Does IoT Data Need Special Regulation? 99
dkatana writes: As part of the UK's Smart Meter Implementation Programme, Spain's Telefonica is deploying a M2M solution, using its own proprietary network, to collect and transmit data from 53 million gas and electricity smart meters. The most troubling issue is that the UK government awarded the contract to a private telecom that uses a proprietary network rather than to an independent organization that uses freely available spectrum and open source solutions. Those Smart Meters are supposed to be in operation for more than three decades, and rely on a network that can cease to exist. On top of that, the network, running proprietary protocols, can be hacked, and "will be hacked". Only Telefonica will be able to fix it.
open source? (Score:5, Insightful)
Some platforms have lasted that long, but trying to guess which platforms will last and which won't is not the reason to choose open source.
Re: (Score:2)
It's far more likely that TCP/IPv6 will be around in 30 years. TCP itself has been with us for about 40, and it doesn't look like it will be replaced any time soon. (Replace TCP with UDP, if that makes sense for the application.)
Re:open source? (Score:5, Funny)
It's far more likely that TCP/IPv6 will be around in 30 years
Come to think of it, you can probably make sure a technology lasts by wishing it wouldn't stick around. Based on that, they should use IPv4 with Flash+Javascript written in COBOL on Windows ME. It'll last forever.
Re:open source? (Score:5, Interesting)
I like the way you think. I really do. Which made me think of an answer to this non-question.
The answer is no, we don't need special regulation. What we need are intelligent and informed persons. Eventually, and this doesn't discount closed source, we could have open and interoperability-built standards that are published, vetted, and agreed on - or at least published and open. The idea being that, yeah, smart people would select to use such instead of insisting on reliance on closed and mysterious. This doesn't mean that the code, itself, can't be proprietary but the communications methods that it uses should be - they should be open, available, and free to use, even for commercial means. In this case, using this example, I'd suggest relying on the standards IPv6 and TCP/IP (or UDP, if applicable - does UDP support error correction?).
If there's any benefit to this new, proprietary, communication format then, by all means, share it with the world so that it can be reviewed, improved on, standardized, and benefit others. It's not like it will do anything more than help the company's bottom line to do so. If anything, it will increase their visibility and market share. Perhaps, I guess, they could license it for commercial use but, honestly, I don't think that will help. If anything, and this is important to me - at least, it's a municipal project (from the looks of things) and thus it should be open.
The summary mentions that it will be hacked, and it will be, so having other companies that can layer on security (if needed) or perform repairs prevents lock in and price gouging. There's a vested interest, from the people, to insist that these types of things remain open and rely on commonly accepted (i.e. standardized even if unratified and informally) and readily available information. Should this company go out of business then the tax payer will have to keep them afloat just to insure they can read electrical usage meters? Surely you jest... When a security flaw is discovered, and it will be, who is going to repair it and how much is it going to cost? Truly, I can think of no benefit to this being proprietary but, perhaps, I'm missing something.
Ah well... I should be sleeping, though I've called the desk and have paid for another night so I'll not have to be out of the hotel by 10:00 in the morning. What an ungodly hour to insist that I check out. I'll be in Buffalo for another night and that means I get to spend a little bit of time online. Yay...
Re: (Score:2)
The answer is no, we don't need special regulation. What we need are intelligent and informed persons.
However, seeing that intelligent and informed persons are not an abundant species, we probably need special regulation worked out by intelligent and informed persons. Regulations that mandate the use of open standards and so on.
Re: (Score:3)
You're assuming, of course, that those who write the regulations come from this relatively rare species of intelligent people. The problem is, we have no way to guarantee this. And we run the risk of codifying in regulation something remarkably stupid instead.
I'm not suggesting not to use regulation. I'm suggesting that concluding we should use technically competent technocrats because there is a lack of technically competent people--especially in a world which seems to discount technical competence--runs t
Re: (Score:2)
You're assuming, of course, that those who write the regulations come from this relatively rare species of intelligent people.
Assuming is such a strong word - I was merely hoping. It isn't entirely in the realm of dreams either - there has been instances in the past when good legislation has been designed by clearminded individuals, whose main interest was to provide a good, lasting solution to an important problem. It doesn't happen as often as it should, but it could, in principle.
