December 13, 2012
SMART GRID PRIVACY
LEGAL AND TECHNICAL VULNERABILITIES
DRAFT
BY SARAH CORTES, MA, PMP, CISA
AND LEE TIEN, JD, ELECTRONIC FRONTIER FOUNDATION
SMART GRID PRIVACY
LEGAL AND TECHNICAL VULNERABILITIES
Table of Contents
Abstract............................................................................... 4
Part 1. Introduction ........................................................ 4
Related Work ..................................................................................................................................... 6
Smart Grid Technology ...................................................................................................................... 7
Overview ............................................................................................................................................ 7
Telecommunications Aspects ............................................................................................................. 8
Third Party Devices............................................................................................................................. 9
Part 2. Further Legal and Technical Privacy
Vulnerabilities ................................................................... 9
Data Granularity................................................................................................................................. 9
Digital Energy Usage “Signatures” ................................................................................................... 15
Digital Energy Usage Signature Libraries ......................................................................................... 16
Part 3. Legal and Regulatory Privacy
Frameworks ..................................................................... 19
Overview .......................................................................................................................................... 19
Applicability of Existing Data Protection Legal Frameworks to the Smart Grid .............................. 21
Select Major U.S. Case Law relevant to the Smart Grid................................................................... 21
Kyllo v. US ......................................................................................................................................... 22
US v. Golden Valley .......................................................................................................................... 23
Friedman v. Maine PUC.................................................................................................................... 23
Constitutional Protections and Considerations ............................................................................... 24
Fourth Amendment .......................................................................................................................... 24
Four Factors in Privacy Protection Eroded ....................................................................................... 25
Third Party Doctrine ......................................................................................................................... 27
Smart Grid Data Ownership ............................................................................................................. 27
Warrants and Subpoenas: Lower Standard ..................................................................................... 28
Consent Mismatch ........................................................................................................................... 28
National Security Letters .................................................................................................................. 28
Lack of Judicial Oversight ................................................................................................................. 28
CALEA and Subpoenas...................................................................................................................... 30
2
Federal privacy laws and regulations............................................................................................... 30
State Privacy Laws and Regulations ................................................................................................. 32
Smart Grid-Specific State Privacy Laws ............................................................................................ 32
Non-Smart Grid-Specific State Privacy Laws .................................................................................... 33
Contractual Approaches and Consumer Agreements ..................................................................... 34
Opt-Out Provisions ........................................................................................................................... 34
Threat Risk Modeling Analysis ......................................................................................................... 35
Data Retention Provisions ................................................................................................................ 36
Special Privacy Considerations ......................................................................................................... 37
Part 4. Smart Grid Privacy Recommendations..... 38
Part 5. Conclusion .......................................................... 39
Appendices ...................................................................... 41
Appendix A – Major Relevant Cases ............................................................................................ 41
Appendix B – Legal and Regulatory Frameworks by Major Case ................................................ 41
Appendix C – Statistics on number of smart meters installed ..................................................... 43
Appendix D – Increased threat of government surveillance ........................................................ 44
Appendix E – Federal Privacy Laws and Frameworks referencing the Smart Grid ...................... 45
Appendix F – Expanded list of Privacy Laws and Frameworks..................................................... 48
Appendix G – FOIAs and Smart Grid Subpoenas.......................................................................... 55
Bibliography.................................................................... 58
General ........................................................................................................................................ 58
Digital Energy Signature Libraries ............................................................................................... 61
3
SMART GRID PRIVACY
LEGAL AND TECHNICAL VULNERABILITIES
Sarah Cortes, MA, PMP, CISA
Lee Tien, JD, Electronic Frontier Foundation
ABSTRACT
Smart Grid technology creates a number of opportunities, but also vulnerabilities,
threats and risks to consumer privacy. This paper reviews five technical
developments that may affect Smart Grid privacy. The first three include energy
usage data granularity, frequency of data collection and the online connection and
telecommunications capabilities that enable a new dimension in personal and
activity identification and, potentially, surveillance. Consumers simply may not be
aware of Smart Grid data’s ability to identify individuals, their identities and timesliced activities within a dwelling. Two other technical developments, the creation
of digital energy usage “signatures” and signature libraries, can significantly erode
privacy.
Consumers may further believe that new or existing laws protect their privacy with
regards to that data. This paper reviews those five potential new technical
developments and the vulnerabilities, threats and risks in the context of legal
frameworks that may enhance or detract from individual privacy. We review four
legal trends: erosion of judicial oversight, low standards of legal justification,
secrecy and consent mismatch, which combine to create another dimension in risk
to privacy in current legal frameworks.
PART 1. INTRODUCTION
The rapid pace of technology innovation has always left legal frameworks playing
“catch-up,” including the technology of the Smart Grid. Along with the promise of
energy conservation capabilities come the pitfalls of new security and privacy
issues for the home, as well as other premises. As Justice Scalia wrote in Kyllo: “The
4
question we confront today is what limits there are upon this power of technology
to shrink the realm of guaranteed privacy.” 1
The Smart Grid provides a quantum leap in granularity of energy usage data. In the
past, a single meter reading for an entire dwelling, once a month, aggregated
individual energy usage data into a single fairly useless data point. No longer.
Smart grid data can monitor individual appliance usage on a minute-by minute
basis. This can reveal the activities and even identity of individuals in a home. So
granular can these records become, they can create individual digital energy usage
“signatures” that positively identify activity and individuals at a point in time.
In reviewing security, privacy and related legal considerations within the Smart
Grid, it is important to understand relevant existing and proposed legal
frameworks, including constitutional, legislative, regulatory, and contractual. The
proliferation of privacy legislation and contractual privacy policies leads some to
assume greater privacy protections exist for many aspects of our lives, including
energy usage data, than may actually be the case.
In fact, we find few laws, regulations or policies explicitly protecting the privacy of
energy usage data. To the contrary, many laws and regulations that weaken or
actually threaten privacy in other realms, may likewise weaken or threaten
consumers privacy with respect to their energy usage data. Indeed, we find few
laws, regulations or policies referencing the Smart Grid at all. On the other hand,
many laws and regulations may or may not apply indirectly to Smart Grid privacy
aspects.
Further, technical developments in Smart Grid technology such as digital signature
libraries may also expose consumers to privacy threats and vulnerabilities. We
analyze the threats and vulnerabilities these technical aspects pose, in various legal
contexts.
This analysis aims to:

Review technical aspects of Smart Grid technology like digital energy usage
“signatures” and signature libraries that may bear on privacy concerns

Review existing legal and regulatory frameworks in the US to provide a
realistic understanding of what legal frameworks actually exist that may
protect Smart Grid energy usage data privacy.
1
Kyllo v. United States, 533 U.S. 27 (2001)
See http://www.law.cornell.edu/supct/html/99-8508.ZO.html
5

Review existing legal frameworks that may threaten privacy, sometimes in
ways that are not immediately apparent.

