Does IoT Data Need Special Regulation?

← Back to Stories (view on slashdot.org)

Does IoT Data Need Special Regulation?

Posted by samzenpus on Wednesday September 23, 2015 @07:04PM from the new-rules dept.

dkatana writes: As part of the UK's Smart Meter Implementation Programme, Spain's Telefonica is deploying a M2M solution, using its own proprietary network, to collect and transmit data from 53 million gas and electricity smart meters. The most troubling issue is that the UK government awarded the contract to a private telecom that uses a proprietary network rather than to an independent organization that uses freely available spectrum and open source solutions. Those Smart Meters are supposed to be in operation for more than three decades, and rely on a network that can cease to exist. On top of that, the network, running proprietary protocols, can be hacked, and "will be hacked". Only Telefonica will be able to fix it.

18 of 99 comments (clear)

Min score:

Reason:

Sort:

open source? by phantomfive · 2015-09-23 19:09 · Score: 4, Insightful

I don't think you can rely on any platform to be around for 30 years, even if it's open source.
Some platforms have lasted that long, but trying to guess which platforms will last and which won't is not the reason to choose open source.

--
"First they came for the slanderers and i said nothing."
1. Re:open source? by Dog-Cow · 2015-09-23 19:14 · Score: 2
  
  It's far more likely that TCP/IPv6 will be around in 30 years. TCP itself has been with us for about 40, and it doesn't look like it will be replaced any time soon. (Replace TCP with UDP, if that makes sense for the application.)
2. Re:open source? by phantomfive · 2015-09-23 19:23 · Score: 4, Funny
  
  It's far more likely that TCP/IPv6 will be around in 30 years
  Come to think of it, you can probably make sure a technology lasts by wishing it wouldn't stick around. Based on that, they should use IPv4 with Flash+Javascript written in COBOL on Windows ME. It'll last forever.
  
  --
  "First they came for the slanderers and i said nothing."
3. Re:open source? by phantomfive · 2015-09-23 19:30 · Score: 2
  
  BTW, if it is public, it's reasonable to request that the final source code be opened, but to only choose open source to begin with, that's a silly requirement.
  
  --
  "First they came for the slanderers and i said nothing."
4. Re:open source? by KGIII · 2015-09-23 19:39 · Score: 5, Interesting
  
  I like the way you think. I really do. Which made me think of an answer to this non-question.
  The answer is no, we don't need special regulation. What we need are intelligent and informed persons. Eventually, and this doesn't discount closed source, we could have open and interoperability-built standards that are published, vetted, and agreed on - or at least published and open. The idea being that, yeah, smart people would select to use such instead of insisting on reliance on closed and mysterious. This doesn't mean that the code, itself, can't be proprietary but the communications methods that it uses should be - they should be open, available, and free to use, even for commercial means. In this case, using this example, I'd suggest relying on the standards IPv6 and TCP/IP (or UDP, if applicable - does UDP support error correction?).
  If there's any benefit to this new, proprietary, communication format then, by all means, share it with the world so that it can be reviewed, improved on, standardized, and benefit others. It's not like it will do anything more than help the company's bottom line to do so. If anything, it will increase their visibility and market share. Perhaps, I guess, they could license it for commercial use but, honestly, I don't think that will help. If anything, and this is important to me - at least, it's a municipal project (from the looks of things) and thus it should be open.
  The summary mentions that it will be hacked, and it will be, so having other companies that can layer on security (if needed) or perform repairs prevents lock in and price gouging. There's a vested interest, from the people, to insist that these types of things remain open and rely on commonly accepted (i.e. standardized even if unratified and informally) and readily available information. Should this company go out of business then the tax payer will have to keep them afloat just to insure they can read electrical usage meters? Surely you jest... When a security flaw is discovered, and it will be, who is going to repair it and how much is it going to cost? Truly, I can think of no benefit to this being proprietary but, perhaps, I'm missing something.
  Ah well... I should be sleeping, though I've called the desk and have paid for another night so I'll not have to be out of the hotel by 10:00 in the morning. What an ungodly hour to insist that I check out. I'll be in Buffalo for another night and that means I get to spend a little bit of time online. Yay...
  
  --
  "So long and thanks for all the fish."
5. Re:open source? by Dutch+Gun · 2015-09-23 19:43 · Score: 3, Interesting
  
  Question: The summary and article is talking about the user's data that's collected. Is this data considered sensitive, other than the fact that one could potentially determine if someone is home or not if collected in real time? Do these smart-meters collect more than gas, power, and water usage? If it's just utility metrics, does anyone really care all that much about that? I'm trying to figure out how if any sort of data-leakage could really negatively affect someone. Maybe I'm just not imaginative enough.
  Getting the meter hacked could be annoying or expensive, but probably not a catastrophe, as you'd simply dispute any ridiculous charges. Naturally, that's always an issue with any device tied to infrastructure.
  As for using a proprietary network and protocol, I'd hope that the UK required exact documentation of what they're using, and how it works. That way, if the company goes belly up, another company could provide similar reading services based on those protocols. Of course, government bureaucracies being what they are, I guess I wouldn't be surprised if no one thought to do that.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
6. Re:open source? by AmiMoJo · 2015-09-23 19:44 · Score: 4, Informative
  
