Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
United Kingdom Businesses Privacy Security IT

Does IoT Data Need Special Regulation? 99

dkatana writes: As part of the UK's Smart Meter Implementation Programme, Spain's Telefonica is deploying a M2M solution, using its own proprietary network, to collect and transmit data from 53 million gas and electricity smart meters. The most troubling issue is that the UK government awarded the contract to a private telecom that uses a proprietary network rather than to an independent organization that uses freely available spectrum and open source solutions. Those Smart Meters are supposed to be in operation for more than three decades, and rely on a network that can cease to exist. On top of that, the network, running proprietary protocols, can be hacked, and "will be hacked". Only Telefonica will be able to fix it.
This discussion has been archived. No new comments can be posted.

Does IoT Data Need Special Regulation?

Comments Filter:
  • open source? (Score:5, Insightful)

    by phantomfive ( 622387 ) on Thursday September 24, 2015 @02:09AM (#50587727) Journal
    I don't think you can rely on any platform to be around for 30 years, even if it's open source.
    Some platforms have lasted that long, but trying to guess which platforms will last and which won't is not the reason to choose open source.
    • by Dog-Cow ( 21281 )

      It's far more likely that TCP/IPv6 will be around in 30 years. TCP itself has been with us for about 40, and it doesn't look like it will be replaced any time soon. (Replace TCP with UDP, if that makes sense for the application.)

      • by phantomfive ( 622387 ) on Thursday September 24, 2015 @02:23AM (#50587757) Journal

        It's far more likely that TCP/IPv6 will be around in 30 years

        Come to think of it, you can probably make sure a technology lasts by wishing it wouldn't stick around. Based on that, they should use IPv4 with Flash+Javascript written in COBOL on Windows ME. It'll last forever.

        • Re:open source? (Score:5, Interesting)

          by KGIII ( 973947 ) <uninvolved@outlook.com> on Thursday September 24, 2015 @02:39AM (#50587789) Journal

          I like the way you think. I really do. Which made me think of an answer to this non-question.

          The answer is no, we don't need special regulation. What we need are intelligent and informed persons. Eventually, and this doesn't discount closed source, we could have open and interoperability-built standards that are published, vetted, and agreed on - or at least published and open. The idea being that, yeah, smart people would select to use such instead of insisting on reliance on closed and mysterious. This doesn't mean that the code, itself, can't be proprietary but the communications methods that it uses should be - they should be open, available, and free to use, even for commercial means. In this case, using this example, I'd suggest relying on the standards IPv6 and TCP/IP (or UDP, if applicable - does UDP support error correction?).

          If there's any benefit to this new, proprietary, communication format then, by all means, share it with the world so that it can be reviewed, improved on, standardized, and benefit others. It's not like it will do anything more than help the company's bottom line to do so. If anything, it will increase their visibility and market share. Perhaps, I guess, they could license it for commercial use but, honestly, I don't think that will help. If anything, and this is important to me - at least, it's a municipal project (from the looks of things) and thus it should be open.

          The summary mentions that it will be hacked, and it will be, so having other companies that can layer on security (if needed) or perform repairs prevents lock in and price gouging. There's a vested interest, from the people, to insist that these types of things remain open and rely on commonly accepted (i.e. standardized even if unratified and informally) and readily available information. Should this company go out of business then the tax payer will have to keep them afloat just to insure they can read electrical usage meters? Surely you jest... When a security flaw is discovered, and it will be, who is going to repair it and how much is it going to cost? Truly, I can think of no benefit to this being proprietary but, perhaps, I'm missing something.

          Ah well... I should be sleeping, though I've called the desk and have paid for another night so I'll not have to be out of the hotel by 10:00 in the morning. What an ungodly hour to insist that I check out. I'll be in Buffalo for another night and that means I get to spend a little bit of time online. Yay...

          • The answer is no, we don't need special regulation. What we need are intelligent and informed persons.

            However, seeing that intelligent and informed persons are not an abundant species, we probably need special regulation worked out by intelligent and informed persons. Regulations that mandate the use of open standards and so on.

            • by w3woody ( 44457 )

              You're assuming, of course, that those who write the regulations come from this relatively rare species of intelligent people. The problem is, we have no way to guarantee this. And we run the risk of codifying in regulation something remarkably stupid instead.

              I'm not suggesting not to use regulation. I'm suggesting that concluding we should use technically competent technocrats because there is a lack of technically competent people--especially in a world which seems to discount technical competence--runs t

              • You're assuming, of course, that those who write the regulations come from this relatively rare species of intelligent people.

