Smart meters steal our data say consumers

News by Tony Morbin

Consumers have become smarter about the use of their data - and as a result they don't trust smart meters according to a new report.

A recent study found that UK consumers are wary about new technology's ability to compromise the privacy of their data, with many concerned that the increased levels of data on offer to suppliers is the main reason for many of the developments being introduced.

The research by software testing specialists SQS (using survey data from YouGov Plc on 2,058 adults conducted in November 2014) also shows that there is a real worry among consumers (30 percent) that the new smart meter technology, set to enter all homes by 2020, is at risk of hacking and cyber-crime.

More than a third (37 percent) are convinced that smart metering will benefit energy suppliers the most from the installation of smart meters in UK homes; with just 28 percent saying it will be the consumer.  Some 56 percent agreeing that the draw of additional customer data is the real reason for the change.

Just under one in three (27 percent) consumers think that their energy supplier's track record of inaccurate billing, poor customer service and delays in problem fixing don't augur well for success with smart meter implementation.

Half (52 per cent) would welcome services, tariffs and offers that reflect how they actually use energy as well as improved, personalised customer support (22 per cent). 

“The smart meter roll out is a wake-up call for established energy providers,” says Angus Panton, director of power and communications at SQS.  “Our study shows that consumers want targeted, value-added services and greater control over their energy use, but don't always trust their existing provider to deliver.  There is widespread cynicism about the viability of big IT projects and 62 percent doubt smart metering will happen in the shifting timeframes. Despite the cynicism, there is an overall customer desire for the advantages and benefits smart meters will deliver.

“The new smart world will generate large volumes of data and for established suppliers it is vital they have the high performing, integrated infrastructure in place to capture, secure and make the most of the real-time data they generate, all day, every day.   Now is the time to test everything, and then test it again – or to turn to the experts who can test it for you.  There won't be a second chance to get this right.”

The report concludes that it is vital that suppliers, both large and small, take the time to educate their customers on the benefits of this technology to secure confidence and trust ahead of the imminent roll out and ultimately promote customer retention.

In an email to Haydn Povey, founder & CEO Secure Thingz highlighted concerns about transparency on the use of the data, and the ‘value-transaction, commenting: “For me three things stand out. Firstly consumers are becoming increasingly aware and increasingly concerned at how much data is held on them and how it is used, or misused. The number of smartphone applications that track our every movement, and the pervasiveness of the Tesco Club Card have created an increasing understanding of how our data is used by advertiser and merchants to target us, but the massive data breaches here and in the US, such as Target and Wal-mart have highlighted just how much information these large organisations have on everyone, with echoes of a big brother state. The reality is that we all may do a deal with the devil when we sign on for free apps or discount club cards, but it is only when the data spills into the real world that as individuals we recoil from a scale of surveillance that would make the NSA shudder. 

“Secondly, and specifically to the point of this report, I can understand why there is significant concern by people that their data may either be compromised or may be misused, although this is more hype than reality.

“People are correct that in the past data has not been protected correctly. While the meters themselves will be very robust, based on secure elements that are tamper-resistant and communications utilising PKI (Public Key Infrastructure), the challenge, and dark part, is what happens to the data within the utility. How much of it is kept in plain text to feed operations, rather than being securely held in encrypted form? How is the data to be used - is it reactive or pro-active, and if so who is making a judgement on them and on what information? Is the data being kept in house, or sold to other organisations? In all of these cases I have personally not seen a sufficiently strong position from any of the companies involved - transparency has to be key to getting the public on side.

“Finally, and for me the big one, is that the current Smart Meter roll out is completely one-sided. Yes, the consumer gets to see how much energy they are using, but this is a very small carrot verses the information and demand loading information, and ability to remotely set or kill meters, that the energy companies get. This balance needs to be resolved.

“Personally, with the right safe-guards, I would be willing to subscribe to a Smart Meter, and enable the "pausing" of major electrical items with two conditions. Firstly all of the data must be encrypted and be used for billing purposes only, and there must be complete transparency around this with absolute separation between customer information and the data the utility maintains. No if's, no buts. Secondly we need a quid pro quo that enables a discount on electric charges in lieu of surrendering any control, such that consumers feel there is something in the deal for them. Without these components Smart Meters will become as useful as Water Meters - just another way of charging more for something we already have.”

For Sarb Sembhi, director at STORM Guidance talking to, his concerns focussed on the actual security of the devices, telling SC: “When the first smart meters were announced I went on the company website and downloaded the manuals, and within half an hour saw how I could hack into the technology.  Since then, not many companies allow downloading of manuals, but the issues haven't gone away.

“Smart meters suffer the same problems as a lot of IoT technology – it was not designed with security in mind, but has had it retro-fitted, and so not in an ideal way.  In addition, the products need an API to link to others and the API is also often not designed with security in mind.  So products get security patches, then the API makes it as open and easy to exploit as it was before.

“Vendors need to ensure hardware and software is designed with security in mind and use APIs that support that security and not that make holes in it, opening up only those areas intended to be opened up.”

Sembhi adds that while vendors say they have security-tested their products, it's not like open source or say Microsoft, where hackers/Pen testers will be invited to try and break in then fixes will be added – and even then vulnerabilities may remain.  

He concludes: “If vendors really did want to be more open about what they are doing, it would be more acceptable to consumers – so Apple describes its security model and knowing that is good enough for most consumers – but smart meters try to hide what they do and that creates distrust.”

Crime & Threats

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews