Presentation is loading. Please wait.

Presentation is loading. Please wait.

TRUST Spring Conference, April 2008 Privacy Concerns in Upcoming Residential and Commercial Demand Response Systems Mikhail Lisovich, Devashree Trivedi,

Published byAmie Webb Modified over 8 years ago

Similar presentations

Presentation on theme: "TRUST Spring Conference, April 2008 Privacy Concerns in Upcoming Residential and Commercial Demand Response Systems Mikhail Lisovich, Devashree Trivedi,"— Presentation transcript:

1 TRUST Spring Conference, April 2008 Privacy Concerns in Upcoming Residential and Commercial Demand Response Systems Mikhail Lisovich, Devashree Trivedi, and Stephen Wicker Department of Electrical and Computer Engineering Cornell University

2 TRUST Spring Conference, April 2008 Privacy in the Home Privacy is the interest that individuals have in sustaining a 'personal space', free from interference by other people and organizations. Privacy of the Person Privacy of Personal Behavior Privacy of Personal Communications Privacy of Data

3 TRUST Spring Conference, April 2008 Privacy in the Home Presence Interested Parties: Police Employers Marketers Criminals Sleep scheduleAppliances Dinner times Shower times ANY activity involving electricity, water, and gas

4 TRUST Spring Conference, April 2008 Privacy in the Home Q:How real is the threat? A: Very. Three contributing factors: Technology: AMI/AMR, NILM (Nonintrusive Load Monitoring) Precedent for Repurposing: Drug production screening. Involves Austin Police Department, others. Legal Precedent: Smith v. Maryland US. v. Miller

5 TRUST Spring Conference, April 2008 Outline Introduction Main Claim Summary of TRUST Efforts Background Brief Overview Interested Parties Abuse Cases Privacy Metric Experiment Overview Experimental Setup Algorithms Results Discussion Algorithm effectiveness Privacy Implications

6 TRUST Spring Conference, April 2008 Outline Introduction Motivation Summary of TRUST Efforts

7 TRUST Spring Conference, April 2008 Motivation Next generation demand-response architectures are increasingly deployed by major utilities across the US. Advantages: cost savings in power generation, increased grid reliability, new modes of consumer-utility interaction. Disadvantage: Increased availability of data creates or exacerbates issues of privacy and security. Our Main Claim: In a lax regulatory environment, the detailed household consumption data gathered by advanced metering projects can and will be repurposed by interested parties to reveal personally identifying information such as an individual's activities, preferences, and even beliefs.

8 TRUST Spring Conference, April 2008 TRUST Efforts Cornell, Berkeley School of Law have focused on the privacy risks arising from the collection of power consumption data in current and future demand-response systems. Berkeley: law & policy aspects D. Mulligan, J.Lerner have written an article in the Stanford Technology Law Review chronicling the evolution of court opinion toward energy data privacy and calling for its constitutional protection. Collaborated with the California Public Utilities Commission (CPUC) to develop a set of draft guidelines for a secure and privacy-preserving demand response infrastructure. Cornell: technological aspects Highlighted the importance of NILM algorithms for extrapolating activity. Proposed a formal way of evaluating privacy risks. Conducted a proof-of-concept technical study.

9 TRUST Spring Conference, April 2008 Outline Introduction Motivation Summary of TRUST Efforts Background Brief Overview Interested Parties Abuse Cases

10 TRUST Spring Conference, April 2008 Technical Overview Advanced Metering Infrastructure (AMI) Collects time-based data at daily, hourly or sub-hourly intervals

11 TRUST Spring Conference, April 2008 Technical Overview (contd.) Non-Intrusive Load Monitoring (NILM) NILM: fundamental tool for extrapolating activity

12 TRUST Spring Conference, April 2008 Players/Abuse Cases Law Enforcement – Detecting Drug Production. – Supreme Court boundaries (as such):: 1. Kyllo v. US - Information obtained, using sensors, about activity within the home that would not otherwise have been available without intrusion constitutes a search 2. Smith v. Maryland, US v. Miller - records freely given to third parties not protected under 4 th Amendment Employers – Employee Tracking Marketing Partners Criminals

13 TRUST Spring Conference, April 2008 Outline Introduction Motivation Summary of TRUST Efforts Background Brief Overview Interested Parties Abuse Cases Privacy Metric