                Assuming is such a strong word - I was merely hoping. It isn't entirely in the realm of dreams either - there has been instances in the past when good legislation has been designed by clearminded individuals, whose main interest was to provide a good, lasting solution to an important problem. It doesn't happen as often as it should, but it could, in principle.

            • by KGIII ( 973947 )

              To be fair, the question I was addressing specifically said "need." What we need to have is smart people. What we do have is a bunch of idiots. I guess, if we want, we can say we need laws because we have decided that culling the stupid is socially unacceptable. I guess I can sort of agree with that. However, really, what we need is smarter people if we're really going to have any long-term solutions.

              At some point, realistically, there can only be so many laws before the mass is so great that it collapses i

      • by gl4ss ( 559668 )

        if they got a contract it's likely to be around for 30 years.

        possibly not cheap, possibly not decent, but it will be running for 30 years provided that other part of government will not ruin their spectrum somehow forcing them to shut it down.

        why? because it's incoming money. replacing whatever basestations or whatever is just going to be cheaper in 15 years than now even if they have to be the only customer in the world for them.

        • Re: open source? (Score:3, Insightful)

          by Anonymous Coward

          Speaking (anon) as somebody who is supporting a decades old government contract and seeing how many vendor fucks are given once those contracts are signed; I can tell you guaranteed income is not the same thing as guaranteed support. We haven't patched those systems since Debian Lenny.

    • BTW, if it is public, it's reasonable to request that the final source code be opened, but to only choose open source to begin with, that's a silly requirement.
      • Re: (Score:2, Insightful)

        by Threni ( 635302 )

        You've got it backwards. If you say up front "we're only interested in open source solutions" then only people with open source solutions, or people prepared to create one, will enter. There's absolutely no reason to do non open-source software except to attempt to make more money out of something but one company making money isn't the only reason these systems are designed and created. It's better for everyone if it's easy/possible for other people/companies to be able to continue running a system when t

    • Re:open source? (Score:4, Interesting)

      by Dutch Gun ( 899105 ) on Thursday September 24, 2015 @02:43AM (#50587795)

      Question: The summary and article is talking about the user's data that's collected. Is this data considered sensitive, other than the fact that one could potentially determine if someone is home or not if collected in real time? Do these smart-meters collect more than gas, power, and water usage? If it's just utility metrics, does anyone really care all that much about that? I'm trying to figure out how if any sort of data-leakage could really negatively affect someone. Maybe I'm just not imaginative enough.

      Getting the meter hacked could be annoying or expensive, but probably not a catastrophe, as you'd simply dispute any ridiculous charges. Naturally, that's always an issue with any device tied to infrastructure.

      As for using a proprietary network and protocol, I'd hope that the UK required exact documentation of what they're using, and how it works. That way, if the company goes belly up, another company could provide similar reading services based on those protocols. Of course, government bureaucracies being what they are, I guess I wouldn't be surprised if no one thought to do that.

      • There are conspiracy theories about this. When the meter was read only once a month (sometimes less) then the user didn't have to worry that the utility could discover them cheating. But if it can read usage once an hour, which is typical, now the cheats are caught more quickly. Though more seriously, the concern is that someone can figure out when you're not home by breaking into the utility and reading the data.

        But, people can already figure out if you're not home by breaking into the phone company and

      • In the UK, the majority of utility meters are outside the property anyway - often in a box, locked with a standard key, on an outside wall. So it is already easy to get the information on the meters, see when they are in use etc. I suppose that the main difference here is the possibility to do it remotely from somewhere less conspicuous.
        • Well, not exactly. I've not yet had an electricity meter outside my house, and only one of my gas meters has been so far.

          The big advantage of going Smart Meter (from the crim's POV) is that you'll be able to script this. Just imagine having a botnet that's able to tell you which addresses in a given town are vacant, and when.

      • by AmiMoJo ( 196126 )

        Is this data considered sensitive, other than the fact that one could potentially determine if someone is home or not if collected in real time?

        It isn't collected in real-time, it can't be used to determine if someone is home. If it is sent over a mobile network it would be difficult to intercept and use anyway - all you would see is a customer number (no address) and a unit value. To save money and power reporting is rarely more than once a day, usually much less than that (how often do you need to read the meter when you only adjust bills quarterly?)

        Even the sub-1GHz networks that don't bother with encryption would be hard to use in any meaningfu

    • Re:open source? (Score:5, Informative)

      by AmiMoJo ( 196126 ) on Thursday September 24, 2015 @02:44AM (#50587799) Homepage Journal

      TFA is confused and has almost no information. I work in this area, and even I don't know what it is on about.

