Consumers already face a laundry list of daily privacy issues ranging from Facebook’s failure to police how user data is abused, to ISPs that routinely track your every online movement down to the millisecond.
But another, less talked about privacy problem has slowly been gaining steam: the modern, electrical utility smart meter.
Modern electricity usage meters provide innumerable benefits to utility companies, including a variety of remote access and monitoring tools to better manage the power grid. They also dramatically reduce the cost of technician visits for on-location meter readings.
The benefits to consumers have been less impressive, however. Some models have been found to interfere with some home routers, and, like so many internet-connected devices, other variants are easily hacked.
But these devices also collect an ocean of private customer data, including detailed information that can be used to infer when you wake, when you sleep, and when you’re at home or away. In the past, electricity meters delivered a lump monthly figure to utilities, but smart meters transmit data in granular detail, often in increments ranging from fifteen minutes to every few hours.
This in turn has sparked concern from locals in places like Naperville, Illinois, where, since 2011, one citizen group has been fighting the intrusive nature of the devices.
Under the name Naperville Smart Meter Awareness, citizens sued the city over a policy mandating that all city residents must have smart meters installed by the local city-owned power utility. In their lawsuit, they argued that the city’s smart meter data collection violated their Fourth Amendment rights against unreasonable searches and seizures.
This week, the group notched a notable win when the Seventh Circuit Court of Appeals ruled that the Fourth Amendment does in fact protect energy-consumption data collected by smart meters. The ruling leans heavily on the Kyllo v. United States precedent that declared the use of thermal imaging tech to monitor citizens without a warrant also violates the Fourth Amendment.
The court was quick to point out smart meter data collection often provides much deeper insight than could be obtained via the thermal imaging tech that was at issue in the Kyllo ruling. In large part because modern appliances often have distinct energy-consumption patterns or “load signatures” that not only tell the utility when you’re home, but precisely what you’re doing.
“A refrigerator, for instance, draws power differently than a television, respirator, or indoor grow light,” the ruling notes. “By comparing longitudinal energy-consumption data against a growing library of appliance load signatures, researchers can predict the appliances that are present in a home and when those appliances are used.”
The ruling could prove to be important for the growing number of homes that have smart meters installed. This is especially true given the growing interest among law enforcement and intelligence agencies in gaining access to this data without a warrant, and the apparent lack of interest in meaningful federal or state privacy protections for consumers.
“The Seventh Circuit recognized that smart meters pose serious risks to the privacy of all of our homes, and that rotely applying analog-era case law to the digital age simply doesn’t work,” Jamie Williams, staff attorney at the Electronic Frontier Foundation, told Motherboard.
“We hope that courts around the country follow the Seventh Circuit and find that the Fourth Amendment protects smart meter data,” Williams added.
According to the U.S. Energy Information Association, roughly 70.8 million smart meters were already deployed by the end of 2016, with roughly 88% of them in residential homes. It’s expected that about 80% of U.S. homes will have a smart meter installed by 2020.
While this ruling generally only applies to government access to this smart electricity data, Williams noted that state regulators can also play a sizeable role in preventing corporate utilities from collecting and potentially selling this data without your permission. Said data could prove invaluable to data brokers that also traffic in cellular location data.
In 2011, the California Public Utilities Commission passed regulations protecting the privacy and security of consumers’ electrical usage data. In 2014, the CPUC also passed rules that let users pay a fee to opt out of such data collection. California’s Pacific Gas and Electric wasn’t a fan; and was busted for spying on activists in a bid to undermine smart meter opposition.
“In order to protect consumers, other state utilities commissions, including the Illinois Commerce Commission, should pass similar regulations,” Williams recommended.
Back in Illinois, the court warned that the entire fight could have been avoided if the city-owned utility had simply provided users with the option of using a traditional meter instead of forcing the upgrade. They also could have provided consumers the ability to opt out of data collection.
"Naperville could have avoided this controversy—and may still avoid future uncertainty—by giving its residents a genuine opportunity to consent to the installation of smart meters, as many other utilities have,” the court said.
As the country debates new privacy rules in the wake of endless hacking scandals and rampant social media and broadband ISP data collection, it’s important not to forget about the lowly electrical meter. And as the internet of broken things often makes clear, sometimes the “dumber” technical solution is the smarter bet when it comes to privacy and security.