Kaveh Cope-Lahooti & Abhay Soorya
Background
Smart meters, which involve energy suppliers deploying devices that allow both customers and providers to monitor consumption and usage trends, are a core component of the move towards ‘Smart Homes’ and ‘Smart Grids’ as part of the growth of the Internet of Things.
In Ireland, smart metering is a key contemporary topic, with the National Smart Metering Programme commencing with deployment into domestic residences this year. Recently, ESB networks announced that, starting in September 2019, it would roll-out 20,000 meters in selected locations in Ireland, with a further 250,000 in place by the end of 2020 and a further 500,000 [1]by 2024.[2] The roll-out will be in phases, whereby Phase 1 will provide smart meters with basic Credit services and half-hourly interval data, Phase 2 will add further meters and enable Smart PAYG and specifics such as switching, and Phase 3 will include provisioning real-time consumption and usage data to consumers via their home device.
Smart meters facilitate increased data collection – it particular, it will now be possible for both the user and energy company to monitor usage data at more regular intervals, including down to the hour, quarter of an hour, and more – a significant increase from the current estimated readings every 2 months, and physical reads every quarter. Among these benefits, smart meters will enable electricity to be priced in accordance with demand – so during peak times energy is most expensive – which in theory would reduce spikes in usage and result in a lower need for peak capacity, increasing the efficiency and maintenance of the energy supply[3].
Using smart meters will also allow customers to keep track of costs and, by combining information on a building or location basis, allow operators to plan the supply of electricity more effectively. However, the collection of information, and the sharing and transfer between devices and networks of this data, raises both privacy and security concerns.
Data Protection Issues
As with all mass data collection, smart meters raise concerns around data minimisation and privacy intrusion. The NSMP is required under Irish law (Statutory Instrument 426 of 2014) to meet privacy standards applicable under the General Data Protection Regulation (Regulation 2016/679) (GDPR). Firstly, there is the issue of the legality of the data collection in the first place. In July, the Spanish Supreme Court ruled that information collected on energy usage, in addition to the corollary meter serial number to which the information is attributed, constituted personal data. This is an approach that has mirrored by the Information Commissioner’s Office (ICO), in the UK, which considers consumption information collected by meters, when linked with the meter serial numbers/MPANs, as personal information, and the Irish Data Protection Commission has taken a similar line.[4] The application of the GDPR to smart metering data is also foreseen by Article 23 of the Electricity Directive (Directive 2019/944).
As such, information collected through smart meters is subject to the provisions of the GDPR in fully – and therefore, all parties having access to the relevant data, including energy suppliers, smart metering systems operators and network operators (all of which will act as data controllers), need to consider compliance with the core principles of the GDPR. Within this, data must be collected with a suitable legal basis, only used for specific purposes and retention periods, not collected in excess of what is needed, and kept secure – and the usage should be made clear to customers, as provided by Article 20 of the Electricity Directive.
Although consumption data can arguably by used for monitoring usage at a statistical level, calculating bills and providing feedback to customers for the supplier’s within the energy contract (and therefore not require consent), use of information for other purposes, such as improving grid efficiency, identifying energy theft, debt management, etc. will most probably require a Privacy Impact Assessment or legitimate interest assessment before undertaking. In particular, organisations (such as energy suppliers) should only use household-level data where necessary, and for data sharing or data analytics, the use of aggregated data relating to multiple households or regions (of the sampling of certain households) should be preferred.
Moreover, excessive information, and data sharing with third parties, should at the very least be notified to customers and potentially risk assessed for the reasonable expectations of data subjects, including limitations of the amount of personal data collected by default, as part of the concept of ‘Privacy by Design’. As the frequency of smart meter readings will be the main component of data minimisation, this could include a limitation on processing of data more granular than day/night/peak for Time of Use billing and Energy Use Statements, or collection by suppliers on a monthly basis, as suggested by the CER [5]. Customers should also have a general opt-out of sharing consumption information with the energy supplier and third parties.
Within this, there is also a danger that usage can on users to develop detailed consumption profiles. Consumers may not want their energy company to build an understanding of their domestic habits, which could reveal, through attribution or inference via data mining techniques, more detailed lifestyle – such as if and the hours they work, how they interact with and use home appliances (such as watching television, conducting the laundry, entertaining guests, etc.), when they go on holidays, and even religious practices. This is particularly the case if this information is used in context with other data available to energy suppliers or parties they contract with – even basic identifiers such as age, household size, location or other demographic data can allow them to build up user profiles.
Additionally, there is the issue that this information, once collected, could be used unfairly. Customer profiles could be used to allow targeted pricing, and where such decisions are made on automating profiling. In this situation, the General Data Protection Regulation (Regulation 2016/679) (GDPR) particularly restricts processing, requiring transparency around the criteria used to present a product’s price. Moreover, sharing such data with third parties, who could offer their products or services based on user profiles, including through targeted advertising and direct marketing, is an activity that would clearly be prohibited under the GDPR without express user consent.
Data Security Issues
From a data security aspect, there are certain unique features around the design of the Irish smart meter network. Compared to the UK SEC (Smart Energy Code), which mandates end to end functional and technical specifications, data and security models, and various processes for parties interacting with the smart infrastructure, the CRU’s High-Level Design defines a technology agnostic abstraction for the network to build atop. Within this, HAN (Home Area Network) and WAN (Wide Area Network) technologies are procured by ESB Networks. Additionally, it is the DSO’s (Distribution System Operator) responsibility to make available energy data to the market: Gas Networks Ireland, Eirgrid, as well as others relying on an exchange of market messages.
