“If your toilet’s so smart, how come I can hack it?”

Thus reads the headlines on David Meyer’s Gigaom post on news that the Satis toilet, manufactured by the Japanese firm Lixii, comes with a smartphone app that can be used to control any Satis toilet (see also this BBC news article). You may wonder why a toilet needs an app, which is a valid question; this one allows recording of one’s activity (if you so choose …), remote flushing, remote air freshener spray, and remote bidet operation. Subjective utility being what it is, I’ll consider Lixii as entrepreneurs responding to what they perceive as some undersatisfied preference in the market, which the extent of their subsequent profits will indicate or not …

Although the story is scatologically humorous, Meyer’s closing observation hits upon exactly the same point I made recently in my post about the hackability of home management systems:

Of course, it’s not like someone will be exploiting this vulnerability to prank someone a continent away — Bluetooth is a pretty short-range wireless technology. However, it’s the kind of thing that should be borne in mind by manufacturers who are starting to jazz up previously low-tech appliances with new-fangled connectivity.

Because when it comes to security, as Trustwave SpiderLabs and others have warned, the home is the last place you want to be caught with your pants down.

Honey, someone hacked our smart home

Ever since the first “vision” meeting I attended at the Department of Energy in 2003 about the technologically advanced electric power grid of the future, digital network security in a smart grid has been a paramount concern. Much of the concern emphasizes hardening the electrical and communication networks against nefarious attempts to access control rooms or substations. Less attention goes to the security of the home automation system itself.

Here’s why privacy and security issues matter so much in customer-facing smart grid products and services: how likely is it that someone can hack into your home energy management system? The resourceful technology and privacy journalist Kashmir Hill gained access to eight homes, merely by doing an Internet search to see if any homes had their devices set to be discoverable by a search engine:

Googling a very simple phrase led me to a list of “smart homes” that had done something rather stupid. The homes all have an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web. The dumb thing? Their systems had been made crawl-able by search engines – meaning they show up in search results — and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.

In this instance, early adopters of a now-discontinued home automation system had not changed their default settings to implement security protocols. They had not followed the simple security protocols that we have become habituated to in our home wireless networks, which most of us now routinely know to secure with a password at least. This security hurdle doesn’t seem very high, and it shouldn’t be; securing a home automation system separately with a username/password login is not difficult, and can be made less difficult for the technologically challenged through helpful customer service.

She goes on in the story to relate her interactions with some of the people whose houses she was able to access, as well as her discussion with people at Insteon:

Insteon chief information officer Mike Nunes says the systems that I’m seeing online are from a product discontinued in the last year. He blamed user error for the appearance in search results, saying the older product was not originally intended for remote access, and to set this up required some savvy on the users’ part. The devices had come with an instruction manual telling users how to put the devices online which strongly advised them to add a username and password to the system. (But, really, who reads instruction manuals closely?)

“This would require the user to have chosen to publish a link (IP address) to the Internet AND for them to have not set a username and password,” says Nunes. I told Nunes that requiring a username/password by default is good security-by-design to protect people from making a mistake like this. “It did not require it by default, but it supported it and encouraged it,” he replied.

One of the interesting aspects of her story (and you get a much deeper sense of it reading the whole article) is the extent to which these early adopters/automation hobbyists identified some but not all of the potential security holes in the home automation system. These are eager, knowledgeable consumers, and even they did not realize that some ports on the router were left open and thus made the system discoverable externally.

I think she’s right that for such technologies in such sensitive applications as home automation, default username/password authentication is good design. This is an application in which I think the behavioral economics arguments about setting defaults to overcome inertia bias are valid.

Insteon has since changed their default settings to require username/password authentication on the automation system separate from the home wireless network authentication, and the rest of the article describes some other companies that are working to close security holes in their home automation systems.