Recommend changes to legislative frameworks to strengthen privacy.
RELATED WORK
As part of the NIST CyberSecurity Working Group to the SmartGrid, the authors
collaborated with over 100 energy, security, and privacy experts in 2009-2010 on
NIST’s publications2 on the topic. In 2012, we again collaborated, leading the
subgroup to rewrite NIST IR 7268 Section 5.3, Legal and Regulatory Concerns
related to Smart Grid Technology. That publication reflects the input of over 30
interested parties and experts. This paper presents current research, which the
authors provided as input to that subcommittee.
Since NIST published IR 7628 in 2010, the legislative frameworks, concepts, and
themes have remained generally the same. However, additional Smart Gridspecific privacy laws have been passed. Further, an increase3 during this period in
threats and public awareness of those threats in other industries and contexts adds
some new considerations to the discussion of legal frameworks and privacy in the
Smart Grid.
Generally, privacy concerns include considerations related to the collection and use
of energy consumption data. These considerations exist with other technology that
collects energy consumption data at frequent intervals, which is not unique to the
Smart Grid, but the Smart Grid has acted as an impetus for addressing the impact
of technology advances on consumer privacy.
2
National Institute of Standards and Technology Interagency Report 7628, vol. 3 (NIST IR 7628), The
Smart Grid Interoperability Panel – Cyber Security Working Group (CSWG), August 2010, see
http://csrc.nist.gov/publications/PubsNISTIRs.html
Introduction, Guidelines for Smart Grid Cyber Security
Vol. 1, Smart Grid Cyber Security Strategy, Architecture, & High-Level Requirements
Vol. 2, Privacy and the Smart Grid
Vol. 3, Supportive Analyses and References, 219 pages
For examples of the increased threat of government surveillance and privacy considerations, See
Appendix D
3
6
SMART GRID TECHNOLOGY
OVERVIEW
A Smart Grid is an abstraction that has no universally accepted definition. It is a
term generally used to reference a number of physical devices and software that
collectively make up aspects of a territory’s energy infrastructure that involve
advanced technology. The Department of Energy website states: “ ‘Smart grid’
generally refers to a class of technology people are using to bring utility electricity
delivery systems into the 21st century, using computer-based remote control and
automation. These systems are made possible by two-way communication
technology and computer processing that has been used for decades in other
industries.” 4
SmartGrid policy in the United States is described in 42 U.S.C. ch.152 subch. IX §
17381. Section (5) defines, “smart” technologies as:
“ (real-time, automated, interactive technologies that optimize the
physical operation of appliances and consumer devices) for metering,
communications concerning grid operations and status, and distribution
automation. 5
A smart grid is an electrical grid that uses information and
communications technology to gather and act on information, such as
information about the behaviors of suppliers and consumers, in an
automated fashion to improve the efficiency, reliability, economics, and
sustainability of the production and distribution of electricity.
• A smart meter is usually an electrical meter that records consumption
of electric energy in intervals of an hour or less and communicates that
information at least daily back to the utility for monitoring and billing
purposes. Smart meters enable two-way communication between the
4
http://energy.gov/oe/technology-development/smart-grid
5
42 U.S.C. ch.152 subchIX § 17381. http://www.law.cornell.edu/uscode/text/42/chapter-152/subchapter-IX
7
meter and the central system. Unlike home energy monitors, smart
meters can gather data for remote reporting.” 6
Essentially, a “Smart Grid” exists when a party “applies digital processing and
communications to a power grid.” 7 Assuming this broad definition, parties debate
what specific elements comprise the “Smart Grid.” Central to Smart Grid
technology are “Smart Meters.” These are simply energy usage meters that utilize
digital processors and have aspects of telecommunications devices. Smart Meters
are devices that include:
 Data Storage
 Logic Units
 Data communications and transmission capabilities
 Communications over broadband
Other key devices or elements of the Smart Grid can include:
 Sensing devices
 Measuring devices
 Home Area Networks (HANs)
 Telecommunications networks
TELECOMMUNICATIONS ASPECTS
Technically, Smart Meters can in some ways be considered telecommunications
devices. They connect energy usage measurement devices to the internet from
your home. This enables remote metering and a host of other capabilities. It also
significantly increases the accessibility of individual energy usage data. In addition
to technical privacy risks, classification of Smart Meters as telecommunications
devices may enable law enforcement and judicial systems to consider them to fall
under the purview of laws that apply specially to telecommunications devices.
These laws generally increase, rather than decrease, private data vulnerability and
risks and pose additional threats to individual energy usage data privacy.
6
Ibid
7
http://www.smartgrids.eu
8
THIRD PARTY DEVICES
A new market has sprung up for the manufacture and distribution of devices and
the provision of services that take advantage of the advanced digital processing
capabilities of the Smart Grid and Smart Meters. Many of these devices and
services fall into the category of measuring ever more finitely consumers energy
usage, or providing user-friendly interfaces to display and manipulate granular
energy usage data. Some draw a broad category of distinction between devices
and Smart Grid elements that utilities own and those they do not. However, it is
generally not accepted that the Smart Grid includes only utility-owned devices. The
non-utility-owned device category generally includes devices referred to as
“consumer-owned” or “third party devices.”
Third party devices open up a world of new functionality and analysis of one’s own
personal energy usage data, initially principally to assist in energy conservation.
However, thy also open up a dimension in privacy threats, because they often
require consumers to enter into agreements to share their data with third parties.
These agreements fall under contract law, and therefor a legal doctrine named, not
unsurprisingly, the “third party doctrine” which we discuss later.
Utilities and service providers already play the role of “third parties” who receive
and/or store consumers’ energy usage data, so “third party devices” beyond
utilities are not an entirely new threat. However, utilities have pointed out that
these new “third parties” to the “third party” table are generally not regulated as
utilities are. They point out , and perhaps rightly so, that these new “third parties”
thus pose a great threat to privacy than the familiar old energy “third party,”
utilities.
PART 2. FURTHER LEGAL AND TECHNICAL PRIVACY
VULNERABILITIES
DATA GRANULARITY
Two aspects of the Smart Grid may raise new legal privacy issues. First, for some,
the implementation of a Smart Grid has significantly expanded the amount of data
available in more granular form about the nature and frequency of energy
consumption. This opens up more opportunities for general invasion of privacy.
9
Suddenly, a much more detailed picture may be created about activities within a
given dwelling, building, or other property, and the time patterns associated with
those activities, making it possible to detect the presence of specific types of
energy consumption appliances or devices.
Granular energy data may even indicate the number of individuals in a dwelling
unit and their identities, through digital energy usage “signatures,” which could
also reveal when the dwelling is empty or is occupied by more people than usual.
The public sharing of information about a specific location’s energy use also raises
troubling concerns. For example, a homeowner rigged his washing machine to
announce the completion of its cycle via his social networking page so that the
machine need not be monitored directly.8
Figure 1. Unique energy “load signature” of an individual home9
Victims of domestic abuse and domestic violence may experience extreme control
exerted over their daily activities by their abuser, which energy usage monitoring
may facilitate. Some abusers set arbitrary rules controlling movements of their
victims, which may include prohibitions on certain activities until work, for example,
washing, is finished. Monitoring the completion of the washing machine cycle may
have deadly implications for someone whose every life aspect may be controlled
8
Ryan Rose, "Washing Machine Twitter Hack," video http://vimeo.com/2945872
Jon Froehlich, Eric Larson, Sidhant Gupta, Gabe Cohn, Matthew S. Reynolds, Shwetak N. Patel,
Disaggregated End-Use Energy Sensing for the Smart Grid, PERVASIVE computing Published by the
IEEE CS 1536-1268/11 JANUARY–MARCH 2011, IEEE
http://homes.cs.washington.edu/~sidhant/docs/ElectriSense_Journal.pdf
9
10
by an abuser. For example, “abusers…often checked car odometers to measure
mileage and monitor victims daily activities.” 10
This also raises the concern that persons other than those living within the dwelling
but having access to energy data could likewise automate public sharing of private
events without the dweller’s consent—a general invasion of privacy.
The concern also exists that the prevalence of granular energy data could lead to
possibly unlawful actions on the part of law enforcement and lead to an invasion of
privacy, such as remote surveillance or inference of individual behavior within
dwellings, that could be potentially harmful to the dwelling’s residents. Law
enforcement agencies have already used monthly electricity consumption data in
criminal investigations. For example, in Kyllo v. United States,11 the government relied
on monthly electrical utility records to develop its case against a suspected
marijuana grower.12
Government agents issued a subpoena to the suspect’s utility to obtain energy
usage records and then used a utility-prepared “guide for estimating appropriate
power usage relative to square footage, type of heating and accessories, and the
number of people who occupy the residence” to show that the suspect’s power
usage was “excessive” and thus “consistent with” a marijuana-growing operation.13
The U.S. Supreme Court found the search to be unlawful in violation of the Fourth
Amendment without a warrant. 14
Southworth, Cindy and Tucker, Sarah, Technology, Stalking, and Domestic Violence Victims,
Mississippi Law Journal, Vol. 76, 2007, p. 76 http://www.olemiss.edu/depts/ncjrl/pdf/SouthworthTucker%2076.3.pdf
10
11
Kyllo v. United States, 533 U.S. 27 (2001)
Id. at page 30. The Supreme Court opinion in this case focuses on government agents’ use of
thermal imaging technology. However, the district court decision discusses other facts in the case,
including that government agents issued a subpoena to the utility for the suspect’s monthly power
usage records. See Kyllo v. United States, 809 F. Supp. 787, 790 (D. Or. 1992), aff’d, 190 F.3d 1041
(9th Cir. 1999), rev’d, 533 U.S. 27 (2001).
12
13
Kyllo, Ibid
14
Kyllo, Ibid
11
Figure 2 - How energy use can reveal personal activities15
The ability to access, analyze, and respond to much more precise and detailed data
from all levels of the electric grid the major benefit of the Smart Grid—and it is also
a significant concern from a privacy viewpoint, especially when this data and data
extrapolations are associated with individual consumers or locations. Some articles
in the public media have raised serious concerns16 about the type and amount of
billing, usage, appliance, and other related information flowing throughout the
various components of the Smart Grid. “Utilities across the country are installing
so-called ‘smart’ meters. As a result, bills are skyrocketing, health effects and safety
15
Quinn, Elias Leake, A Report for the Colorado Public Utilities Commission, Spring 2009, pg. 3.
(citing M. Newborough & P. Augood, Demand-side Management Opportunities for the UK
Domestic Sector, IEEE Proceedings of Generation Transmission and Distribution 146 (3) (1999)
283–293).
One example of this is available at http://stopsmartmeters.org. Others include
http://stopsmartmetersmassachusetts.org/ and http://host.madison.com/news/local/govt-andpolitics/capitol-report/not-in-my-home-smart-meter-foes-push-for-right/article_2c404eca-db4811e1-860e-0019bb2963f4.html#ixzz253YXaOEz
16
12
violations are being reported, and privacy in our homes is being violated. Do we
really need wireless smart meters?” asks one website. 17
Summarize the concerns?
There are also concerns across multiple industries about data aggregation of
“anonymized” data.18 For example, associating pieces of anonymized data with
other publicly available non-anonymous data sets has been shown by various
studies to actually reveal specific individuals.19 Error! Reference source not
found. illustrates how frequent meter readings may provide a detailed timeline of
activities occurring inside a metered location and could also lead to knowledge
about specific equipment usage or other internal home/business processes.
Smart meter data raises potential surveillance possibilities posing physical,
financial, and reputational risks. Because smart meters collect energy usage data at
much shorter time intervals than in the past (in 15-minute or sub-15-minute
intervals rather than once a month), the information they collect can reveal much
more detailed information about the activities within a dwelling or other premises
than was available in the past. This is because sufficient amounts of such granular
energy usage data can be analyzed to reveal information about the usage patterns
for individual appliances—which in turn can reveal detailed information about
activities within a premise through the use of nonintrusive appliance load
monitoring (NALM) techniques.20 Using NALM, portions of energy usage profiles
can be compared to libraries of known patterns and matched to identify individual
appliances.21 For example, research shows that analyzing 15-minute interval
aggregate household energy consumption data can by itself pinpoint the use of
17
http://stopsmartmeters.org/why-stop-smart-meters
18
See The Electronic Privacy Information Center (EPIC), http://epic.org/privacy/reidentification/
For one such study, see the technical paper, “Trail Re-identification: Learning Who You are From
Where You Have Been,” by Bradley Malin, Latanya Sweeney and Elaine Newton,
http://dataprivacylab.org/dataprivacy/projects/trails/paper3.pdf
19
Id. at page A-2. The development of NALM involved a real-time monitoring device attached to
a meter to log energy consumption. Researchers then worked backward from that information
using complex algorithms to reconstruct the presence of appliances. Since smart meters and
these NALM devices operate similarly, the same research and techniques can be reused to identify
appliances.
20
21
Id. at page A-4 n.129 (discussing the maintaining of appliance profile libraries).
13
most major home appliances.22 Figure 2 depicts NALM results as applied to a
household’s energy use over a 24-hour period.
NALM techniques have many beneficial uses, including pinpointing loads for
purposes of load balancing or increasing energy efficiency. However, such detailed
information about appliance use can also reveal whether a building is occupied or
vacant, show residency patterns over time, and reflect intimate details of people’s
lives and their habits and preferences inside their homes.23 In 1989, George W.
Hart, one of the inventors of NALM, explained the surveillance potential of the
technique in an article in IEEE Technology and Society Magazine.24 As the time
intervals between smart meter data collection points decreases, appliance use will
be inferable from overall utility usage data and other Smart Grid data with even
greater accuracy.
In general, more granular data, may be collected, generated, and aggregated
through Smart Grid operations than previously collected through monthly meter
readings and distribution grid operations. In addition to utilities, new third party
entities may also seek to collect, access, and use smart meter data (e.g., vendors
creating applications and services specifically for smart appliances, smart meters,
and other building-based solutions). Further, once uniquely identifiable “smart”
appliances are in use, they will communicate even more specific information
directly to utilities, consumers, and other entities, thus adding to the detailed
picture of activity within a premise that NALM can provide.
The proliferation of smart appliances, utility devices, and devices from other
entities throughout the Smart Grid, on both sides of the meter, means an increase
in the number of devices that may generate data. The privacy risks presented by
Research suggests this can be done with accuracy rates of over 90 percent. See Elias Leake
Quinn, Privacy and the New Energy Infrastructure, Feb. 15, 2009,
http://ssrn.com/abstract=1370731, at page 28. See also Steven Drenker & Ab Kader, Nonintrusive
Monitoring of Electric Loads, IEEE Computer Applications in Power at pages 47, 50 (1999), noting
the near perfect identification success rate in larger two-state household appliances such as
dryers, refrigerators, air conditioners, water heaters, and well pumps. Available at
http://ieeexplore.ieee.org/iel5/67/17240/00795138.pdf?arnumber=795138
22
For instance, daily routines such as a jacuzzi and suntanning could be identified, as well as
whether the customer “prefers microwave dinners to a three-pot meal.” Quinn, Privacy and the
New Energy Infrastructure, at page 5.
23
George W. Hart, Residential Energy Monitoring and Computerized Surveillance via Utility Power
Flows, IEEE Technology and Society Magazine, June 12, 1989,
http://ieeexplore.ieee.org/iel5/44/1367/00031557.pdf?arnumber=31557.
24
14
the increase in these smart appliances and devices on the consumer side of the
meter are expanded when these appliances and devices transmit data outside of
the home area network (HAN) or energy management system (EMS) and do not
have documented security requirements, effectively extending the perimeter of the
system beyond the walls of the premises.
DIGITAL ENERGY USAGE “SIGNATURES”
To what extent can individuals and their activity be positively identified today by
their energy usage patterns, based on current technical capabilities, as opposed to
potential technical capabilities? Some feel that while identifying individuals in a
dwelling based on a unique digital energy usage “signature” may theoretically be
technically feasible, it is years from becoming a practical reality. Others consider it
as realistic as the many other technical advances that have taken place in
stunningly short time spans all around us. Yesterday’s practical impossibility, they
reason, is today’s commonplace reality.
Researchers differ over the viability of digital energy usage “signatures.” Some note
that currently, few utilities provide energy consumption measurement at intervals
less than one hour, fewer still at intervals of 15 minutes, and none at minute-byminute or second-by-second intervals required to produce truly finely grained
data.
However, pattern “signatures” and signature libraries have emerged in multiple
realms. For example, in biology, DNA and its pattern signature libraries have
become universally accepted. In network security, the ability to de-anonymize Tor
users through application of digital packet traffic pattern analysis was first reported
in 2004. 25 Therefore, technologists tend to view digital energy consumption
“signatures” to be viable threats to privacy.
Lewman, Andrew, Anonymous Communications, NEU Lecture, Computer Science 5700, 12/5/2012
https://d1b10bmlvqabco.cloudfront.net/attach/h6azokarx1q536/haet6g8o87c19w/haet6m5ppwn1i
s/20121205NEUAnonComms.pdf
25
15
Network Packet traffic pattern signature analysis Wireshark attack on Tor26
Another example of a digital energy “signature” 27
DIGITAL ENERGY USAGE SIGNATURE LIBRARIES
Identifying individuals and activities from data energy usage patterns requires
readily available digital signatures “libraries,” collections of data profiles and
“baselines” against which energy usage data can be compared to identify the
underlying appliance, film, dwelling, or person. These are under development, but
may not currently be readily available.
26
Lewman, Andrew, Ibid
27
Froehlich et al, p. 34
See also http://www.absak.com/library/power-consumption-table
16
Digital signatures and pattern analysis and comparison against a baseline database
of profiles is not a new area. However, it is recently applied increasingly to different
areas. For example, in the area of surveillance, packet traffic pattern analysis has
increasingly demonstrated a sophisticated ability to reveal personal information.
As digital energy usage “signature” pattern libraries are developed, this will be an
area of further inquiry. Regardless, however, Smart Grid energy usage data reveals
significant personal information. Digital signature libraries simply increase the
dimension of possible privacy threats.
17
Digital signatures of individual appliances28
Lucente, Mark , W K Lee, G S K Fung, H Y Lam and F H Y Chan, Exploration on Load Signatures,
International Conference on Electrical Engineering (ICEE) 2004, Japan. Reference No. 725 , p. 4
28
18
PART 3. LEGAL AND REGULATORY PRIVACY FRAMEWORKS
OVERVIEW
When considering the possible legal impacts to privacy engendered by the Smart
Grid, and likewise the influence of laws that directly apply to the Smart Grid, it is
important to note that current privacy laws may not explicitly reference the Smart
Grid or associated unique Smart Grid data items, nor privacy protections. 29
Moreover, existing U.S. state-level Smart Grid and electricity delivery regulations
may not explicitly reference privacy protections.30 However, even though Federal
or State laws may not definitively reference the Smart Grid at this time, it is
possible that existing laws may be amended to explicitly apply to the Smart Grid or
interpreted to apply to the Smart Grid as it is more widely implemented and
touches more individuals. This could strengthen Smart Grid privacy protections, but
it could also weaken protections or increase privacy threats.
While it is uncertain how privacy laws will apply to Smart Grid data, one thing that
is certain is that the Smart Grid brings new challenges and issues with its new types
of data, which can include detailed personal use patterns of all electrical appliances
used by any individual within a premise, usage patterns of all electrical appliances
used in public, commercial and educational facilities, and fingerprint information
about new device usage, including medical devices and vehicle charging data.
These new data items, and the use of existing data in new ways, will require
additional study and public input to adapt to current laws or to shape new laws.
To understand the types of data items that may be protected within the Smart Grid
by existing non-Smart Grid-specific privacy laws and regulations, let us first
consider some of the most prominent frameworks that provide for privacy
protection.
There are generally three approaches in the U.S. to protecting privacy by law—

