by K.T. Weaver, for Take Back Your Power
This article presents a compelling argument on how granular data collection by so-called “smart” meters invades the privacy of consumers and, furthermore, how such privacy invasions are not justified in a democratic society.
The following is based on information documented as a part of a thorough and methodical review of smart meter privacy and security issues conducted in the timeframe from 2008 to 2011 in the Netherlands.
In 2009, the Dutch government backed off plans for a mandatory smart meter deployment plan after a majority of Parliament members were convinced that the forced installation of smart meters would violate the consumer’s right to privacy and would be in breach of the European Convention of Human Rights.
It was determined that granular data collection by smart meters would leak information about the habits and living patterns of consumers, and there was also a risk of such information falling into the hands of a third party for nefarious purposes.
What lessons can we learn from the people in the Netherlands? Read on to discover how thoroughly the smart meter privacy and security issues were reviewed and analyzed by the Dutch.
The development of Netherlands’ “smart” meter program
Legislation was initially submitted in 2008 that would have required compulsory installation of smart meters for each Dutch household to comply with the provisions of a 2006 Dutch energy efficiency directive.
The Dutch Consumers’ Association was not convinced that privacy concerns had been addressed with proposed legislation and commissioned a study to test whether the proposed smart metering legislation was in conformity with article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR).
For European countries, article 8 of the ECHR is the most important codification of the fundamental human right to privacy. This article states:
Everyone has the right to respect for his private and family life, his home and his correspondence.
There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
The Dutch study mentioned above was conducted by the University of Tilburg and published in October 2008. The report concluded that the proposed Dutch smart metering system was not proven to be necessary in a democratic society and would result in the following:
- Hourly and 15-minutes readings give away information about the consumer’s habits, such as when he or she leaves the house and when he or she returns. This information could be useful to burglars.
- The smart meter provides insights into a family’s living patterns and relationships “which can affect people’s freedom to do as they please in the confines of their homes.”
- There is a risk that information about a person’s energy use will fall into the hands of third parties such as the police or insurance companies.
Most importantly, the report concluded that the introduction of the smart meters, as planned, would violate article 8 of the ECHR.
Here is a selected quotation from the 39-page smart meter report prepared by Dutch legal scholars:
“The [‘smart’] meters record new types of personal data in a new way, making it possible – via a wall socket – to look ‘behind the front door’ with great precision.
As a result, grid managers and suppliers of gas and electricity will obtain information about such things as lifestyles, holidays and the types of electronic products present. Not only does this raise questions from a security perspective, but also from a perspective of the right to respect for one’s private life.”
Based upon the release the Dutch study and consumer pressure, the government announced in April 2009 that the “smart energy meter” would not be compulsory in the Netherlands.
Changes were made in the proposed legislation for smart meter implementation that enhanced its “privacy-friendliness” and cancelled the obligatory roll-out. Revised legislation explicitly granted end users the right to refuse a smart meter, without risking a fine or imprisonment. Besides declining a smart meter, consumers are offered a possibility to request the operator to “administratively shut down” the smart meter. This means that a grid operator will stop reading measuring data of an end user. A grid operator is legally obliged to honor this request. In addition, the collection of end-user metering data by the grid manager and energy suppliers is now explicitly tied to their legally prescribed tasks, such as billing by suppliers and network management by the grid operator.
The Netherlands Parliament was satisfied with the privacy improvement of making the smart meters voluntary and approved the revised legislation in February 2011.
The level of detail of “smart” meter data collection and the risks
What follows are selected excerpts from Chapter 12 of a book entitled, European Data Protection: Coming of Age, pertaining to the lessons learned from the Dutch smart meter program development:
“Smart metering data can offer sharp insights into our daily lives. The intensity of this vision ‘through the walls of our home’ becomes clear from several recent studies. Molina-Markham et al. indicate that it is possible to extract complex usage patterns from smart meter data: knowledge of an appliance’s power signature enables identifying individual appliance usage within the aggregate data of a smart meter. Future data mining will likely enable even more refined identification of appliances, such as particular brands or models. Quinn points out that the privacy issue is all the more important as smart meters enable real-time monitoring of energy consumption.”
“[T]he more detailed smart meters readings are, the more privacy-sensitive the data become. Real-time readings in intervals of minutes can reveal many details of home life and paint a disturbingly clear picture of people’s behaviour and preferences. Quarter-hourly or hourly measurements also reveal a rather privacy sensitive picture, showing behaviour patterns and perhaps some insight in the type of household appliances used. While daily readings are less privacy-sensitive, they are still relevant from a privacy perspective, as they reveal patterns of being at home or away from home, and the number of people at home on a specific day. Here, privacy risks go hand-in-hand with security risks, threatening the inviolability of the home, as would-be burglars could determine on the basis of smart meter data when residents are away from home, and even whether or not they have an electronic security system. More in general, security risks of smart metering systems emerge from automated two-way communication relationships with heterogeneous partners, requiring strong authentication and authorisation mechanisms to secure the transfer of smart meter data.”
“The lesson here is that smart meters in today’s homes not only measure the amount of energy consumption, but also have great potential to reveal what people do when, within the sanctity of their home. The more detailed the readings, the more privacy sensitive the data become. This is a major factor to take into account when deciding which measurements have to be transferred from smart meters to network operators and energy suppliers. Privacy-sensitive data – such as quarter-hourly or hourly readings but also daily readings – should probably be processed only within the house itself (e.g., in an in-home display that enables consumers to monitor their energy consumption in real time). If detailed measurements are necessary to transfer outside of the home, a very high level of information security must be provided, and compelling reasons must be provided to do so in light of [article 8 of the] ECHR’s requirement of ‘necessity in a democratic society’.”