As we extend the smart grid into our home and the “Internet of things” becomes more deeply embedded in our lives, being aware of the value of securing our privacy and reducing the risk of unauthorized access to our homes and the devices and appliances in them becomes more important. The digital rules we apply to our financial transactions should guide our privacy and security awareness and decision in our home network too. That way we can enjoy the benefits of home automation and transactive energy that Hill lays out in her article while minimizing the risk of unauthorized access to our homes and our information.

Regulation’s effects on innovation in energy technologies: the experimentation connection

Lynne Kiesling

Remember the first time you bought a mobile phone (which in my case was 1995). You may have been happy with your land line phone, but this new mobile phone thing looks like it would be really handy in an emergency, so you-in-1995 said sure, I’ll get a cell phone, but not really use it that much. Then, the technology improved, and more of your friends and family got phones, so you used it more. Then you saw others with cool flip phones, in colors, and you did some searching to see if other phones had features you might like. Then came text messaging, and you experimented with learning a new shorthand language (or, if you’re like me, you stayed a pedant about spelling even in text messages that you had to tap out on number pad keys). You adopted text messaging, or not. Then came the touch screen, largely via the disruptive iPhone, and the cluster of smartphone innovation was upon us.  Maybe you have a smartphone, maybe you don’t; maybe your smartphone is an iPhone, maybe it isn’t. But since 1995, your choice of communication technology, and the set from which you can choose, has changed dramatically.

This change didn’t happen overnight, and for most people was not a discrete move from old choice to new choice, A to B, without any other choices along the way. Similarly for technological change and the production of goods and services. For both consumers and producers, our choices in markets are the consequence of a process of experimentation, trial and error, and learning. Indeed, whether your perspective on dynamic competition is based on Schumpeter or Hayek or Kirzner (or all of the above), the fundamental essence of competition in market processes is that it’s a process of experimentation, trial and error, and learning, on the part of both producers and consumers. That’s how we get new products and services, that’s how we signal to producers whether their innovations are valuable to us as consumers, that’s how innovation creates economic growth and vibrancy, through the application of our creativity and our taste for creating and experiencing novelty.

This kind of dynamism is common in our world, and is increasingly an aspect of our lives that creates value for us; mobile telephony is the most obvious example, but even in products as mundane as milk, the fundamental aspect of the market process is this experimentation, trial and error, and learning. How else would Organic Valley have started coming out with a line of milk that is entirely from pasture-raised cows? (I am happily consuming this milk; pasture-raised cows make milk with more essential fatty acids and conjugated linoleic acid, very important for health)

But this kind of dynamism, while common, is not pervasive. Institutions matter, and in particular, various forms of government regulation can influence the extent to which such technological dynamism occurs in a market. The example I have in mind as a counterpoint, the example I want to explain and understand, is consumer-facing electricity technologies, like thermostats and home energy management systems. For the past several years there has been considerable innovation in this space, due to the application and extension of digital communication technology innovations. But despite the frequent claims over the past few years that this year will be the year of the consumer energy technology, it keeps not happening.

Tomorrow in New Orleans, at the Southern Economic Association meetings, I’ll be presenting a paper that grapples with this question. My argument is that traditional economic regulation of the electricity industry slows or stifles innovation because regulation undercuts the experimentation, trial and error, and learning of both producers and consumers. As I state in the abstract:

Persistent regulation in potentially competitive markets can undermine consumer benefits when technological change both makes those markets competitive and creates new opportunities for market experimentation. This paper applies the Bell Doctrine precedent of “quarantine the monopoly” to the electricity industry, and extends the Bell Doctrine by analyzing the role of market experimentation in generating the benefits of competition. The general failure to quarantine the monopoly wires segment and its regulated monopolist from the potentially competitive downstream retail market contributes to the slow pace and lackluster performance of retail electricity markets for residential customers. The form of this failure to quarantine the monopoly is the persistence of an incumbent default service contract that was intended to be a transition mechanism to full retail competition, coupled with the regulatory definition of product characteristics and market boundaries that is necessary to define the default product and evaluate the regulated monopolist’s performance in providing it. The consequence of the incumbent’s incomplete exit from the retail market suggests that as regulated monopolists and regulators evaluate customer-facing smart grid investments, regulators and other policymakers should consider the potential anti-competitive effects of the failure to quarantine the monopoly with respect to the default service contract and in-home energy management technology.