14 TRUST Spring Conference, April 2008 Privacy Metric Goal: a metric which associates the degree of data availability (accuracy of readings, time resolution, types of readings, etc) with potential privacy risks, providing a robust and reliable indicator of overall privacy. Extrapolating activity may be thought of in two stages – First stage: NILM in combination with data from other sensors is used to extract appliance usage, track an individual's position, and match particular individuals to particular observed events. – Second stage: intermediate data is combined with contextual data (such as the number/age/sex of individuals in the residence, tax and income records, models of typical human behavior). Performance Evaluation: – First stage: at most, the gathered information will reveal everything that's happening in the house (precise information about all movements, activities, and even the condition of appliances) – Second stage: more difficult to define an absolute performance metric - the number of specific preferences and beliefs that can be estimated is virtually limitless. In order to develop a comprehensive privacy metric, one needs to carefully define a list of `important' parameters, basing importance both on how fundamental a parameter is (how many other parameters may be derived from it) and on home/business owners' expectations of privacy. Summary: The list of important second-stage parameters form the evaluation criteria. Algorithms for estimating the parameters, along with the corresponding data requirements, provide a method for evaluating the sufficiency of available data. Together, these provide a metric for how much information may potentially be disclosed by a particular monitoring system.

15 TRUST Spring Conference, April 2008 Outline Introduction Motivation Summary of TRUST Efforts Background Brief Overview Interested Parties Abuse Cases Privacy Metric Experiment Overview Experimental Setup Algorithms Results

16 TRUST Spring Conference, April 2008 Experiment: Monitored a student residence continuously over a period of two-weeks. Gathered electrical data from the breaker panel, visual data from a camera. Camera logs included activities such as: Turning household appliances on or off Entering or leaving the residence Sleeping Preparing meals Taking a bath

17 TRUST Spring Conference, April 2008 Experimental Setup Floorplan Data Gathering Setup

18 TRUST Spring Conference, April 2008 Setup Photos

19 TRUST Spring Conference, April 2008 Algorithm: Details Parameters to be estimated: – Presence/Absence, Number of Individuals – Appliance Usage – Sleep/wake cycle. – Miscellaneous Events - Breakfast, Dinner, Shower. Sample Interval:

20 TRUST Spring Conference, April 2008 Participant Privacy

21 TRUST Spring Conference, April 2008 Evaluation Criteria Compare behavior extraction results against reference results from camera data. Two Metrics: Event based: 1. Define the cutoff threshold T_thresh 2. For each parameter, examine the sequence of turn-on/turn-off events on both the reference and estimated intervals. 3. If a camera event occurs but a corresponding electrical event does not occur within T_thresh seconds, declare a Failure to Detect. 4. If an electrical event occurs but a corresponding camera event does not occur within T_thresh seconds, declare a Misdetection. Global Perspective: Compute correctly classified percentage of the reference interval.

22 TRUST Spring Conference, April 2008 Algorithm: Implementation 1 Accumulate Raw Data: Find Switching Events:

23 TRUST Spring Conference, April 2008 Algorithm: Implementation 2 Match events to appliances: Use heuristics to estimate parameters of interest:

24 TRUST Spring Conference, April 2008 Results

25 TRUST Spring Conference, April 2008 Performance For the training data set, 101 of approximately 104 refrigerator events (more than 97%) were correctly classified. Results were similar (97%) for the experimental set.

26 TRUST Spring Conference, April 2008 Outline Introduction Motivation Summary of TRUST Efforts Background Brief Overview Interested Parties Abuse Cases Privacy Metric Experiment Overview Experimental Setup Algorithms Results Discussion Algorithm effectiveness Privacy Implications

27 TRUST Spring Conference, April 2008 Discussion Our behavior extraction algorithm was a proof-of- concept. Future algorithms will show vast performance improvements. Useful data can be extracted by less potent technology. Hourly power averages such as the ones produced by California's AMI system may also be used to determine presence and sleep cycles, although to a coarser degree. Major appliances a large steady state power consumption (e.g. heat lamps) can also be identified. Future concerns are not limited to the performance of these systems the level of on an individual household. Algorithms are fully automated, so analysis may be done on a extremely large scales. Easy access to such personal and demographic information will inevitably generate a market for it!