Constitutional Protections and Issues: General protections. The First
(freedom of speech), Fourth (search & seizure), and Fourteenth Amendments
(equal protection), cover personal communications and activities.
See Appendix E for a list of laws referencing “Smart Grid,” which is only mentioned nine times in
the entire US Code.
29
30
See also NIST IR 7628, Vol. 2, Appendix A, Coney, Lillie, EPIC, list of Smart Grid Laws
19

Statutory, Regulatory and Case Law, both Federal and State:
Data-specific or technology-specific protections. These protect specific
information items such as credit card numbers and SSNs, or specific
technologies such as phones or computers used for data storage or
communication.

Contractual and Agreement-related Protections and Issues: Specific
protections. These are protections specifically outlined within a wide range of
business contracts, such as those between consumers and businesses.(but still
must fall within statutory or regulatory guidelines)
Even though public utilities commissions (PUCs) have protected energy data in
some states, such as California and Colorado, the energy-related data produced by
the Smart Grid may not be covered by privacy protection laws that name specific
data items. Energy consumption patterns have historically not risen to the level of
public concern given to financial or health data because
(1) electrical meters had to be physically accessed to obtain usage data
directly from buildings,
(2) the data showed energy usage over a longer time span such as a month
and could not be analyzed to reveal usage by specific appliance, and
(3) it was not possible for utilities to share this specific granular data in the
ways that will now be possible with the Smart Grid.
While some states have examined the privacy implications of the Smart Grid, most
states had little or no documentation available for review by the NIST privacy
subgroup in 2010 when the Legal Frameworks Analysis was first published in the
NISTIR, Volume 231. Furthermore, enforcement of state privacy-related laws is
often delegated to agencies other than PUCs, who have regulatory responsibility
for electric utilities. However, state PUCs may be able to assert jurisdiction over
utility privacy policies and practices, as California and Colorado have done, because
of their traditional jurisdiction and authority over the utility-retail customer
relationship.
31
NISTIR, v2, Ibid
20
APPLICABILITY OF EXISTING DATA PROTECTION LEGAL
FRAMEWORKS TO THE SMART GRID
Personally identifiable information (PII) has no single authoritative legal definition.
However, as noted in Appendix A, there are a number of laws and regulations, each
of which protects different specific types of information. A number of these were
previously noted, such as the Health Insurance Portability and Accountability Act
(HIPAA) of 1996, which defines individually identifiable health information,
arguably the widest definition by many organizations throughout the U.S. of what
constitutes PII within the existing U.S. federal regulations. State attorneys general
have pointed to HIPAA as providing a standard for defining personal information,
and to cite one case, the State of Texas has adopted the HIPAA requirements for
protected health information to be applicable to all types of organizations,
including all those based outside of Texas. Many of these organizations could
possibly be providing information via the Smart Grid—if not now, then almost
certainly at sometime in the future.32
The private industry’s definition of personally identifiable information predates
legislation and is generally legally defined in a two-step manner, as x data (e.g.,
SSN) in conjunction with y data (e.g., name.) This is the legal concept of “personally
identifiable information” or PII.
For example, the Massachusetts breach notice law,33 in line with some other state
breach notice laws, defines the following data items as being personal information:
SELECT MAJOR U.S. CASE LAW RELEVANT TO THE SMART GRID
Two U.S. cases have recently been decided applying to energy consumption data
and evolving technology, joining Kyllo, the seminal technology-related case from
2001. The three cases we review:

Kyllo v. US
For example, the Texas Appellate Court stated that the HIPAA Privacy rule applies to the entire
State of Texas. See Abbott v. Texas Department of Mental Health and Mental Retardation for details,
or refer to the discussion at
http://www.hipaasolutions.org/white_papers/HIPAA%20Solutions,%20LC%20White%20Paper%20Texas%20AG%20Opinion%20On%20Privacy%20And%20HIPAA.pdf.
32
See text of the Massachusetts breach notice law at
http://www.mass.gov/legis/laws/seslaw07/sl070082.htm
33
21

US v. Golden Valley - US 9th Circuit34 - 8/7/12

Friedman v. Maine PUC - Supreme Court of Maine35- 7/12/12
Aspects of these cases include many of the frameworks discussed in more detail
below.
KYLLO V. US
As we have seen, in Kyllo v. United States,36 the government relied on monthly
electrical utility records to develop its case against a suspected marijuana grower.37
Government agents issued a subpoena to the suspect’s utility to obtain energy
usage records and then used a utility-prepared “guide for estimating appropriate
power usage relative to square footage, type of heating and accessories, and the
number of people who occupy the residence” to show that the suspect’s power
usage was “excessive” and thus “consistent with” a marijuana-growing operation.38
The U.S. Supreme Court found the search to be unlawful in violation of the Fourth
Amendment without a warrant. 39
34
United States v. Golden Valley Electric Assn., 11-35195 (9th Cir. August 7, 2012)
UNITED STATES OF AMERICA, Petitioner-Appellee, v. GOLDEN VALLEY ELECTRIC
ASSOCIATION , No. 11-35195 D.C. No 3:11-mc-00002-RRB, OPINION, RespondentAppellant. Appeal from the United States District Court for the District of Alaska, Ralph R.
Beistline, Chief District Judge, Presiding Argued and Submitted June 28, 2012—Fairbanks,
Alaska Filed August 7, 2012 Before: Alfred T. Goodwin, William A. Fletcher, and Milan D.
Smith, Jr., Circuit Judges. Opinion by Judge William A. Fletcher
ED FRIEDMAN et al. v. PUBLIC UTILITIES COMMISSION et al., Docket: PUC-11-532, SUPREME JUDICIAL
COURT OF MAINE, 2012 ME 90; 48 A.3d 794; 2012 Me. LEXIS 92m , July 12, 2012, Decided
35
36
Kyllo v. United States, 533 U.S. 27 (2001)
Id. at page 30. The Supreme Court opinion in this case focuses on government agents’ use of
thermal imaging technology. However, the district court decision discusses other facts in the case,
including that government agents issued a subpoena to the utility for the suspect’s monthly power
usage records. See Kyllo v. United States, 809 F. Supp. 787, 790 (D. Or. 1992), aff’d, 190 F.3d 1041
(9th Cir. 1999), rev’d, 533 U.S. 27 (2001).
37
38
Kyllo, Ibid
39
Kyllo, Ibid
22
US V. GOLDEN VALLEY
In Golden Valley, a non-profit rural electric cooperative lost an appeal in the 9th
Circuit federal court, and was required to comply with an administrative subpoena
to provide consumer records pursuant to a DEA investigation. Golden Valley
opposed the petition, primarily relying on a company policy of protecting the
confidentiality of its members’ records. The district court granted the petition to
enforce the subpoena. Golden Valley complied but appealed the subpoena, which
it felt was unlawful, on the grounds that it was:

Irrelevant to the investigation;

Inadequately following DEA and judicial oversight procedures; was an
administrative subpoena with a lower burden of cause;

