Seattle’s Smart Meter Project Lacks Protections for Privacy
ACLU of Washington Press Release May 26,2017
The ACLU of Washington is raising significant concerns about the lack of protections for privacy, as well as lack of transparency, in the implementation of Seattle City Light’s Advanced Metering Infrastructure. The project involves installation of smart meters which gather data that can reveal intimate details about what is going on inside a person’s home. Yet there are no clear and explicit checks and balances to restrict the government or third parties from using or selling smart meter data for purposes unrelated to the provision of electricity, and the City’s Privacy Impact Assessment for the project is unclear and inadequate.
“The new smart meters collect much more detailed data and do so more frequently than City Light’s previous electrical meters. But the project fails to comply with the principles of the Seattle’s Privacy Program, and there is no meaningful opportunity for the individuals to offer informed consent,” said Shankar Narayan, ACLU of Washington Technology and Liberty Director.
In a letter to the Seattle City Council, the ACLU urged the City to adopt clear and binding guidelines around what data smart meters collect, who accesses the data, what the data can and cannot be used for, and what informed consent must be given before the meters are deployed. The ACLU points out that the option to opt-out offered by the City currently is inadequate, meaningless, and expensive. Under the City’s plan, third parties will be accessing this sensitive data, and those third parties should be bound not to sell the data or use it for unrelated purposes.
Opting out will cost an individual $124.43 as a one-time “administrative fee,” plus $15.87 per billing cycle. “Exercising one’s right to opt out shouldn’t mean opting in to excessively costly fees,” said Shankar Narayan.
Bill Bathgate, an Electrical and Mechanical Engineer, has looked at the Landis & Gyr Focus meters that Seattle City Light is rolling out for the AMI deployment. In this presentation he goes into detail about the accuracy fallacy, privacy and security issues, and Electromagnetic Interference (EMI) non-compliance to FCC regulations.
The Michigan House Energy Policy Committee has been conducting hearings on legislation that would restore consumer protections regarding the type of meters that are installed upon their personal property by utility companies. I provided coverage of these hearings in two previous articles.  
In this article I would like to focus on the March 7, 2017, testimony of state Senator Patrick Colbeck, who says:
“One of the ways our citizens can secure their own family from [the] threats to our power grid is to opt out of so-called smart meters and retain analog meters, which have served us well for decades. Cybersecurity threats today are very real.” 
“Against this increased risk, there is little to no consumer benefit to the adoption of smart meters.” 
State Senator Colbeck referenced previous testimony where nationally recognized cybersecurity expert Cynthia Ayers stated that smart meters increase our security risk because, as integral components in a digital network, hackers can use smart meters to remotely shut down power to one or more consumers.  
Senator Colbeck says HB 4220 must be passed in order to give consumers true choice with our monopolistic utilities and to sever any notions that people must choose between new technology they don’t want and being able to keep the power on for their own property. 
Cynthia Ayers is a national security threat analyst, currently working as an independent consultant within the Mission Control and Cyber Division of the Center for Strategic Leadership, U.S. Army War College. She is also serving as Deputy to the Executive Director of the Congressionally sponsored Task Force on National and Homeland Security.
On March 7, 2017, Ayers presented testimony before the Michigan House Committee on Energy Policy. Her testimony included an analysis of how smart meters introduce safety and security threats to the electric grid and to civilization itself. Excerpts from the written testimony  include the following:
“My testimony will concentrate on the possibility of a catastrophic cyber attack to the systems we depend on for the delivery of electricity – the lifeblood of our modern civilization. …
As our electric grid becomes ‘smarter’ and more networked, it also becomes more vulnerable, making it a very inviting – perhaps the most inviting – target for adversaries. Threats specific to smart grid technology range from the tactical (e.g., house-to-house, building to building) to the national strategic level. As with cyber activities world-wide, operational attacks against small, inconspicuous elements (smart meters, for example) could ultimately have a much larger, truly catastrophic impact to the grid and to the society it sustains.
Although security can always be improved, all networks, all systems – virtually anything computerized – can be hacked. As systems become more highly networked, it becomes easier for attackers to locate ‘backdoors’. Multiple ‘smart’ appliances and other home or business devices are being developed and sold on the market, with the assumption that IoT (Internet of Things) networking and metering will soon be (if not already) commonly available.
Demand for full optimization of smart meters will ultimately rule out limited, billing-only usage (e.g., Meter to Cash or M2C). The number of gaps in security will multiply per person, per household; and a successful ingress of any ‘backdoor’ could have detrimental effects on neighbors, communities, regions, states, the nation and beyond (e.g. Canada and Mexico). Passive cyber defenses will be of prime importance, yet ubiquitous usage of components will only serve to increase gaps in security, regardless of the options given to consumers.
Smart meters can provide digital backdoors to facilities (e.g. the home, office, building, etc.) via the items within (e.g. televisions, refrigerators, thermostats, etc.). They can also allow access to multiple components of external electric infrastructure. Therefore, the use of smart meters must be carefully evaluated in the context of threats to personal safety as well as the safety of the grid. …
I discovered a new article  written by Nick Hunn of WiFore Consulting Ltd. regarding the status of the smart meter program in the UK, dated August 1, 2016. In May 2016, Mr. Hunn provided testimony before the UK House of Commons’ Science and Technology’s “evidence check” as was highlighted at this website in a separate article . In particular, Mr. Hunn has been critical of the smart meter’s remote disconnect capability from a cyber security perspective, stating in his testimony that:
“If somebody could hack into that or just by mistake turn off very large numbers of meters, that sudden shock of taking them off the grid, and even worse be able to turn back on at the same time, would cause significant damage. And to me that’s an unnecessary risk.”