      There are a few different systems for reading smart meters. They are all proprietary to some degree. Some use mobile networks, some use Zigbee, some use other proprietary networks on sub-1GHz radio bands.

      It's hard to see what someone could do to hack these devices. They are basically transmit only. They send meter readings, that's it. I suppose you could artificially inflate someone's bill or jam the ability of the electric company to take readings, but then they would just revert to the old system and read the numbers off a display on the unit. The units don't accept any commands at all - they are designed to be highly tamper proof because people have been trying to steal electricity from day one.

      There is no open source software framework or network for this purpose. Wifi is far too short range and subject to massive amounts of congestion. TFA doesn't suggest anything.

      • by jabuzz ( 182671 )

        What beats me is why the bloody hell don't they use powerline networking to communicate with the smartmeters. It's not so long ago that they where promising to deliver broadband down the mains wires. A smartmeter could work just fine on dialup speeds, so powerline networking would do just fine.

        • Same reason they aren't using the powerlines now. It was a damn bad idea which shat all over the RF spectrum in the process.

      • It's hard to see what someone could do to hack these devices.

        It's only hard if you don't have access to google [google.com], which will give you pages and pages on hacks known to be possible on smart meters, hacks which are believed to be possible with these meters in particular, etc. When did you forget how to internet?

        • by AmiMoJo ( 196126 )

          Did you actually read any of those links? Lots of "could do this" and "might do that". There was a BBC article that managed to link someone claiming they could lower their bill to terrorism.

          Yes, you can send fake messages to the utility provider. Not hack the meter, just spoof messages using their own hardware. You can also bypass the meter and do all sorts of other things to screw with it. You can't bring down civilization by hacking one.

          So at worst the smart meters are no worse than dumb meters. When you

      • by tlhIngan ( 30335 )

        TFA is confused and has almost no information. I work in this area, and even I don't know what it is on about.

        There are a few different systems for reading smart meters. They are all proprietary to some degree. Some use mobile networks, some use Zigbee, some use other proprietary networks on sub-1GHz radio bands.

        It's hard to see what someone could do to hack these devices. They are basically transmit only. They send meter readings, that's it. I suppose you could artificially inflate someone's bill or jam th

    • Re:open source? (Score:5, Informative)

      by Darinbob ( 1142669 ) on Thursday September 24, 2015 @02:44AM (#50587803)

      I work in this industry. Proprietary networks can still use freely available frequencies; most of them actually do. Other spectrum is extremely expensive and often impractical for this sort of stuff (unless they plan to blast out at high dB to collect data from further away). The article mentions wifi and cellular, and wifi is freely available spectrum, and cellular may be used in some cases where connectivity is a problem and the telephone companies have paid the big bucks to buy that spectrum (expensive to use cellular so it's a last ditch resort).

      For open source, that's not practical. First off, the customer here is not the home owner. The customer is the utility. The utility does NOT want the home owner to be hacking on the meters. Given the number of anti-smart-meter kooks out there, these are active targets for hacking. Even if open source is used they images would inevitably have to be signed. Yes, only Telefonica (or other provider) will be able to fix these meters, but that's normal and expected and required under many regulations. Yes, someone can fiddle with them, open them up, cut some wires, etc, but you break the seal on the meters and the owners will notice soon enough.

      If the network ceases to exist, then the meters still continue to work. Just read them by hand like we used to do. Assuming no one else buys out the meter company and takes over the network. Or the new utility removes the meters and replaces them with something else. How is the "thirty years" thing even remotely a problem, since in that time many networks may come and go. Firmware gets upgraded, or the utilities may decide that they want the new features and replace them before thirty years.

      As for can and will be hacked, compare that to phone networks. They can and will be hacked, and the owner of the phone can do nothing since only the phone company will be able to fix that. No panic there I see. Only panic with smart meters. I think phones are too cool for conspiracy theories to take root.

      • For open source, that's not practical. First off, the customer here is not the home owner. The customer is the utility. The utility does NOT want the home owner to be hacking on the meters. Given the number of anti-smart-meter kooks out there, these are active targets for hacking. Even if open source is used they images would inevitably have to be signed. Yes, only Telefonica (or other provider) will be able to fix these meters, but that's normal and expected and required under many regulations. Yes, someone can fiddle with them, open them up, cut some wires, etc, but you break the seal on the meters and the owners will notice soon enough.