Overbroad; and

Violating 4th amendment search and seizure principles
Golden Valley argued that fluctuating energy consumption is “not unusual” in its
area and so “not obviously relevant” to a drug crime. It lost on all counts.
FRIEDMAN V. MAINE PUC
In Friedman, 40 the Maine Supreme Court vacated a lower court's dismissal of the
plaintiff's objection under Maine State law to a Smart Meter opt-out penalty on the
grounds that Smart Meter health and safety concerns had not been adequately
addressed. However, it concluded that privacy concerns were adequately
addressed, but did not state exactly how it concluded that was the case.41
40
Friedman, Ibid
41
Friedman, Ibid :
“Me. Rev. Stat. Ann. tit. 35, § 304 (2011): Pursuant to Me. Rev. Stat. Ann. tit. 35, §
304 (2011), all public utilities are required to file their terms and conditions of service
with the Public Utilities Commission. Under the terms and conditions filed by the
Central Maine Power Company (CMP), has rights to access the property of its
customers in conjunction with the installation, repair, or replacement of its meters is
clear. Indeed, customers agree to allow this access by virtue of their agreement to
purchase service from the CMP.Me. Rev. Stat. Ann. tit. 35, § 101…
Me. Rev. Stat. Ann. tit. 35, § 1302 provides for the filing of complaints against a
public utility.”
23
CONSTITUTIONAL PROTECTIONS AND CONSIDERATIONS
FOURTH AMENDMENT
Fourth Amendment provisions, mainly those covering search & seizure, are
typically found to be relevant to energy consumption data. In Kyllo, U.S. law
enforcement’s monitoring of energy consumption was found to be a unlawful
“search” under the Fourth Amendment without a legal warrant.42
How might the Fourth Amendment further apply to data collected about
appliances and patterns of energy consumption, to the extent that Smart Grid data
reveals information about personal activities?
As Smart Grid technologies collect more detailed data about households, one
concern identified by the NIST CyberSecurity Working Group (CSWG) privacy group,
as expressed by multiple published comments, 43 is that law enforcement officials
may become more interested in accessing that data for investigations or to develop
cases. For instance, agencies may want to establish or confirm presence at an
address at a certain critical time or even establish certain activities within the home
—information that may be obtained from Smart Grid data.
However, the Supreme Court in Kyllo clearly reaffirmed the heightened Fourth
Amendment privacy interest in the home and noted this interest is not outweighed
by technology that allows government agents to “see” into the suspect’s home
without actually entering the premises.44 The Court stated, “We think that obtaining
by sense-enhancing technology any information regarding the interior of the home
that could not otherwise have been obtained without physical intrusion into a
constitutionally protected area, constitutes a search” and is “presumptively
unreasonable without a warrant.”45
42
Kyllo, Ibid
43
NIST IR 7268, ibid, Introduction, Guidelines for Smart Grid Cyber Security, p.27
44
Kyllo, Ibid
45
Kyllo, Ibid
24
FOUR FACTORS IN PRIVACY PROTECTION ERODED
Until recently, when the government wished to perform a search or seizure of
personal belongings, including records, data and communications like letters or
recordings, four factors have applied. The Fourth Amendment has required first,
judicial oversight, which is, secondly, conducted in an open court, and third, a
somewhat high standard of probable cause required for a warrant. Fourth, such
searches and seizures directly targeted the person whose belongings, data and
communications were at issue. Since 1967, those four factors have applied to
electronic communications and the information service providers stored and/or
carried. 46
Recently, four trends have eroded the privacy protections afforded by these four
factors. These trends include first, a reduction in judicial oversight, second, an
increase in secrecy, and third, an increase in the use of subpoenas, which carry a
relatively low standard compared to a search warrant. Fourth, the “Third Party
Doctrine” creates a “consent mismatch” between the person under investigation,
and service providers, who custody data and are subject to the actual search.
Consumers have utilized commercial services that facilitate, store and/or carry
personal information and communications for many years. From the post office to
Federal Express to Bell Telephone, government agencies including law enforcement
have sought access to these communications for lawful as well as unlawful
purposes. It has been reported47 that major telecommunications and internet
service providers like Google, Facebook, Verizon and AT&T respond to
approximately 1.5 million subpoena requests each year, a significant increase over
the past decade.48 Some, including large corporations, consider a number of these
subpoenas to be illegal, including the one in US v. Golden Valley, which we discuss
later.49
46
Katz v. United States, 389 U.S. 347 (1967)
47
For example, Mobile Operators Responded To An Astounding 1.3 Million Requests For Subscriber
Info
http://www.techdirt.com/blog/wireless/articles/20120708/23073419616/mobile-operatorsresponded-to-astounding-13-million-requests-subscriber-info.shtml
48
Ibid
49
United States v. Golden Valley Electric Assn., 11-35195 (9th Cir. August 7, 2012)
25
Like Golden Valley, these service providers push back on subpoenas they consider
illegal, fighting them in the courts. For example, in 2012, in US v. Wikileaks,
Appelbaum, Gonggrijp, Jonsdottir, and Twitter, Twitter and others fought numerous
government subpoenas in the courts50. The new and/or unresolved status of some
of these cases leaves it unclear what role organizations may or may not play in
providing consumer information to U.S. law enforcement agencies.
Second, unlike the traditional energy grid, the Smart Grid may be viewed as
carrying private and/or confidential electronic communications between utilities
and end-users, possibly between utilities and third parties,51 and between endusers and third parties. Current law both protects private electronic
communications and permits government access to real-time and stored
communications, as well as communications transactional records, using a variety
of legal processes.52 Moreover, under CALEA, 53 the Communications Assistance
for Law Enforcement Act, telecommunications carriers and equipment
manufacturers are required to design their systems to technically enable lawful
access to communications.54 The granular Smart Grid data may also have parallels
to call detail records collected by telecommunications providers. It is unclear if
laws that regulate government access to communications will also apply to the
Smart Grid.
Although issued by the U.S. government and approved by a court, not all
subpoenas may be lawful. Higher courts have repeatedly found subpoenas issued
In the Matter of the 2703(d) Order Relating to Twitter Accounts: Wikileaks, Rop_G; and BirgittaJ, US v.
Wikileaks, APPELBAUM, GONGGRIJP, JONSDOTTIR, and TWITTER, Appeal: 11-5151 Document: 19, Date
Filed: 01/20/2012, Page: 1 of 7. In the Matter of the 2703(d) Order Relating to Twitter Accounts: Wikileaks,
Rop_G; and BirgittaJ Exhibit B, Case 1:11-dm-00003-TCB Document 32-2 Filed 02/14/11 Page 1 of 5.
50
Also see Ellement, John R., Boston Globe, Twitter gives Boston police, prosecutors data in hacking probe,
March 02, 2012 http://articles.boston.com/2012-03-02/metro/31112710_1_twitter-boston-police-lawenforcement
The term “third party” is one that is not well defined. The SGIP-CSWG privacy subgroup
recognized third party access as a significant issue.
51
Such as the Electronic Communications Privacy Act; 18 U.S.C. § 2510. See
http://www.law.cornell.edu/uscode/18/usc_sup_01_18_10_I_20_119.html.
52
53
Communications Assistance for Law Enforcement Act of 1994, 47 U.S.C. §§ 1001-1010 (2012)
54
CALEA -See http://thomas.loc.gov/cgi-bin/bdquery/z?d103:H.R.4922:.
26
by lower courts, magistrates, administrative authorities, etc to be unlawful.
Challenges to subpoenas continue to leave “grey areas” when it comes to service
providers complying with subpoenas, or appealing them to higher courts. This is a
subject of the Golden Valley decision.
In Golden Valley, the DEA observed Kyllo in part, and obtained an administrative
subpoena, which can be viewed as precursor to search warrant. However, it
disregarded other key parts of Kyllo, plaintiffs argued, because the subpoena did
not conform to the Fourth Amendment’s narrow scope. The Ninth Circuit
disagreed, holding that the administrative subpoena was sufficient, and that a
judicial warrant was not necessary. As of this writing, the 9th Circuit’s holding is still
within its appeal period to the United States Supreme Court.
THIRD PARTY DOCTRINE
SMART GRID DATA OWNERSHIP
The legal ownership of Smart Grid energy data is the subject of much discussion. 55
Various regulators and jurisdictions have treated the issue of who owns energy
data differently. However, regardless of data ownership, the management of
energy data that contains or is combined with personal information or otherwise
identifies individuals, and the personal information derived from such data, remains
subject to the privacy considerations described in this report.
Sonia McNeil56 has extensively reviewed Third Party Doctrine as it applies to the
Smart Grid. She has recommended legislative changes to provide greater privacy
control over data to individuals.
In Golden Valley, the 9th Circuit referenced a view that consumers do not own their
own energy consumption data. This view is based on the contract which consumer
signs, allowing the utility use of the data. Other case law57, however, has disagreed
with this approach, arguing it significantly erodes privacy.
55
Reference the DoE report here. Ask Megan Hertzler for URL
McNeil, Sonia K., Privacy and the Modern Grid, ed. Lee Tien, Kyle Courtney, Harvard Journal of Law
56
& Technology, Volume 25, Number 1 Fall 2011
For example, United States v. Steven Warshak et al. 631 F.3d 266; 2010 WL 5071766; 2010 U.S. App. LEXIS
25415; [1]
57
27
WARRANTS AND SUBPOENAS: LOWER STANDARD
The standard for obtaining the data is much lower under the Third Party Doctrine,
as the standard for a subpoena is general much lower than that for a warrant.
CONSENT MISMATCH
This trend means the person with interest in data doesn’t have an opportunity to
contest it. For example, if a normal subpoena is sent to Enron, they would defend
against it if it is overly broad. In the hands of a utility, they will generally not
protect consumers’ private interests. The dissociation of the party whose interest is
at stake with the target of the subpoena per se threatens privacy.
Some service providers get around consent mismatch by notification from them,
the “Third Party,” to the consumer, that their private records are being subpoenaed.
However, most people do not have the time or resources, even when notified, to
fight a subpoena in court.
We are beginning to see cracks in 3rd party doctrine, for example with Warshak58 in
2010. In both cases there is a sense that is growing that maybe the Internet Service
Provider (“ISP”) can’t create a relationship in which the customer has some sort of
privacy. Earlier this year, Supreme Court Justice Sotomayor noted in her concurring
opinion59 in United States v. Jones that the elimination of privacy rights in
information turned over to third parties is "ill-suited" for the digital age we live in
today.
NATIONAL SECURITY LETTERS
LACK OF JUDICIAL OVERSIGHT
In 1994, the Foreign Intelligence Surveillance Act 60 (FISA) introduced National
Security Letters61 (“NSLs”), broadening the government’s scope in obtaining
58
Warshak, Ibid
Sotomayor, United States v. Antoine Jones, 565 US ___, 132 S.Ct. 945 (2012), p.5
https://www.eff.org/node/69475
59
Foreign Intelligence Surveillance Act of 1978 ("FISA" Pub.L. 95-511, 92 Stat. 1783, enacted
October 25, 1978, 50 U.S.C. ch.36, S. 1566)
60
28
information relating to terrorist investigations without judicial oversight, in narrow
circumstances. However, the power granted under FISA for these NSLs was
significantly expanded in 2005. Since that time, constitutional challenges to NSLs
have increased, again leaving “grey areas” when it comes to service providers’
compliance.
Furthermore, NSLs typically carry gag orders. In 2005, the US DOJ Inspector
General’s Office62 found widespread abuse of NSLs. This is a relatively new avenue
through which government, including law enforcement, may access consumer
private data. Because the NSLs carry a gag order, they preclude the ISP from
notifying the customer, even if the ISP wants to. The secrecy also means the larger
public also doesn’t hear about most of this complex activity, or understand the
magnitude of the problem.
The right question about NSLs is, why do we make a separate issue of getting
things separately from a regular subpoena. There is no difference between a
regular subpoena and an NSL except that the NSL is so much more secret. The
ability of the average person is significantly less than a corporation to fight these
measures in court. Another problem with fighting the NSLs is that there is no
specific NSL statute.
NSLs basically allow an administrative subpoena from the FBI to obtain records
with a gag order. On the one hand, the FBI doesn’t actually have extraordinary
administrative subpoena power. DEA does have an administrative subpoena
statute. FBI has much more limited administrative subpoena power.
There are four specific NSL statutes, which govern:
1) Electronic Communications Area Section 2709
2) Educational Records
3) Financial records -Financial Privacy Act
4) Financial records- Fair Credit Reporting Act
See OIG report on NSLs, introduction section. See also Congressional Research Reports on NSLs
61
62
“Seeking Reporters Telephone Records Without Required Approvals”, p. 89,
“Inaccurate Statements to the Foreign Intelligence Surveillance Court,” p. 122
“FBI Issues 11 Improper Blanket NSLs in May to October 2006,” p. 165, etc
http://www.justice.gov/oig/special/s1001r.pdf, A Review of the FBI’s Use of Exigent Letters and
Other Informal Requests for Telephone Records, Oversight and Review Division, US Department of
Justice, Office of the Inspector General, January 2010.
29
CALEA AND SUBPOENAS
The Communications Assistance for Law Enforcement Act63 (CALEA) details how the
U.S. government may obtain telecommunications and location data from service
providers through subpoenas. Smart Meters may be classified as
telecommunications devices for the purposes of CALEA.
The government may not compel third party communications service providers to
collect data they would not otherwise collect. However, if they are already
collecting and storing it, CALEA allows the government to compel them to hand it
over. Thus, service providers must now consider carefully whether to collect
“unnecessary” data which may seem interesting, but which may later expose
consumers to privacy risks.
What CALEA changes is that CALEA does not allow providers to opt out on the
basis of not being able to technically expeditiously isolate conversations or
communications. Now providers must maintain capabilities to enable and require
that the phone people, no matter how they innovate technologically, cannot
innovate in a way that prevents government agencies from obtaining private
information. It essentially requires, therefore, that carriers have a duty to be able to
decrypt plain text. Motivating the passage of CALEA was that law enforcement was
worried that, for example, AT&T would set up encrypted communications and not
be able to decrypt it and give law enforcement unencrypted conversations. CALEA
said you are going to have to deliver it to law enforcement in plain text. Also pen
traps or Skype, pen registers, all these technical innovations fall under CALEA. They
wanted to be sure no one could design away from their law enforcement wish list.
CALEA is all about maintaining availability.
FEDERAL PRIVACY LAWS AND REGULATIONS
Currently, there is no Federal Smart Grid Privacy Law. Some existing privacy laws may or may not
extend to cover Smart Grid energy usage data.
U.S. federal privacy laws cover a wide range of industries and topics, such as:
47 U.S.C. §§ 1001-1010 (2012)
See http://thomas.loc.gov/cgi-bin/bdquery/z?d103:H.R.4922:.
63
30
1. Healthcare: Examples include the Health Insurance Portability and
Accountability Act (HIPAA) and the associated Health Information
Technology for Economic and Clinical Health (HITECH) Act.
2. Financial: Examples include the Gramm-Leach-Bliley Act (GLBA), the Fair and
Accurate Credit Transactions Act (FACTA), and the Red Flags Rule.
3. Education: Examples include the Family Educational Rights and Privacy Act
(FERPA) and the Children’s Internet Protection Act (CIPA).
4. Communications: Examples include the First Amendment to the U.S.
Constitution, the Electronic Communications Privacy Act (ECPA), and the
Telephone Consumer Protection Act (TCPA).
5. Government: Examples include the Privacy Act of 1974, the Computer
Security Act of 1987, and the E-Government Act of 2002.
6. Online Activities: Examples include the Controlling the Assault of NonSolicited Pornography and Marketing (CAN-SPAM) Act and the Uniting and
Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism Act (USA PATRIOT Act, commonly known
as the "Patriot Act").64
7. Privacy in the Home: Examples are the protections provided by the Fourth
and Fourteenth Amendments to the U.S. Constitution.
8. Employee and Labor Laws: Examples include the Americans with Disabilities
Act (ADA) and the Equal Employment Opportunity (EEO) Act.
It is currently not clear to what extent the above laws providing privacy protections
will apply to the consumer energy usage data that may suddenly become more
revealing in the Smart Grid era.65
The full title of the USA PATRIOT Act is the Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. No. 107-56,
115 Stat. 272 (codified as amended in scattered sections of U.S.C.A.).
64
The statute enacted by the United States Government was signed into law on October 26, 2001.
As of December 13 2012, there are only nine adjudicated U.S. cases referencing the Smart Grid
( See Appendix E), and one referencing Smart Meter technology, Friedman v. Maine PUC.
65
31
STATE PRIVACY LAWS AND REGULATIONS
SMART GRID-SPECIFIC STATE PRIVACY LAWS
In 2012, according to the National Conference of State Legislatures (“NCSL”)66 “at least 13
states” (California, Illinois, Massachusetts, Maine, Michigan, New Hampshire, New Jersey,
New York, Ohio, Oklahoma, Pennsylvania, Rhode Island and Vermont) took up
consideration of 31 Smart Grid-Specific bills. According to the NCSB, the following seven
States have enacted Smart Grid-specific privacy protection laws: 67





