By Molly Connelly and Jan Bultmann
As Seattle City Light customers, we ask Seattle City Light (SCL) to create an advanced metering infrastructure policy that mandates that SCL obtain informed consumer consent before installing advanced metering devices (AKA “smart meters”) — that is, an opt-In policy.
The system should carry no financial disincentives for those customers who decide not to opt-in.
In this blog:
- Threats to Privacy
- Potential Unintended Consequences
- Erosion of Public Trust
- Current Legal Landscape
- Gap Analysis of Federal and State Regulations
- Precedents that Support an Opt-in Model
Threats to Privacy
Advanced metering technology poses a threat to individual privacy, as federally funded research shows. Government agencies including the Congressional Research Service1, Department of Energy2 and National Institute of Standards and Technology3, have written extensively about the specific threats to privacy generated by residential smart meters. Independent researchers have further documented the level of intimate detail that can be gathered from smart meter data, such as what customers are watching on television.4,5
Potential for Unintended Consequences
We are concerned that smart meters can now, or in the future, be misused to act as data collection devices which make previously private activities inside our dwellings subject to unauthorized official and criminal surveillance. We are concerned about such data being collected and stored in databases that may not be protected against warrantless searches, and may be managed by companies that have a history of profiting off of warrantless electronic surveillance.6 We are concerned about a lack of clarity regarding Constitutional protections for information collected by Seattle City Light that could be shared with city, state and federal law enforcement via the Seattle Shield Program7 and the Washington State Fusion Center.
Erosion of Public Trust
In the midst of the continuing Snowden revelations about government use of unregulated technology for warrantless electronic surveillance, public trust in the ability of elected officials and public institutions to adequately protect us is at a low point. We need laws and regulations to catch up with technology so that there are clearly defined privacy protections for smart meter data, and data collection and storage protocols that are based on established, relevant law, not just departmental policies.
Current Legal Landscape
Legal experts acknowledge that our current federal laws and regulations don’t provide adequate smart meter data privacy protection. For example, the Federal Wiretap Act could allow a utility to give permission to law enforcement or a third party to intercept smart meter data without a warrant.8 The third party doctrine as it relates to utility records containing smart meter data has not yet been tested in the Supreme Court. The Stanford Technology Law review advises that “When confronted with a business record or other information held by a third party, the Court should ask whether the record, or the technology used to create the record, reveals information about activities taking place inside the home that otherwise would not be available absent a trespass into the home. The Court should further inquire as to whether the consumer has been able to exercise any real choice about whether to create such records…Under this test, information about in-home activities generated by advanced meters or sensors in a demand response system would be protected by the Fourth Amendment” and “law enforcement officials should be required to obtain a warrant before being given access to those records”.9
At the September 26, 2013 Foreign Intelligence Surveillance Court Review, Senator Mark Udall asked Deputy Attorney General James Cole for clarification on whether section 215 of the Patriot Act (the “business records” provision of the Foreign Intelligence Surveillance Act which allows records to be collected via secret general warrants issued with a diluted standard of probable cause and placing the recipient under gag order) can be used by the National Security Agency to collect business records including “utility bills”; Mr. Cole was unable to rule it out.10
Gap Analysis of Federal and State Privacy Protections
The US Supreme Court has asserted that “at the very core [of the Fourth Amendment] stands the right of a man to retreat into his own home and there be free from unreasonable government intrusion”.11Our Washington State Constitution provides even more rigorous protection of privacy rights than those guaranteed by the Fourth Amendment. Unlike the Fourth Amendment, WA State Const. Article I Section 7 “clearly recognizes an individual’s right to privacy with no express limitations”12 and states that “No person shall be disturbed in his private affairs, or his home invaded, without authority of law.” Washington State has historically recognized that an individual has some level of protected privacy interest in power usage, but existing regulations on how law enforcement can access utility records are based on analog meter electrical consumption records collected monthly which are not able to reveal discrete information about a customer’s in-home activities.
The current Revised Code of Washington (RCW 42.56.335) which regulates law enforcement access to utility records does not require a warrant, or a showing of probable cause, but instead only requires the weak standard of “reasonable belief” that the utility record will help establish that the customer committed a crime. Advanced meter electrical consumption records can reveal discrete information and intimate details about a customer’s activities occurring within the confines of their home, including use of medical equipment, hours of occupancy, and more. These merit Constitutional protection requiring a warrant for law enforcement to access.