In August 2011 I wrote about the Bell Doctrine, Baxter’s precedent from the U.S. v. AT&T divestiture case, and how we have failed to quarantine the monopoly in electricity. This paper is an extension of that argument, and I welcome comments!

If you’ll be at the SEA meetings, I hope to see you there; I am headed to NOLA tonight, and look forward to a fun weekend full of good economic brain candy.

Something not-so-funny happened on the way to the smart grid: Xcel, Boulder and the Colorado PUC

Michael Giberson

Four-and-a-half years ago I relayed on these pages Xcel’s announcement of its Smart Grid City project. It was exciting stuff, I thought, and I said it “should prove to be a very useful project.” (See also Lynne’s post on a NYT‘s article discussing the project.)

It has proven useful, but not entirely in the way it was intended.

A Wall Street Journal article from 2008 noted one bold move by Xcel: “Departing from the norm, Xcel isn’t seeking permission from regulators to recover its costs in advance, but will wait until ‘we have proven the benefits,’ says Mike Carlson, Xcel’s chief information officer.”

Suffice to say all has not gone as hoped in Xcel’s effort to turn Boulder into a Smart Grid City.

The Denver Post provides a current update. In brief: the company has spent about $45 million on the project, regulators have approved recovery of $28 million and the city, other Colorado ratepayers, and the utility are battling before the CPUC over responsibility for the remaining $17 million in expenses.

Oh, and voters in Boulder approved (just barely) two ballot issues last November in an effort to municipalize electric utility service in the city (and see the utility comments here).

ALSO from the Denver Post: “Changing energy policy rules keep Colorado guessing in election year.”

Smart shopping for electric power just got easier in Houston

Michael Giberson

CenterPoint Energy, the Houston-area electric distribution company, has launched MyTrueCost.com to help area retail electric customers shop for electric power. Help may be needed: currently 43 companies offer a total of 239 different service options in the CenterPoint service territory according to data from Powertochoose.org, the Texas PUC’s retail power website.

The basic idea is pretty simple: customers sign up, TrueCost accesses their smart-meter based electric power consumption data and estimates bills, the customers provide some information on the kind of retailer and contract they want (low price, environmental characteristics, number of PUC complaints, years in service, etc.), and then the website identifies the contracts that appears most suited to the customer.

TrueCost doesn’t search through all possible contracts, however, just contracts from the several retailers that have agreed to participate. Currently 10 of the 43 companies in the area are participating. Customers should be aware that TrueCost gets paid a flat fee by the retailer for each customer that signs up through the service. (TrueCost noted in the Q&A that the flat fee means that the service doesn’t have an incentive to upsell customers to more costly contracts.)

Simple. Smart. Cool. (And speaking of cool, the young people of Houston would like you to know that a Forbes real estate blogger has named Houston the #1 on its list of America’s Coolest Cities to Live.)

By the way, TrueCost also charts average retail power prices offered in Texas’s competitive retail power markets and provides commentary in an accompanying blog.

One-year plans keep momentum from summer price spike

One-year plans keep momentum from summer price spike (July 5, 2012)

INVITATION: If any of our Houston area readers have tried out MyTrueCost, send me an email and let me know what you think. My email address can be found here.

Smart meter cybersecurity and moral panics

Lynne Kiesling

In March I wrote about Adam Thierer’s paper on technopanics — “a moral panic centered on societal fears about a particular contemporary technology” — and I argued that we should bear the moral panic phenomenon in mind when evaluating objections to smart grid technologies. In the past two weeks we’ve seen news articles on this topic: according to the FBI, smart meter cybersecurity is loose enough that hackers have been able to hack into smart meters and steal electricity.

