back to article As US court bans smart meter blueprints from public, sysadmin tells of fight for security info

The sysadmin-activist at the center of a bizarre legal battle over a smart meter network in Seattle, Washington, says he never expected a simple records request to turn into a lawsuit. Phil Mocek told The Register that when he asked Seattle City Light, a public power utility, to provide details on the designs and rollout of …

  1. Anonymous Coward
    Anonymous Coward

    "As well as a restraining order, the meter makers are demanding damages for the publication of the unredacted blueprints, and are asking for a list of everyone who downloaded the dossiers."

    The Streisand Effect. Makes one wonder what they are trying to hide.

    1. Anonymous Coward
      Anonymous Coward

      I want it. Forbidden fruit and all.

      Like the fappening but less sexy.

      1. Preston Munchensonton
        Coat

        Like the fappening but less sexy.

        If Usenet contains this, then I can't really judge fapping to smart meter blueprints:

        alt.sex.beastiality.with.chickens.whilst.wearing.rubber.knickers

        1. Anonymous Coward
          Anonymous Coward

          Never looked in but there was one with duct tape and hamsters involved (label on the tin) too. Does make one wonder about our species.

      2. Anonymous Coward
        Anonymous Coward

        I know i should have downloaded them when i had the chance :-(

        I saw this story earlier in the week and went to the download page for the files but got side tracked so didnt download the files. I wish i had now. being "in Europe" im positive the authorities would be even more up in arms that the data had gone to a foreign country and was putting the city in danger. anyone have a Mirror where we can get the original files from. ones its on the internet its never going away even with the EU right to be forgotten law.

    2. Ken Hagan Gold badge

      "Makes one wonder what they are trying to hide."

      They probably don't know. This sounds like a knee-jerk reaction by folks who don't understand anything about security. Just for the LOLs, though, it might be fun to tell them that ISIS have downloaded the blueprints and they are welcome to fly out to northern Syria and ask for them back.

      1. This post has been deleted by its author

      2. jelabarre59

        Just for the LOLs, though, it might be fun to tell them that ISIS have downloaded the blueprints and they are welcome to fly out to northern Syria and ask for them back

        *Personally* fly out, mind you, not just send some lackey.. Please?

    3. NoneSuch Silver badge
      Big Brother

      Or worse...

      It is possible for info to be data mined from the electrical grid.

      http://www.jammed.com/~jwa/tempest.html

      1. JeffyPoooh
        Pint

        Re: Or worse...

        NonSense "It is possible for info to be data mined from the electrical grid."

        What's "possible" in your imagination, and what's possible within the limited space available inside a smart power meter are two very different things.

        In your imagination, why don't they just install their Tempest listening station in a rented building and connect it to the grid there?

        1. Tridac

          Re: Or worse...

          Smart meters have high speed data logging capablity and can be programmed to take a reading every minute, for example, of instantaneous power and phase angle. They can tell the difference between a resistive and inductive load, when it was being used and for how long. So yes, quite a bit of data mining capability. You should look into the UK smart metering program. All the docs are online. Will allow dynamic charging rates, remote load shedding etc and much, much more...

    4. Mark 85
      Coat

      At least they didn't ask for everyone who had downloaded the file to return them since the files are in the downloaders coat pockets obviously.

      1. Anonymous Coward
        Anonymous Coward

        Are they going to ask those of us not in the US that have copies to return them as well - good luck with that.

    5. Fatman

      RE: The Streisand Effect

      <quote>Makes one wonder what they are trying to hide.</quote>

      To the meter makers:

      If YOU have done (are doing) nothing WRONG!!!! then WHAT do you have to HIDE?????

      Somewhere there is the stench of corrupt/underhanded dealings going on.

      And those IN ON IT, don't want the public to know exactly HOW they are getting FUCKED!

      Here in Flori-duh, the stench of political corruption was quite evident when the state legislature decided to allow DPuke Energy to fuck over its customers as a result of its manglement decision to perform D-I-Y repairs on the Crystal River nuke plant.

      Read for yourself:

      http://www.tampabay.com/news/business/energy/broken-crystal-river-nuclear-plant-is-duke-energys-problem-now/1239145 (on how Progress Energy bamboozled Duke WRT the condition of Crystal River)

      http://www.tampabay.com/news/business/energy/duke-energy-announces-closing-of-crystal-river-nuclear-power-plant/1273794 (The first 4 paragraphs puts it in a nutshell)

      http://www.tampabay.com/news/business/energy/duke-energy-florida-fpl-sued-to-end-higher-rates-forced-on-customers-for/2266427

      The nuclear plant 'recovery option' was courtesy of the bought and paid for state legislature:

      http://www.tampabay.com/news/business/senate-committee-rejects-plan-to-nix-nuclear-tax/1214270

      http://www.tampabay.com/news/politics/legislature/legislators-clash-over-what-to-do-about-paying-for-nuclear-plants/1213935

      http://www.tampabay.com/news/politics/stateroundup/florida-house-rejects-attempts-to-repeal-nuclear-fees/2118425

      Judging by the fight put up by the meter vendors, those on the receiving end may be on to SOMETHING that someone wants to hide.

      KEEP ON DIGGING!!!! Who knows what kind of shit you may unearth.

  2. Rich 11

    Oopsie

    and are asking for a list of everyone who downloaded the dossiers.

    I think that might include me. Oh no! Whatever shall I do?!

    1. Dadmin

      Re: Oopsie

      repost them to 9chan!

      Hiding shitty code is the name of their game. Exposing it to world+dog is our game. Good luck with those lawsuits, because; eyeballs!

    2. TeeCee Gold badge
      Alert

      Re: Oopsie

      I suggest that you upload them to pastebin. That way, when they call, you can show them the new location and prove that you do not have them any more!

  3. Frank Zuiderduin

    Is wikileaks still functional? After all this, these documents are screaming to be all over the internet.

    1. Anonymous Coward
      Anonymous Coward

      Is wikileaks still functional? After all this, these documents are screaming to be all over the internet.

      I don't think you'd get it published - there's nothing in there that could contribute to its Glorious Leader, also known as The Man Who Can No Longer Stand Ferrero Rocher.

  4. Stevie

    Bah!

    I don't suppose this freedom fighter considered asking the company and agreeing to sign an NDA if all he is worried about is is personal exposure?

    1. Jeffrey Nonken

      Re: Bah!

      Uh... What? Did you and I read the same article?

    2. Anonymous Coward
      Anonymous Coward

      Re: Bah!

      It did not look like anything was mentioned about an NDA in the article... that would have been a good approach, especially if he wanted to look at security.

      He could have made a contract, where perhaps he would get paid a bounty!

      That is... if he was qualified and had some kind of history of investigating security issues. If not, trying to find security flaws in the power infrastructure while simultaneously posting documents on the internet sounds either foolish (demonstrating he was not qualified) or sinister (demonstrating the lawyers had reason to file a suit.)

      A systems administrator knows that trying to gain access by bypassing security is breaking the law... which means he can be fired for it. He should have known better, with the title he has in the article.

      Sounds like we are not getting the whole story.

      1. Malcolm Weir Silver badge

        Re: Bah!

        Dude, which part of PUBLIC RECORDS ACT are you confused about?

        He hasn't asked for the secret stuff, he's asked for the PUBLIC RECORDS. Which are, you know, PUBLIC.

        This is no science project, it's simply a taxpayer / ratepayer asking a publicly owned entity (Seattle City Light) to provide the RECORDS that it has, in accordance with the law.

        1. Stevie

          Re: Bah!

          By my reading:

          The man made the request and was given proprietary information to which he was not legally entitled. He asked for that proprietary info and was given redacted stuff deemed proprietary by the company.

          Now he wants permission to see it so he can reassure himself about the security provisions made by the company.

          This seems to be an attempt to bully the company into giving him something he has no legal right to. All I was saying is that *if* the "freedom fighter" is so concerned about his personal security, there was a quieter, less public way to go about asking for the info which might actually have stood a chance of getting the information.

          But of course, that isn't the "proper hacktivist" way of going about things. You have to kick and scream and generally behave like a two year old on a bad day so you'll have public cred.

          But not the info.

          1. Aqua Marina

            Re: Bah!

            "By my reading:"

            Your reading is wrong.

            1) Man asks public utility for info that should be publicly available.

            2) Public utility provides info.

            3) Man posts supplied publicly available info to the web, for access by the public.

            4) Smart meter companies decide that too much info was given, and some of it shouldn't be publicly available.

            5) Smart meter company starts suing.

  5. Edward Clarke

    I thought I recognized "Sensus"...

    http://www.alipac.us/f19/angry-customers-return-smartmeters-245780/index2.html

    Briefly - it looks like there have been a lot of fires associated with Sensus devices. Here's a partial quote: "utility provider SaskPower to announce that it would be removing all of them". I'd take this with a grain of salt, I haven't heard of problems like this from other sources. You'd think that houses being burned down would be a major news story.

    1. Efros

      Re: I thought I recognized "Sensus"...

      from that link

      "Every “smart” digital electric meter has what’s known as a “switching mode power supply”, which is proven to directly create large amounts of dirty electricity (DE) – or high-frequency energy radiating throughout your home’s electric circuits, essentially creating an antenna cage. The levels of DE caused by “smart” meters can be several hundred times higher than some international safety standards."

      'Twas at that point my inner voice started screaming "Bullshit", these smart meters seem to have issues but don't spoil the case by using this sort of crap.

      1. Commswonk

        Re: I thought I recognized "Sensus"...

        'Twas at that point my inner voice started screaming "Bullshit", these smart meters seem to have issues but don't spoil the case by using this sort of crap.

        That's got to be worth more than the single upvote I can give it...

      2. Mpeler
        Big Brother

        Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

        "Every “smart” digital electric meter has what’s known as a “switching mode power supply”...

        So do PCs and many other devices. The "dirty power" is perhaps a reference to the bad old days before power factor correction, which, IIRC, meant that you'd draw more power (for your kit) than you paid for, due to the current lagging (or leading? can't remember).

        Bigger problem is Big Brother (Big Bother) being able to control said meter and causing instant brown/blackouts. And as various SCADA adventures have shown, it's potentially (sorry) a hacker's paradise...

