Christopher Wolf

Bio: Christopher Wolf is an academic researcher from Future of Privacy Forum. The author has contributed to research in topics: Data security & Personally identifiable information. The author has an hindex of 1, co-authored 2 publications receiving 204 citations.

SmartPrivacy for the Smart Grid: embedding privacy into the design of electricity conservation

Abstract: The 2003 blackout in the northern and eastern U.S. and Canada which caused a $6 billion loss in economic revenue is one of many indicators that the current electrical grid is outdated. Not only must the grid become more reliable, it must also become more efficient, reduce its impact on the environment, incorporate alternative energy sources, allow for more consumer choices, and ensure cyber security. In effect, it must become “smart.” Significant investments in the billions of dollars are being made to lay the infrastructure of the future Smart Grid. However, the authors argue that we must take great care not to sacrifice consumer privacy amidst an atmosphere of unbridled enthusiasm for electricity reform. Information proliferation, lax controls and insufficient oversight of this information could lead to unprecedented invasions of consumer privacy. Smart meters and smart appliances will constitute a data explosion of intimate details of daily life, and it is not yet clear who will have access to this information beyond a person’s utility provider. The authors of this paper urge the adoption of Dr. Ann Cavoukian’s conceptual model ‘SmartPrivacy’ to prevent potential invasions of privacy while ensuring full functionality of the Smart Grid. SmartPrivacy represents a broad arsenal of protections, encapsulating everything necessary to ensure that all of the personal information held by an organization is appropriately managed. These include: Privacy by Design; law, regulation and independent oversight; accountability and transparency; market forces, education and awareness; audit and control; data security; and fair information practices. Each of these elements is important, but the concept of Privacy by Design represents its sine qua non. When applying SmartPrivacy to the Smart Grid, not only will the grid be able to, for example, become increasingly resistant to attack and natural disasters—it will be able to do so while also becoming increasingly resistant to data leakage and breaches of personal information. The authors conclude that SmartPrivacy must be built into the Smart Grid during its current nascent stage, allowing for both consumer control of electricity consumption and consumer control of their personal information, which must go hand in hand. Doing so will ensure that consumer confidence and trust is gained, and that their participation in the Smart Grid contributes to the vision of creating a more efficient and environmentally friendly electrical grid, as well as one that is protective of privacy. This will result in a positive-sum outcome, where both environmental efficiency and privacy can coexist.

The role of government in commercial cybersecurity

Abstract: Privacy consists of two components: (1) conforming one's collection, use, and sharing of personal data to existing laws and norms, and (2) securing the data against unauthorized access and use. Even with the best of intentions as to the treatment of personal data, there can be no privacy where there is no data security. With the interconnected Internet, cybersecurity is a critical component of privacy.

Cyber Security and Privacy Issues in Smart Grids

Abstract: Smart grid is a promising power delivery infrastructure integrated with communication and information technologies. Its bi-directional communication and electricity flow enable both utilities and customers to monitor, predict, and manage energy usage. It also advances energy and environmental sustainability through the integration of vast distributed energy resources. Deploying such a green electric system has enormous and far-reaching economic and social benefits. Nevertheless, increased interconnection and integration also introduce cyber-vulnerabilities into the grid. Failure to address these problems will hinder the modernization of the existing power system. In order to build a reliable smart grid, an overview of relevant cyber security and privacy issues is presented. Based on current literatures, several potential research fields are discussed at the end of this paper.

Privacy-preserving aggregation of Time-series data

Abstract: A private stream aggregation (PSA) system contributes a user's data to a data aggregator without compromising the user's privacy. The system can begin by determining (302) a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero. The system also selects a set of data values associated with the local user. Then, the system encrypts individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value. The system also sends (308) the set of encrypted data values to the data aggregator.

Privacy-friendly energy-metering via homomorphic encryption

Abstract: The first part of this paper discusses developments wrt. smart (electricity) meters (simply called E-meters) in general, with emphasis on security and privacy issues. The second part will be more technical and describes protocols for secure communication with E-meters and for fraud detection (leakage) in a privacy-preserving manner. Our approach uses a combination of Paillier's additive homomorphic encryption and additive secret sharing to compute the aggregated energy consumption of a given set of users.

Benefits and risks of smart home technologies

Abstract: Smart homes are a priority area of strategic energy planning and national policy. The market adoption of smart home technologies (SHTs) relies on prospective users perceiving clear benefits with acceptable levels of risk. This paper characterises the perceived benefits and risks of SHTs from multiple perspectives. A representative national survey of UK homeowners (n=1025) finds prospective users have positive perceptions of the multiple functionality of SHTs including energy management. Ceding autonomy and independence in the home for increased technological control are the main perceived risks. An additional survey of actual SHT users (n=42) participating in a smart home field trial identifies the key role of early adopters in lowering perceived SHT risks for the mass market. Content analysis of SHT marketing material (n=62) finds the SHT industry are insufficiently emphasising measures to build consumer confidence on data security and privacy. Policymakers can play an important role in mitigating perceived risks, and supporting the energy-management potential of a smart-home future. Policy measures to support SHT market development include design and operating standards, guidelines on data and privacy, quality control, and in situ research programmes. Policy experiences with domestic energy efficiency technologies and with national smart meter roll-outs offer useful precedents.

Smart meter data: Balancing consumer privacy concerns with legitimate applications

Abstract: Smart meters are being rolled out in large numbers throughout the world, with proponents claiming they are a critical step in the transition to a low-carbon economy. Yet there are significant unresolved negative reactions to smart meters, principally based on the concern that smart meters might be used to infer the private activities that occur within a dwelling. Though smart meter data is classified as personal data, and as such protected under existing data protection frameworks in the EU, there are relevant exceptions, notably where the data is required for legitimate applications associated with the performance of 'regulated duties'. This paper contributes to this debate by examining the data requirements for some of the proposed applications of smart meter data within the electricity supply industry, and investigates whether the use of personal data can be minimized or even avoided. The discussion includes system balancing, demand reduction, demand response and distribution network operation and planning, and indicates that, for most of these applications, the requirements for personal data can indeed be minimized. 'Privacy friendly' alternatives are discussed.