Greening of IT | June 01, 2009 |
Privacy Challenges Could Stall Smart Grid
President Barack Obama's plan to overhaul U.S. infrastructure includes constructing a nationwide “smart grid” that promises to help address many of our current energy challenges. The smart grid plan offers the hope that it “will save us money, protect our power sources from blackout or attack, and deliver clean, alternative forms of energy to every corner of our nation.”
While these are noble societal goals, smart grid technologies and systems as envisioned also raise concerns about individual privacy rights.
Part of what makes the smart grid "smart" is its ability to know a lot about the energy-consuming devices in our homes and to monitor activity for those devices to help determine when power should be used or limited. Such knowledge is useful in regulating power consumption to use energy more efficiently.
In addition to reaching into homes to regulate devices, information about usage and activities could be extracted from homes. Home energy consumption patterns could be gathered and analyzed on a room-by-room and device-by-device basis to determine which devices are used and at what time of day. Although this sort of information may not be considered terribly invasive for some, for others anything that violates the sanctity of "home" may cause tremendous concern.
Those not concerned by the tracking of mere energy usage may become more concerned as devices in our home become increasingly "smarter." One can easily envision a not too distant state of technology convergence where such devices could be used to track more sensitive information. For example, security technology already exists to monitor presence in homes to detect break-ins. Could that same technology be applied in a smart-grid environment to monitor when residents are home?
What else will smart appliances "tell" others about households? Will a smart refrigerator be able to determine and disclose the types and quantities of RFID-chipped food products and pharmaceuticals stored on shelves? Who will get this information? Will retailers be able to access this information and use it for marketing and services? Will law enforcement? Concerns such as these are already top of mind for academics and consumer privacy rights advocates as these technologies develop.
These privacy concerns in relation to the smart grid were heightened recently with the introduction of a federal cybersecurity bill earlier this year. The Cybersecurity Act aims to protect our nation's infrastructure, including our energy grid, from threats by malicious hackers, terrorists and foreign intelligence. Privacy advocates and some industry associations have expressed concern about a provision in the bill that would allow access to "relevant data" of private sector information systems and preempt all other laws.
This provision has been viewed as an attempt at an end run around legal processes afforded by the Electronic Communications Privacy Act (ECPA) and the Privacy Act of 1974 to allow greater government surveillance. In considering legislation and policies designed to protect the smart grid, these concerns about preserving current privacy protections will need to be balanced against the importance of national security.
Private entities will also need to take privacy into account as they develop smart appliances and smart grid systems and processes. Existing privacy laws will place restrictions on many of the types of monitoring and data collection activities envisioned. Section 5 of the Federal Trade Commission (FTC) Act requires companies to adhere to their privacy policies and to engage in fair privacy practices. The Computer Fraud and Abuse Act places restrictions on information obtained from devices through its prohibitions against unauthorized access to private computers and systems.
In addition to taking into account existing laws, companies that develop smart grid technology would be wise to anticipate consumer reaction to privacy impacting systems and features and the policies and laws that continue to develop in this area. Fair information practice principles such as those recommended by the FTC provide a good roadmap for developing practices and process that address emerging privacy concerns and laws. The main principles to consider will be in the areas of notice and choice.
Companies developing smart grid processes and devices should consider how to provide consumers notice about what information is collected from and about their homes and households, who is getting the information, and for what purposes the information will be used. Companies should also develop means to allow consumers to have choice and control over the information that gets collected and disclosed.
The nature of the smart grid requires ubiquitous deployment of monitoring technology in every home it touches. The impact of this is significant considering that privacy of the home is such an important value in our society that its protection is guaranteed in the U.S. Bill of Rights, "The right of the people to be secure in their … houses … shall not be violated." So while the benefits of a unified national smart grid system are very clear to most, as with any technology, the systems that provide these societal benefits and the policies that shape them should be designed to account for the privacy concerns of the individuals they serve.
About the Author Susan L. Lyon, of counsel in law firm Perkins Coie's Privacy & Security practice, has extensive experience representing multinational companies on privacy, data security, online safety and Internet laws.
Image courtesy Dave Pape via Wikimedia commons.