back to article We'll pull the plug on info-leak smart meters, warns UK.gov

The government plans to place a specific obligation for data security on the suppliers of smart meters as part of its conditions for granting licences to install the technology and use it to monitor customers' energy supplies, it has confirmed. In its latest consultation [18-page/118KB PDF] on use of the technology, the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Really...

    ..."DECC recognises that tackling data privacy concerns around smart metering is key to maintaining consumer confidence in the system,".

    I thought maintaining consumer confidence in these systems would be giving customers assurances that the energy companies aren't going to control our energy usage when it suits them and not us.

    1. Anonymous Coward
      Anonymous Coward

      THEY

      Talk the talk but they don't ever walk the walk.

  2. Roger Varley

    How the hell do they work that out?

    I can see how access to the data will show when the property is occupied and, by extrapolation, I can just about see how you may be able to infer the number of people in the property - but how in the name of all that's holy do they manage to work out your TV make and model?

    What else could you extract from the data?

    1. John Brown (no body) Silver badge
      Boffin

      Re: How the hell do they work that out?

      Careful anaylsis of power consumption can reveal a "fingerprint" unique to a make/model. How they'll manage to pick out that information from the large number of other "gadgets" drawing power at various times such that most people will always have multiple devices drawing power, I can't say.

      I'm sure some clever statistical analysis will be able to draw some conclusions since many people leave their TV in standby when not in use so there's likely to be some sort of continuous, more or less constant, power draw as a baseline. Probably polluted by other devices in use/on standby, phone chargers, clock/radios, cable modems, ADSL routers, DVRs etc. Readers here are more likley than Joe Average to have one or more PCs & network kit more or less permanently powered up too.

    2. scatter

      Re: How the hell do they work that out?

      Yeah I reckon that's tosh as well. I reckon you could make a reasonable guess when someone turned a TV on that it is a TV from the change in electricity consumption and time of use, but not what make or model it is with any degree of certainty. It's hardly sensitive data anyway so it's irrelevant. The other bits about occupancy are much more significant.

  3. Annihilator
    Facepalm

    Conversation I had with a horse last night

    "Right, just so you know, I've brought a bloody big padlock for your stable door. Now I'm warning you, don't you run away or so help me I'll use it!"

  4. Matt 21

    Case hasn't been made

    for installing these meters. Let alone securing them.

    1. Graham Dawson Silver badge

      Re: Case hasn't been made

      Oh yes it has. The case is simple: "Shut up or we'll raise your bills and taxes again."

      And then they do it anyway.

  5. auburnman

    Cue the energy companies backpedalling on smart meters complaining about the extra cost of auditing their systems. Cue government backpedalling on these measures. And the beat goes on...

  6. Anonymous Coward
    Anonymous Coward

    all of this just so they can have a remote off button (which they then charge £142 to 'reconnect')

  7. xyz Silver badge
    Devil

    mmmmmmm....does the following actually mean

    The government has said smart metering will help to slash unnecessary energy use (i.e. they can switch you off when they want), reduce emissions (i.e. they can switch you off when they want) and cut consumers' energy bills.(i.e. they can switch you off when they want)

    ....and they want everything as secure as possible so you can't hack it back on.

    1. Mark 65
      FAIL

      Re: mmmmmmm....does the following actually mean

      Nothing like not investing in your power infrastructure and then finding some half-arsed measure to delay your inevitable failure. To me it looks like they realise they'll have no new stations online to make up the coming power shortfalls so they may as well get the remote off switches installed.

    2. druck Silver badge

      Re: mmmmmmm....does the following actually mean

      If you have smart meters and smart appliances, unnecessary energy usage can be prevented at times of peak demand - which is when it hurts most.

      At the moment during the Coronation Street ad break, or at half time in a big football match, millions of kettles are switched on at the same time. This results in the energy producers having to meet a big demand spike by firing up quick response gas plant, releasing hydro storage, and going cap in hand to the French to get them to send some of their lovely nuclear power over the interconnect. The latter doesn't result in any CO2, but the former does as quick response gas plant is far less efficient than base load, and something has to pump the water back up hill for the hydro storage if the wind isn't blowing.

      If instead you had smart appliances, the smart meter could let them know the system was under stress and they could reduce their energy usage. Heating, air con, fridges, freezers, dish washers, washing machines and tumble driers, could all take a break for a couple of minutes until all those kettles have boiled. You wouldn't notice it had happened, but it would shave off a crucial few hundred MW off the top of the peak demand, which uses the most CO2, and costs the highest price per kW/h.

  8. Nick Ryan Silver badge

    How do these so called "smart" meters communicate?

    1. Boris the Cockroach Silver badge
      Flame

      thats

      what I'd like to know too

      Because I'm not putting any telephone lines into the room where my meter is, since I've just got rid of the land line and the costs with it

      1. IglooDude

        Re: thats

        Cellular. There's quite a lot of cellular modems doing machine-to-machine communications nowadays, and it's pretty much anywhere that a 56K POTS copper pair isn't worthwhile or appropriate (and there's a cell tower somewhere in the vicinity, obviously). They typically hardly need even 2G speeds, much less 3G or 4G. ATMs, road signs, handheld credit card processors, parking meters, vending machines, security cameras, home health device monitoring, the list goes on and on.

