Smart meter cybersecurity and moral panics

Lynne Kiesling

In March I wrote about Adam Thierer’s paper on technopanics — “a moral panic centered on societal fears about a particular contemporary technology” — and I argued that we should bear the moral panic phenomenon in mind when evaluating objections to smart grid technologies. In the past two weeks we’ve seen news articles on this topic: according to the FBI, smart meter cybersecurity is loose enough that hackers have been able to hack into smart meters and steal electricity.

Chris King from eMeter has done some digging into this question, and writes at Earth2Tech suggesting that the problem is old-fashioned criminal human behavior, not any technology-specific security failure:

Upon a closer look, this situation is not so much about smart meters as it is about criminal human behavior. Former Washington Post reporter Brian Krebs explained that it was not actually the smart meters themselves which were “hacked.” The meters’ own security measures were not breached.

Instead, criminals accessed the smart meters by stealing meter passwords as well as some devices used to program the meters. This is more like stealing a key and opening a door, rather than breaking the lock on the door.

These criminals were former employees of the utility involved, and of the vendor who provided the smart meters. These people were paid (bribed) by customers to illegally reprogram the meters so that those meters would record less energy consumption than actually occurred. This is not fundamentally different from bribing human meter readers to under report consumption — which happens often in some developing countries.

Which brings us back to Adam’s original point: why are we so willing to accept the technopanic argument? Why are so many people so suspicious of new technology, and so willing to give up both the consequentialist potential benefits and the moral defense of individual liberty and impose controls and limits on technology?

Advertisements

2 thoughts on “Smart meter cybersecurity and moral panics

  1. Dear Lynne: I think you have misused the term moral panic. As my cybernym shows, I have been the subject of moral panic over the dreaded obesity epidemic for years. The distinguishing feature of moral panics is that they are always about the behavior of third parties and its effect on them.

    “Smart-meters” are not a third party problem. They will affect each and every one of us who is a part of the utility grid, which is about 99% of the population.

    My concerns are not a moral panic, they are concerns about giving an over-reaching government more tools with which to reach into our homes and to regulate our lives in even greater detail.

    I know you are a libertarian, and I know you think the government has overreached our liberties on several occasions recently. Why will you not accept that if smart meters are in our homes, government regulators will try to use them to control us.

    As for hacking of smart meters. My understanding of computers and security systems is that there is no system that cannot be hacked. Smart meters are computer systems and they will be hacked, by cyber crooks, home crooks, government crooks, utility crooks, and even by 14 year old Lithuanian kids who are bored and have nothing better to do. Does this make smart meters useless? No, but it is not a case for installing them either.

  2. Dear Fat Man,

    I think you have not read Adam’s paper on which my post builds. In that paper he provides a thorough review of the moral panic literature, in which your definition of third-party behavior is not a distinguishing feature.

    My point in the post, and Adam’s point in his paper, is that at the margin new technology does not in and of itself change the nature or the magnitude of security threats.

    What I am advocating with respect to digital meters is that we make laws very explicit about customer data privacy, customer data ownership, and the responsibility of the meter operator (i.e. the regulated monopolist utility) to provide data security at a level commensurate with that seen in other sensitive industries, such as financial services and financial markets. Your turning my argument into a “data insecurity is a reason to install digital meters” is an illogical misinterpretation of my position.

Comments are closed.