WRITTEN ON January 16th, 2012 BY William Heath AND STORED IN Design: user-oriented, Foundation of Trust, Greener government IT
It’s a big and timely question as government and businesses across Europe get ready to spend up to $100bn on smart metering projects. In the UK that means the intended rollout of 53m gas and electricity smart meters to 26m households at a projected cost of £11.7bn. That’s on the same scale as the NHS Connecting for Health programme or the benighted late and unlamented National ID Scheme.
But there are more issues. This is a huge sum of money to commit at any time and especially now with the country broke. Will we get good value? Is the £11.7bn figure the pre-inflation, pre-ballooning costs and pre Cook’s-constant estimate (the MoD rule of thumb is to take the first estimate and multiply by pi to get the eventual real figure).
Given this move is about changing behaviour we have to ask are the incentives right across government, regulated utilities and consumers?
Then there’s the data. Which? broaches the matter. As I understand it, the smart meters generate a highly detailed picture of your energy usage. The plan is to create a new company to which all the data gets uploaded. Users can then access the data through the portal of their own supplier.
Will the system be sufficiently secure, given what is at stake? And whose data is it anyway? To proponents of individual control over individual data this looks hopelessly messy, expensive and risky.
Ross Anderson and others warned early and often that NPfIT, the ID scheme and other vanity megadatabases were headed for disaster. So we’d do well to heed what he and Shailendra Fuloria also of Cambridge Uni now write in their very helpful 2011 paper Smart meter security: a survey.
It covers smart metering issues including security, personal privacy, threats to the infrastructure and fraud. As well as being gifted with a vast brain and clear understanding of technology, Ross has achieved a whole series of deeper insights earlier than others by focussing on security economics and analysing the inevitable results of perverse incentives. In this case, the authors conclude:
…it is a fascinating case study in security economics:
systems are much harder to protect when incentives conflict, and
smart metering exposes perverse incentives galore.
Of course we’ll all have smart meters or smart energy monitoring devices. But is the government’s great smart-meter project destined to be part of the non-ideal databankendammerung?
It feels wrong in many ways. It feels every inch like the last big project trying to sneak through before a new principle takes hold: the principle that individuals should as far as possible control their personal data. That changes everything. This project looks like one for the chop.
Thx to Alex, Vin, Luke and FIPR colleagues