Re: (Score:1)
To be fair, the question I was addressing specifically said "need." What we need to have is smart people. What we do have is a bunch of idiots. I guess, if we want, we can say we need laws because we have decided that culling the stupid is socially unacceptable. I guess I can sort of agree with that. However, really, what we need is smarter people if we're really going to have any long-term solutions.
At some point, realistically, there can only be so many laws before the mass is so great that it collapses i
Re: (Score:2)
if they got a contract it's likely to be around for 30 years.
possibly not cheap, possibly not decent, but it will be running for 30 years provided that other part of government will not ruin their spectrum somehow forcing them to shut it down.
why? because it's incoming money. replacing whatever basestations or whatever is just going to be cheaper in 15 years than now even if they have to be the only customer in the world for them.
Re: open source? (Score:3, Insightful)
Speaking (anon) as somebody who is supporting a decades old government contract and seeing how many vendor fucks are given once those contracts are signed; I can tell you guaranteed income is not the same thing as guaranteed support. We haven't patched those systems since Debian Lenny.
Re: (Score:3)
Re: (Score:2, Insightful)
You've got it backwards. If you say up front "we're only interested in open source solutions" then only people with open source solutions, or people prepared to create one, will enter. There's absolutely no reason to do non open-source software except to attempt to make more money out of something but one company making money isn't the only reason these systems are designed and created. It's better for everyone if it's easy/possible for other people/companies to be able to continue running a system when t
Re:open source? (Score:4, Interesting)
Question: The summary and article is talking about the user's data that's collected. Is this data considered sensitive, other than the fact that one could potentially determine if someone is home or not if collected in real time? Do these smart-meters collect more than gas, power, and water usage? If it's just utility metrics, does anyone really care all that much about that? I'm trying to figure out how if any sort of data-leakage could really negatively affect someone. Maybe I'm just not imaginative enough.
Getting the meter hacked could be annoying or expensive, but probably not a catastrophe, as you'd simply dispute any ridiculous charges. Naturally, that's always an issue with any device tied to infrastructure.
As for using a proprietary network and protocol, I'd hope that the UK required exact documentation of what they're using, and how it works. That way, if the company goes belly up, another company could provide similar reading services based on those protocols. Of course, government bureaucracies being what they are, I guess I wouldn't be surprised if no one thought to do that.
Re: (Score:3)
There are conspiracy theories about this. When the meter was read only once a month (sometimes less) then the user didn't have to worry that the utility could discover them cheating. But if it can read usage once an hour, which is typical, now the cheats are caught more quickly. Though more seriously, the concern is that someone can figure out when you're not home by breaking into the utility and reading the data.
But, people can already figure out if you're not home by breaking into the phone company and
Re: (Score:1)
Re: (Score:2)
Well, not exactly. I've not yet had an electricity meter outside my house, and only one of my gas meters has been so far.
The big advantage of going Smart Meter (from the crim's POV) is that you'll be able to script this. Just imagine having a botnet that's able to tell you which addresses in a given town are vacant, and when.
Re: (Score:2)
Is this data considered sensitive, other than the fact that one could potentially determine if someone is home or not if collected in real time?
It isn't collected in real-time, it can't be used to determine if someone is home. If it is sent over a mobile network it would be difficult to intercept and use anyway - all you would see is a customer number (no address) and a unit value. To save money and power reporting is rarely more than once a day, usually much less than that (how often do you need to read the meter when you only adjust bills quarterly?)
Even the sub-1GHz networks that don't bother with encryption would be hard to use in any meaningfu
Re:open source? (Score:5, Informative)
TFA is confused and has almost no information. I work in this area, and even I don't know what it is on about.
There are a few different systems for reading smart meters. They are all proprietary to some degree. Some use mobile networks, some use Zigbee, some use other proprietary networks on sub-1GHz radio bands.
It's hard to see what someone could do to hack these devices. They are basically transmit only. They send meter readings, that's it. I suppose you could artificially inflate someone's bill or jam the ability of the electric company to take readings, but then they would just revert to the old system and read the numbers off a display on the unit. The units don't accept any commands at all - they are designed to be highly tamper proof because people have been trying to steal electricity from day one.
There is no open source software framework or network for this purpose. Wifi is far too short range and subject to massive amounts of congestion. TFA doesn't suggest anything.
