Smart Meters and Privacy Tracking

Watched the ABC News today (7th Sept). Their reporter stated that Amazon and a New Zealand electricity company are about to access everyone’s data from their smart meter. I knew this was coming when the meters were arbitrarily installed, so I locked my analogue in time. United Energy now has me on 24/7 peak charges!! Well, my privacy is invaluable.

2 Likes

Now your electricity smart meter will be spying on you.

I cannot see how a meter can know if a TV is on, let alone how many TV’s you have, or how old your appliances are.

But not to worry. It’s run by Amazon. What could possibly go wrong?

And an article regarding some privacy tips.

3 Likes

Back on topic with a big surprise. Who saw this one coming or not?

On selling of your electricity smart meter data.

We upgraded two properties to smart meters, necessary for solar feed in. It’s tied to the conditions of approval of connecting to the grid Energex Qld. Same elsewhere is assumed.

What if not immediately clear is to what extent privacy laws protect home owners from use of consumption data without explicit agreement.

Aside from the the home owner/user the other parties might include the retailer EG Origin, supply authority EG Energex, Smart meter owner (they are on a finance lease deal), and now an additional party is being mentioned as a data collector and distributor?

From all of these I can recollect signing a deal with the retailer. In signing an application to go solar I agreed to the smart meter on one of the forms that was needed by the installer for Energex. I’m even assuming I agreed to the meter data to be read remotely so that I could be billed.

Nothing seemed to say that the data collected would be used for any purpose other than calculating the bill. After the event and from some comments on Choice I checked and discovered the Retailer’s handy app for checking and managing the bill on line. More surprised when I noted power usage or export was being collected and available to review down to 30 minute increments.

It was very evident from the actual usage history, weekly, daily and hourly what was normal and what was not. It’s not hard to guess at why there can be differences. Look, Mark’s on holidays for three weeks.

The same level of detail is available to any of the consultants at the other end of the phone when I called the retailer. I wonder just who else has this level of access? Especially with prospect that data now has other usefulness.

P.S.
I’m also assuming the smart meters can enable Energex to remote read line voltages at every smart meter. One would hope that should be enough to identify lines with voltage compliance concerns. But then?

8 Likes

Probably lots of Amazon customers and hackers.

“Amazon is refusing to disclose the identity of the owner of the open cloud storage where 54,000 NSW driver’s licences were found, the NSW Government says.”

6 Likes

My guess is that Amazon is constrained by US law, while NSW wants the identity under Australian law. Our system of local/state/national/international laws is not necessarily useful for the Internet age.

8 Likes

There’s only 54,000 reasons why the NSW Govt and Commonwealth Need to do anything?

But 1.6million reasons might be more compelling.

NZ company Vector and Amazon Web Services have a deal to collect, analyse and sell data from 1.6 million Australian electricity meters

For the Electricity Smart Meter deal, supposedly no personal identity information is involved. Although it would seem less useful to be selling aggregated anonymised data than my property meter number or street name or suburb or supply line number or …?

Exactly what is anonymised is not mentioned.

7 Likes

I suspect that the ABC article is overreaching the information which may be available.

With some clever algorithms, it may be able to model a household’s behavour when particular activities occur…but to specifically determine the type of TV and or other devices is a little science fiction. I suspect that over time, they may be able to tell at times when a TV is turned on (which would be say a 200W increase in consumption)…but unless there were smart devices talking to the smart meter, the level of information will be limited.

9 Likes

People in the NT are probably fairly safe - Power and Water can barely extract the right data to complete a legitimate invoice (believe it or not, they cannot provide the start and end meter readings) … though it wouldn’t surprise me, given the NT is trillions in debt, if they find a way to suddenly access the data if it can be sold …

8 Likes

As they operate in Australia as a registered Company they may be forced to disclose if ordered by a Court. I would not be suprised that under Privacy Laws and Police Powers that NSW would have a legal right regardless of Amazon’s reluctance but it will probably need to be tested to determine it once and for all. This would not be dissimilar to the approach Valve took to ACL and the Courts upheld that ACL did in fact bind Valve in Australia.

9 Likes

This thread started discussing Vector which is an electricity retailer in Vcitoria - is that correct? with respect to usage data from smart meters in Victoria. Vector being a New Zealand company and Amazon being an international corporation, but both having a foot print in Australia.
==> Who “owns” the data that a smart meter records? The person whose premises the meter is on (and whose electricity usage and feed-ins are being recorded); the electricity transmission entity (which in Qld is thankfully still 100% owned by the government, but different situation in Victoria and NSW); one of the many electricity retailers; or ‘the entity that owns the meter’.

The last one is interesting because for many years the entity that owned and installed the meter was the entity that owned the ‘poles & wires’ in each state, but then version 17 of National Energy Regulation Rules (NERR) changed that. NERR now allows electicity retailers to install meters, but in practice the retailers subcontract the actual installation job out to another compancy, who in turn subcontracts it out … until you end up in Qld for example Energex/ERGON doing the actual meter installation like they used to do BUT with a ton of paperwork and delays in between created by the retailer and their middlemen. For example the meter installed at my place is owned by Macquarie Bank Group and leased from them by either Plus Es or AGL (and Plus Es is owned by a NSW corporation that is both a NSW retailer and a NSW ‘poles & wire’ owner).

But I digress, was the change that NERR made about the ownership & installation of electricity meters made to facilitate the sale of smart meter data to yet more third parties? rather than the reason which was stated at the time (to give consumers ‘greater choice’)???
NERR is administered by AEMC (but not policed by them) https://www.aemc.gov.au/regulation/energy-rules/national-energy-retail-rules/current

6 Likes

You are entitled to opt out of the WiFi monitoring and have your meter read manually by (in my case Ausgrid) this data will be given, hopefully, directly to my energy retailer without going through their Metering Coordinator (Spotless Advanced Metering). Spotless has announced on 25 August 2020 a takeover bid by Downer EDI Ltd. So another concern is if your Metering Coordination Company onsells to an overseas company there may be a new set of legal concerns.
Checking their FAQ “Digital meters and their communication networks are equipped with advanced security features that prevent unauthorised access.
The wireless links between digital meters and retailers are encrypted and cannot be disabled. These links do not use the internet, providing further security.
No customer names or addresses are attached to the transmission of meter data.” So it appears individual data is safe. There is also an ACCC position paper Consumer Data Right in Energy written August 2019 that discusses this topic.

5 Likes

Your assumption is a big one.

  1. While they prohibit ‘unauthorised access’, they do not say who is authorised - leaving open the opportunity to sell access to collectors and purveyors of information.
  2. Encryption is often not as robust as manufacturers claim, and this can result in data leakage.
  3. While customer names and addresses may not be attached to transmitted data, they are not required. The company knows what serial number is attached to each smart meter, and can map this back to the customer. It needs to in order to bill you, but can also use that information for ‘other purposes’.
5 Likes

Spotless was a company listed in the ASX, and is no different to Downer EDI which is also a company listed on the ASX. Before and after the acquisition of Spotless by Downer EDI would have no affect on whether any data was sold to a second/third party.

It appears that Ausgrid only read Meter reading, testing and maintenance services of existing legacy Ausgrid meters that have not been installed by retailers under the Power of Choice rule change

If you have a smart meter (installed by your retailer) read manually, it appears that this will be read/data collected by you retailer. If your retailer uses Spotless Advanced Metering, then it appears that they will be doing the meter readings.

Is there a special charge to get the meter read manually (or higher charge than for remote meter readings/data acquisition)?.

3 Likes

“Metering Coordinator” is another middleman introduced by the changes AEMC made to NERR.

