Esorics opened today with a talk from Prof. Ross Anderson on "smart meters".
EU-wide, smart meters for electricity and gas are being installed in homes with a target of 100% coverage some time in the 2020s. They measure energy consumption in half-hourly intervals and can report this data over a wireless network. They can also be controlled remotely. This is the biggest europe-wide engineering project to date, dwarfing the channel tunnel. It's also supported by politicians across the board and by both energy companies and environmental organisations - as Ross Anderson says, that's a hint that not all is well.
The question is, who has access to the data and commands and how can they benefit from this?
Homeowners can track their energy usage and save energy or at least money by moving high-energy tasks (like charging an electric car) to times when energy is cheapest. The half-hourly metering allows for new tariff structures rather than today's day/night ones, in fact energy use could even be priced dynamically based on current demand and smart cars start to charge themselves when prices fall below a certain level.
Energy companies get much more exact data about their customers' energy usage, allowing them to devise new energy tariffs (which, if mobile phone tariffs are anything to go by, no-one will understand except the companies that make money off them). They can also remotely cut someone off (or switch them to prepayment only) if they fail to pay up, which is much cheaper than today's methods that may even involve sending in the police.
But anyone with access to this data can determine when a certain person is at home, how many people live in a home, when they usually work/cook/shower etc. (I personally suspect that even such factors like age/gender/"social class" could be guessed with some accuracy from energy graphs. A correlation between energy usage and certain TV series/sporting events would be an interesting research paper and a goldmine for advertisers.) So clearly this is private data that we may not want companies gathering on us.
And then there's the government, which in the UK at least has volunteered to build and run a giant database to hold all this information. This could allow targeted campaigns to reduce energy consumption. Or anything else they decide to do with the data. And of course, a government database with personal data of all its citizens could not possibly fall into the wrong hands.
Next up, enemies from the "chinese army" to the "militant wing of greenpeace" (both Ross' examples) have a potential "cybernuke" (again quoted from Ross) to shut down half the country's electricity for weeks.
Then there's conflicts of interest. Energy companies are there to make money, which they make best when people consume energy. Government is trying to reduce energy consumption and CO2. So who controls the smart meter, tariffs etc?
And finally (or perhaps encouragingly, looking at the potential problems with smart meters) the whole project looks like it will become "a classic government IT disaster" (Ross again).
O brave new world ...