[LINK] BT: 'Are meters too smart by half?'

[Roger.Clarke at xamax.com.au]

Are meters too smart by half?
GRAHAM REEKS
June 26, 2010 - 3:00AM
http://www.brisbanetimes.com.au/technology/are-meters-too-smart-by-half-20100625-z9ix.html

An electricity 'smart meter'.
Privacy campaigners have warned eco-conscious households to ensure their
intimate details are not being hacked into through electricity 'smart
meters'.

Australian power suppliers are installing hi-tech metering systems in
houses and businesses to measure and manage energy usage more efficiently.

But privacy experts fear a nasty side effect, with smart meters possibly
allowing unauthorised people to monitor - and possibly control - household
activities.

Under a "smart grid", energy systems would be digitally monitored, all the
way from power stations and dams, through the infrastructure to homes.

Digital devices would replace traditional analogue utility meters – the
type with dials and clocks that the man from the gas, electric or water
company reads to calculate bills.

Instead of taking readings every three months, wireless communication will
tell suppliers virtually instantly how much of their product is being used.

This week, Climate Change Minister Penny Wong announced Newcastle would be
the site of Australia's first commercial-scale smart grid.

"Smart Grids give households the ability to manage their own energy use,
as they give consumers information about how much energy they are using and
the costs at any time,” she said.

But Australian Privacy Foundation chairman Roger Clarke said the data was
recorded at such a fine level it had some worrying implications.

“The data that's being garnered is going to disclose a great deal of
information about that household and its behaviour, because their energy
usage betrays certain things about what we do and in a lot of cases –
importantly – when we do it, and even by implication how many of us there
might be in the house at any given time,” he said.

Writing in July 2009 for technology magazine CRN Australia, Australian IT
security expert Nigel Phair said: “[In] their rush to squeeze efficiencies
from power, water and gas grids, utilities, energy regulators, governments
and technology providers forgot the consumer.”

Mr Phair said that it was possible a hacker could shut down the power to a
person's home, or take details from the smart meter for their own use.

“Hackers will look for vulnerabilities in these devices and their
networks. Just like identity theft was spawned by 'dumpster diving' -
people searching through rubbish bins for bank statements - why not walk up
to a household electricity meter to discover its unique identifier then use
this information in the online environment for financial gain?” he said.

The Office of the Privacy Commissioner – Australia' national privacy
regulator – recognises the risks of smart meters.

An OPC spokesperson said smart meter technology could generate data about
the behaviours of people in their homes.

“Smart meter projects which involve the handling of personal information
would be regulated by the Privacy Act if the organisation implementing them
is covered by the Privacy Act,” the spokesperson said

The Commonwealth Privacy Act regulates the handling of personal
information and covers private sector organisations with an annual turnover
of over $3 million.

But Mr Clarke said the Act was an imperfect instrument for the issues
surrounding smart meters because it was designed in partnership with
industry associations to suit business interests.

“[The Act] essentially authorises all manner of private sector activities,
particularly the consumer marketing industry got open slather,” he said.

Mr Clarke and the OPC agree that organisations wishing to utilise smart
meters should undertake Privacy Impact Assessments.

Smart Grid Australia executive officer Paul Budde said their working group
“very actively” sought customer input in finding solutions.

But he said energy users had a responsibility to protect their details.

“Let's be honest we have plenty of technology to make this as safe as
humanly possible,” he said.

“The major concern regarding privacy in general is not the technology but
the way that users are so relaxed about it in the way they use their info,
passwords, etc.”