        I'm not at all a fan of forced-implementation consumer smart meters, but if they're going to do it, at least the technology they're looking at is fairly solid and well-tested.

        1. Fuzz

          Re: thats

          if communication is over cellular then there will be a use for that tin foil hat.

          Alternatively I like to keep my meter and consumer unit securely locked in a nice metal cabinet, you know, for security.

  9. oopsie

    Data Protection?

    So far there seems to have been some debate about the security of communications to/from these smart meters but little in the way of discussion as to what the utility companies will be able to do with the demand data they gather. I'd imagine that there'd be someone somewhere who'd be willing to pay to find out what kind of TV i have... On the flip side, I've little faith that the markets will produce a supplier who's willing to promise not to share this kind of information, if they think they can make money out of it.

  10. Flocke Kroes Silver badge

    Why bother with security

    Just pass the cost of fines onto the customers.

  11. Anonymous Coward
    Anonymous Coward

    "The data can reveal much about a household such as the make and model of their TV, the times during which a house is occupied and the number of people staying in a household," he explained. "This information is useful to energy suppliers but it is also potentially valuable to a whole host of other organisations too."

    yes, advertisers, yummy data. Insurance companies. Then those lawful organizations, which need to know what you're up to, for your own sake, of course. Local council. Law enforcement agencies (jeez, why don't they install air sample sensors to check for dope, and guesstimate from CO2 how many illegal immigrants / occupants I'm hoarding in my closet?!).

    And as to advantages, particularly about lower energy bills, this is nonsense, but hey, what they mean when they say "lower", than mean, that on average, the energy prices are due to rise by 270% (don't blame us, blame His Majesty Putin I), but with energy meters, they will actually rise by 250%, which means, that in real terms, they dropped by 20%. Hurray!

    As to the tellies, I expect to see, meters or not, "intelligent" tellies with a pre-programmed "life" which will lock down at a predefined moment, regardless if they're fucked or not.

    1. Ross 7

      "As to the tellies, I expect to see, meters or not, "intelligent" tellies with a pre-programmed "life" which will lock down at a predefined moment, regardless if they're fucked or not"

      You appear to have missed the memo - everything you buy is built with it's death in mind. They even teach engineering students a module on it here. They engineer items such that they are statistically likely to expire shortly after the warranty, but are very unlikely to expire within the warranty period. That goes for teles, washing machines, vacuum cleaners etc.

      1. DJ Smiley
        Big Brother

        So buy stuff with longer warranties then..

        Sigh.

        If you believe (and I believe its tosh) that the item is designed to expire shorty after the warranty, buy the slightly more expensive item with the 5 year or lifetime guantee.

        If no such item exists? THAT'S BECAUSE THERE'S PARTS THAT WEAR OUT. It will die eventually. This is natural.

        My 10 year old washing machine and dishwasher show that they were brought sensibly.... considering the warranty on them both was 5 years. Of course, occasionally I'll dismantle parts of each and clean them out / keep them going. The lock broke on the dishwasher, cost to fix was less than £10. There's no conspiracy, no trickery, nothing cleverly designed to fail.

        Infact, if it was true, why don't all the iphones die shortly after the new version has come out? Why don't all the cars die just about the time that a new reg. plate comes out? TV's should all die just before the world cup / other sporting event / something else lots of people want a LARGER tv for - that way everyone will buy a "slightly" larger tv.

        1. Anonymous Coward
          Anonymous Coward

          I believe there was a recent case whereby a judge or magistrate ruled in favour of the customer when an item of white goods (washing machine or fridge I think) failed outside of its warranty period because he state "that a reasonable person would not expect such an item to fail so early in its life" i.e. even if a washing machine has a 3 year warranty it is not a reasonable expectation to have to have a major repair or replacement on that item in 4 or 5 years (as I believe was the case).

  12. I Am Spartacus
    Black Helicopters

    New for of mass terrorism?

    Lets see if we can work out a movie plot based on Smart Meters....

    Each company will have to have a secure key in the meters so that they can read them. This will need to be changed when a customer churns from one supplier to the next. After all, companies won't want to come round and replace the meter when I change at the end of every contract period. So the smart meter will need a cryptographic key, and the key must be updateable.

    Let's choose a company that supplies Electricity and Gas to be metered at the home. We will call them EDF, because, its just a name, and they are the perfidious French, so, why not. Always good to have a foreign body in a movie. Our terrorist, tired of all the hassle of banging planes in to buildings, decided to break in to the EDF control room, holds a gun to the head of the control team, and insists that they open up the application that allows them to change the key. Terrorist then inputs his own key, and then tells every meter in the country connected to this company that it is to cut off. And he walks out.

    We now have to either pay the terrorist a huge amount for the key, or change every meter that the company had. That would be about, hmm, 6 M home, so possibly 12 M meters. Lets say 1/2 per house, so 6 M man days. Well, there goes the unemployment queue I guess. But even so, if you had 10,000 people changing or resetting meters, that is still 2 years to recover.