Hunn has a unique and colorful writing style when making his points. His latest article reiterates concern about inherent security flaws for smart meters and that there could soon be an unraveling of the UK smart meter program due to cost overruns and fewer projected benefits.
King, Risch, Heinrich, Collins Introduce Legislation to Protect Electric Grid from Cyber-Attacks
WASHINGTON, D.C. – U.S. Senators Angus King (I-Maine), Jim Risch (R-Idaho), Martin Heinrich (D-N.M.), and Susan Collins (R-Maine), all members of the Senate Intelligence Committee, today introduced legislation aiming to protect critical U.S. energy infrastructure from potentially catastrophic cyber-attacks. The Securing Energy Infrastructure Act of 2016 would examine solutions to defend the U.S. energy grid by replacing key devices like computer-connected operating systems that are vulnerable to cyber-attacks with analog and human-operated systems – a “retro” approach that has shown promise as a safeguard against cyber-attacks.
“The United States is one of the most technologically-advanced countries in the world, which also means we’re one of the most technologically-vulnerable countries in the world. In fact, right now there are hackers across the globe working to exploit weaknesses in the digital systems that help run critical infrastructure like our electric grid. And a successful attack could have catastrophic consequences,” Senator King said. “That’s why we need to act now – and by looking to the past, we may be able to develop ways to thwart the sophisticated cyber-attacks of the future. Our legislation would reengineer the last-mile of the energy grid to isolate its most important systems, and in doing so, help defend it from a devastating blow that could cut off electricity to millions of people across the country.”
“Protecting our critical energy infrastructure systems is one of the most pressing security challenges facing the United States today,” said Senator Risch. “The continual emergence of threats and vulnerabilities to digital systems has created significant weaknesses that require a large-scale, national effort to address, which is the intent of this legislation. The Idaho National Lab has the unique assets and expertise needed to drive the innovations this legislation aims to create and we are fortunate to have their leadership on this critical issue.”
“Cybersecurity is one of the most serious economic and national security challenges we face as a nation. The future of warfare is moving further away from the battlefield and closer to the devices and the networks everyday citizens depend on,” said Senator Heinrich. “Protecting our nation from malicious cyber actors requires a comprehensive approach, and keeping our energy infrastructure secure is central to that. I am especially proud that this legislation would rely on Sandia National Labs’ expertise in providing technology solutions and developing a national strategy to isolate the energy grid from cyber attacks.”
“As cyber-attacks become increasingly common, Congress must take action to better protect the critical infrastructure our nation depends upon,” said Senator Collins. “As experts continue to tell us, it is not a matter of if a cyber attack aimed at our critical infrastructure occurs, but when. This bill, along with other cybersecurity measures passed by Congress and under consideration before the Senate, can make a real contribution in strengthening our defenses against this dangerous threat.”
Top officials within the Intelligence Community have testified that U.S. critical infrastructure are enticing targets to malicious actors. Those officials have also warned that, without action, the U.S. remains vulnerable to cyber-attacks that could result in catastrophic damage to public health and safety, economic security, and national security.
This bill would examine ways to replace automated systems with manual procedures controlled by human operators to remove vulnerabilities that could allow cyber-criminals to access the grid through holes in digital software systems. This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult.
The potential for this approach was evident in the December 2015 cyber-attack on Ukraine’s power grid during which sophisticated cyber-attack techniques were used to plunge more than 225,000 people into darkness. According to the Department of Homeland Security, the cyber-attack was coordinated to target the Ukrainian power grid’s industrial control systems, which act as the intermediary between computers and the switches that distribute electricity. The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid. The legislation seeks to build on this concept by studying ways to strategically use “retro” technology to isolate the grid’s most important control systems.
More specifically, the legislation would:
Establish a two-year pilot program within the National Laboratories to study covered entities and identify new classes of security vulnerabilities, and research and test technology – like analog devices – that could be used to isolate the most critical systems of covered entities from cyber-attacks.
Require the establishment of a working group to evaluate the technology solutions proposed by the National Laboratories and to develop a national cyber-informed strategy to isolate the energy grid from attacks. Members of the working group would include federal government agencies, the energy industry, a state or regional energy agency, the National Laboratories, and other groups with relevant experience.
The Secretary of Energy is required to submit a report to Congress describing the results of the program, assessing the feasibility of the techniques considered, and outlining the results of the working groups’ evaluation.
Define “covered entities” under the bill as segments of the energy sector that have already been designated as entities where a cyber-security incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security.
by K.T. Weaver, SkyVision Solutions The March 2016 issue of Discover magazine features an article, “Blackout of the Century,” with the online version being entitled, “Averting the Blackout of the Century.”  At this website I have posted numerous articles explaining how the future “smart” grid is more vulnerable to cybersecurity threats from hackers. In summary […]
Sonia Hoglander with Dr. Timothy Schoechle presented an hour long presentation to the Seattle City Council to counter the Seattle City Light Strategic Plan regarding the Advanced Metering Infrastructure (AMI) project or so called “smart” meters.
A look at what utility companies, PUCs, and the former CIA director have to say about the ‘smart’ meters, data-mining, and surveillance — sans propaganda.
With friends like your energy, water, and gas providers… who needs enemies?
It’s always a drag to find out when a friend is saying one thing to your face, and another to your back. As uncovered in our film Take Back Your Power, the way in which most utilities are now delivering the lies and propaganda — with your individual rights, security, and potentially health on the line — is elevating the trait of “two-faced” to a completely new level.