Our laws have not kept pace with changing technology, and we are at risk of violating constitutionally protected privacy rights. In 1994 State v. Young the WA Supreme Court recognized strict privacy protections regarding infrared as a device that discloses information about activities occurring within the confines of a home, and which a person is entitled to keep from disclosure absent a warrant. An apt quote from the ruling:
“However, in construing Const. art. 1, § 7, we have resisted the uncertain protection which results from tying our right to privacy to the constantly changing state of technology. We recognize as technology races ahead with ever increasing speed, our subjective expectations of privacy may be unconsciously altered. Our right to privacy may be eroded without our awareness, much less our consent. We believe our legal right to privacy should reflect thoughtful and purposeful choices rather than simply mirror the current state of the commercial technology industry.”13
We need the City of Seattle to step in and model privacy policies that reflect thoughtful and purposeful choices.
Precedents that support an opt-in policy
Other jurisdictions have heard customer concerns about smart meters including privacy and data security issues and have responded by creating opt-in policies. The Eugene Water and Electric Board (Oregon’s largest customer owned utility) voted unanimously on Oct. 1, 2013 to move forward with an advanced metering project that takes an opt-in approach that focuses on consumer choice.14 In 2012 the state of New Hampshire enacted a law which prohibits electric utilities from installing smart meter gateway devices without the property owner’s consent.15 Vermont now requires written notice before installing a smart meter, and prohibits fees for those customers who choose not to opt-in.16 Section 1252 of the United States Energy Policy Act of 2005 acknowledges consumer choice and supports an opt-in approach. There is a current bill in the Washington state legislature that will give additional statutory protection to smart meter data by adding it to the public records disclosure exemptions.17
Given the privacy risks of smart meters, consumers must be allowed to choose whether to accept these risks or avoid them by not opting-in to a smart meter. In the absence of adequate state and federal legislation, we call upon the City of Seattle and Seattle City Light to enshrine the “Opt-in” model in law. The current plan for an opt-out presumes consent; which we argue is inadequate and potentially even unethical, because the technology of smart meters has gotten ahead of consumers as well as regulators. The opt-in model requires explicit, informed consent and encourages customers to be active participants in their utility decisions by allowing them to make an informed consumer choice after being educated about the benefits and risks of smart meters and the security of their information.
1 Congressional Research Service, Smart meter data: privacy and cybersecurity, CRS Report for Congress, 2012.
Available at: http://www.fas.org/sgp/crs/misc/R42338.pdf
2 Department of Energy, “Data access and privacy issues related to smart grid technologies”, 2010. Available at: http://energy.gov/sites/prod/files/gcprod/documents/Broadband_Report_Data_Privacy_10_5.pdf
3 National Institute of Standards and Technology, “Guidelines for smart grid cybersecurity: Vol. 2, privacy and the smart grid”, The Smart Grid Interoperability Panel – Cybersecurity Working Group, vol. NISTR 7628, 2010. Available at: http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol2.pdf
4 Ulrich Greveler, Peter Glosekotter, Benjamin Justus and Dennis Loehr. Multimedia content identification through smart meter power usage profiles. In Computers, Privacy and Data Protection, 2012. Available at: http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/07/24/ike2012.pdf
5 Miro Enev, Sidhant Gupta, Tadayoshi Kohno and Shwetak N. Patel. Televisions, video privacy, and powerline electromagnetic interference. In ACM Conference on Computer and Communications Security, pages 537-550, 2011. Available at: http://homes.cs.washington.edu/~yoshi/papers/ccs2011-emi.pdf
6 e.g. SAIC, who presented the Seattle City Light Business Case for AMI in 2012. SAIC has a long and troubling history of producing unconstitutional data collection programs for government entities, e.g. they developed the NSA Trailblazer program for warrantless electronic surveillance; it ended in failure, costing taxpayers billions of dollars. They also created PRISM, the NSA program which is currently being used for unconstitutional metadata collection. Note that SAIC offshoot Leidos is a vendor for Meter Data Management Systems used in advanced metering infrastructures.
8 Balough, Cheryl Dancey (2011) “Privacy Implications of Smart Meters,” Chicago-Kent Law Review: Vol 86: Iss. 1, Article 8, page 18. Available at: http://scholarship.kentlaw.iit.edu/cklawreview/vol86/iss1/8
9 Jack I. Lerner, Deirdre K. Mulligan (2008) “Taking the “Long View” on the Fourth Amendment: Stored Records and the Sanctity of the Home”, Stan. Tech. L. Rev. 3. Available at: http://stlr.stanford.edu/pdf/lerner-mulligan-long-view.pdf
11 Silverman v. United States, 365 U.S. 505 (1961), discussed in section 512. Also see: Kyllo v. United States, 533 U.S. 27 (2001), (discussed infra part II)
12State v. Simpson, 95 Wash.2d 170, 622 P.2d 1199 (1980) (discussed infra part I, section (2)) http://www.leagle.com/decision/198026595Wn2d170_1249.xml/STATE%20v.%20SIMPSON
13 State v. Young, 123 Wash.2d 173, 867 P.2d 593, (1994), (discussed infra Section II, ) https://www.soc.umn.edu/~samaha/cases/st_v_young.htm