Re: (Score:3, Informative)
If you want to steal energy, the low tech solution is to clam on to the lines before it goes into the meter. Very popular with the hoe growers overhere, has been for many decades.
And the defence against this is equally old. The electricity company also monitors how much power is delivered at the other end, and if the discrepancy is too large, they start monitoring individual subscribers to see where the loss is.
With smart meters, this becomes so easy that you could automate it. With smart meters you can more or less continuously monitor usage by the subscribers and delivered power to the group of subscribers, cheaply and on-line. Simple statistical anomaly detection can relatively e
Re: (Score:2)
Re: (Score:2)
Yes, its because it doesn't in general fulfill the legal requirements for "theft". That's why most jurisdictions had to come up with a whole new crime that fit it. Check your local laws.
Re: (Score:2)
Not sure if you are trolling or not, but for majority of people, electricity meters are visible to everybody (or, at least everybody who gets access to common area of the building, posing as electricity technician, postman or leaflet spammer).
I have bad news for you. People can see on which floor of your building your elevator is. I would suggest pulling off all the elevator displays, after all, seeing elevator going from floor 4 to floor 7 could mean that your mistress is visiting you. What a blatant invas
Re: (Score:2)
What beats me is why the bloody hell don't they use powerline networking to communicate with the smartmeters. It's not so long ago that they where promising to deliver broadband down the mains wires. A smartmeter could work just fine on dialup speeds, so powerline networking would do just fine.
Re: (Score:2)
Same reason they aren't using the powerlines now. It was a damn bad idea which shat all over the RF spectrum in the process.
Re: (Score:2)
It's hard to see what someone could do to hack these devices.
It's only hard if you don't have access to google [google.com], which will give you pages and pages on hacks known to be possible on smart meters, hacks which are believed to be possible with these meters in particular, etc. When did you forget how to internet?
Re: (Score:2)
Did you actually read any of those links? Lots of "could do this" and "might do that". There was a BBC article that managed to link someone claiming they could lower their bill to terrorism.
Yes, you can send fake messages to the utility provider. Not hack the meter, just spoof messages using their own hardware. You can also bypass the meter and do all sorts of other things to screw with it. You can't bring down civilization by hacking one.
So at worst the smart meters are no worse than dumb meters. When you
Re: (Score:2)
Re:open source? (Score:5, Informative)
I work in this industry. Proprietary networks can still use freely available frequencies; most of them actually do. Other spectrum is extremely expensive and often impractical for this sort of stuff (unless they plan to blast out at high dB to collect data from further away). The article mentions wifi and cellular, and wifi is freely available spectrum, and cellular may be used in some cases where connectivity is a problem and the telephone companies have paid the big bucks to buy that spectrum (expensive to use cellular so it's a last ditch resort).
For open source, that's not practical. First off, the customer here is not the home owner. The customer is the utility. The utility does NOT want the home owner to be hacking on the meters. Given the number of anti-smart-meter kooks out there, these are active targets for hacking. Even if open source is used they images would inevitably have to be signed. Yes, only Telefonica (or other provider) will be able to fix these meters, but that's normal and expected and required under many regulations. Yes, someone can fiddle with them, open them up, cut some wires, etc, but you break the seal on the meters and the owners will notice soon enough.
If the network ceases to exist, then the meters still continue to work. Just read them by hand like we used to do. Assuming no one else buys out the meter company and takes over the network. Or the new utility removes the meters and replaces them with something else. How is the "thirty years" thing even remotely a problem, since in that time many networks may come and go. Firmware gets upgraded, or the utilities may decide that they want the new features and replace them before thirty years.
As for can and will be hacked, compare that to phone networks. They can and will be hacked, and the owner of the phone can do nothing since only the phone company will be able to fix that. No panic there I see. Only panic with smart meters. I think phones are too cool for conspiracy theories to take root.
Re: (Score:3)
For open source, that's not practical. First off, the customer here is not the home owner. The customer is the utility. The utility does NOT want the home owner to be hacking on the meters. Given the number of anti-smart-meter kooks out there, these are active targets for hacking. Even if open source is used they images would inevitably have to be signed. Yes, only Telefonica (or other provider) will be able to fix these meters, but that's normal and expected and required under many regulations. Yes, someone can fiddle with them, open them up, cut some wires, etc, but you break the seal on the meters and the owners will notice soon enough.
