Privacy choices for smart meters may have consequences for decades
Smart meters have become commonplace in the Netherlands: the vast majority of households now have one in their fuse box. And yet, some 10 years after their introduction, there are still many questions and challenges surrounding the security and privacy aspects of smart meters. It is important to finally address these challenges so that energy suppliers take adequate steps to protect consumers in the future, warns Pol Van Aubel in his Ph.D. thesis, which he will defend at Radboud University on 25 September.
It will probably come as no surprise that the digitization of the energy grid brings dangers. There were extensive warnings about this back in 2008, when the Dutch government was considering amending the Electricity Act to allow for the introduction of smart meters. In fact, the Senate originally rejected the amendment on the grounds that the information collected and transmitted by smart meters might violate the European Convention on Human Rights. And yet the devices can now be found in almost every household.
Action for sensitive data
"Both grid operators and energy suppliers must remain aware of the fact that we are in a new paradigm: keep an eye on your security, but also on what data you collect from consumers," says Van Aubel. "Is all the information that smart meters collect about consumers and send back to energy companies equally relevant for these companies?"
"Smart meters can, if you them give permission as a consumer, take a reading every five minutes. If you add in an energy consumption manager, you can even have readings every 10 seconds. That is very sensitive data: the amount of electricity used not only tells you whether someone is at home, it even makes it possible to estimate what equipment they have and use."
Network operators know that they are collecting this sensitive data, but Van Aubel says it is not always clear that they need it. And other parties, such as energy suppliers and energy consumption manager producers, have not always thought these things through either.
Pay with your data
Although on paper, consumers are given a choice of whether to use a smart meter and how often to share data, there is a certain pressure on them to share more data. When energy prices soared in late 2022, many consumers switched to energy companies like ANWB Energie and Tibber to get energy at purchasing price—which was often cheaper.
"But for that cheap energy, you actually pay with your data: after all, you can only join in if you have a smart meter that continuously shares your energy consumption. If you don't want to share data on principle, you usually end up having to pay higher rates."
In his Ph.D. thesis, Van Aubel makes several recommendations for the smart grid. Van Aubel says "Infrastructure projects should integrate privacy already in the design stage. European regulations already prescribe privacy-by-design and privacy-by-standard settings, but there are few concrete guidelines, and everyone interprets the rules in their own way. By systematically identifying the problems, you can make improvements at every step of the measurement process."
Van Aubel says "We should be aware that every choice made around smart meters will have consequences for decades to come. The fact that a smartphone from 2010 is not very secure anymore is not a problem for most people. After all, we tend to buy a new smartphone every few years. But a smart meter from 2010 is still being used today, and may last for decades. It is wonderful that smart meters work, but the discussion around how they work has not been given enough attention. That is what society, as well as politicians and energy companies, must do now, so that the next generation of smart meters takes it sufficiently into account."