California Senate Bill 67468 - “prescribed customer consent” prior to
third-party use of energy usage information
Illinois S.B. 165269 - Develop and implement an advanced smart grid
metering deployment plan, which included the creation of a Smart
Grid Advisory Council and H.B. 3036 Amended the smart grid
infrastructure investment program and the Smart Grid Advisory
Council
Maine H.B. 56370 – directed the Public Utility Commission to
investigate current cyber security and privacy issues related to smart
meters
New Hampshire71 - S.B. 266 prohibition on utility installation of smart
meters without the property owners’ consent. Utilities must disclose
in writing the installation of a smart meter
Ohio S.B. 31572 – encourages innovation and market access for cost
effective smart grid programs and H.B. 33173 – creates a
National Conference of State Legislatures (NCSL) website:
http://www.ncsl.org/issues-research/energyhome/smart-grid-state-action-update.aspx
66
Source: Glenn Anderson, NCSL staff, Denver office 303-364-7700, 303-856-1341, Jacqueline
Pless
67
hb
69
California: Amends California Agriculture ( 2-506 , 2-508.1 , 2-509 )
Illinois: 220 ILCS 5/16-103
Maine: Amends Maine GL Sections 1363, 1363.05, and 1365.2 of the Civil Code, relating to
common interest developments
70
71
New Hampshire: Amends New Hampshire RSA 374 (Revised Statues and Administrative Rules)
Ohio: Amends sections 122.075, 123.011, 125.836, 131.50, 133.06, 156.01, 156.02, 156.03, 156.04,
303.213, 905.40, 1509.01, 1509.02, 1509.03, 1509.04, 1509.06, 1509.07, 1509.10, 1509.11, 1509.22,
72
32


Cybersecurity, Education and Economic Development Council to help
improve state infrastructure for cybersecurity
Oklahoma Law H.B. 1079 – established the Electronic Usage Data
Protection Act74 that directs utilities to provide customers with access
to and protection of smart grid consumer data
Vermont S.B. 7875 – promote statewide smart grid deployment and
S.B. 214/Act 17076 – directs the Public Utility Board to set terms and
conditions for access to wireless smart meters. The law also requires
consumers written consent prior to smart meter installation and
require removal of smart meters upon request/cost-free opt-out of
Smart Meters
NON-SMART GRID-SPECIFIC STATE PRIVACY LAWS
Most states provide additional privacy laws and regulations for a wide range of
issues, such as for, but not limited to, the following, which may also potentially be
interpreted to apply to the Smart Grid:

Privacy breach notice;

Social Security number (SSN) use and protections; and

Drivers license use.
1509.221, 1509.222, 1509.223, 1509.23, 1509.28, 1509.33, 1509.99, 1514.01, 1514.02, 1514.021,
1514.03, 1514.05, 3706.27, 4905.03, 4905.90, 4905.91, 4905.95, 4906.01, 4906.03, 4906.05, 4906.06,
4906.07, 4906.10, 4906.20, 4928.01, 4928.02, 4928.2314, 4928.61, 4928.62, 4928.64, 4928.66,
4935.04, 5703.21, and 5751.01; to amend, for the purpose of adopting a new section number as
indicated in parentheses, section 905.461 (905.411); and to enact sections 905.41, 3737.832,
4905.911, 4928.111, 4928.70, 4928.71, 4928.72, and 6301.12 of the Revised Code to make changes
to the energy and natural resources laws and related programs of the state.
Ohio: Amends OGL sections 1751.62, 3701.74, 3701.741, 3701.742, 3923.52, 3923.53, and 3923.54
of the Revised Code
73
74
Oklahoma Section 710, Title 17
75
Vermont: Amends Sec. 2. 30 V.S.A. § 248a
76
Vermont: Amends Vermont GL Sec. 1. 30 V.S.A. § 8001
33
CONTRACTUAL APPROACHES AND CONSUMER AGREEMENTS
OPT-OUT PROVISIONS
In response to both potential privacy and health concerns, some state legislatures
and regulatory commissions have required that the customer be given the option
to opt-out of smart meter implementation, or to have an installed smart meter
removed.77 Additionally, some utilities have “voluntarily” offered this option for
their customers.78 However, serious questions have been raised about whether optout provisions provide a viable option for those seeking privacy protection. McNeil
notes, “Fully realizing the benefits of the smart grid, however, requires bringing
advanced meters into as many homes and businesses as possible.19
As a result, it is unlikely that customers will be permitted to opt out of smart meter
installation.20 “However, it has been found that utilities may be required to offer
opt-out provisions. In general, opt-out provisions are the source of a great deal of
controversy, as we have seen in Maine PUC. 79
N.H. Rev. Ann. Stat. § 374:62 (prohibiting electric utilities from installing and maintaining smart
meter gateway devices without a property owner’s consent); Vt. Stat. Ann. tit. 30, § 8001 (requiring
public service board to establish terms and conditions governing the installation of wireless smart
meters). See also, Nev. P.S.C. Case 11-10007 (February 29, 2012) (adopting recommendation that
Nevada Energy provide opt-out opportunity for residential customers); and Tex P.U.C. Case 40199
(May 17, 2012) (refusing to initiate rulemaking requiring opt-out options for smart meter
deployment).
77
See Cal. P.U.C. Case No. A. 11-03-014 (February 1, 2012) (approving Pacific Gas & Electric’s
SmartMeter program, allowing residential customers to opt-out of smart meter deployment);
Pursuing the Smart Meter Initiative, Me. P.U.C. Docket No. 2010-345 (May 19, 2011) (approving
Central Maine Power’s customer opt-out program); P.S.B. Vt. Tariff 8317 (March 8, 2012)
(approving Central Vermont Public Service Smart Power
78
See also, for example, “PSC rejects statewide smart meter opt-out,”
http://host.madison.com/news/local/govt-and-politics/capitol-report/psc-rejects-statewide-smartmeter-opt-out/article_97e58694-f2f0-11e1-9a0b-001a4bcf887a.html
79
34
THREAT RISK MODELING ANALYSIS
Threat risk modeling80 is a technique for identifying and assessing threats and risks.
Essentially, it acknowledges that different individuals face different privacy risks and
have different privacy concerns and priorities. Utility companies and others who
favor the proliferation of Smart Grid technology deny privacy concerns regarding
consumer energy usage data. These interests generally assume that the benefit of
granular, highly available consumer energy usage data retained for significant
periods for energy conservation and other purposes are consumers’ highest
priority. However, acknowledging threat risk modeling analysis acknowledges that
different consumer face different threats and risks to their privacy. The threats
include:

