Local Processing, Data Minimisation and the Smart Meter Privacy Problem
Whatever their benefits, everyone involved with smart meters knows there is a privacy problem.
If meters record consumption data at 30-minute intervals, or more often, then patterns of personal behaviour can emerge.
Up until now governments are trying to mange the problem through regulation. They assume that the fine-grained data will be available to utilities, and others, either in central databases or within the meter. They are trying to address the problem by regulating the access to this data (see side bar). Accidental or deliberate release of the data seems inevitable.
The correct response is not regulation, but privacy-enhancing technology which ensures the data remains in the meter and prevents sensitive data from ever leaving the house, except with the customer’s informed consent.
Project Hydra is demonstrating how “local processing” of energy data within the smart meter is able to deliver the necessary information to those entitled to it without needing to move the data outside the home. Beneficial side-effects from this data minimisation include the reductions in volume of data to be moved over the WAN, and reduced server-side processing and storage costs.
Privacy by Design
The basic premise is that any analysis of smart meter data can be performed within the smart meter system in the home. There is no need to export the data to a remote server to perform the same processing remotely. Only the processed data needs to be exported. The privacy-damaging raw data remains in the home.
The exception is when the customer decides to share the data with others, on the basis of informed consent.
We believe that every requirement of the energy suppliers and network operators can be performed by local processing on the meter. The key to doing this practically is the re-use of existing smart card technology: Java Card applets executing in secure microcontrollers which produce cryptographically signed results. The recipients of the results can trust the integrity of the calculation and of the result, so have no need for a copy of the raw data themselves.
When processed data is exported from the meter, it should be protected by the cryptographic key associated with the intended recipient. Each recipient has a different key so messages intercepted by an unintended recipient cannot be decrypted.
To reiterate: any algorithm that could be executed on a server with the raw consumption data can equally well be executed by an applet running locally on the smart meter. As well as keeping private consumption data within the meter, the distributed local processing also reduces the costs associated with exporting the raw data and processing it centrally.
Uses of Local Processing
See the tabs above for examples of how local processing can be put to use.
Future-Proofing the Smart Meter System
A great advantage of reusing smart card technologies as descrbed here is the ability to remotely manage software in the meter. New applets can be installed and old applets deleted or updated as time passes. This process is done securely using the well-established GlobalPlatform protocols.
So a Hydra-enabled smart meter system has built-in future-proofing. New funtionality can be added by deploying a new applet.