Moreover, in contrast to the design of smart metering devices in the UK, in the Irish scheme, there is very little functionality on meter. This ‘thin design’ means no complex calculations are performed on the edge; the function of the device is merely to record time-bound consumption and transmit this data to the DSO; both the electricity meter and gas meter record consumption every 30 minutes, with the gas meter waking up every half hour. Gas Meters and IHDs communicate to the DSO through a securely established communications link with the Electricity Meter.
The DSO shares information collected through the smart meters with a few parties. To assist settlement and network optimization, relevant parties for both utilities Eirgrid and GNI (Gas Networks Ireland) are provided with this data. Gas or electricity suppliers receive a daily snapshot; it is their responsibility to perform necessary calculations (Pay As You Go balance, historical cost and consumption, tariff bands and Time of Use rates) and provision this information to consumers through non-AMI channels if necessary. This includes periodic ‘smart bills’, downloadable files online, or phone applications. It can be inferred that none of these data items are produced in real-time.
NSMP Security
As a critical infrastructure system, the security of the smart meter network is required to confirm to the EU NIS directive (Network Information Systems Directive). ESB Networks has also published a set of principles for the network’s security, for which a sample is provided:
| Key Principle | Application |
| Confidentiality & Privacy | Encryption of data in transit and storage Access controls on all infrastructural components Deletion of data which is no longer required Compliance with Data Protection Law Comprehensive and timely review of audit logs Detection of unauthorised modification of data |
| Integrity | |
| Availability | Automated failover to standby backup infrastructure Detection of DoS attacks or other events Automated action to remove the impediment |
| Authentication & Identification | Use of usernames with strong passwords Digital certificates and signing processes Multi-factor authentication Defining specific functions (view, modify, create, delete) Message based auditing and accounting |
| Authorisation | |
| Non-Repudiation | |
| Auditing & Accounting | Recording which user initiated an action Logging successful and unsuccessful attempts |
However, one of the potential problems with this set of security principles is a lack of sufficient specificity. For example:
- For HAN (Home Area Network) Communications, the Core Design states: the HAN ‘will be an open standard wireless communications protocol that enables transfer of data between the smart utility meters and specific securely paired devices in the home’, without further clarification.
- Meter to Display communications are not standardized in terms of technology.
- Security requirements regarding pairing between the CAD (Consumer Access Devices) and further consumer devices are not specified in the Core Design.
Furthermore, certain communication links within the network may also be proprietary, become deprecated, or have newly discovered flaws; it is unclear whether there is a process or governance for dealing with such issues as they arise. Mandated data items to be displayed on the (In-Home Display) IHD and exchanged include instantaneous demand, cumulative and historic consumption; such information is considered personal data may require a standardized protection scheme. Equally, responses mechanisms for some scenarios are unstated; it is unclear for example, what happens if an insecure CAD is joined to the HAN and floods the network with malformed messages. More generally, these issues point to the proprietary nature of the implementation.
Several signing processes and encryption schemes exist, and some standardization may be necessary to establish full protection. For example, reuse of Initialization Vectors, use of insecure symmetric keys, or use of the wrong cipher suite or AES-mode (a form of encryption), can cause encrypted data to be exposed. The split between security at the Application Layer and that at the lower layers is also unclear in terms of ownership; for example, it is unclear whether authentication – one of the security principles – is end to end or point to point, and what other communication links and devices are used for multi-factor authentication – another principle aforementioned. Other unstated technical specifics include storage locations for all personal data and management of cryptographic keys throughout the infrastructure.
The relative level of security enforced on various use cases and functions is also left unstated. For example, the requirement to define “specific functions (view, modify, create, delete)” is not elaborated further from the perspective of access control: for example, which parties along the infrastructure can evoke each function? The level of security enforced in join mechanisms is also unclear in the public NSMP specifications and Core Design documents.
By comparison, join mechanisms for the UK roll-out mandate two levels of security. One arises from the ZigBee architecture (in the form of link and network keys) and the other builds atop it to ensure further security (in the form of SMIP specific end-user and remote party credentials). Within Ireland, the company implementing the roll-out, ESB Networks, has stated that Application Layer encryption will be used in addition to link level encryption whenever metering protocol sessions are established between devices, however, more thorough and prescriptive security constructs may need careful consideration in the changing regulatory and data security landscape.
Conclusion
The NSMP will undoubtedly bring significant efficiency benefits in allowing both customers, suppliers, network operators and other network players to make better informed decisions with respect to energy usage, metering functionality and pricing. The Commission for Energy Regulation is currently working on assessing and addressing data protection and security issues, ranging from the possibility of detailed user profiles being built to issues with specifications between the security requirements for communications between the device and the network. However, further challenges may only become apparent on a case-by-case basis as usage of the upgraded smart meters by consumers develops over time.
[1] Commission for Energy Regulation. (2017, September 21). Update on the Smart Meter Upgrade. Retrieved from: https://www.cru.ie/wp-content/uploads/2016/11/CER17279-NSMP-Info-Note.pdf
[2] Gorey, C. (2019, July 3). ESB reveals first Irish towns to receive smart meters in later 2019. Retrieved from: https://www.siliconrepublic.com/machines/esb-smart-meters-locations-2019
[3] European Data Protection Supervisor. (2012, Jun 8). Opinion of the European Data Protection Supervisor on the Commission Recommendation on preparations for the roll-out of smart metering system. Retrieved from: https://edps.europa.eu/sites/edp/files/publication/12-06-08_smart_metering_en.pdf
[4] Commission for Energy Regulation. (2015, July 29). CER National Smart Metering Programme Information Paper on Data Access & Privacy. Retrieved from: https://www.cru.ie/wp-content/uploads/2015/07/CER15139-Data-Access.pdf
[5] Ibid.
The Law of the Horse - Privacy, Copyright & Internet Law 