Government surveillance

Unwanted use by corporations and organizations seeking to profit from the
use of the data

Unwanted marketing

Use by abusers in personal relationships seeking to exert power and control
over targets
For those unconcerned about these threats, possibly less protection is warranted.
However, those who do not suffer from these threats or who perceive them as a
lower priority should not set the agenda for those who do like under these threats.
Threat risk modeling analysis indicates consumers have a need to decide how
much data to allow service providers to retain based on their personal threat
profile. Thus, Jacob Applebaum81 or David House,82 facing a heightened risk of
For example, Open Web Application Security Project (OWASP) recommends Threat Risk Modeling when
developing applications: see
https://www.owasp.org/index.php/Threat_Risk_Modeling
80
In the Matter of the 2703(d) Order Relating to Twitter Accounts: Wikileaks, Rop_G; and BirgittaJ, US v.
Wikileaks, APPELBAUM, GONGGRIJP, JONSDOTTIR, and TWITTER, Ibid.
81
35
government subpoena of their data, or Holly Collins,83 facing a heightened threat
of misuses of her personal data by a stalker or abuser, may need greater control
and make different data storage decisions than other individuals who may not feel
such a risk from those particular threats.
DATA RETENTION PROVISIONS
Granularity is a concept that is not only properly applied to energy usage data.
Consumers also benefit from granularity in account choices. Most critically,
consumers benefit from granularity in data retention options, based on threatmodeling analysis. This enables consumers to make choices in shortening the
length of time their energy usage data is retained. The shorter the time period for
which it is retained, the shorter the period during which individuals privacy
regarding that data may be compromised. Currently, consumers do not have
control over the time period for which their data is retained by utilities.
By shortening the period over which they wish utilities to retain their personal
energy usage data, consumers limit their ability to review their own usage for
conservation and other purposes. However, utilities and others need to recognize
that individuals have different priorities including privacy priorities. A one-size-fits-
See also Julia Angwin Secret Orders Target Email. Wall Street Journal, October 9, 2011
“The U.S. government has obtained a controversial type of secret court order to
force Google Inc. and small Internet provider Sonic.net Inc. to turn over information
from the email accounts of WikiLeaks volunteer Jacob Appelbaum, according to
documents reviewed by The Wall Street Journal.”
An individual under similar risk could arguably see the retention and undesired disclosure of his
personal energy usage data as a higher priority than its value to him for energy conservation
purposes.
DAVID HOUSE, Plaintiff, v. JANET NAPOLITANO, in her official capacity as Secretary of the U.S.
Department of Homeland Security; ALAN BERSIN, in his official capacity as Commissioner, U.S. Customs and
Border Protection; JOHN T. MORTON, in his official capacity as Director, U.S. Immigration and Customs
Enforcement, Defendants., Civil Action No. 11-10852-DJC, UNITED STATES DISTRICT COURT FOR THE
DISTRICT OF MASSACHUSETTS, 2012 U.S. Dist. LEXIS 42297, March 28, 2012, Decided
82
Holly Collins, a US citizen, and her three US-born children were granted political asylum in the
Netherlands from the US on the basis of overwhelming evidence of child abuse and domestic
violence. See Waller, Garland, producer, No Way Out But On, documentary,
http://nowayoutbutone.com/
83
36
all data retention policy and options ill-serves individuals who prefer to protect
their privacy.
SPECIAL PRIVACY CONSIDERATIONS
States and the Federal Government have recognized crime witnesses and victims
and ongoing targets of crime such as victims of Domestic Violence (DV) as classes
requiring special privacy consideration. 84 Federal and State Witness Relocation
programs include victims of intimate partner violence. For these individuals as well,
the ability to track, control, threaten, intimidate and harm them through
telecommunications, geo-location and energy usage data poses an increasing
threat. Federal and State laws provide for them to legally conceal their addresses,
for example.
As in the case of Holly Collins85 and her children, a target of intimate partner abuse
(IPA), intimate partner violence (IPV) or child abuse may go into hiding on their
own initiative rather than in a government sponsored witness protection program.
For them, unauthorized access to energy usage data poses a somewhat heightened
threat as the potential for surveillance and other misuse is higher than normal.
Victim relocation programs such as the one in Massachusetts86 Relocation
Counseling Programs provide “assistance for victims of crime who need to relocate
for personal safety.” 87 According to Applegarth, “Many victims, especially those of
domestic and sexual violence and stalking, often flee their homes for safety…” 88
84
The California Witness Protection Program, http://www.shouselaw.com/witness-protection-program.html
85
Ibid
Applegarth, Valenda, Relocation Counseling & Identity Protection Initiative, National Network to End
Domestic Violence (NNEDV) website: http://www.nnedv.org/resources/for-ovw-grantees.html
86
Applegarth, Valenda, Relocation Counseling Project, Stalking & the Use of Technology, Presentation to
Employers Against Domestic Violence, November 16, 2012, Boston Massachusetts.
https://people.torproject.org/~andrew/2012-11-16-EADV/GBLS-EADVNov2012.pdf
87
88
Applegarth, Valenda, Senior Attorney, Greater Boston Legal Services, Relocation Counseling Services,
http://www.gbls.org
37
PART 4. SMART GRID PRIVACY RECOMMENDATIONS
Ann Cavoukian notes, privacy is most often achieved when “there is less of an
emphasis on legal and regulatory compliance measures, and more focus upon the
adoption of PETs89, the voluntary adoption of best practices, and heightened
awareness efforts.” 90
Greater use and acceptance of threat risk modeling analysis will acknowledge that
different consumers face different threats and risks, which in turn create different
priorities with respect to their energy usage data privacy protection.
Providing greater granularity in data retention options costs nothing and enhances
privacy.
The custodians of energy data should consider managing and safeguarding the
information in accordance with the recommendations included in this report.
89
90
PET- Privacy Enhancing Techniques
Cavoukian, Ann, Privacy by Design, Take the Challenge, 2009 (published on her website), p. 27
http://www.privacybydesign.ca/content/uploads/2010/03/PrivacybyDesignBook.pdf
38
PART 5. CONCLUSION
We live in a world where information about us is multiplying rapidly, with many
helpful capabilities. However, that same world is making surveillance and intrusions
into privacy more available, attractive, and pervasive as well. Consumers should be
aware that the five technical developments of the Smart Grid:
 energy usage data granularity and
 frequency of collection
 online connection and telecommunications capabilities
 digital energy usage “signatures;” and
 signature libraries
can significantly erode privacy.
The limitations of the few existing laws that protect consumer privacy and their
limitations means these new technical developments may add to
the vulnerabilities, threats and risks posed by the Smart Grid. The further four legal
trends:
 erosion of judicial oversight
 low standards of legal justification
 secrecy; and
 consent mismatch
require further study to mitigate and reduce the risk to privacy in current legal
frameworks.
39
Smart Meter.91
91
EVB Energy Ltd. Smart Meter image, Licensed under Creative Commons 3.0 License
40
APPENDICES
Appendix A – Major Relevant Cases
Case
Cour
t
Law
Kyllo v
US
US v
Golden
Valley
Friedma
n v.
Maine
PUC
Where
Technol
ogy
Thermal
Imaging
Smart
Meter
Maine
Smart
Meter
Appendix B – Legal and Regulatory Frameworks by
Major Case
Case
Kyllo v
US
US v
Golden
Valley
Friedma
n v.
Maine
Constitutio
nal
4th
amendmen
t
4th
amendmen
t
3rd Party
Doctrine
Federal
Stat
e
Contract
Courts
Opt Out
41
PUC
42
Appendix C – Statistics on number of smart meters
installed
http://www.eia.gov/electricity/data/eia861/index.html
http://www.ferc.gov/legal/staff-reports/11-07-11-demandresponse.pdf#xml=http://search.atomz.com/search/pdfhelper.tk?sp_o=3,100
000,0
http://www.edisonfoundation.net/iee/Documents/IEE_SmartMeterRollouts_0
512.pdf
http://www.eia.gov/electricity/data/eia861/index.html
http://www.theage.com.au/it-pro/government-it/smart-meter-data-sharedfar-and-wide-20120922-26dvp.html
43
Appendix D – Increased threat of government
surveillance
“Seeking Reporters Telephone Records Without Required Approvals”, p. 89,
“Inaccurate Statements to the Foreign Intelligence Surveillance Court,” p. 122
“FBI Issues 11 Improper Blanket NSLs in May to October 2006,” p. 165, etc
http://www.justice.gov/oig/special/s1001r.pdf, A Review of the FBI’s Use of
Exigent Letters and Other Informal Requests for Telephone Records, Oversight
and Review Division, US Department of Justice, Office of the Inspector
General, January 2010.
Department of Justice Statistics and reports to Congress on surveillance requests:
http://www.justice.gov/criminal/foia/elect-read-room.html
Congressman Markey’s Letters to cellphone carriers and their responses with
statistical information:
http://markey.house.gov/content/letters-mobile-carriers-reagrding-usecell-phone-tracking-law-enforcement
Google’s disclosure of their own disclosures to Law Enforcement:
http://www.google.com/transparencyreport/userdatarequests/
Twitter’s disclosure of their own disclosures to Law Enforcement:
https://support.twitter.com/articles/20170002
Further primary sources of surveillance statistics:
http://www.spyingstats.com/
ACLU summary
http://www.aclu.org/protecting-civil-liberties-digital-age/cell-phone-locationtracking-public-records-request
Articles with embedded links to primary statistical sources:
http://www.wired.com/threatlevel/2012/07/massive-phone-surveillance/
http://www.wired.com/threatlevel/2012/07/government-twitter-data/
http://www.wired.com/threatlevel/2012/02/congress-in-the-dark/
44
Other original documents and statistics:
http://files.spyingstats.com/pr-tt/DOJ-pen-registers-2004-2008.pdf
http://www.wired.com/images_blogs/threatlevel/2012/02/0577_001.pdf
http://paranoia.dubfire.net/2010/06/dojs-surveillance-reporting-failure.html
GAO report
Congressional Research Service Repo
Appendix E – Federal Privacy Laws and Frameworks
referencing the Smart Grid
Smart Grid is only referenced, including tangentially, in nine known
cases so far. Four of them are relevant:
NORTH ALABAMA ELECTRIC COOPERATIVE, vs. TENNESSEE VALLEY AUTHORITY,
Civil Action No. 10-S-3252-NE, UNITED STATES DISTRICT COURT FOR THE NORTHERN
DISTRICT OF ALABAMA, NORTHEASTERN DIVISION, 862 F. Supp. 2d 1291; 2012 U.S. Dist.
LEXIS 73834, May 29, 2012, Decided
This case references American Recovery and Reinvestment Act, Pub. L.
No. 111-5, 123 Stat. 115 (Feb. 17, 2009). Pursuant to that act, the
Department of Energy (DOE) announced the "Smart Grid Investment
