Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
2Activity
P. 1
Smart Meter Data: Privacy and Cybersecurity Congressional Research Report 2012

Smart Meter Data: Privacy and Cybersecurity Congressional Research Report 2012

Ratings: (0)|Views: 53 |Likes:
Published by Kaye Beach
As we progress into the 21st century, access to personal data, including information generated from smart meters, is a new frontier for police investigations
As we progress into the 21st century, access to personal data, including information generated from smart meters, is a new frontier for police investigations

More info:

Categories:Types, Research
Published by: Kaye Beach on Nov 21, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/04/2013

pdf

text

original

 
CRS Report for Congress
 Prepared for Members and Committees of Congress
Smart Meter Data: Privacy and Cybersecurity
Brandon J. Murrill
Legislative Attorney
Edward C. Liu
Legislative Attorney
Richard M. Thompson II
Legislative AttorneyFebruary 3, 2012
Congressional Research Service
7-5700www.crs.govR42338
 
Smart Meter Data: Privacy and CybersecurityCongressional Research Service
Summary
Fueled by stimulus funding in the American Recovery and Reinvestment Act of 2009 (ARRA),electric utilities have accelerated their deployment of smart meters to millions of homes acrossthe United States with help from the Department of Energy’s Smart Grid Investment Grant program. As the meters multiply, so do issues concerning the privacy and security of the datacollected by the new technology. This Advanced Metering Infrastructure (AMI) promises toincrease energy efficiency, bolster electric power grid reliability, and facilitate demand response,among other benefits. However, to fulfill these ends, smart meters must record near-real time dataon consumer electricity usage and transmit the data to utilities over great distances viacommunications networks that serve the smart grid. Detailed electricity usage data offers awindow into the lives of people inside of a home by revealing what individual appliances they areusing, and the transmission of the data potentially subjects this information to interception or theft by unauthorized third parties or hackers.Unforeseen consequences under federal law may result from the installation of smart meters andthe communications technologies that accompany them. This report examines federal privacy andcybersecurity laws that may apply to consumer data collected by residential smart meters. It begins with an examination of the constitutional provisions in the Fourth Amendment that mayapply to the data. As we progress into the 21
st
century, access to personal data, includinginformation generated from smart meters, is a new frontier for police investigations. The FourthAmendment generally requires police to have probable cause to search an area in which a personhas a reasonable expectation of privacy. However, courts have used the third-party doctrine todeny protection to information a customer gives to a business as part of their commercialrelationship. This rule is used by police to access bank records, telephone records, and traditionalutility records. Nevertheless, there are several core differences between smart meters and thegeneral third-party cases that may cause concerns about its application. These include concernsexpressed by the courts and Congress about the ability of technology to potentially erodeindividuals’ privacy.If smart meter data and transmissions fall outside of the protection of the Fourth Amendment,they may still be protected from unauthorized disclosure or access under the StoredCommunications Act (SCA), the Computer Fraud and Abuse Act (CFAA), and the ElectronicCommunications Privacy Act (ECPA). These statutes, however, would appear to permit lawenforcement to access smart meter data for investigative purposes under procedures provided inthe SCA, ECPA, and the Foreign Intelligence Surveillance Act (FISA), subject to certainconditions. Additionally, an electric utility’s privacy and security practices with regard toconsumer data may be subject to Section 5 of the Federal Trade Commission Act (FTC Act). TheFederal Trade Commission (FTC) has recently focused its consumer protection enforcement onentities that violate their privacy policies or fail to protect data from unauthorized access. Thisauthority could apply to electric utilities in possession of smart meter data, provided that the FTChas statutory jurisdiction over them. General federal privacy safeguards provided under theFederal Privacy Act of 1974 (FPA) protect smart meter data maintained by federal agencies,including data held by federally owned electric utilities.A companion report from CRS focusing on policy issues associated with smart grid cybersecurity,CRS Report R41886,
The Smart Grid and Cybersecurity—Regulatory Policy and Issues
, byRichard J. Campbell, is also available.
 
Smart Meter Data: Privacy and CybersecurityCongressional Research Service
Contents
Overview..........................................................................................................................................1
 
Smart Meter Data: Privacy and Security Concerns.........................................................................3
 
Detailed Information on Household Activities..........................................................................3
 
Increased Potential for Theft or Breach of Data........................................................................6
 
Smart Meters and the Fourth Amendment.......................................................................................7
 
State Action: Privately Versus Publicly Owned Utilities...........................................................8
 
Privately Owned and Operated Utilities..............................................................................8
 
Publicly Owned and Operated Utilities.............................................................................10
 
Reasonable Expectation of Privacy in Smart Meter Data.......................................................13
 
Third-Party Doctrine.........................................................................................................14
 
Privacy in the Home..........................................................................................................16
 
Mosaic and Dragnet Theories............................................................................................19
 
Assumption of the Risk—Consent....................................................................................21
 
Statutory Protection of Smart Meter Data.....................................................................................22
 
The Electronic Communications Privacy Act (ECPA)............................................................23
 
The Stored Communications Act (SCA).................................................................................24
 
Electronic Communication Services.................................................................................25
 
Remote Computing Services.............................................................................................27
 
The Computer Fraud and Abuse Act (CFAA).........................................................................28
 
The Federal Trade Commission Act (FTC Act).............................................................................29
 
Covered Electric Utilities........................................................................................................29
 
Investor-Owned Utilities...................................................................................................30
 
Publicly Owned Utilities...................................................................................................30
 
Federally Owned Utilities.................................................................................................34
 
Cooperatively Owned Utilities..........................................................................................35
 
Enforcement of Data Privacy and Security.............................................................................40
 
“Deceptive” Privacy Statements.......................................................................................40
 
“Unfair” Failure to Secure Consumer Data.......................................................................41
 
Penalties............................................................................................................................42
 
The Federal Privacy Act of 1974 (FPA).........................................................................................43
 
Federally Owned Utilities as “Agencies”................................................................................43
 
Smart Meter Data as a Protected “Record”.............................................................................44
 
Requirements...........................................................................................................................44
 
Figures
Figure 1. Identification of Household Activities from Electricity Usage Data................................5
 
Contacts
Author Contact Information...........................................................................................................45
 

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->