    So, can anyone see a flaw with this? No other cryptographic key has remained secret for ever. So it is liable to leak out. As is the algorithm, as that will need to be widely known to all supply companies.

    Or how about the supply companies put the meter manufacturing out to tends. Hey! We found this real cheap supplier, called China. Of course, there is no chance that they would put their own back door in to the meters, now is there?

    Nightmare, meet scenario.

    Black Helicopters, because. Just because.

    1. IglooDude
      Joke

      Re: New for of mass terrorism?

      Just hang a sign on the EDF control room door: "Manager does not have access to safe containing keys"

    2. Anonymous Coward
      Anonymous Coward

      Re: New for of mass terrorism?

      At present, the meter is owned by the company that gets the electricity to your house, i.e. not the company you pay your bill to. This is unlikely to change, so no need to change the keys.

      Even if the meter key had to be changed, it's very unlikely that the software to do this would let you enter some arbitrary key.

      Even if it did, it would save the key somewhere before sending it to any meter.

      Your terrorist plot looks unlikely.

  13. Christoph
    Black Helicopters

    What about write access?

    Being able to read the data is bad enough, but what if it's possible to gain write access?

    Will it be possible to switch off someone's electricity supply from anywhere in the world? (And then watch the supplier's bureaucracy take months to switch it back on again).

    Next Chinese hacker scare story, they are going to switch off most of the households and businesses in the USA! So of course we need lots of extra powers to combat this.

  14. Anonymous Coward
    Anonymous Coward

    Ross on meters

    Nothing new to see here, Ross Anderson (professor at Combridge) has already said most of what needs saying

    e.g.

    http://www.cl.cam.ac.uk/~rja14/Papers/meters-weis.pdf

    1. Anonymous Coward
      Anonymous Coward

      Re: Ross on meters

      Ross Anderson is the security equivalent of Kevin Warwick - he knows what he's talking about but has a significant tendency for self publicity and overstating his own research.

      The article you posted was all iffs and maybeys with little to no hard fact.

      1. Anonymous Coward
        Anonymous Coward

        Re: Ross on meters

        Read the article cited

  15. NomNomNom
    Facepalm

    hmm if they can detect the model of TV from the power drawn they can probably also detect the use of an electric razor or toothbrush. Point being that due to the noise and preoccupation of those activities it would offer a prime window of opportunity for ninjas and assassins to break in and commit their foul deeds.

  16. DJV Silver badge
    FAIL

    "potentially valuable to a whole host of other organisations"

    What? Organisations like "organised crime"?

  17. Pascal Monett Silver badge
    Devil

    Am I mistaken ?

    Or is this the biggest Ethernet-over-powerline that has ever been envisioned ?

    Or are they plugging in a data cable when they change the meter ? Don't think so - the costs would be horrific.

    So we have a nationwide data grid being put in place. Be it over powerline or wifi, power companies are going to become defacto Internet providers.

    I sincerely hope they've secured this access to the hilt, because they ARE going to get hacked.

  18. Anonymous Coward
    Anonymous Coward

    Not interested until I can use a web service to switch suppliers in real time, at half hour periods if necessary, to get the best tariff at every time of day.

    1. John H Woods Silver badge

      Schoolboy error...

      ... what makes you think that any of this is for customers?

  19. JaitcH
    FAIL

    "unnecessary energy use, reduce emissions and cut consumers' energy bills"

    Dream on, the main thing is it will save electricity companies money, big time. Mo more flat-footed meter readers traipsing from house to house, instant suspension i=of service, etc.

    What concerns me more is the physical meter reading displayed by means other than electronics. So often a meter fails and if an electronic version without mechanical displays the data is lost at the point of measurement.

    Yes, I know some computer under the control of the supply authority will have data but where is the security i that, for the consumer? There has to be a totally secure method for the subscriber to know their consumption.

    The statement "it is also potentially valuable to a whole host of other organisations too" include many elements of government particularly the police and security forces. If the police are building a blimp to spy on UK residents, and GCHQ is monitoring your communications, obviously ACPO would simply love a data feed to enable them to monitor other datasets.

    Question: What ensures consumer privacy?

    I would never had thought the British would be so compliant in letting government monitor their every act. What happened to the Bulldog?

  20. David Goadby

    who pays?

    As well as giving the power companies an Orwellian control over our electricity supply, there is the other question of who pays? I am sure that we will all pay for the meters on our fuel bills just like the feed-in tariffs. There is no free lunch here. And I will not hold my breath on the reduced fuel bill promise - that will never happen.

    With security systems being broken every day, and even "unbreakable" encryption systems being cracked, surely the Government is naive in thinking that the smart metering system will be secure for ever? A lot of smart, bored, chess-playing eastern Europeans will relish the challenge.

    I live in a very remote part of Wales where Broadband coverage is poor so how come I can suddenly be connected to a nationwide network that I didn't ask for?

    Dafydd, North Wales

This topic is closed for new posts.

Other stories you might like