        1. Anonymous Coward
          Anonymous Coward

          Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

          "ELI the ICE man" {grin}. All those motors (compressors, dishwasher, &c.) present inductive loads so current (I) is going to lag (L load) voltage (E). Absolutely useless to me these days.

          1. Number6

            Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

            I learned with CIVIL - with C, current leads (CIV), with L, current lags (VIL).

            It's a far more polite way to remember.

        2. Boo Radley

          Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

          The real resonance for smart meters is that they can disconnect you remotely if you don't pay on time. Or whenever they want to...

          1. Malcolm Weir Silver badge

            Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

            Are you suggesting that a smart meters include a circuit interrupter (breaker, switch) capable of switching 100 amps or so?

            1. Wim Ton

              Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

              It is an option but costs more. Up to the utility to decide if it is worth the investment.

          2. Alan Brown Silver badge

            Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

            "The real resonance for smart meters is that they can disconnect you remotely if you don't pay on time"

            That depends entirely on the smartmeter. Not all of them have a 100+A contactor inside.

            1. Anonymous Coward
              Anonymous Coward

              Re: "off switch" in smart meter

              "Not all of them have a 100+A contactor inside."

              I thought I'd read that the supplier-provided smart meters in the EU were required to have a power cut off device but it wasn't legally permissible to use it in the UK. Yet.

              I also see no reason why such a device would need to be a proper isolating contactor, maybe just something (a nice solid state relay?) that permits remotely killing the customer's supply when there's an issue at local or grid level. Because, state of emergency, terrists, etc.

              The previous safety cutout will still be wherever it used to be.

              Correction welcome. Tinfoil hats also.

        3. Unicornpiss

          Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

          Use a good old-fashioned transformer then in the PS and throw a capacitor and/or choke in the circuit for power factor correction if you must. Might even be more reliable and surge resistant than a ton of cheap switching power supplies, and thus cheaper in the long run. I have yet to see a doorbell transformer or wall-wart die of natural causes except in extreme old age, while switchers expire left and right.

          1. Anonymous Coward
            Anonymous Coward

            Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

            Can you remember just how big and heavy a transformer was for a decent output PSU?

            In the old days most TVs and many radios omitted the transformer and used a less bulky resistor to drop the voltage for the valves' heaters. That also allowed for the DC mains supplies in some areas. If you connected the two-pin plug the wrong way on AC mains - there would be a distinct tingle from the wooden case.

            Having said that - some apparently kosher small switching supplies have enough leakage to make you jump if not under load. In the early days of switching supplies for computers the earth conductor was very substantial to handle the leakage.

            1. Number6

              Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

              Having said that - some apparently kosher small switching supplies have enough leakage to make you jump if not under load. In the early days of switching supplies for computers the earth conductor was very substantial to handle the leakage.

              If it's the kind without an earth connection, then the usual thing is for the negative side of the secondary to be connected to live and neutral via about 3nF of capacitance, presumably for EMC purposes. This means that in the absence of anything else, a UK PSU will look like a 120V AC source in series with 1Mohm impedance, so if you grab it and a convenient earth you'll be tickled by about 120uA of current, which is enough to feel.

              If you've got a suitable multimeter you can try it - put it on AC volts and measure between earth and the PSU output, then on AC current and do the same thing and you'll get something in the ballpark of those numbers.

            2. Unicornpiss

              Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

              "Can you remember just how big and heavy a transformer was for a decent output PSU?"

              Yeah, but how much juice could the electronics in this actually use? 10W maybe, or about as much as a clock radio? I'd think the transformer needed would only be about 1/2 the size of a computer mouse, if that, smaller if you used a toroidal.

          2. Anonymous Coward
            Anonymous Coward

            Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

            Extreme old age is a relative term. In my block each flat has a mechanical sub meter installed in 1938. They all still work perfectly. Will any smart meter installed today still be functioning in 80 years time?

        4. Anonymous Coward
          Anonymous Coward

          Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

          "The "dirty power" is perhaps a reference to the bad old days before power factor correction..."

          The free wireless power monitor supplied by my power company is a very coarse measurement device. Its readings often lag several minutes after a device has been switched on or off.

          Bought a Belkin device that measures the consumption of individual devices via their mains lead. It was interesting how many, but not all, small-ish switching supplies registered no power consumption - presumably because of their power factor.

          1. Anonymous Coward
            Anonymous Coward

            Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

            Any power monitoring device that can't see the voltage as well as the current is a power guessing device, because of power factor.

            So something that just clips round the conductor next to the meter is a guesser. It measures current but not voltage. It needs to be told the voltage, and has no knowledge of phase angle between volts and amps, and thus can only estimate the maximum power consumption.

            The little meters that plug into a socket and the appliance under test then plugs into the meter can see both volts and amps and therefore could in principle give you both kW and kVA and kVA reactive, if they bothered implementing enough circuitry. Do they? Who knows.

            Mostly it won't matter much. Stuff that eats lots of amps is supposed to have near-unity power factor these days. Emphasis on "supposed to".

        5. Anonymous Coward
          Anonymous Coward

          Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

          >The "dirty power" is perhaps a reference to the bad old days before power factor correction,

          You sure it's not a reference to the Heavy Electricity scandal back in the 90s.

          https://www.youtube.com/watch?v=XCGO_jikBtM

        6. anonymous boring coward Silver badge

          Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

          "it's potentially (sorry) a hacker's paradise"

          That's the current situation. Extra sorry.

          1. veti Silver badge

            Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

            The real resonance for smart meters is that they can disconnect you remotely if you don't pay on time

            Disclaimer: I work for a power company.

            The process to disconnect a customer with a smart meter is exactly the same as the process without one. Granted, the actual disconnection step is a lot easier (and cheaper). But the legally mandated restrictions around taking that step are exactly the same.

            If you have an old-fashioned meter, and we have to send someone to your house to disconnect you, guess who we're going to charge for that? That's $75 added to your bill right there. And, believe it or not, another $75 to be reconnected again.

            If you have a smart meter? Not only can you be reconnected within half an hour, but the whole operation will only cost you $20 (each way, so that's $40 in total instead of $150).

            Of course, if we've done it wrongfully (without sending you the legally mandated warnings within the required timeframe), you can sue us. But that's true either way.

            In terms of disconnections, smart meters are a huge gain for the customer.

            1. Vic

              Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

              The process to disconnect a customer with a smart meter is exactly the same as the process without one

              ...At the moment.

              What happens when the baseload supply diminishes as power stations are closed, but demand keeps on rising? My money's on emergency powers being brought in to enable temporary disconnections via smart meter to protect the grid. And we're straight back to the 1970s again.

              It's always a mistake to assume that a greedy/desperate government won't change an existing law to protect themselves.

              Vic.

      3. Alan Brown Silver badge

        Re: I thought I recognized "Sensus"...

        'Twas at that point my inner voice started screaming "Bullshit"

        Indeed, but crappy switchmode supplies radiating RF hash into the house wiring is a problem that affects low band radio reception. I spent several months 30 years ago tracing landmobile interference to the switchmode PSUs on new 140Mb/s digital microwave equipment in the building next to the landmobile station, then designing mitigation/suppression for the problem and handing the fixes back to Fujitsu.

        Domestic smartmeter RF hash is almost as bad as the hash that smartplugs intentionally inject into the wiring.

    2. Alan Brown Silver badge

      Re: I thought I recognized "Sensus"...

      "You'd think that houses being burned down would be a major news story."

      The way most meters are fitted, if they catch fire it should be contained in the casing and not spread to the structure.

      Still this is going to get interesting. From being a simple FOI request, I'd say Sensus is about to find its code gone through with a tick comb by a few hundred people who it won't be able to silence.

      1. Anonymous Coward
        Anonymous Coward

        Re: I thought I recognized "Sensus"...

        My PC's switchmode PSU died a fiery death last year. The damage was contained to the PSU chassis, but with a little bad luck, maybe a sheet of paper dangling behind the PC, I could imagine it starting a house fire if nobody had been home to unplug it. I can imagine mice or insects bringing flammable materials into a smart meter.

        Aside from fire, given the rule of thumb that PSUs should be replaced every 5 years (or less?) when reliability is paramount, it seems rather retarded to put them in electric meters. Maintenance nightmare.

  6. Malcolm Weir Silver badge

    Worth remembering that this is "just" a TRO, as in temporary; to get this, all L+G really had to do was convince the court that they would suffer harm *if* what they allege was true, not that what they allege is in fact true, or indeed even if it is true, whether other factors (like the contract they themselves signed) leave them harmed!

    The next stage will be the hearing about whether the guts of the TRO should be preserved as a Preliminary Injunction. What will be most interesting will be the City's position: do they side with L+G, or do they lean on L+G / Sensus to comply with the requirements of the Washington State Public Records Act, because the "slippery slope" of permitting contractors to claim exemptions (for whatever reason) imposes a much higher burden on the City than pushing the contractors to behave themselves.

  7. Anonymous Coward
    Anonymous Coward

    Capable of encryption

    I know a little (more than I'd like to) about those Sensus meters. They are capable of fully encrypted communication if it is turned on. It uses a protocol similar to zigby and is peer to peer. The collectors use a Linux install that looks like RHEL. Wonder if they are violating the GPL ....

    1. Refugee from Windows
      Facepalm

      Re: Capable of encryption

      You have to be careful here. Maybe they just used the example code supplied in the development kit and ...oops maybe I've said too much there.

    2. Woodnag

      GPl

      Grab the popcorn girls and boys. It would be so amusing if LandG were using GPL code and can be forced to open the whole source.

      1. Number6

        Re: GPl

        Grab the popcorn girls and boys. It would be so amusing if LandG were using GPL code and can be forced to open the whole source.

        Not necessarily. They are obliged to provide a copy of relevant code on request to anyone who owns one of their products, which would be the electric utility. I don't know if they're supposed to provide a copy to anyone who *uses* the product (i.e. the customers).

        Also, provided they've done things correctly, they only have to provide the base OS and its supporting programs, their application code is still theirs and is not subject to the GPL.

        1. Vic

          Re: GPl

          They are obliged to provide a copy of relevant code on request to anyone who owns one of their products

          No, this is competely wrong.

          Under GPLv2, they have the *choice* to distribute under Section 3(a) or Section 3(b). A Section 3(a) distribution would have the source code issued with each and every meter, and any recipient is free to redistribute under the usual GPL terms. Very few companies do this.

