Feeds

UK.gov: Firms can't fondle your smart meter privates...

...Unless you want them to

Application security programs and practises

Third-party companies will not be able to access data recorded in consumers' smart meters unless consumers choose to let them see it, the Government has said.

The Department of Energy and Climate Change (DECC) said consumers should be able to control who accesses their smart meter consumption data other than in select circumstances. It said consumers could share the information with "switching sites" or "energy services companies" in order to obtain better tariffs.

"Consumers should be able easily to access their own smart metering energy consumption data, and share it with third parties, should they choose to," DECC said in its consultation (97-page/582KB PDF) on data access and privacy for its smart meter implementation programme. "This will enable consumers to use their data to reduce energy consumption and save money on bills."

"Research highlights that consumers are increasingly aware that their personal data has a commercial value, that they want to have control over such data, and that they would consider sharing their data if it is clear that they will derive benefit from this," it said.

Safeguards will be put in place to verify the identity of the person where permission has been given to third parties to access the consumption data from the Data and Communications Company (DCC). The DCC is to be established to provide communication services to and from smart meters.

"Where consumers give third parties permission to access their energy consumption data remotely via the Data and Communications Company (DCC), the Government proposes that arrangements should be put in place to protect consumers," DECC said. "In particular, the Government is proposing to use the Smart Energy Code to ensure that third parties take steps to verify that the request for third party services has come from the individual living in the premises in question; properly obtain consent from consumers to access their data; and provide annual reminders to consumers about the data that is being collected."

Under the DECC plans energy suppliers will be able to access monthly energy consumption data in order to bill customers or in order to fulfil "any statutory requirement or licence obligation" without having to ask customers' permission. The suppliers will also have access to daily energy consumption data "for any purpose except marketing" but there must be a "clear opportunity" for consumers to opt-out of that collection, it said.

Smart metering technology is due to be installed across the UK from 2014 with every UK household expected to have the technology by 2019. DECC has estimated that the programme, which will involve replacing around 53 million existing gas and electricity meters, will cost approximately £11.7 billion.

Smart metering enables a two-way flow of information that can deliver real-time information about energy consumption and demand for energy to suppliers and network operators. The Government has said smart metering will help to slash unnecessary energy use, reduce emissions and cut consumers' energy bills.

DECC said that suppliers would generally not be allowed to access customers' "half-hourly energy consumption data, or to use energy consumption data for marketing purposes" without obtaining those individuals' "explicit (opt-in) consent"

"There would be some exceptions to this basic framework, for example to allow half-hourly energy consumption data to be used for the purposes of approved trials, provided that the consumer had the opportunity to opt out of the trial," it said.

The DECC has in principle agreed that energy distribution network operators can have access to half-hourly energy consumption data so that those operators can develop and maintain "efficient, co-ordinated and economical systems for the distribution of electricity and gas". However, the plans are subject to the approval of proposals the operators are due to draft over how this data could be "aggregated" in order to prevent individual household data from be identified.

"Before giving such access to network operators, the Government is proposing that they should be required to develop and submit for approval plans detailing how privacy concerns would be addressed and what the data would be used for," DECC said. "The Government is seeking views on what the arrangements should be in circumstances where network operators have not submitted such plans or they have not been approved. One option would be to apply the same basic framework for access to data as applies to suppliers, although the Government recognises that there may be important practical issues with this approach that would need further consideration."

There have been concerns that smart meter data can reveal intrusive details about individuals' lives.

Energy law expert Chris Martin of Pinsent Masons, the law firm behind Out-Law.com, previously said that data collected through smart metering was very granular in nature. He said putting “technical security measures” in place to prevent smart meter data being inappropriately accessed is vital to the successful operation of the technology.

"The data can reveal much about a household, such as the make and model of their TV, the times during which a house is occupied and the number of people staying in a household," Martin said. "This information is useful to energy suppliers but it is also potentially valuable to a whole host of other organisations too."

"Robust technical security measures will need to be in place, not only within the smart metering system, but also on the systems and networks of any third parties who are given the right to access and use smart metering data," he said. "Any specific smart metering privacy and data security requirements implemented by law or regulation in the UK will sit alongside the existing data protection and privacy laws that are administered by the UK Information Commissioner. These laws will apply to the collection and use of data, including personal data, using smart meters."

Ross Anderson, professor in security engineering at the University of Cambridge Computer Laboratory, previously told Out-Law.com that the Government's smart meter plans were "set to become another public sector IT disaster".

Build a business case: developing custom apps

Next page: Hack attack threat

More from The Register

next story
Asteroid's DINO KILLING SPREE just bad luck – boffins
Sauricide WASN'T inevitable, reckon scientists
BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
We have found the Holy Grail (of batteries) - boffins
The Sun took a day off last week and made NO sunspots
Someone needs to get that lazy star cooking again before things get cold around here
Boffins discuss AI space program at hush-hush IARPA confab
IBM, MIT, plenty of others invited to fill Uncle Sam's spy toolchest, but where's Google?
Famous 'Dish' radio telescope to be emptied in budget crisis: CSIRO
Radio astronomy suffering to protect Square Kilometre Array
Bad back? Show some spine and stop popping paracetamol
Study finds common pain-killer doesn't reduce pain or shorten recovery
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.