03/18/2010 05:12 am ET | Updated May 25, 2011

Smart Grid: Classic Struggle of Reward vs. Risk

The nation's electrical "grid" is getting smarter, maybe too smart. The transition to the "Smart Grid" holds great promise for consumers, such as lowered energy costs, increased use of "green" technology and improved security from malicious hacking and outages. But this reward also carries new risks for consumer privacy.

There is a set of unresolved privacy issues arising from the Smart Grid's ability to collect an unprecedented amount of energy consumption data in the form of highly granular household consumer information.

Historically a consumer's energy consumption details are collected on a monthly basis and sometimes less if that data is being read from a traditional meter outside your home. But in the Smart Grid a consumer could have anywhere from 750 to 3,000 "data points" collected per month.

Some of the activities that might be revealed through the Smart Grid include personal sleep and work habits, cooking and eating schedules, the presence of certain medical equipment and other specialized devices, and activities that signal illegal, or simply unorthodox, behavior. As a result, information collected by the Smart Grid is valuable for many purposes other than energy efficiency, most prominently commercial exploitation by advertisers and marketers, access by criminals who wish to peek into homes, and access to household information and surveillance by law enforcement.

Within this new Smart Grid framework--and currently there are about 7 million "smart" meters in operation today--the Department of Energy estimates that by 2012 some 52 million additional smart meters will be added to the grid. And in fact, the Administration granted some $3.4 Billion in Stimulus money to install smart meters in 18 million homes.

As the technology ramps up the system will become highly interconnected and less bordered, third-party service providers will enter into the mix offering new web-based portals for managing energy use. Suddenly, these third-party players in the energy data arena have the potential to use consumer data in ways that end-run the traditional consumer-to-utility relationship and to monetize that data through marketing and sharing with others.

Recent experiments using the simplest data mining and pattern matching techniques reveal how easily this information can be analyzed to reveal intimate details about activities within the home with a high degree of accuracy. Already law enforcement is beginning to rely on access to "smart meter" readings as a valuable part of the investigative toolbox; however, such data isn't a slam-dunk indicator of illegal activity. For example, a California family was put under surveillance by law enforcement for having an unusually high electricity bill, which turned out to merely reflect the legitimate activities of a busy household. Although this data is about activity in the home, which has traditionally received the strongest Fourth Amendment protection, the routine sharing with utilities likely strips it of strong constitutional protection.

Although incentives are now in place to get the Smart Grid rolled out, there is not a clear privacy regime that applies to Smart Grid data.

In the last few months, smart grid privacy is moving to the fore of the policy agenda. The National Institute of Standards and Technology (NIST) recently finished collecting a round of comments addressing Smart Grid privacy and security risks in order to inform standards. NIST is especially well placed to encourage the development of standards that both fulfill the promise of the Smart Grid and protect privacy. In adopting a "privacy by design" approach based on a robust set of fair information practices, rather than attempting to tack on privacy at a later point, NIST can support the most effective means of protecting consumer privacy in the Smart Grid, and provide needed guidance to state regulators and industry players.

There will be many other forums for working on privacy for the Smart Grid and we need to seize those opportunities as well to build in privacy protections for a technology that will one day control a vast amount of our personal, intimate data.