is of significant concern and should be carefully considered
• All Smart Grid entities and practices should be covered: Third party access to and use of revealing usage data is of significant concern and should be carefully considered
Fair Information Practices (FIPs)• Transparency• Individual Participation• Purpose Specification• Data Minimization• Use Limitation• Data Quality and Integrity• Security• Accountability and Auditing
Fair Information Practices (FIPs)• Transparency• Individual Participation• Purpose Specification• Data Minimization• Use Limitation• Data Quality and Integrity• Security• Accountability and Auditing
“Notice and Choice”
Insufficient
Key Additional Requirements
NIST work
References--Joint Comments of the Center for Democracy & Technology and the Electronic Frontier Foundation on Proposed
Policies and Findings Pertaining to the Smart Grid, Before the Public Utilities Commission of the State of California, Rulemaking 08-12-009, filed Mar. 9, 2010, http://www.law.berkeley.edu/7973.htm
--Comments of the Center for Democracy & Technology, on Draft NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security and Requirements, National Institute of Standards and Technology, Dec. 1, 2009 http://www.cdt.org/content/cdt-comments-nist-smart-grid
--Comments of the Center for Democracy & Technology, In the Matter of Smart Grid Technology, Federal Communications Commission, Oct. 2, 2009. http://www.futureofprivacy.org/smart-grid-privacy/
--Ohm, P., Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, University of Colorado Law Legal Studies Research Paper No. 09-12, Aug. 13, 2009. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006
--Quinn, E., Privacy and the New Energy Infrastructure, Feb. 15, 2009. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1370731
--Goldman, C. and Levy, R., Slide Presentation: NARUC Webinar #2. Engaging the Customer. Dec. 16 2009.Lerner, J. I., Mulligan, D. K.,”Taking the 'Long View' on the Fourth Amendment: Stored Records and the Sanctity of
the Home,” Stanford Technology Law Review (STLR), Vol. 3, 2008. http://ssrn.com/abstract=1099121P.A. Subrahmanyam, D. K. Mulligan, D. Wagner, U. Shankar, E. Jones, J. Lerner. "Network Security Architecture
for Demand Response/Sensor Networks". Technical report, On behalf of California Energy Commission, Public Interest Energy Research Group, January, 2005. http://groups.ischool.berkeley.edu/samuelsonclinic/files/demand_response_CEC.pdf