Chris King from eMeter has done some digging into this question, and writes at Earth2Tech suggesting that the problem is old-fashioned criminal human behavior, not any technology-specific security failure:

Upon a closer look, this situation is not so much about smart meters as it is about criminal human behavior. Former Washington Post reporter Brian Krebs explained that it was not actually the smart meters themselves which were “hacked.” The meters’ own security measures were not breached.

Instead, criminals accessed the smart meters by stealing meter passwords as well as some devices used to program the meters. This is more like stealing a key and opening a door, rather than breaking the lock on the door.

These criminals were former employees of the utility involved, and of the vendor who provided the smart meters. These people were paid (bribed) by customers to illegally reprogram the meters so that those meters would record less energy consumption than actually occurred. This is not fundamentally different from bribing human meter readers to under report consumption — which happens often in some developing countries.

Which brings us back to Adam’s original point: why are we so willing to accept the technopanic argument? Why are so many people so suspicious of new technology, and so willing to give up both the consequentialist potential benefits and the moral defense of individual liberty and impose controls and limits on technology?

The Internet of things and computational energy efficiency

Lynne Kiesling

Today in Technology Review, Jonathan Koomey has an interesting analysis of computational energy efficiency. We’re all familiar with Moore’s Law — Gordon Moore’s prediction that the number of transistors on a chip will double approximately every two years — but I did not realize that Moore’s Law is also borne out in improvements in the electrical efficiency of computation. Not only do we have more and more computational capacity per unit of area, each of those increased computations is performed with less electricity per computation. Koomey’s graphic showing this result over time is striking:

If this trend continues, Koomey claims, ” the power needed to perform a task requiring a fixed number of computations will continue to fall by half every 1.5 years (or a factor of 100 every decade). As a result, even smaller and less power-intensive computing devices will proliferate, paving the way for new mobile computing and communications applications that vastly increase our ability to collect and use data in real time.”

The ability to do more work with less effort is one of the most meaningful consequences of technological change, whether we’re talking about horse harnesses, water wheels, diesel engines, or digital sensors. One of the fascinating aspects of this improvement in computational electrical efficiency is that it opens up the feasibility of lots of distributed low-power sensors that get enough electricity to operate by harvesting “background energy flows”; Koomey’s example is small weather sensors that harvest stray energy from television and radio signals to send weather condition updates every five seconds. Imagine how a distributed network of such sensors could improve severe weather preparation, for example.

In the rest of this very interesting article, Koomey discusses the research and design efforts going into achieving such energy efficiency in data transmission and taking a system-level perspective on the electricity use of an entire network of devices. He also claims, and I think he’s right, that without such energy efficiency the “Internet of things” cannot become a reality.

The “Internet of things” framing of the Internet envisions interconnected networks of devices able to communicate their states, generate more granular information, and/or trigger tasks autonomously, without human intervention. For example, right now the water filter in my refrigerator needs to be replaced, which means I go down to the basement to see if I have one (which I do), and if using it reduces my filter inventory to one, I get online and order three more. It would economize on the most scarce resource in this supply chain — my time — if the filters had RFIDs and the refrigerator had an algorithm that would implement the inventory query and ordering process for me. I still have to install the new filter, but if that installation triggered an automated query and order, I’d come home from work in a few days to find a box of three water filters, with little effort on my part. That’s an example of the potential of the Internet of things; I’m sure you can come up with more examples that you would find valuable in your own work or personal lives, and I know you can see where this IoT framework intersects with consumer-focused smart grid networks.

Of course, details matter, such as getting the interoperability rules and security right so that only refrigerators can query the filter inventory in the house (no infiltrators, including the government), and so that the refrigerator’s connection to order replacements is secure. The same applies to electricity devices in the home and the digital meter, which is why one of the important phases in the process of smart grid development is laws protecting consumer privacy and property rights in data. Innovation in both computational power and computational energy efficiency have created this potential to create more value while economizing on the scarce resources of human time and attention.

UPDATE: And check this out: carbon nanotubes that can dump heat separately from current into a separate device, which should contribute to continued gains in computational energy efficiency.