Open source here is not about allowing the end user to install their own version of the software, it's about interoperability. In the UK, part of privatisation of the energy companies meant that you are able to switch between providers at will. This means that if I get an electricity metre installed by one provider then the next one must be able to use it, whether I switch next week or in five years time. The new company now takes responsibility for the metre and so must be able to update it for their ta
Re: (Score:1)
Re: (Score:2)
Check out the comments for some online forums from the anti-smart meter people. Ie, they say they're waking up every night at 2:00am with a headache and thus they conclude that this must be the time when smart meters are transmitting. Or they person who complained about potential health effects which also interfered with the baby monitor. Or from the other angle, that the smart meters are just a government scam to raise electricity rates, or a plot to spy on home owners.
Re:open source? (Score:4, Insightful)
Open source example (Score:3)
If an industry as commercially focused as oil can use published open source data formats then so can this telecommunications company.
Re: (Score:2)
Re: (Score:2)
Also, there's no such thing as "a telecom".
Re: (Score:2)
That would be a telecomcom, which doesn't exist and if ever it does we know it's just time to give up; the hipsters have won.
Re: (Score:2)
It's telecows, the article had a typo.
Good, make sure it's closed source (Score:1)
If you want this to last 30 years, closed source is the way to go. Open source projects come and go, with large turnover in developers. They also frequently get forked due to pissing contests between developers. Most open source projects also get abandoned before ever making it to version 1.0, and it's an extremely tiny portion of projects that are updated over five years let alone 30. Also, for every great example of an open source project of high quality (e.g., Linux, Libreoffice, Firefox, X.org), there's
Re: (Score:2)
Many of them may have some open source components (probably not GPLd though), but that does not mean the home user gets to paw through the code because the home user does not own these meters.
As far as trust goes, some utilities have paid for security penetration testing on their third party meter and network solutions, and those guys do get to see every line of code (if you think you get some nit picky code reviews, wait until you deal with one of these).
Re: (Score:2)
Because the sort of people who advocate Open Source no matter what probably haven't even been around 30 years and don't really understand that having freely available source code to your remotely installed infrastructure probably rates alongside selling My LIttle Pony meter stickers in the list of importance.
Re: (Score:2)
Idiotors (Score:2)
An M2M solution. Unless you pronounce it "muhtomuh".
If it has a display, it can still be read w/o net (Score:1)
My issue is with the information leakage: A high resolution tracking of my power consumption reveals basically everything I do at home, what and when. That is a massive invasion of privacy. And for what? The old meter costs less, has less potential for failure and error and uses less power. Even the ten minutes per year it takes their people to read it, if they don't trust me to call them and tell them the reading, can't cost more than exchanging all meters for more complex and expensive devices which need
Re: (Score:2)
The old systems used MORE power and had a high potential for failure. They were just plain awful. No one is going to be making the old 50's style analog meters with the rotating disk and gears that wore down over time. And the old meters could be read remotely with a telescope just like the new meters, giving high resolution data on what you've been doing (tedious and impractical though).
But once a month is too long a time. That's the problem with most utilities these days, the literally do not know whe
Re: (Score:2)
The old systems used MORE power and had a high potential for failure. They were just plain awful. No one is going to be making the old 50's style analog meters with the rotating disk and gears that wore down over time
You know that all of those were replaced in the UK years ago, right? UK houses all have digital (but not broadcasting) electricity metre (and gas metres, if they have gas). Are you honestly claiming that digital a metre with a little LCD display (i.e. the kind that they want to rip out and replace with 'smart' metres) uses more power than a digital metre with an LCD display and an RF transmitter?
Re: (Score:2)
Are you honestly claiming that digital a metre with a little LCD display ... uses more power than a digital metre with an LCD display and an RF transmitter?
I think the OP was comparing ANALOG meters [stopsmartmeters.org] with the new electronic ones. If you look closely, I think the "3W" on that meter means it draws 3W of power (confirmed here [wikipedia.org]) - a decent electronic meter, even one with a transmitter, will consume less power than that. I do decent range ZigBee with 10-20mW of power - the transmitter pulls at most 30mA at 3.3V, s
Re: (Score:2)
Re: (Score:2)
No, if you've got a digital meter then that's a "smart meter", lower case S. If it's networked then that's part of a smart grid. I'm in the US and most of the utilities here have been moving away from the older analog meters.
