Data recorded on smart meters should not be a secret.
ESB Networks have been installing smart meters all over Ireland and using them to collect detailed information on electricity consumption. The meters also record other information apart from consumption. We think this includes information about the quality of the electricity system, such as whether there have been voltage drops or surges. It likely also includes other information such as whether there is reason to suspect the meter has been tampered with.
Some of the data collected is available through an online portal but by no means all of the data is easily available to families with a smart meter. DRI supporters in Wicklow made an FoI request for a list of all the types of data collected by the smart meter.
They also sought the actual data itself in relation to their own home. ESB Networks refused to supply part of the data on the basis that it is a secret, they say, and they claim that providing this information could allow bad actors to commit a crime by hacking the entire smart metering system. They claimed that to release the information could expose the national grid to a cybersecurity attack.
ESB Networks gave no clear rationale for deciding that the data is actually a security risk. All they really told the DRI supporters that providing the data could allow the smart meters to be hacked. ‘This list of ESM (electricity smart meter) events can be used to establish the design and potential vulnerabilities of the meters, which in turn could allow bad actors to compromise individual meters and/or the entire smart metering system.’
The DRI supporters did further investigation and found out that much of the information they had asked for is available publicly.
ESB Networks had not told our supporters (and perhaps did not know) that the list of ESM events is publicly available as part of the COSEM / DLMS standard for smart meters. The DLMS website at dlms.com publishes full details of the Event List on page 192 of the ‘Blue Book’.
The smart meter is like a sentry, constantly collecting data about activity in family homes. The constitutional protection of the home in Ireland is well established. Not being completely transparent about the operation of the meters only heightens’ suspicions about surveillance.
If ESB Networks really need to collect this information, the least they can do is be transparent about what they are collecting and why. Families have a right to know what is going on.
Additionally, we are concerned that ESB Network’s cybersecurity measures could be very fragile since they are dependent on keeping the nature of the data collected on the meter secret, especially since the information is available online, from public sources. The security arrangements should now be reviewed to make sure they are adequate.