          Under Section 3(b), the distributor must deliver code to any third party who asks for it. The promise must be valid for at least three years after last distribution.

          For anything uder GPLv3, Section 6(a) replaces Section 3(a) above, and Section 6(b) replaces Section 3(b) above. Sections 6(d) and 6(e) cover digital transmission of the object code without reducing the obligations.

          Also, provided they've done things correctly, they only have to provide the base OS and its supporting programs, their application code is still theirs and is not subject to the GPL.

          If they have provided a "mere aggregation" of GPL code and their own proprietary code, then they only have to provide source for the GPL works. But this is rarely the case; far too many PHBs seem to think that they can comingle GPL code with their proprietary code, and not offer source to any of it. This is what is frequently (and wrongly) called "piracy", and can land the offender in very hot water...

          Vic.

    3. Anonymous Coward
      Anonymous Coward

      Re: Capable of encryption

      > They are capable of fully encrypted communication if it is turned on.

      That, in itself poses an interesting conundrum: for Sensus meters at least, keys are loaded into the meter at manufacturing time. So you can have no encryption, all meters in the manufacturing batch having the same key, or all meters having different keys. The latter introduces an interesting key management challenge when the meter has a 40-year life and the household may have changed supplier a dozen times. That's assuming the wireless protocol chosen can still be read in 40 years time!

      Still - no need to worry about the future - these are *smart* meters. :-)

      1. MondoMan

        Re: Capable of encryption

        Re: "the household may have changed supplier a dozen times"

        Not in Seattle -- the monopoly electrical utility for over 100 years has been the city-owned Seattle City Light.

        1. Anonymous Coward
          Anonymous Coward

          Re: Capable of encryption

          If the Electric company is City owned, then it is not a monopoly, it is a Public company. It is expected that a public company has no competition, because that's the way it is goes. Think BT, British Rail, British Gas et al, before privatisation. They were 'Monopolies', but they were also publicly owned.

          If they were a private company with no competition, that would be a monopoly.

      2. Anonymous Coward
        Anonymous Coward

        Re: Capable of encryption

        "[...] and the household may have changed supplier a dozen times."

        It is my understanding in the UK that if you change supplier then they are likely to change the smart meter for their own preferred brand.

        British Gas have found a way to make old fashioned meter reading economical - they don't do it any more. Apparently the customer is supposed to guess when a regular reading is needed and do it themselves. BG only do a manual reading themselves about every two years.

        At least EON send an email asking you to read your meter - and send someone to read it once a year.

        1. Wolfclaw

          Re: Capable of encryption

          First Utility are even better, they ask for monthly reads, then the billing department totally ignore them and come up with a figure from their backsides, that even their own major customer complaints teams can't understand or get them to fix and the energy ombudsman just gave up !

          1. Henry Blackman

            Re: Capable of encryption

            Not in my experience. I get an email and push notification each month, and I either do or don't give them a reading. My partner and I live in a large house so their estimates are in line with industry standards and therefore higher than we actually use - so when after 8 months of not bothering to submit a reading I finally did. Within a day or two, they cancelled all the previous invoices, and reissued them all with my new usage profile. I was impressed.

        2. Ken Hagan Gold badge

          Re: Capable of encryption

          "At least EON send an email asking you to read your meter - and send someone to read it once a year."

          Not my experience. Never knowingly received an email from them. Once a year, someone posts a note through the door to say we were out and they've estimated the reading of the meter that is in a wooden box outside the property and could be read by anyone with one of those triangular keys. Recently they sent us a note to say they believed our meter was faulty and needed to be replaced. When the guy turned up, his version of the story was that there was nothing wrong with the meter but they replace them every decade or two on principle. Not obvious why EON needed to make up the story about a fault.

          The new meter isn't a smart one. Presumably they'll rip it out in the near future because they need to install a smart one.

          1. Alan Brown Silver badge

            Re: Capable of encryption

            "When the guy turned up, his version of the story was that there was nothing wrong with the meter but they replace them every decade or two on principle. "

            I've been told that too - for mechanical meters, mainly so they can verify the calibration.

            If it's codified then it becomes a way of forcibly installing a smartmeter over the objections of endusers, but as I've previously pointed out, not all smartmeters actually have contactors in them.

            The big problem with smartmeters (and prepay meters in the UK) is that they're being used as an excuse to charge higher electricity rates, not as a way of bringing charges down.

      3. PNGuinn
        Boffin

        meter has a 40-year life ...

        Hmmm ... maybe.

        Here in Blighty the utilities are SUPPOSED to change the meters on a regular basis and have them recalibrated for reuse.

        I'm not sure of the legal recalibration time, and a lot of meters, both gas and electric, seem to get "forgotten", but it does generally happen, and some pretty ancient meters get reused.

        Are you saying that in 110 V land meters never get recalibrated?

  8. Barry Rueger

    What could possibly go wrong?

    I'm not a member of the tinfoil hat brigade, don't think that rogue smart meter EMF waves will knacker my gonads, and honestly don't lose sleep over the utility monitoring my energy use.

    Still, when perfectly good, simple, reliable technology is tossed out like the baby with the bathwater, and replaced with really expensive, apparently problem prone, super secret high tech, I have assume that something is up.

    I'm not an electrical engineer, and my security knowledge goes about as far as trying and failing to make PGP work one time, but even I can think of a half dozen ways that smart meters could go wrong immediately, and another dozen after they've been hanging on a wall for a decade.

    Ultimately we can count on one thing: no new technology EVER works right the first time it's launched, and often not in the second or third iterations.

    And, of course, it's the poor end user that will pay for the mistakes in order to protect corporate profits.

    The fact that a lot of money is being spent to keep me from knowing how these work just confirms my fears.

    1. OttoOtts

      Re: What could possibly go wrong?

      Complexity is always suspect and usually wrong.

      1. This post has been deleted by its author

    2. emmanuel goldstein

      Re: What could possibly go wrong?

      Things will get tricky for indoor cannabis gardeners. It will be trivial for smart meters to detect the 12 hour on, 12 hour off light cycle required for flowering. For the grows not stealing their power, that is.

      1. Anonymous Coward
        Anonymous Coward

        Re: What could possibly go wrong?

        Hot splice gets around that one bud!

      2. Anonymous Coward
        Anonymous Coward

        Re: What could possibly go wrong?

        Cunning, unless defeated by those dastardly growers keeping 2 crops, on alternativing 12-hour cycles...

  9. heyrick Silver badge
    Pirate

    Holy shit, these people are retarded!

    So I went to the site linked which had lots of files listed as exhibits. I looked at exhibit "e" and found a bunch of things blacked out.

    Yeah. Right.

    Try this (numbers munged):

    Contact Name Ron Weiss-Program Manager

    Emergency Phone Number 425-505-xxxx

    Back-up Emergency Phone Number 425-458-xxxx

    How did I do this amazing feat of masterful hacking? I...uh...selected text using the Android version of Adobe Reader, included the blacked out content, copied it, then pasted it here.

    Really, this must be the single stupidest attempt at redacting something I have ever seen.

    Have fun.

    1. Mark 85
      Facepalm

      Re: Holy shit, these people are retarded!

      Facepalm of the Month Award material then.

    2. Number6

      Re: Holy shit, these people are retarded!

      Yes, it's always worth trying that if someone gives you a redacted PDF.

    3. Anonymous Coward
      Anonymous Coward

      Re: Holy shit, these people are retarded!

      Government employees also make this same mistake over and over.

    4. JeffyPoooh
      Pint

      Re: Holy shit, these people are retarded!

      This is worth an El Reg news story in itself...

  10. WatAWorld

    Security by obscurity is working pretty well for Apple customers

    Any reader of The Register should years ago have come to realize that no complex hardware or software product is hacker proof. There is no real security.

    Apple, Linux, they've all got gaping holes.

    The only shelter is keeping a low profile and using rare products and techniques -- this is what Apple users depend upon on a daily basis -- security by obscurity. And it works pretty good for them.

    Obscurity isn't real security, there is no real security. Obscurity is just another flawed layer, like encryption, like sandboxes, like testing, like manual code examination. They're all flawed layers. They all leave holes.

    The thing is to have so many layers, each with holes small enough, that it takes too much time and effort for a criminal or vandal or publicity seeker to reek havoc.

    1. Old Used Programmer

      Re: Security by obscurity is working pretty well for Apple customers

      Nitpick... *wreak* havoc.

      1. PNGuinn
        Trollface

        Re: Nitpick... *wreak* havoc.

        No, in this case methinks the OP was correct ....

    2. John F***ing Stepp

      Re: Security by obscurity is working pretty well for Apple customers

      Security by obscurity also has worked real well in banking, ah, hasn't it?

      (nobody really care whether an Apple gets hacked, and LINUX is now becoming 'the computer for the rest of us'.

      1. MonkeyCee

        Re: Security by obscurity is working pretty well for Apple customers

        You're not suggesting that SWIFT has been vulnerable for years, and that the actual transferring of money is pretty insecure, the system relies on the various checks and balances to catch dodgy transfers.

        So if you can get the cash out fast enough, then you can steal miiiilions.

        Or that low level bank employees (including my pimply faced self) have access to systems that would allow such things.

        Or that, for some reason, banks insist that stuff only really happens mon-fri, so having long lags over the weekend never lead to frauds being committed on Fridays* or robberies on Sundays.

        * for bank account stuff. Fals invoices are Wednesdays, apparently.

    3. energystar
      Pirate

      Re: Security by obscurity is working pretty well for Apple customers

      This is a New Concept for me Wat(t)AWorld: Security by THICKENING OF STACK OF PERMEABLE LAYERS. When one layer start badly leaking, the other layers will contain long enough as to allow for repairs & cleaning of s#"t.

      Remember me of TCP/IP suite former baby steps. 'Layerize', and RULE.

      Clunky, Not High Availability, but yea, could work, most of the time.

    4. This post has been deleted by its author

  11. Frumious Bandersnatch

    Bleh

    Once you send a letter to someone, it's their property. Strike one against "Streisand"

    Once the information in the letter has been released, you can assume the terrorists have it (skipping a few steps here) so suing because they might get it undermines your whole case. Strike two.

    There's no legal framework that prevents you from proving yourself to be a blithering idiot, so I'm going to call this one "strike three, and you're out".