Cost savings and value creation are different

Lynne Kiesling

The cost saving-focused mindset has prevailed in regulated industries for over a century, slowing innovation in the process. In electricity, regulation that bases firms’ profits on cost recovery erects market barriers by recognizing only a business model that involves providing a specified product (110v power to the home) transported over a monopoly network. Even in 2011, well into the third decade of the digital revolution, this narrow focus and cost-saving mindset persists, and it fetters smart grid-enabled economic growth by emphasizing cost recovery and ignoring value creation.

In fact, one of the main reasons why smart grid investments face regulatory and political opposition is that focus on cost recovery (among others). I think this Greentech Media article gets the story right: the ways that smart grid investments can lead to cost savings are limited. We’ve discussed this idea here at KP quite a bit — a limitation on the benefits of transactive technologies and dynamic pricing is the fact that for most people, electricity bills are not a large share of their annual expenses, so even saving 15% on the electricity bill may not be a salient enough benefit to induce a lot of people to make technology investments. In other words, smart grid may or may not lead to cost savings for a lot of residential customers.

But is that the right metric by which to evaluate smart grid investments? Of course not. The Greentech Media article linked above starts with a telecom metaphor that I use frequently. In nominal terms, most of us pay much more for our communication services today than we did when all we had was a single land line (and leased Western Electric phone!) back in the 1980s, and even in real terms we probably still pay more than we did then. But look at how much more value we get — mobility, Internet, automation, all of the services that have been created at the edge of the network. We are much richer and better off because of the change in communication technologies and services since the 1980s, even taking into account that we pay more for them. Apply this metaphor to the regulatory calculus today, and the mismatch of its cost recovery focus and the benefits arising from new value creation is apparent. Innovation in telecommunications didn’t occur and thrive and expand because of cost savings and cost recovery, but instead because of new value creation.

Those who argue that the business model for customer-facing smart grid investments has to be grounded only in cost savings are incorrect, and are looking too narrowly at consumer value propositions. This debate came up in the post I wrote in October about the new Nest thermostat, a gorgeous and beautifully designed piece of consumer-focused in-home technology from a group of former Apple engineers, and in other articles about Nest around the same time. Observers from this traditional cost savings mindset dismissed the Nest thermostat because of its $250 price tag, saying that consumers would not save enough money to make the payback period on it make sense, even with dynamic pricing. This criticism overlooks the additional features and capabilities of such a device — motion sensing, serving as a hub to integrate and manage and automate in-home digital devices, learning algorithms, extensibility to be able to bundle with other digital services in the home, and so on. It also overlooks the persistent pattern in the history of new technology adoption, from the Roman baths onward; there will always be consumers with strong “first adopter” preferences, who are willing to pay more to be the first ones to have the novelty, and in the case of digital devices, incur that cost fully aware that prices will fall in the future as the technology matures. They guinea pig new technologies for the rest of us.

Those two aspects — additional features and first adopter preferences — mean that a lot of the value proposition in consumer-facing smart grid technologies is new value creation, not cost savings. This means that the regulatory calculus and the traditional electricity cost-focused mindset misses the real action, the real opportunity, the real potential that the investments could unleash.

One data point supporting my claim is that, only one week after its commercial release, the Nest thermostat was sold out and is now only available on backorder. Such innovation is about value creation more than cost savings, and ignoring and stifling that process holds back the contribution of the electricity industry to economic growth and well-being.

The smart grid and the regulatory barriers thereto

Michael Giberson

Bob Jenks of Oregon’s Citizens’ Utility Board, writing at EnergyPulse, explains “Why Smart Grid Advocates Should Learn About Utility Regulation.”

Reading between the lines a bit, the reason smart grid advocates should learn about utility regulation seems to be so that they will understand that their talent, inventiveness, and desire to make the world a better place will be wasted unless they trim their vision to fit the established way of doing things. Therefore:

Although Smart Grid advocates have brought something new to the industry, progress for the sake of progress must be discouraged. Let us preserve what must be preserved, perfect what can be perfected, and prune practices that ought to be prohibited.

