Feeds

UK.gov: Firms can't fondle your smart meter privates...

...Unless you want them to

Top three mobile application threats

Third-party companies will not be able to access data recorded in consumers' smart meters unless consumers choose to let them see it, the Government has said.

The Department of Energy and Climate Change (DECC) said consumers should be able to control who accesses their smart meter consumption data other than in select circumstances. It said consumers could share the information with "switching sites" or "energy services companies" in order to obtain better tariffs.

"Consumers should be able easily to access their own smart metering energy consumption data, and share it with third parties, should they choose to," DECC said in its consultation (97-page/582KB PDF) on data access and privacy for its smart meter implementation programme. "This will enable consumers to use their data to reduce energy consumption and save money on bills."

"Research highlights that consumers are increasingly aware that their personal data has a commercial value, that they want to have control over such data, and that they would consider sharing their data if it is clear that they will derive benefit from this," it said.

Safeguards will be put in place to verify the identity of the person where permission has been given to third parties to access the consumption data from the Data and Communications Company (DCC). The DCC is to be established to provide communication services to and from smart meters.

"Where consumers give third parties permission to access their energy consumption data remotely via the Data and Communications Company (DCC), the Government proposes that arrangements should be put in place to protect consumers," DECC said. "In particular, the Government is proposing to use the Smart Energy Code to ensure that third parties take steps to verify that the request for third party services has come from the individual living in the premises in question; properly obtain consent from consumers to access their data; and provide annual reminders to consumers about the data that is being collected."

Under the DECC plans energy suppliers will be able to access monthly energy consumption data in order to bill customers or in order to fulfil "any statutory requirement or licence obligation" without having to ask customers' permission. The suppliers will also have access to daily energy consumption data "for any purpose except marketing" but there must be a "clear opportunity" for consumers to opt-out of that collection, it said.

Smart metering technology is due to be installed across the UK from 2014 with every UK household expected to have the technology by 2019. DECC has estimated that the programme, which will involve replacing around 53 million existing gas and electricity meters, will cost approximately £11.7 billion.

Smart metering enables a two-way flow of information that can deliver real-time information about energy consumption and demand for energy to suppliers and network operators. The Government has said smart metering will help to slash unnecessary energy use, reduce emissions and cut consumers' energy bills.

DECC said that suppliers would generally not be allowed to access customers' "half-hourly energy consumption data, or to use energy consumption data for marketing purposes" without obtaining those individuals' "explicit (opt-in) consent"

"There would be some exceptions to this basic framework, for example to allow half-hourly energy consumption data to be used for the purposes of approved trials, provided that the consumer had the opportunity to opt out of the trial," it said.

The DECC has in principle agreed that energy distribution network operators can have access to half-hourly energy consumption data so that those operators can develop and maintain "efficient, co-ordinated and economical systems for the distribution of electricity and gas". However, the plans are subject to the approval of proposals the operators are due to draft over how this data could be "aggregated" in order to prevent individual household data from be identified.

"Before giving such access to network operators, the Government is proposing that they should be required to develop and submit for approval plans detailing how privacy concerns would be addressed and what the data would be used for," DECC said. "The Government is seeking views on what the arrangements should be in circumstances where network operators have not submitted such plans or they have not been approved. One option would be to apply the same basic framework for access to data as applies to suppliers, although the Government recognises that there may be important practical issues with this approach that would need further consideration."

There have been concerns that smart meter data can reveal intrusive details about individuals' lives.

Energy law expert Chris Martin of Pinsent Masons, the law firm behind Out-Law.com, previously said that data collected through smart metering was very granular in nature. He said putting “technical security measures” in place to prevent smart meter data being inappropriately accessed is vital to the successful operation of the technology.

"The data can reveal much about a household, such as the make and model of their TV, the times during which a house is occupied and the number of people staying in a household," Martin said. "This information is useful to energy suppliers but it is also potentially valuable to a whole host of other organisations too."

"Robust technical security measures will need to be in place, not only within the smart metering system, but also on the systems and networks of any third parties who are given the right to access and use smart metering data," he said. "Any specific smart metering privacy and data security requirements implemented by law or regulation in the UK will sit alongside the existing data protection and privacy laws that are administered by the UK Information Commissioner. These laws will apply to the collection and use of data, including personal data, using smart meters."

Ross Anderson, professor in security engineering at the University of Cambridge Computer Laboratory, previously told Out-Law.com that the Government's smart meter plans were "set to become another public sector IT disaster".

3 Big data security analytics techniques

Next page: Hack attack threat

More from The Register

next story
KILLER SPONGES menacing California coastline
Surfers are safe, crustaceans less so
Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
Power levels up 70 per cent as the rover keeps on truckin'
Liftoff! SpaceX Falcon 9 lifts Dragon on third resupply mission to ISS
SpaceX snaps smartly into one-second launch window
KILLER ROBOTS, DNA TAMPERING and PEEPING CYBORGS: the future looks bright!
Americans optimistic about technology despite being afraid of EVERYTHING
R.I.P. LADEE: Probe smashes into lunar surface at 3,600mph
Swan dive signs off successful science mission
Discovery time for 200m WONDER MATERIALS shaved from 4 MILLENNIA... to 4 years
Alloy, Alloy: Boffins in speed-classification breakthrough
Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
Helium seeps from Falcon 9 first stage, delays new legs for NASA robonaut
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.