Actually causes some controversy just switching to digital meters. Ie, the analog ones would slowly wear out over a few decades, meaning the gears. This meant they would report less electricity consumption than was actually used. So swap in a new accurate meter and the monthly bill
Re: (Score:2)
Re: (Score:2)
Oh please. It doesn't store a minute by minute graph of your power usage. It simply sends a short range broadcast of your current meter reading when interrogated. It just saves the meter guy/girl knocking at your door. There are reasons to be paranoid these days, but this isn't one of them.
Re: (Score:2)
And that'll tell them what? Plus I'd think you'd soon notice someone standing outside your property every day or for hours at a time and if they did they'd probably find out more about your habits than any meter will tell them.
Re: (Score:2)
It goes to the utility. The utility may or may not contract with someone else to collect, store, and process the data on their behalf. This isn't "cloud" storage, it won't be Amazon, it's probably the company that built the solution. Over time the utility may take over this task once they're more comfortable with it.
Ie, in this case it's possible that Telefonica does this.
You will still get a "smart meter", in the sense that no one is makes the old analog systems with gears anymore. It will be an electr
Re: (Score:2)
Well in my house the chances of any radio waves getting out are practically zero. If you crush a bit of brick the house is made out of with a hammer and then put a strong magnet in the vicinity half the material ends up stuck to the magnet. All mobile phone reception in the house is via femtocell. So they wanted to drill holes in the wall and stick an external aerial up. I told them to get lost, but they could use the RJ45 socket next to the meter if they wanted, which had a nice high speed 40/20Mbps intern
Re: (Score:2)
Wait, your smart meter is inside the home?
Will they actually be able? (Score:1)
Just look at Irish Water (Score:3)
Irish water's smart meters block several digits of each consumer's water meter. This makes it nearly impossible for anyone to see their own utility usage. The data is sent via an unpublished protocol to Irish water's meter readers. When consumer's receive a bill, they must believe and pay it, or face fines, legal action and jail.
Some consumers are concerned by the exposure to an unknown amount of RF from the unknown protocol. Others are concerned by the safety of the haphazardly installed meter system or the possibility that the poorly installed meters might be causing leaks or mis-configured meters causing artificially high bills.
The Irish government supports this private company intervening between public water and private users. So if a consumer's remote control or outdoor thermometer on the crowded 433Mhz or 900Mhz bands interferes with the unknown protocol, they are likely to be charged with hacking.
An open protocol would have allowed independent companies to develop inexpensive consumer-focused smart meters which would have helped with the goal of reducing water wastage. As it is now, Irish water decides if and when consumer have access to their own consumption patterns, they will decide what to charge for meter-readers and they alone will determine the accuracy of the flow meters which determine their revenue.
Petrol stations don't regulate their pump's flow meters. Grocery stores don't calibrate their own fruit scales. Butchers don't calibrate their own weighing scales.
So why do we let utilities decide how their product is measured?
Yes. Turing Mechanics doing Turing Mechanics (Score:2)
I have registered turingmechanics.uk. I have watched carefully for years (note my /. serial 987). I am descended academically from Turing, and after letting the mental elf numpties try to destroy my mind, and concluding that they cannot, I am confident to ring the doorbell and offer my assistance. I will for the UK Guild of Turing Mechanics for the purpose of putting Dear Alan's legacy straight. For reference, here is my entry in the mathemalogical family tree: http://www.genealogy.math.ndsu... [nodak.edu]
Just say no... (Score:3)
Open Consumer Side Interface/Other Dangers (Score:2)
There are a set of oth
YES, it needs regulation! (Score:2)
Re: (Score:1)
No Wifi signal (Score:1)
1 I am in UK. I was 'offered' ( take it or we may disconnect you!) smart meter connection. I investigated how smart meter woul call home by landline or Wifi phone signal. It turns out the mobile phone company being used by utility does not provide a signal in my area and meter does not retune to another phone company who have a very poor but available signal in the area.
2. Final solution copy letter to my member of parliament, copy to utility supplier. No smartphone to be installed , old fashioned one left