2 Likes

Science fiction or future…
AS/NZS 4755:2012 specifies how smart appliances should respond to external signals. The standard covers the appliances that contribute most to summer and winter peak demand on the electricity system:

  • air conditioners, a main cause of summer peaks in most parts of Australia
  • swimming pool pumps, which tend to be on during summer peaks
  • electric, heat pump and solar-electric water heaters, which have traditionally operated with either day-rate or off-peak tariffs, but often give better service under a demand response arrangement, where their operation is not locked into fixed time periods but can follow changing prices and grid requirements — including storing heat when there is excess renewable generation
  • charge/discharge controllers for electric vehicles and other electricity storage devices, a market that is still very small, but could well contribute significantly to peak loads in the future.
2 Likes

Presumably future, but it may be current in some countries. That standard sounds terrifying, especially if ‘smart’ starts to be ‘standard’ - as is already occurring with TVs. Unfortunately it is behind the standard standards paywall so we cannot even see what it says about our personal privacy unless we pay.

4 Likes

The meter read charge is $12 per read (quarterly for me)I have no idea what is charged for the WiFi read.

2 Likes

Our “meter service” charge from Ergon for our non-WiFi smart meter was $15.44 for the June quarter.

Our neighbours’ “service charge” from Ergon for their remote read smart meter was $5.25 for 1 month in the same financial year.

So no discount for the customer for Ergon putting the meter readers out of a job and Ergon gets to be paid monthly in arreas instead of quarterly in arreas.

With friends like Ergon, who needs enemies?

2 Likes

I would suspect it says very little about privacy given how it is intended to function. We may also be getting ahead of ourselves here in assuming more than is factual.

For a synopsis of the purpose and scope of the standard previously referenced.

https://aemo.com.au/en/initiatives/major-programs/nem-distributed-energy-resources-der-program/standards-and-connections/as-4755-demand-response-standard

Note it is not related to Digital Smart Meters.
The level of intended sophistication seems very basic.

We have an air conditioner with a Demand Response Device installed. This was in place for several years prior to our digital smart meter install. The two do not communicate. The Demand Response Device operates similar to the off peak meter switch. It enables the supplier in our instance to tell the aircon to switch to a lower power modes. Nothing more. Hence when the grid is overloaded at peak times, the supply authority can selectively load shed some power to reduce demand.

The standard is intended to ensure any device per the options listed in the standard and fitted with a Demand Response Receiver meets the communication requirements for a common system. There may be some future scope for more sophisticated interaction. The operation as detailed when we signed up indicated the receiver is a dumb device, one way communication only.

For further reference we also have a smart (type 4) digital meter. These meters come with a built in mobile phone data network adapter. An external aerial is optional. The meter reports power usage and export if solar to base once every 30 minutes. As far as I can determine the device has zero ability to control devices on the home or communicate with them.

Effectively the meter data that might be available for on selling is your energy usage profile on 30 minute increments. Based on when or how power use changes any one with access to the data can make an educated guess about your household. For those who have Demand Response Installed on selected equipment, each install will also be registered with the supply authority. Who owns that IP and whether it can be externally added to individual metering data might be the next question?

3 Likes

I have solved this problem. There are a number of smart home devices within the Internet Of Things (IOT) ecosystem, such as smart lighting, TVs, speakers, thermostats, fridges, washing machines and power meters. Many IOT devices are somewhat carelessly designed with limited security.
My solution: I have a Ubiquiti Unifi security gateway (modem) that allows me to set up multiple wireless networks. I have my main WiFi network with its range of IP addresses that forms my main network, named Fred Then I have a separate WiFi network named IOTNet which is on a different IP address range, using a VLAN. Then I have a few firewall rules that permits Fred to communicate with IOTNet, both in and out, but IOTNet cannot initiate communications with Fred. Now when setting up IOT devices on my WiFi network, they are assigned to IOTNet. These devices can see the internet and I can control them from Fred, but if a hacker attempts to infiltrate my main network through the poor security in an IOT device, access is denied. The final step is to hide IOTNet so it is not visible to snoopers. Everything works fine and there’s less risk of my home network being compromised

3 Likes