Posted by: Arian Eigen Heald
Data Breaches, information security, Privacy
You wouldn’t think that the power meter in your basement could have anything significant to say about you, personally, would you? Well, you (and I) would be wrong, very wrong, on that point.
We tend to have the mindset that only computers store and transport personal information, but there are far more items transmitting across IP or wireless connections, or RFID that by their nature reveal information about us.
Consider the EZ Pass, common on cars throughout the US. Officials can use that to track where your car is (and presumably you, or errant offspring) by watching where you have paid your tolls. That and your phone bill tell a great deal of “where, when and who” information.
There are privacy concerns about what there is in your wallet carrying an RFID chip, and how far away that information could be captured (estimates range from 3 ft to 30 ft). Credit cards, driving license and passports give your life away to the right reader.
Transmission from webcams, security cameras, and smartcards also go across the IP network.
So, imagine my dismay upon reading my colleague Rebecca Herrold’s Blog posting on SmartGrid privacy issues.
A SmartGrid “delivers electricity from suppliers to consumers using digital technology to save energy, reduce cost and increase reliability and transparency. Such a modernized electricity network is being promoted by many governments as a way of addressing energy independence, global warming and emergency resilience issues.” (Quote from Wikipedia) The Wikipedia is a very well written article, by the way.
All this sounds very nice until you read about a utility that planned to use power utilization to target low income customers for a “pre-pay” billing cycle.
Once again, a new technology puts security and privacy last. Her table made my hair curl.
The concept is marvelous for municipalities and governments; it provides an upgrade to an infrastructure put into place 120 years ago.
However, consider one of the points that Rebecca Herrold makes:
“The meter data could reveal resident activities or uses that utility companies may then subsequently decide are inappropriate or should not be allowed. Without restrictions, if this information could then shared with local government, law enforcement, or public media outlets the residents could
suffer embarrassment, harassment, loss of vital appliances, or any number of other damaging actions.”
What happens to privacy when that information is captured during a data breach?