  12. frank ly

    When the first are installed

    There will be lots of these meters being monitored and probed by all kinds of tinfoil hat wearing 'concerned citizens' as well as serious and qualified people who could make a reasonable attempt at analysing them. Various internet forums will be full of reports about how they work, what they do and the 'faulty design' aspects that have been noted.

    L&G and Sensus have prepared a can of whoop-ass, all set and ready to be opened onto them in the near future.

  13. Tom 7

    Smart?

    The only thing smart about these meters was the idea to get them in before someone realised you could have a truly smart meter that would benefit the customer.

  14. Mystic Megabyte
    FAIL

    Where's the insurance policy?

    Phil Mocek should try a FOI request for the indemnity (if any) offered by the makers of these meters. If they are hacked by terrorists a whole lot of damage could be caused by repeatedly switching on and off multiple houses.

    So if the makers T&Cs state " We do not guarantee that these devices are fit fit for purpose" or maybe "We accept no liability for any damage caused by this device" then we need to know. Who pays when it all goes wrong?

  15. Anonymous Coward
    Anonymous Coward

    Doomed, DOOMED !! I TELL YOU!!

    Once the inevitable happens, and the meters are cracked; it wont be safe to go on holiday OR go to work; crims will be able to remotely scan whole areas and pick out the houses where no one is making a morning cup of coffee, or using the shower......

    Never mind the issues with the crappy billing departments at the utility companies cutting you off due to an admin error.

    1. BurnT'offering

      Re: Doomed, DOOMED !! I TELL YOU!!

      Luckily my cats are in all day, making coffee, playing on their XBox, ordering gourmet food deliveries online, and watching stupid human videos on Youtube.

  16. Anonymous Coward
    Anonymous Coward

    Sensus

    Is also being used in the UK meters developed by EDMI. The source is completely closed and supplied as a binary library. As far as I'm aware, no security audit has been performed on it by CESG, who are involved with specifying the security requirements.

  17. David Roberts
    WTF?

    Still puzzling

    Over someone who has been freely given information via a "freedom of information" request being sued for publishing it. It is obviously public information.

    Trying to put the information "back in the box" after it has been published is also several types of crazy.

    Identifying all the people who have downloaded the information (and presumably making them reveal where they in turn have posted it and so on up the tree to identify where every single copy is held) is pushing the bounds of logical stupidity.

    Then again, this is lawyers. The UK has its' own brand of stupid, for example banning publication of information in England and Wales but not Scotland (as I understand it) or the rest of the world. Still, it makes money for the obviously needy.

    1. Malcolm Weir Silver badge

      Re: Still puzzling

      Wouldn't it be funny if the UK version of The Streisand Effect became known as The Elton John Effect, for no particular reason (wrote the guy in California).

      1. This post has been deleted by its author

    2. energystar

      Re: Still puzzling

      Those poor men. How you dare. Leave aside money. Offense is beyond repair. Only money will do.

      1. energystar

        Re: Still puzzling

        [Their] side ;)

  18. energystar
    Headmaster

    Really? Does Law Frame Allow This...

    Without DEMANDING on Utility charge and at Government selection, a 'witness' meter of Open Technology, side by side?

    1. energystar
      Big Brother

      A little over the board, the 'spying' fears...

      A 'smoothing' filter will do for anything not 60hz. Maybe some low leaks on the amplitude. But that goes for every cable, every window.

    2. Mystic Megabyte
      Stop

      Re: Really? Does Law Frame Allow This...

      Dear energystar, what you smoking?

      1. energystar
        Windows

        Re: Really? Does Law Frame Allow This...

        Vanilla Spiced Ron. Will invite if near. Cheers!

        1. energystar
          Pint

          Re: Really? Does Law Frame Allow This...

          After reading All of You realize Privacy Damage potentially Much Higher. Enough data the Energetic Profile of the flat.

      2. Mpeler
        Alien

        Re: Really? Does Law Frame Allow This...

        It's AManFromMars1's crazier twin...

  19. Anonymous Coward
    Anonymous Coward

    because getting information off the internet ...

    As many others have stated above, getting information off the internet is a bit like trying to put a fart back in. You end up very uncomfortable and looking like a moron.

    Just the fact they sued make me strongly question the security of the devices ...

  20. Anonymous Coward
    Anonymous Coward

    Obsessed with terrorism

    Seems to me that the US are massively obsessed with terrorism fears (well done politicians and media!).

    Do yourself a favour and compare the number of terrorism victims in the US with victims of domestic gun crimes, car accidents and drug abuse. Each of those categories have a higher number of fatalaties than terrorism on US soil ever will.

    https://www.drugabuse.gov/related-topics/trends-statistics/overdose-death-rates

    https://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year

    I'm not suggesting that we should ignore terrorism altogether, but at the moment the fear of it is way out of proportion, if a simple FOI request can get you into court. There are far bigger other problems than our governments want us to believe. Terrorism obviously is a nice distraction from purely domestic issues which can't be pinned on anybody outside.

  21. Pseudonymous Diehard

    Man

    Why cant governments just be open and transparent? Is it really so much to ask?

    1. PNGuinn
      Facepalm

      Re: Man

      Apparently, yes.