Grant" program (SGIG) “Through that program, DOE offered to match
the cost, up to $200 million, of projects designed to implement "smart"
electric grids. A "smart" grid is a system that uses electric meters that
can remotely transmit power-consumption data to the power
distributor. The use of a smart grid can help reduce total electricity
usage and costs by providing the power distributor with real-time usage
statistics, and providing the end user with information about the
benefits of using power at low-demand times of day.
MESH COMM, LLC, v. PEPCO ENERGY SERVICES, Civil Action No.: RDB-09-2804, UNITED
STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND, 2010 U.S. Dist. LEXIS 137029,
December 29, 2010, Decided
45
A fascinating patent infringement case regarding "Wireless
Communication Enabled Meter and Networks." PEPCO lost.
THE PEOPLE ex rel. LISA MADIGAN, Attorney General of the State of Illinois, v. ILLINOIS
COMMERCE COMMISSION, COMMONWEALTH EDISON COMPANY, No. 2-10-0024,
APPELLATE COURT OF ILLINOIS, SECOND DISTRICT, 967 N.E.2d 863; 2012 Ill. App. LEXIS
190; 2012 IL App (2d) 100024; 359 Ill. Dec. 833, March 19, 2012, Opinion Filed
ComEd seeking to recover costs associated with Smart Grid
implementation.
In re Application of Consumers Energy Company to Increase Rates. ASSOCIATION OF
BUSINESSES ADVOCATING TARIFF EQUITY, Appellant, MICHIGAN PUBLIC SERVICE
COMMISSION, HEMLOCK SEMICONDUCTOR CORPORATION, and ENERGY MICHIGAN,
INC., Appellees, and CONSUMERS ENERGY COMPANY, Petitioner-Appellee. ATTORNEY
GENERAL, Appellant, v MICHIGAN PUBLIC SERVICE COMMISSION, HEMLOCK
SEMICONDUCTOR CORPORATION, and ENERGY MICHIGAN, INC., Appellees and
CONSUMERS ENERGY COMPANY, Petitioner-Appellee.No. 301318, No. 301381, COURT
OF APPEALS OF MICHIGAN, 2012 Mich. App. LEXIS 2280, November 20, 2012, Decided
“The advanced metering infrastructure (AMI) program has been described as
an information-gathering technology that allows [the utility] to
collect real-time energy consumption data from its customers. . . .
[T]he so-called "smart meters" allow the utility to remotely
monitor and shut-off [sic] electricity to customers that have these
meters installed. . . . The intention appears to be to allow
customers to access real time energy consumption data and
make alterations in their energy consumption patterns in order
to reduce their own costs and to reduce the demands placed
upon the system at times of system peak. [In re Applications of
Detroit Edison Co, 296 Mich App 101, 114; 817 NW2d 630
(2012) (internal quotation marks and citations omitted).]
ABATE argues that there was insufficient evidence of the program's costs
and benefits, or that the new technology is necessary for the continued
provision of electricity to Consumers's customers, to justify the great
expense to ratepayers involved.”
46
47
Appendix F – Expanded list of Privacy Laws and
Frameworks
January 9, 2010 Original First Draft
Smartgrid CSCTG
Privacy Legal considerations: Laws, regulations, standards overview & issues
DRAFT By Sarah Cortes
Overview
In determining specific impacts and privacy consideration, it’s important to
understand existing legislative frameworks. This section attempts to summarize the
privacy law and regulatory frameworks and then narrow focus to the most possibly
relevant issues. In considering the impact of Smartgrid on existing and future laws
and regulations, and likewise the influence of laws on Smartgrid, two major issues
emerge.
First, Smart Grid’s opportunity to create a unique, universal building identifier,
specifically, “meter number,” creates unique privacy concerns. The universality and
uniqueness of a Smart Meter number is a development potentially rivaling the
introduction of the social security number in its value for “indexing,” data, the
critical factor in making it readily available.
Second, the new energy-related data Smartgrid generates, creates new
opportunities to help or harm in unique ways.
Smartgrid meter numbers create a new universal, unique “primary key”
Energy is something that is delivered almost universally to building locations. For
this reason, Smartgrid introduces the possibility of a universal” place,” or location
(building only) identifier. The field is actually meter number. Seemingly
unremarkable, a Smartgrid meter number is actually somewhat of a revolutionary
concept. Imagine, going forward, that every physical building (that draws or
generates energy) has a numerical identifier, like an IP address for virtual locations.
Instead of street (postal) addresses, it could be possible in the future to simply
identify every building by meter number. Simple, yet potentially far-reaching in its
48
consequences. The only other keys that approach the universality and uniqueness
of social security number for a persona or Smart Grid meter number for location is
Vehicle Identification Number for vehicles, interestingly, also an end delivery point
for energy.
A central concept of many privacy laws is their identification of certain technical
keys. A “key” in this context, derived from the database technical term, “primary
key,” is a data field or piece of data that provides a unique identifier for every
record in that database. The two essential aspects of a key are that it be unique
and universal. Unique means that there is one and only one identifier for each
record. Universal means that every record has the key field. Social security number
is such a key, which is why it is such a valuable piece of information. In the context
of “person, place or thing?” Is a person’s name a key? The answer is, no, because
names are not unique. Social security number, in conjunction with other
information (“secondary keys”) like name, identifies unique persons, (not places or
things.) Names are only valuable as secondary keys, in conjunction with social
security number, the unique identifier.
Technically, it’s important to remember that a key is only valuable as a way to
unlock or associate all other data. For example, Social security number alone is
meaningless, its value lies in it ability to bring meaning to vast tables of data by
associating all the data with unique individuals. This corresponds to the legal
principal that PII is generally legally defined in a two-step manner, as x data ( for
example, social security number,) in conjunction with y data (for example, name.)
This is the legal concept of “personally identifiable information,” or PII. The
“information” part is the vast data fields available. The “personally identifiable” part
is the primary key-secondary key identifier.
It is first of all because of Smart Grid’s opportunity to create unique, universal
building identifiers that is creates unique privacy concerns.
Smart Grid’s new energy-related data fields create new opportunities for good or
harm
Second, the new energy-related data Smartgrid generates, creates new
opportunities to help or harm in unique ways. (help is welcome in this section).
New data or practices that may affect privacy
•
Daily and hourly readings-spot thieves who intermittently bypass the meters
•
Record material so frequently that power flows could reveal unique electrical
signatures of individual appliances
49
•
ID consumers to cite for excessive electricity use
•
Divorce lawyers to determine- who used the hot tub while the spouse was
away?
•
ID intimate details about activity inside a customer's house: when they are
home; when they sleep; when they eat
•
Insurance adjusters- who is coming home night after the night when the bars
closed
•
Police-who opened the refrigerator at 3 a.m.
•
DataRaker- algorithms that compare meter readings with weather patterns
and public information on properties to detect abnormal consumption
•
ID customers whose consumption is falling inexplicably, a sign of a failing
meter that needs replacement
•
ID customers with excessive energy use compared with their neighbors and
offer them weatherization or low-income assistance
 In 2007, the day after Al Gore's climate-change documentary, An Inconvenient
Truth, received an Oscar, Tennessee political activists released the purloined
electric billings for Gore's Nashville mansion to embarrass him - his usage was
nearly 20 times the national average.
 Time-of-day discount pricing to encourage off-peak consumption
 Smart meters also will allow utilities to shut customers off remotely
Privacy Law and issue overview
Current Legal Overview
•
Worldwide Overview
•
Legal History
•
US Legal overview
•
Recent US Legal Activity
•
US laws cited in Senate 773
•
US Legal summary
Specific Laws
•
•
•
California Laws
Massachusetts Law
Legal Jurisdiction
Worldwide Legal Overview
UK and 47 European States
•
Article 8 of the European Convention on Human Rights
50
Canada
•
Personal Information Protection and Electronic Documents Act
1995-2004
Australia: Privacy Act of 1988
US: Multiple Federal Laws in 14 categories; plus:
•
Over 80 State of California Laws
•
State of Massachusetts Law
•
State of New Jersey Proposed Law
•
California Law now followed by similar laws in more than 40
states
Legal History
Worldwide
•
Universal Declaration of Human Rights
•
UK – English Law and Prince Albert
US
•
Brandeis-Warren
•
Not explicit in US constitution
•
Prosser – 4 areas
•
Katz
•
Griswold v. Connecticut
Penumbras
•
Roe v. Wade
US Legal Overview
Federal classifications:
•
Health privacy laws
•
Online privacy laws
•
Financial privacy laws
•
Communication privacy laws
•
Information privacy laws
•
Laws regarding privacy in one’s home
California classifications:
•
Health Information Privacy
•
Online Privacy
•
Constitutional Right to Privacy
•
Office of Privacy Protection
•
General Privacy
•
Identity Theft
51
•
Unsolicited Commercial Communications
Recent US Legal Activity
2/17/09- Health Information Technology for Economic and Clinical
Health Act (HITECH Act), part of American Recovery and Reinvestment Act
of 2009
US Legal Summary, cited in Sen. 773 (Cybersecurity Act of 2009)
(1) the Privacy Protection Act of 1980 (42 U.S.C. 2000aa);
(2) the Electronic Communications Privacy Act of 1986 (18 U.S.C. 2510
note);
(3) the Computer Security Act of 1987 (15 U.S.C. 271 et seq.; 40 U.S.C.
759);
(4) the Federal Information Security Management Act of 2002 (44 U.S.C.
3531 et seq.);
(5) the E-Government Act of 2002 (44 U.S.C. 9501 et seq.);
(6) the Defense Production Act of 1950 (50 U.S.C. App. 2061 et seq.)
US Legal Summary
Health privacy laws
•
1996-Health Insurance Portability and Accountability Act
(HIPAA)
•
1974-The National Research Act
Financial privacy laws
•
1970-Bank Secrecy Act
•
1998-Federal Trade Commission
•
1999-Gramm-Leach-Bliley Act-GLB
•
2002-Sarbanes-Oxley Act-SOX
•
2003-Fair and Accurate Credit Transactions Act
Online privacy laws
•
1986-Electronic Communications Privacy Act-ECPA-pen
registers
•
1986-Stored Communications Act-SCA
Communication privacy laws
•
1978-Foreign Intelligence Surveillance Act (FISA)
•
1984-Cable Communications Policy Act
•
1986-Electronic Communications Privacy Act (ECPA)
•
1994-Digital Telephony Act - Communications Assistance for
Law Enforcement Act-”CALEA” 18 USC 2510-2522
•
2005-6 CALEA expansions
52
Education Privacy Laws
•
1974-Family Educational Rights and Privacy Act-FERPA