28 TRUST Spring Conference, April 2008 Discussion (contd.) Data data mining of hourly usage data by utilities be carefully monitored and regulated. – The authors of the report to the California Energy Commission advise that utilities should become subject to more stringent rules on the release and re-use of personal data as data mining practices develop and new information in which consumers have a reasonable expectation of privacy is exposed. Our paper fleshes out the details of this recommendation: 1. Our discussion of interested entities and motivations shows that repurposing of consumption data creates real privacy concerns for the consumer, and by extension highlights the reasonable expectations of privacy that he or she should develop. 2. Our technical discussion and proof of concept demonstration shows what data mining may be capable of, illustrating the extent to which consumer privacy can be violated. 3. Finally, our privacy metric framework, in combination with the technical discussions, allows one to more precisely define the permitted and prohibited uses of data mining.

29 TRUST Spring Conference, April 2008 Thank you for your time! Questions?

30 TRUST Spring Conference, April 2008 Conclusion Where, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a 'search' and is presumptively unreasonable without a warrant. -Justice Scalia, Kyllo v. US

Download ppt "TRUST Spring Conference, April 2008 Privacy Concerns in Upcoming Residential and Commercial Demand Response Systems Mikhail Lisovich, Devashree Trivedi,"

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Introduction Build and impact metric data provided by the SGIG recipients convey the type and extent of technology deployment, as well as its effect on.

Introduction Build and impact metric data provided by the SGIG recipients convey the type and extent of technology deployment, as well as its effect on.
0 © 2011 Silver Spring Networks. All rights reserved. Building the Smart Grid.

0 © 2011 Silver Spring Networks. All rights reserved. Building the Smart Grid.
Authors: J.A. Hausman, M. Kinnucan, and D. McFadden Presented by: Jared Hayden.

Authors: J.A. Hausman, M. Kinnucan, and D. McFadden Presented by: Jared Hayden.
TRUST Fall Meeting November 10 - 11, 2010 │Stanford, California A Privacy-Aware Architecture For Demand Response Systems Steve Wicker, Bob Thomas School.

TRUST Fall Meeting November , 2010 │Stanford, California A Privacy-Aware Architecture For Demand Response Systems Steve Wicker, Bob Thomas School.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
Daisuke Mashima and Arnab Roy Fujitsu Laboratories of America, Inc. Privacy Preserving Disclosure of Authenticated Energy Usage Data.

Daisuke Mashima and Arnab Roy Fujitsu Laboratories of America, Inc. Privacy Preserving Disclosure of Authenticated Energy Usage Data.
Home Area Networks …Expect More Mohan Wanchoo Jasmine Systems, Inc.

Home Area Networks …Expect More Mohan Wanchoo Jasmine Systems, Inc.
Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.

Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Chapter 8 Part II. 2 New York v. Burger, 482 U.S. 691 (1987) Search of junk yard for stolen goods Lower court excluded the evidence in the criminal trial:

Chapter 8 Part II. 2 New York v. Burger, 482 U.S. 691 (1987) Search of junk yard for stolen goods Lower court excluded the evidence in the criminal trial:
Game theoretic analysis of Advanced Metering Infrastructure adoption Dipayan Ghosh Cornell University with Stephen Wicker, Dawn Schrader, William Schulze.

Game theoretic analysis of Advanced Metering Infrastructure adoption Dipayan Ghosh Cornell University with Stephen Wicker, Dawn Schrader, William Schulze.
MENG 547 LECTURE 3 By Dr. O Phillips Agboola. C OMMERCIAL & INDUSTRIAL BUILDING ENERGY AUDIT Why do we audit Commercial/Industrial buildings Important.

MENG 547 LECTURE 3 By Dr. O Phillips Agboola. C OMMERCIAL & INDUSTRIAL BUILDING ENERGY AUDIT Why do we audit Commercial/Industrial buildings Important.
Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.

Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.
Would the Founders approve?. Would the Founders allow flag-burning?

Would the Founders approve?. Would the Founders allow flag-burning?
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
Virtual Dart: An Augmented Reality Game on Mobile Device Supervisor: Professor Michael R. Lyu Prepared by: Lai Chung Sum Siu Ho Tung.

Virtual Dart: An Augmented Reality Game on Mobile Device Supervisor: Professor Michael R. Lyu Prepared by: Lai Chung Sum Siu Ho Tung.
Privacy Chris Kelly iLaw July 5, 2002.

Privacy Chris Kelly iLaw July 5, 2002.
Taking Energy Management to Societal-Scale Randy H. Katz University of California, Berkeley LoCal Winter Retreat Tahoe City, CA 10 January 2012 1.

Taking Energy Management to Societal-Scale Randy H. Katz University of California, Berkeley LoCal Winter Retreat Tahoe City, CA 10 January
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Similar presentations

Ads by Google