        Open source here is not about allowing the end user to install their own version of the software, it's about interoperability. In the UK, part of privatisation of the energy companies meant that you are able to switch between providers at will. This means that if I get an electricity metre installed by one provider then the next one must be able to use it, whether I switch next week or in five years time. The new company now takes responsibility for the metre and so must be able to update it for their ta

      • Folks who are anti-smart meter are kooks? Why? Let's see, why would I object to every electric load I use to be data mined, so everything I do can be tracked? I can't imagine how this can be a bad thing. Why should the utilities actually have enough capacity? They should just shut us peons off. Etc. YOU are the cretin.
        • Check out the comments for some online forums from the anti-smart meter people. Ie, they say they're waking up every night at 2:00am with a headache and thus they conclude that this must be the time when smart meters are transmitting. Or they person who complained about potential health effects which also interfered with the baby monitor. Or from the other angle, that the smart meters are just a government scam to raise electricity rates, or a plot to spy on home owners.

    • The oil and gas industries use fully documented data formats of which one from nearly fifty years ago (SEGD) is still in use which means files from the 1970s can still be read by current software with no need to convert.
      If an industry as commercially focused as oil can use published open source data formats then so can this telecommunications company.
  • by Anonymous Coward

    If you want this to last 30 years, closed source is the way to go. Open source projects come and go, with large turnover in developers. They also frequently get forked due to pissing contests between developers. Most open source projects also get abandoned before ever making it to version 1.0, and it's an extremely tiny portion of projects that are updated over five years let alone 30. Also, for every great example of an open source project of high quality (e.g., Linux, Libreoffice, Firefox, X.org), there's

    • Many of them may have some open source components (probably not GPLd though), but that does not mean the home user gets to paw through the code because the home user does not own these meters.

      As far as trust goes, some utilities have paid for security penetration testing on their third party meter and network solutions, and those guys do get to see every line of code (if you think you get some nit picky code reviews, wait until you deal with one of these).

    • by Viol8 ( 599362 )

      Because the sort of people who advocate Open Source no matter what probably haven't even been around 30 years and don't really understand that having freely available source code to your remotely installed infrastructure probably rates alongside selling My LIttle Pony meter stickers in the list of importance.

    • If you're going to conflate open source and community developed, then I'm going to conflate closed source and developed by a one-man fly-by-night company that goes bust next month.
  • An M2M solution. Unless you pronounce it "muhtomuh".

  • My issue is with the information leakage: A high resolution tracking of my power consumption reveals basically everything I do at home, what and when. That is a massive invasion of privacy. And for what? The old meter costs less, has less potential for failure and error and uses less power. Even the ten minutes per year it takes their people to read it, if they don't trust me to call them and tell them the reading, can't cost more than exchanging all meters for more complex and expensive devices which need

    • The old systems used MORE power and had a high potential for failure. They were just plain awful. No one is going to be making the old 50's style analog meters with the rotating disk and gears that wore down over time. And the old meters could be read remotely with a telescope just like the new meters, giving high resolution data on what you've been doing (tedious and impractical though).

      But once a month is too long a time. That's the problem with most utilities these days, the literally do not know whe

      • The old systems used MORE power and had a high potential for failure. They were just plain awful. No one is going to be making the old 50's style analog meters with the rotating disk and gears that wore down over time

        You know that all of those were replaced in the UK years ago, right? UK houses all have digital (but not broadcasting) electricity metre (and gas metres, if they have gas). Are you honestly claiming that digital a metre with a little LCD display (i.e. the kind that they want to rip out and replace with 'smart' metres) uses more power than a digital metre with an LCD display and an RF transmitter?

        • Are you honestly claiming that digital a metre with a little LCD display ... uses more power than a digital metre with an LCD display and an RF transmitter?

          I think the OP was comparing ANALOG meters [stopsmartmeters.org] with the new electronic ones. If you look closely, I think the "3W" on that meter means it draws 3W of power (confirmed here [wikipedia.org]) - a decent electronic meter, even one with a transmitter, will consume less power than that. I do decent range ZigBee with 10-20mW of power - the transmitter pulls at most 30mA at 3.3V, s

          • Digital electricity metres are not new (at least, in the UK where TFA is about). I'm not sure exactly when they introduced them, but I remember having one replaced around 2003 as part of the country-wide rolling upgrade program once they reached EOL. I doubt that there are any analogue ones left in the country. The controversy is about the ones that have wireless network connections (typically to the mobile phone network, not something short-range like ZigBee) and no security. If I were prone to conspir
        • No, if you've got a digital meter then that's a "smart meter", lower case S. If it's networked then that's part of a smart grid. I'm in the US and most of the utilities here have been moving away from the older analog meters.

