Preserving privacy: how do you protect smart meter data?
Dr Kevin Zhang, Department of Electronic Engineering, Royal Holloway, University of London
Tags: Proptech, data privacy, smart meters, surveillance
Output type: Research briefing
Target stakeholders: facilities managers, asset managers, utilities suppliers, start-ups
"Electric Meter" by nan palmero is licensed under CC BY 2.0.
What’s the issue?
Smart meter systems are the backbone of modern power grids. These systems combine electricity equipment, communication networks, power generation, and energy management centres to enable two-way data flows between consumers and utility firms. Smart meter capabilities transcend basic billing; they enable remote consumption control, surge pricing, load forecasting, and energy theft detection, for example. Smart meters provide real-time monitoring of energy consumption in people’s homes and the large volume of highly granular power consumption data brings new challenges, with concerns over consumer privacy and data protection. In the hands of third parties, the data can promote innovation and competition in the energy services market. However, the data contains sensitive personal information, and insight into residents’ behaviours can be inferred by data mining algorithms. Given privacy concerns, the rollout plans of several countries such as Germany and the Netherlands have been delayed and there is a pressing need for new solutions that alleviate privacy concerns
How does smart meter data reveal private information?
The varying granularity of smart meter data can reveal different insights about consumers’ activities and behaviour. Figure 1 summarises the types of information that can be inferred from data of increasing resolution. Smart meter data with 1 minute intervals can detect most domestic appliances, while half-hourly data can only infer occupancy information. Most smart meters currently being installed worldwide log data hourly, half-hourly or at 15 min intervals. This can provide a strong indication of occupancy, but has less potential to currently reveal individual appliance use. However, future generations of smart meters may be configured to provide much higher resolution, which could increase data privacy risk.
Figure 1: Representation of information that can be inferred from metering data in function of the resolution
A data mining technology called Non-Intrusive Load Monitoring (NILM) can extract the appliance usage information from smart meter data with high degrees of accuracy. Figure 2 shows high-resolution energy consumption data collected by a smart meter, which can reveal detailed electricity activities when implementing NILM. Based on smart meter data and the NILM algorithm, the following information is obtained:
Appliance usage information: the operational status of the household appliances, such as air conditioners, dishwasher, kettle, washing machine, refrigerator
Presence/absence: indicates whether the resident is present or away. When the resident is away, most electronic appliances are turned off and few activities would be detected (it should be noted that the refrigerator will continue to turn-on/turn-off automatically, so non-refrigerator events can be used to determine presence/absence)
Event/behaviours: events that happen in the house, such as breakfast, lunch, dinner, parties, showering, and playing video games
Sleep cycle: detects the time when the resident goes to sleep and when they wake up
Figure 2: Example of appliance usage information inferred from the load profile
Who is interested in smart meter data?
As outlined above, smart meter data contains a substantial array of private information which is of interest to commercial companies, criminals, landlords and even family members:
Commercial companies: are the main beneficiaries of smart meter data, with a strong motivation to extract appliance usage information for directed advertisements. It is possible for companies to identify the specific brand of an electronic appliance used by the consumer when implementing the NILM algorithm. Based on the detailed appliance information from inside a consumer’s house, commercial companies may send customers targeted advertisements for electronic appliances that need to be replaced/repaired/upgraded. In addition, insurance companies could adjust policy pricing for consumers who have bad electricity usage habits e.g., the consumer who frequently leaves their hob on when they are away from home, where the consumer has a higher possibility of suffering from a fire hazard
Criminals: smart meter data intercepted by hackers could also be abused to facilitate crime. Burglars could establish when a house is often empty by analysing the energy consumption curve: when only a refrigerator event is detected in the house, a burglar can confirm no resident is present. As a result, criminals can determine when is best to break into a house and when neighbours are also not present as witnesses. Moreover, stalkers could monitor their victims’ activities and behaviours inside their own home, gaining insight into their movements
Landlords: have the potential to monitor tenants, to observe how appliances and the property are being used. Landlords may be able to uncover residents who are not on the tenancy agreement, due to higher power use, revealing subletting and overcrowding in their properties
Family members: may also seek to monitor energy usage to check on what their children are doing. Are they playing video games or watching TV when getting home from school, instead of doing homework?
How to protect smart meter data
As highlighted above, smart meter data brings considerable risks to privacy, but techniques are available to mitigate this. These techniques can be divided into two categories: user demand shaping and data manipulation (Figure 3). Both techniques try to reduce privacy loss by decreasing the probability of inferring individual appliance usage information from the overall power data.
Figure 3: Categories of privacy-preserving techniques
Demand Shaping: uses external energy storage devices, such as a large rechargeable battery (RB) or a renewable energy system (RES) to distort the actual power consumption curves. With the injection of power from the battery or renewable energy system, the mismatch between the power supplied by the grid and consumers’ power demand provides a privacy guarantee to consumers
Data Manipulation: aims to modify the smart meter data before sending it to the utility provider. Data aggregation, data obfuscation, data down-sampling, and anonymization all belong to this category.
Data aggregation: reduces privacy loss by constructing aggregators to collect the data from a few smart meters together, so the utility provider is unable to detect the electricity events in a single house
Data obfuscation: tries to add noise to the original smart meter data to cover the actual power consumption. Noises such as Gaussian noise, Laplace noise, and gamma noise are added to the original smart meter data to distort the load curve. These noise-adding mechanisms follow normal distributions with a mean equal to zero. As such, the noise would cancel out if enough readings are added up together – which would not increase or decrease the size of the bill beyond the actual energy used
Data down-sampling: is an approach that aims to reduce sensitive information by reducing the interval resolution of the metered data, as highlighted earlier in the blog
Anonymization: reduces privacy loss by replacing the real smart meter identification with pseudonyms
Summary and implications
In this blog, I examined the privacy risk that emerges from smart meter data misuse, while highlighting the NILM data mining tool, and motivations for its use. Two categories of privacy-preserving techniques were discussed to illustrate how privacy can be provided to consumers. Overall, while smart meters present new opportunities in real estate, stakeholders need to carefully consider their impact on consumer privacy, and risks around data management. For example, if a criminal gang rob a series of houses, having used utility provider smart meter data for targeting, and the utility provider was hacked due to poor cybersecurity, could the provider be collectively sued? Or, would the reputational risk see consumers turn their backs on some utility providers seen to have poor cyber security, concerned they may be burgled? The rollout of smart meters that collect more granular data raises further questions. For instance, should consumers be provided with information on the data resolution of their smart meters, or be given the opportunity to opt out? Perhaps it may be useful to provide more information to consumers on which commercial companies may use their data and for what purpose, with the option to selectively opt out. What is clear, is that these questions need to be addressed.
Acknowledgements: Comments from reviewers are much appreciated in clarifying and augmenting the key points raised in earlier drafts.