Information privacy laws
•
2001-US Patriot Act – expanded pen registers
Laws regarding privacy in the home
Other
•
2005-Privacy Act - sale of online PII data for marketing
•
1974-Privacy Act
•
FISMA (2001)
•
Ku Klux Klan Act of 1871
PII-Personally Identifiable information
First name and last name or first initial and last name in combination with any
one or more of the following:
1. Social Security number;
2. Driver's license number or state-issued identification card number; or
3. Financial account number.
Utilities often store SSNs and financial account numbers in their payroll or billing
systems and have been obligated to follow the associated legal requirements for
safeguarding this data for many years. The sharing and storage capabilities that
the Smart Grid network brings to bear creates the new need to protect the items
specifically named within existing laws, in addition to protecting new types of
personal information that is created within the Smart Grid.
There is also the possibility of utilities possessing new types of data as a result of
the Smart Grid for which they have not to date been custodians. These new types
of data may be protected by regulations from other industries that utilities did not
previously have to follow. As is revealed by the privacy impact assessment, there is
a lack of privacy laws or policies directly applicable to the Smart Grid. Privacy
subgroup research indicates that, in general, state utility commissions currently lack
formal privacy policies or standards related to the Smart Grid.92 Comprehensive
and consistent definitions of privacy-affecting information with respect to the
Smart Grid typically do not exist at state or federal regulatory levels, or within the
utility industry.
92
Most public utility commissions have significant customer privacy policies that predate the Smart Grid.
53
54
Appendix G – FOIAs and Smart Grid Subpoenas
Brent Struthers of Neustar reports that as of December 1, 2013, Neustar has not been requested by
their clients to process any subpoenas for Smart Grid energy usage data. 93
On August 18, 2012 the authors filed a FOIA with the FBI. We sought subpoena
information for Smart Grid-related data from Colorado, California and
Massachusetts. On December 3rd we receive a fairly unusual “rejection” of this FOIA.
We continue to appeal for this data and seek additional data. Here is the original
request and rejection:
Aug. 18, 2012:
VIA EMAIL — [redacted]@ic.fbi.gov
David M. Hardy
Section Chief, Record/Information Dissemination Section
Federal Bureau of Investigation
Record/Information Dissemination Section
170 Marcel Drive
Winchester, VA 22602-4483
RE: Freedom of Information Act Request
Dear Mr. Hardy:
This letter constitutes a request under the Freedom of Information Act (FOIA), 5 U.S.C.§
552, and is submitted to the Federal Bureau of Investigation (FBI) on behalf of Sarah
Cortes andMuckRock.com.
I hereby request all agency records created from August 1, 2009, to the date of processing
for this request, discussing, concerning, or reflecting subpoenas or other government
requests, or orders for information preservation, for:
• Smart grid information;
93
Struthers, Brent, Neustar, Interview with Sarah Cortes, December 1, 2013
55
• Smart meter information;
• Energy usage information;
• A smart grid is an electrical grid that uses information and communications technology
to gather and act on information, such as information about the behaviors of suppliers
and consumers, in an automated fashion to improve the efficiency, reliability, economics,
and sustainability of the production and distribution of electricity. SmartGrid policy in the
United States is described in 42 U.S.C. ch.152 subch.IX §
17381.http://www.law.cornell.edu/uscode/text/42/chapter-152/subchapter-IX
• A smart meter is usually an electrical meter that records consumption of electric energy
in intervals of an hour or less and communicates that information at least daily back to
the utility for monitoring and billing purposes. Smart meters enable two-way
communication between the meter and the central system. Unlike home energy monitors,
smart meters can gather data for remote reporting.
This request is limited to agency records about the above subjects that were sent
to utilities or government agencies operating in the states of
• California
• Colorado
• Massachusetts
This request expressly includes any reports, manuals, guides or other written guidance on
the issuance of such subpoenas, government requests for information, or orders for
information preservation pertaining to smart grid, smart meter or energy usage
information, and any records in the FBI’s possession relating to such subpoenas or other
government requests, or orders for information preservation sent by the Drug
Enforcement Administration (DEA).
This request includes, but is not limited to, electronic records.
56
FOIA Rejection Letter for Smart Grid subpoena information.
57
BIBLIOGRAPHY
General
Applegarth, Valenda, Senior Attorney, Greater Boston Legal Services, Relocation
Counseling Services, http://www.gbls.org
Applegarth, Valenda, Relocation Counseling Project, Stalking & the Use of
Technology, Presentation to Employers Against Domestic Violence, November
16, 2012, Boston Massachusetts. https://people.torproject.org/~andrew/201211-16-EADV/GBLS-EADVNov2012.pdf
Applegarth, Valenda, Relocation Counseling & Identity Protection Initiative, National Network
to End Domestic Violence (NNEDV) website: http://www.nnedv.org/resources/for-ovwgrantees.html
California Witness Protection Program, http://www.shouselaw.com/witnessprotection-program.html
Cavoukian, Ann, Privacy by Design, Take the Challenge, 2009 (published on her
website)
http://www.privacybydesign.ca/content/uploads/2010/03/PrivacybyDesignBook.
pdf
Ellement, John R., Boston Globe, Twitter gives Boston police, prosecutors data in
hacking probe, March 02, 2012
http://articles.boston.com/2012-03-02/metro/31112710_1_twitter-bostonpolice-law-enforcement
EVB Energy Ltd. Smart Meter image, Licensed under Creative Commons 3.0
License
Flick, Tony, Hacking the Smart Grid, DEFCON 20
https://www.defcon.org/images/defcon-17/dc-17presentations/Tony_Flick/defcon-17-tony_flick-hacking_the_smart_grid-wp.pdf
58
Froehlich, Jon, Eric Larson, Sidhant Gupta, Gabe Cohn, Matthew S. Reynolds,
Shwetak N. Patel, Disaggregated End-Use Energy Sensing for the Smart Grid,
PERVASIVE computing Published by the IEEE CS 1536-1268/11 JANUARY–
MARCH 2011, IEEE
http://homes.cs.washington.edu/~sidhant/docs/ElectriSense_Journal.pdf
Greveler, Ulrich, Justus, Benjamin, and Loehr, Dennis Multimedia Content
Identification Through Smart Meter Power Usage Profiles,, Computer Security
Lab, Munster University of Applied Sciences D-48565 Steinfurt, Germany, (after
November, 2011), http://epic.org/privacy/smartgrid/smart_meter.pdf
Lewman, Andrew, Anonymous Communications, NEU Lecture, Computer Science
5700, 12/5/2012
https://d1b10bmlvqabco.cloudfront.net/attach/h6azokarx1q536/haet6g8o87c1
9w/haet6m5ppwn1is/20121205NEUAnonComms.pdf
Lucente, Mark , W K Lee, G S K Fung, H Y Lam and F H Y Chan, Exploration on
Load Signatures, International Conference on Electrical Engineering (ICEE) 2004,
Japan. Reference No. 725
McNeil, Sonia K., Privacy and the Modern Grid, ed. Lee Tien, Kyle Courtney,
Harvard Journal of Law & Technology, Volume 25, Number 1 Fall 2011
Morisy, Michael muckrock.com
Moyer and Keltner, Wardriving the SmartGrid, DEFCON 18,
https://www.defcon.org/images/defcon-18/dc-18-presentations/MoyerKeltner/DEFCON-18-Moyer-Keltner-Wardriving-Smart-Grid.pdf
National Conference of State Legislatures (NCSL) website:
http://www.ncsl.org/issues-research/energyhome/smart-grid-state-actionupdate.aspx
59
National Institute of Standards and Technology Interagency Report 7628, vol. 3
(NIST IR 7628), The Smart Grid Interoperability Panel – Cyber Security Working
Group, August 2010, see http://csrc.nist.gov/publications/PubsNISTIRs.html
Introduction, Guidelines for Smart Grid Cyber Security
Vol. 1, Smart Grid Cyber Security Strategy, Architecture, & High-Level
Requirements
Vol. 2, Privacy and the Smart Grid
Vol. 3, Supportive Analyses and References, 219 pages
Open Web Application Security Project (OWASP),
https://www.owasp.org/index.php/Threat_Risk_Modeling
Quinn, Elias Leake, A Report for the Colorado Public Utilities Commission, Spring
2009, pg. 3. (citing M. Newborough & P. Augood, Demand-side Management
Opportunities for the UK Domestic Sector, IEEE Proceedings of Generation
Transmission and Distribution 146 (3) (1999) 283–293).
Ryan Rose, "Washing Machine Twitter Hack," video http://vimeo.com/2945872
Soghoian, Christopher, In Spies We Trust: THIRD PARTY SERVICE PROVIDERS
AND LAW ENFORCEMENT SURVEILLANCE, Submitted to the faculty of the
Graduate School in partial fulfillment of the requirements for the degree Doctor
of Philosophy in the School of Informatics, Department of Computer Science
Indiana University, August, 2012 http://files.dubfire.net/csoghoian-dissertationfinal-8-1-2012.pdf
Soghoian is a well-known Privacy Researcher and formerly a fellow at
Harvard’s Berkman Center for Internet and Law, recently (August 2012)
submitted and is publishing his Computer Science PhD dissertation, on the
increasing collaboration between large corporations such as Google, Yahoo,
AT&T and Verizon in providing individuals’ private data to the government.
The dissertation readers included Marc Rotenberg, founder of the Electronic
Privacy Information Center (EPIC) in Washington DC
Southworth, Cindy and Tucker, Sarah, Technology, Stalking, and Domestic
Violence Victims, Mississippi Law Journal, Vol. 76, 2007, p. 76
60
Struthers, Brent, Neustar, Interview with Sarah Cortes, December 1, 2013
Tien, Lee, New "Smart Meters" for Energy Use Put Privacy at Risk, Electronic
Frontier Foundation, March 10, 2010
Rao, H. Raghav, and Upadhyaya, Shambhu, Information Assurance, Security and
Privacy Services (Handbooks in Information Systems), Emerald Group 2009
US Department of Justice, Oversight and Review Division, Office of the
Inspector General, A Review of the FBI’s Use of Exigent Letters and Other Informal
Requests for Telephone Records,
January 2010. http://www.justice.gov/oig/special/s1001r.pdf
“Seeking Reporters Telephone Records Without Required Approvals”,
p. 89
“Inaccurate Statements to the Foreign Intelligence Surveillance Court,” p.
122
“FBI Issues 11 Improper Blanket NSLs in May to October 2006,” p. 165,
etc
Waller, Garland, producer, No Way Out But One, documentary,
http://nowayoutbutone.com/
Digital Energy Signature Libraries
Jon Froehlich, Eric Larson, Sidhant Gupta, Gabe Cohn, Matthew S. Reynolds,
Shwetak N. Patel, Disaggregated End-Use Energy Sensing for the Smart Grid,
PERVASIVE computing Published by the IEEE CS 1536-1268/11 JANUARY–MARCH
2011, IEEE http://homes.cs.washington.edu/~sidhant/docs/ElectriSense_Journal.pdf
http://www.absak.com/library/power-consumption-table
Lucente, Mark, W K Lee, G S K Fung, H Y Lam and F H Y Chan, Exploration on Load
Signatures, International Conference on Electrical Engineering (ICEE) 2004, Japan.
Reference No. 725
61
Etherape open source network monitoring
http://askubuntu.com/questions/192654/i-need-a-good-network-monitoring-tool
62