          Actually causes some controversy just switching to digital meters. Ie, the analog ones would slowly wear out over a few decades, meaning the gears. This meant they would report less electricity consumption than was actually used. So swap in a new accurate meter and the monthly bill

          • TFA is about the UK. No one tried to brand digital metres (which were introduced well over a decade ago and have now completely replaced the old analogue ones as the old ones reached end of life and compulsory replacement age) as smart - they're just as dumb as the old ones, just using a digital circuit instead of analogue. The controversy is over smart metres, which are ones that have a network connection.
    • by Viol8 ( 599362 )

      Oh please. It doesn't store a minute by minute graph of your power usage. It simply sends a short range broadcast of your current meter reading when interrogated. It just saves the meter guy/girl knocking at your door. There are reasons to be paranoid these days, but this isn't one of them.

  • "Only Telefonica will be able to fix it." At least you're still thinking positive.
  • by An dochasac ( 591582 ) on Thursday September 24, 2015 @05:18AM (#50588169)

    Irish water's smart meters block several digits of each consumer's water meter. This makes it nearly impossible for anyone to see their own utility usage. The data is sent via an unpublished protocol to Irish water's meter readers. When consumer's receive a bill, they must believe and pay it, or face fines, legal action and jail.

    Some consumers are concerned by the exposure to an unknown amount of RF from the unknown protocol. Others are concerned by the safety of the haphazardly installed meter system or the possibility that the poorly installed meters might be causing leaks or mis-configured meters causing artificially high bills.

    The Irish government supports this private company intervening between public water and private users. So if a consumer's remote control or outdoor thermometer on the crowded 433Mhz or 900Mhz bands interferes with the unknown protocol, they are likely to be charged with hacking.

    An open protocol would have allowed independent companies to develop inexpensive consumer-focused smart meters which would have helped with the goal of reducing water wastage. As it is now, Irish water decides if and when consumer have access to their own consumption patterns, they will decide what to charge for meter-readers and they alone will determine the accuracy of the flow meters which determine their revenue.

    Petrol stations don't regulate their pump's flow meters. Grocery stores don't calibrate their own fruit scales. Butchers don't calibrate their own weighing scales.

    So why do we let utilities decide how their product is measured?

  • I have registered turingmechanics.uk. I have watched carefully for years (note my /. serial 987). I am descended academically from Turing, and after letting the mental elf numpties try to destroy my mind, and concluding that they cannot, I am confident to ring the doorbell and offer my assistance. I will for the UK Guild of Turing Mechanics for the purpose of putting Dear Alan's legacy straight. For reference, here is my entry in the mathemalogical family tree: http://www.genealogy.math.ndsu... [nodak.edu]

  • by TomGreenhaw ( 929233 ) on Thursday September 24, 2015 @05:56AM (#50588259)
    ...to unnecessary regulation codified by politicians who don't understand the technology in question. At the end of the day, it only drives up cost and stifles innovation. At most we need to enforce a law that says you cannot operate something without the owner's permission except in cases of public emergency.
  • I'm one of the people that made [immediately ignored, of course] submissions to the smart meter survey in the UK. In it, I suggested that they supply a 'customer side' data feed, probably the most 'obvious' would be RJ45 and ethernet, USB + Wifi probably fine as well. That would permit some useful modeling/analysis etc. to take place for the benefit of the consumer, rather than Telefonica [et al.] snarfing up the data and using it to gamble on energy futures/sell it to other people.

    There are a set of oth
  • The so-called 'internet of things' is just as likely being used currently as a means of surveilling people in their homes as not, and since the potetial for abuse is there in abundance, there needs to be tight regulation to ensure that it is not being used in that way, and that furthermore it is not possible to use in that way. Of course I think the 'IoT' is a stupid fad anyway. I don't need my appliances connected to the Internet, why would you?
    • Tight regulation does not mean it won't be used that way. Hint: Social security numbers in the US are not to be used for identification.
  • 1 I am in UK. I was 'offered' ( take it or we may disconnect you!) smart meter connection. I investigated how smart meter woul call home by landline or Wifi phone signal. It turns out the mobile phone company being used by utility does not provide a signal in my area and meter does not retune to another phone company who have a very poor but available signal in the area.
    2. Final solution copy letter to my member of parliament, copy to utility supplier. No smartphone to be installed , old fashioned one left

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...