  22. Peter X
    FAIL

    They don't deserve their jobs

    So (1). they think that security by obscurity is a useful primary defence layer *AND* (2). they've then given away the very same information that they consider to be their primary defence layer.

    Even if they could convince anyone that point 1 is valid, then surely they are guilty of aiding terrorists because of point 2?

    They deserve to be absolutely destroyed in court over this level of f*k-wittery.

    1. Anonymous Coward
      Anonymous Coward

      Re: They don't deserve their jobs

      Unfortunately the judge, and probably all the lawyers in the case, are just as f*ing clueless as the city officials and war profiteering vendor. Before I started doing the sysadmin thing for a living 20 years ago, I spent over a decade as a successful trial lawyer. Most good litigators are proceduaral experts, but, whether they realize it or not, have to rely on the relative ignorance of jurors when it comes to substance. Of course the really good ones do know their own weakness when it comes to technical matters (whether it has to do with blood analysis or structural engineering). That's why their primaru goal on the first day of trial is to empanel a jury whose average IQ is in the subterranean range.

      P.S. I got into IT almost by accident when looking for a way to make an honest living. Little did I know...

  23. TJ1
    Stop

    Forget the 'terrorist' straw man, it's far worse...

    ... remote controlled so-called 'smart' devices connected to a publicly accessible communications network (whether Internet, cellular, or dedicated radio-frequency access) is an open invitation for script kiddies, malcontents, and probably a new pastime for the 'swatters'.

    Imagine arriving home every day to find fridge and freezer contents mysteriously spoiled, HVAC not working, security systems knocked out, and so on. Imagine if you rely on a home kidney dialysis machine, breathing support device, or other mains reliant medical device.

    If there are any systemic vulnerabilities in these devices that can be exploited using a shotgun approach it has the real potential to cause extreme aggravation and hardship to thousands of homes and possibly injury or death.

    Yay for 'smart' meters ... just like 'smart' phones that have forgotten what the telephone experience should be like, 'smart' televisions that become moronic if the Internet connection drops, 'smart' books that delete themselves, and 'smart' web-sites that are unable to render basic HTML without a full-blown Turing Complete executable code environment!

    1. Mpeler
      Big Brother

      Re: Forget the 'terrorist' straw man, it's far worse...

      Yep. What the 'leets' are after is "smart" devices for stupid people. People who have been "trained" into sheeple so they trust Big Brother even above themselves, and can neither think critically nor be critical when needed.

      Sheeple, v2.0, meet IoT. With regard to home medical equipment, perhaps "smart" meters and the like are an undocumented branch of the LCP...

  24. JimboSmith Silver badge

    Apparently you can say you don't want a Smart Meter in the UK and that's that. Of course that's not being mentioned in too many places, I wonder why? I'm off to read some redacted documents.

    1. Anonymous Coward
      Anonymous Coward

      Refuse a meter in UK

      @jimbo - have you got a ref for that please?

      1. Trumpet Winsock IIIrd

        Re: Refuse a meter in UK

        http://www.which.co.uk/consumer-rights/advice/do-i-have-to-accept-a-smart-meter

  25. Tom 64

    I love the smell of corruption in the morning.

    With a little luck, all the attention will mean revised security designs for the meters.

    I wonder which costs more, revised designs or lawyer bills.

  26. Dieter Haussmann

    Why doese a smart meter need an electret microphone on the PCB?

    1. kventin
      Black Helicopters

      """Why doese[sic] a smart meter need an electret microphone on the PCB?"""

      A hotel. A room for four with four strangers. Three of them soon open a bottle of vodka and proceed to get acquainted, then drunk, then noisy, singing and telling political jokes. The fourth one desperately tries to get some sleep; finally, frustrated, he surreptitiously leaves the room, goes downstairs, and asks the lady concierge to bring tea to Room 67 in ten minutes. Then he returns and joins the party. Five minutes later, he bends over an ashtray and says with utter nonchalance: "Comrade Major, some tea to Room 67, please." In a few minutes, there's a knock at the door, and in comes the lady concierge with a tea tray. The room falls silent; the party dies a sudden death, and the conspirator finally gets to sleep. The next morning he wakes up alone in the room. Surprised, he runs downstairs and asks the concierge where his neighbors had gone. "Oh, the KGB has arrested them!" she answers. "B-but... but what about me?" asks the guy in terror. "Oh, well, they decided to let you go. Comrade Major liked your tea gag a lot."(*)

      i know, i know. u.s.a. != u.s.s.r.

      yet

      (*) https://en.wikipedia.org/wiki/Russian_political_jokes

  27. anonymous boring coward Silver badge

    They are probably worried their banal code, incorporating much unacknowledged GPL:ed code, will be exposed -security holes, embarrassing backdoors, and all.

  28. shutupandreboot

    sysadmin tells of fight for security info

    dude, you are a systems administrator, act like it, sa's don't fight for anything, sa's just access it.

    1. Mpeler
      Pirate

      Re: sysadmin tells of fight for security info - sa's just access it

      Especially BOFH's...

  29. OffBeatMammal

    Wonder what the power consumption of these meters is... and who for them (us of course)

    1. Wim Ton

      Less than 6 Watts (legal limit) In practice about 1.5 Watts. Not metered, but paid by you through a different path.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like