(O'RLY) http://voices.washingtonpost.com/securityfix/2009/11/experts_smart_grid_pose... Experts: Smart grid poses privacy risks Technologists already are worried about the security implications of linking nearly all elements of the U.S. power grid to the public Internet. Now, privacy experts are warning that the so-called "smart grid" efforts could usher in a new class of concerns, as utilities begin collecting more granular data about consumers' daily power consumption. "The modernization of the grid will increase the level of personal information detail available as well as the instances of collection, use and disclosure of personal information," warns a report (PDF) jointly released Tuesday by the Ontario Information and Privacy Commissioner and the Future of Privacy Forum (FPF), a think tank made up of chief privacy officers, advocates and academics. Smart grid technology -- including new "smart meters" being attached to businesses and homes -- is designed in part to provide consumers with real-time feedback on power consumption patterns and levels. But as these systems begin to come online, it remains unclear how utilities and partner companies will mine, share and use that new wealth of information, experts warn. "Instead of measuring energy use at the end of each billing period, smart meters will provide this information at much shorter intervals," the report notes. "Even if electricity use is not recorded minute by minute, or at the appliance level, information may be gleaned from ongoing monitoring of electricity consumption such as the approximate number of occupants, when they are present, as well as when they are awake or asleep. For many, this will resonate as a 'sanctity of the home' issue, where such intimate details of daily life should not be accessible." According to the study, examples of information that utilities and partner companies might be able to glean from more granular power consumption data include whether and how often exercise equipment is used; whether a house has an alarm system and how often it is activated; when occupants usually shower, and how often they wash their clothes. Other privacy risks could result from the combination of information from two separate users of the smart grid: For example, roaming smart grid devices, such as electric vehicles recharging at a friend's or acquaintance's house, could create or reveal additional personal information. At a recent smart grid conference in Madrid, FPF co-chair Jules Polonetsky showed how researchers have already mapped unique load patterns of different equipment, showing that for instance washing machines pull power in different ways than other devices (graphic below courtesy FPF). SMloadsigs.JPG In an interview with Security Fix, Polonestsky said some utilities have adopted the stance that existing regulations already prevent them from sharing customer data without prior authorization. But he noted that as power companies transition to the smart grid, those utilities are going to be collecting -- and potentially retaining -- orders of magnitude more data on their customers than ever before. "Relatively speaking, [utilities] aren't big marketing companies with big back end databases ready to handle the tidal wave of data that's coming," he said. "But we're a little worried that without some serious planning now, there's going to be quite a challenge in a couple of years when people start realizing that maybe should think about developing some solid data retention policies that address what's going to be done with all of this data." Indeed, the report found that "comprehensive and consistent definitions of personally identifiable information do not generally exist in the utility industry. Privacy concerns arise when there is a possibility of discovering personal information, such as the personal habits, behaviors and lifestyles of individuals inside dwellings, and to use this information for secondary purposes, other than for the provision of electricity." Ontario is on track to have a smart meter installed at every home and business by the end of 2010. More than 8 million smart meters are used in the United States today, and more than 50 million more could be installed in at least two dozen states over the next five years, according to the Edison Foundation's Institute for Electric Efficiency. The report echoes some of the same concerns raised in a recent report (PDF) drafted by the National Institute of Standards and Technology, which warned that "distributed energy resources and smart meters will reveal information about residential consumers and activities within the house," A NIST panel tasked with examining the cyber security aspects of the smart grid found "a lack of formal privacy policies, standards or procedures about information gathered and collected by entities involved in the smart grid," and that comprehensive and consistent definitions of personally identifiable information do not generally exist in the utility industry. Update, 3:30 p.m. ET: Added graphic and comment from FPF co-chair.