“More in particular, the Dutch case shows that privacy is not to be underestimated. The failure of doing an ex ante privacy impact assessment backfired, as the proposed laws required mandatory installation in every household of smart meters that would send quarter-hourly/hourly measurements to network operators and daily measurements to energy suppliers. This level of detail creates privacy-sensitive data, and the necessity of smart meters infringing people’s privacy in this way had not been substantiated by the government.”
The Dutch report concluded that the initial plan for “detailed metering data and compulsory use [of smart meters] provide[d] insufficient substantiation as to why these steps would be necessary in a democratic society. It is not clear whether it would actually foster energy savings – the primary purpose of the Directive. … It could be equally or more effective if consumers consult their real-time energy use on a display in the house itself, without meter readings having to leave the privacy of the home. In as far as the smart meter was intended to increase efficiency, this aim could be achieved by the proposal, but this is not a pressing social need. There are alternatives that entail less invasive infringements of privacy, again meters with in-home displays can be mentioned, as well as the use of statistical and anonymised data, which might also effectively serve the intended aims. These alternatives had not been sufficiently researched, meaning that the compulsory introduction of smart meters did not meet the requirements of subsidiarity and proportionality. … Insufficient consideration had been given to the fact that the smart meter is a measure that constitutes a significant breach of the right to inviolability of the home and the right to respect for family life. To justify such a breach, much more substantiation with convincing arguments and empirical data was required. In the absence thereof, so the report concluded, the proposal in its current form would therefore have to be rejected.”
“We would like to end with two concerns that remain even if legislators adopt smart legislation about smart meters. One is the role of consent. If countries opt for a voluntary roll-out of smart meters, are consumers sufficiently informed about what a smart meter entails? In the Dutch case, they can choose not only between keeping their ‘dumb’ meter and accepting a smart meter, but also, if they accept a smart meter, they can opt for administratively shutting off the detailed readings by the network operator or, at the other end of the privacy spectrum, give consent to forwarding detailed readings to energy suppliers or third parties. Whether consumers can make informed decisions about this depends greatly on the information provided to them by the network operator that asks them to have a smart meter installed, and on the way this information is provided. … [A]verage consumers will not be aware of the privacy impact of smart meter measurements; few will realise – if they are not informed explicitly of this – that daily readings offer insight into when they are away from home, and hardly anyone will be aware of the technical possibilities of deriving life patterns and appliance use from more detailed readings. In short, an important element of a privacy-compliant roll-out of smart meters will be to make sure that consumers are adequately informed of the implications of smart meters.”
“Our second concern is a more general one. The house is rapidly losing its character as privacy’s fortress, with directional microphones recording in-house conversations, cameras seeing through walls, thermal imagers detecting heat emissions, household appliances incorporated in the Internet of Things, the home computer permanently connected to the Internet, and private information such as personal texts, photos, books and music no longer stored in desks or on shelves but instead in the cloud. Smart meters are yet another addition to this increasing transparency of the home. This requires careful consideration of the cumulative effect of the various developments that allow insight into how people live, in the one place where people most of all must feel free to do what they like. If our home will no longer be our castle, the house may be energy-efficient but it will be a cold place to live.”
Current “smart” meter policy in the Netherlands
The current customer options for the Dutch people as outlined in an official government document pertaining to the smart meter program, dated March 2014, are as follows:
“Residential and small business customers in the Netherlands are not obliged to accept a smart meter.
Customers who object to the installation of the smart meter can either have the communication of the smart meter deactivated, or even refuse the installation of the smart meter.
If the meter is administratively deactivated, the smart meter will actually function like a traditional meter. In case of refusal, the old electricity meter (and gas meter) will remain in place, and the meter reading will not be done remotely.
In case of acceptance, the consumer will have the choice to have the smart meter read remotely at all times or in specific situations (for the annual bill and bi-monthly home energy reports, in case of switching supplier or when moving house).”
The factual and objective information contained in this article is not likely something you will hear from your utility company as it tries to “sell you” on the purported benefits of smart meters and not mentioning any of the demonstrated risks.
This article not only shows how smart meters can violate your privacy rights but also why such privacy invasions cannot be justified in a democratic society.
Ask yourself. Isn’t everything you’ve just read on smart meter issues applicable to the United States (and many other countries) as it was applicable for the Netherlands? In the United States, don’t we still have something called the Fourth Amendment? Are we still a democratic society? Are we transitioning to an “Orwellian,” authoritarian state?
If you haven’t already, please join us in the fight against the forced installation of smart meters and to preserve our rights as a free people.
European Data Protection: Coming of Age, Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (Eds.), 440 p., ISBN 978-94-007-5170-5, Springer Netherlands, 2013. Selected quotations for this article are from Chapter 12, “Smart Metering and Privacy in Europe: Lessons from the Dutch Case,” by Colette Cuijpers, and Bert-Jaap Koops.
About the Author
K.T. Weaver is a health physicist who was employed in the nuclear division of a leading electric utility for over 25 years. He served in various positions, including Station Health Physicist, Senior Health Physicist, corporate Health Physics Supervisor, and corporate Senior Technical Expert for Radiobiological Effects. K.T. has earned a B.S. in Engineering Physics and an M.S. in Nuclear Engineering with a specialty in radiation protection. He also operates the “SkyVision Solutions” website at www.skyvisionsolutions.org.