No, I’m sorry that is not right, somehow Jenks’s text got mixed in with Dolores Umbridge’s introductory speech to the assembled students of Hogwarts.

Actually, Jenks argues a long history of regulatory practice has resulted in a body of established ways of doing things – for example, managing utility incentives through manipulating the rate base, doctrines such as “use and useful” intended to protect ratepayers. If smart grid advocates want to engage with customers of a regulated electric utility, Jenks says they’ll need to work within the established system.

In essence, smart grid advocates, the advice is to realize that any regulated industry is part of the broader political industry:

Look, you need to participate in our system. You need to participate at a personal level, you need to participate at a corporate level.

No, once again I’ve mixed it up a bit. That is Google’s John Schmidt talking about his experience dealing with politicians in Washington, DC.

All snarkyness aside, I actually agree with a great deal of what Jenks says. If smart grid advocates want to make headway in a regulated business like exists for electric power for most of the United States, then they better learn the rules of the regulated game. You want to sell into a regulated utility market? Then you better trim your vision to fit the regulators’ ways of doing things. It just turns out that neither regulators nor the regulated industry do innovation very well, at least not the revolutionary kind of innovation like some smart grid advocates have in mind.

And in recognition of that well-established fact, I’d like to invite all smart grid advocates with revolutionary innovations in mind to come on down to Texas and check out the dynamic potential of the state’s competitive retail market.

Nest’s elegant learning thermostat — but is it transactive?

Lynne Kiesling

A team of highly skilled and design-savvy engineers have revealed Nest, an elegant, well-designed thermostat that can learn your preferred settings, analyze your data to spot energy-saving and money-saving opportunities, and look lovely on your wall. Earth2Tech has a review article on Nest, as does Greentech Enterprise. This summary description, from the Earth2Tech article, indicates why this device has strong potential:

The Nest thermostat, on the other hand, is supposed to learn your energy consumption behavior and program itself, and then automatically help you save energy in a convenient way. Once installed, the thermostat takes about a week of hardcore learning to recognize the standard way you heat or cool your home, and then recommends settings that are slightly more efficient than what you already do. It also automatically turns down the thermostat at times that are convenient to you. The device also continues to do lighter learning of your behavior via pattern recognition and your manual interaction with it, throughout the life of the device. …

The Nest thermostat has five sensors — temperature, humidity, light and two activity sensors — and the activity sensors can notify the device to turn down the heating and cooling when no one is in the house.

The Nest thermostat also has a feature called “time to temperature,” which shows the home owner how long it will take to heat or cool the home.

I love the idea of this “time to temperature”, because most people don’t realize how large an effect the thermal mass of the home has on energy use, and how pre-cooling and pre-heating before a high-price period can save both money and energy.

Nest also offers a website with more granular data, remote adjustment capabilities (and I expect that those adjustments can be automated, although the article doesn’t specify), and money-saving energy-saving suggestions.

But even more importantly, Nest comes equipped with a Zigbee chip and wi-fi, so it will be a discoverable device on your home network, and able to communicate with a digital meter and other digital devices in the home. It sounds like it has enough intelligence in it to be extensible over time to be a portal for automating the behavior of smart digital devices in the home … and it can be transactive, and consequently make the home transactive and the homeowner capable of automating the responses of a wide range of smart devices in the home to respond autonomously to price signals. If a grid is not transactive it’s not a smart grid, and Nest looks like it will be a step in that direction. The other necessary condition for a smart grid is retail choice and the customer being able to choose dynamic pricing that Nest can automate. Without retail choice and dynamic pricing, the smart grid is not smart.

A final interesting note about Nest is its path to market: rather than going the mass utility deployment route, Nest is going direct to consumer, hurrah!

However, Nest is one of the only companies that is directly targeting consumers for its thermostat. Nest plans to sell its thermostat at Best Buy, via building specialty channels, and through its website. Fadell tells me the company wants to “connect with the iPhone generation where it shops.”

I’ll be watching this development with great interest.