  TFA is confused and has almost no information. I work in this area, and even I don't know what it is on about.
  There are a few different systems for reading smart meters. They are all proprietary to some degree. Some use mobile networks, some use Zigbee, some use other proprietary networks on sub-1GHz radio bands.
  It's hard to see what someone could do to hack these devices. They are basically transmit only. They send meter readings, that's it. I suppose you could artificially inflate someone's bill or jam the ability of the electric company to take readings, but then they would just revert to the old system and read the numbers off a display on the unit. The units don't accept any commands at all - they are designed to be highly tamper proof because people have been trying to steal electricity from day one.
  There is no open source software framework or network for this purpose. Wifi is far too short range and subject to massive amounts of congestion. TFA doesn't suggest anything.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
7. Re:open source? by Threni · 2015-09-23 19:44 · Score: 2, Insightful
  
  You've got it backwards. If you say up front "we're only interested in open source solutions" then only people with open source solutions, or people prepared to create one, will enter. There's absolutely no reason to do non open-source software except to attempt to make more money out of something but one company making money isn't the only reason these systems are designed and created. It's better for everyone if it's easy/possible for other people/companies to be able to continue running a system when the original company no longer exists, or has changed its focus.
8. Re:open source? by Darinbob · 2015-09-23 19:44 · Score: 4, Informative
  
  I work in this industry. Proprietary networks can still use freely available frequencies; most of them actually do. Other spectrum is extremely expensive and often impractical for this sort of stuff (unless they plan to blast out at high dB to collect data from further away). The article mentions wifi and cellular, and wifi is freely available spectrum, and cellular may be used in some cases where connectivity is a problem and the telephone companies have paid the big bucks to buy that spectrum (expensive to use cellular so it's a last ditch resort).
  For open source, that's not practical. First off, the customer here is not the home owner. The customer is the utility. The utility does NOT want the home owner to be hacking on the meters. Given the number of anti-smart-meter kooks out there, these are active targets for hacking. Even if open source is used they images would inevitably have to be signed. Yes, only Telefonica (or other provider) will be able to fix these meters, but that's normal and expected and required under many regulations. Yes, someone can fiddle with them, open them up, cut some wires, etc, but you break the seal on the meters and the owners will notice soon enough.
  If the network ceases to exist, then the meters still continue to work. Just read them by hand like we used to do. Assuming no one else buys out the meter company and takes over the network. Or the new utility removes the meters and replaces them with something else. How is the "thirty years" thing even remotely a problem, since in that time many networks may come and go. Firmware gets upgraded, or the utilities may decide that they want the new features and replace them before thirty years.
  As for can and will be hacked, compare that to phone networks. They can and will be hacked, and the owner of the phone can do nothing since only the phone company will be able to fix that. No panic there I see. Only panic with smart meters. I think phones are too cool for conspiracy theories to take root.
9. Re:open source? by Darinbob · 2015-09-23 19:59 · Score: 2
  
  There are conspiracy theories about this. When the meter was read only once a month (sometimes less) then the user didn't have to worry that the utility could discover them cheating. But if it can read usage once an hour, which is typical, now the cheats are caught more quickly. Though more seriously, the concern is that someone can figure out when you're not home by breaking into the utility and reading the data.
  But, people can already figure out if you're not home by breaking into the phone company and reading their records and notice that all your calls are coming from a vacation site. Why aren't the conspiracy theorists worried about that? Or break into the credit card company and learn that you've bought g gas on the other side of the country an hour ago, good evidence that you're not at home.
  One reason some of these networks have proprietary protocols is because the need for those particular protocols did not exist before smart meters. Wifi and cellular are impractical for them in many ways (though some companies use those in some cases). But there are standardization committees with active arguing participants (mostly trying to figure out how to lock out a competitor).
  Hacking the meter will almost always be in an attempt to either disrupt the network (conspiracy theorists pretending to be the saviors of humanity) or to reduce charges on their own meters (by preventing transmission, not by rewriting the data). Plenty of people have screwed with meters and power systems before smart meters, so the utilities already have a vested interest in tamper detection and security.
10. Re:open source? by phantomfive · 2015-09-23 20:17 · Score: 3, Insightful
  
  Your comment is a perfect illustration of the saying, Hindsight is 20/20.
  
  --
  "First they came for the slanderers and i said nothing."
11. Re: open source? by Anonymous Coward · 2015-09-23 20:30 · Score: 3, Insightful
  
  Speaking (anon) as somebody who is supporting a decades old government contract and seeing how many vendor fucks are given once those contracts are signed; I can tell you guaranteed income is not the same thing as guaranteed support. We haven't patched those systems since Debian Lenny.
12. Re:open source? by lars_stefan_axelsson · 2015-09-23 20:59 · Score: 2, Informative
  
  If you want to steal energy, the low tech solution is to clam on to the lines before it goes into the meter. Very popular with the hoe growers overhere, has been for many decades.
  And the defence against this is equally old. The electricity company also monitors how much power is delivered at the other end, and if the discrepancy is too large, they start monitoring individual subscribers to see where the loss is.
  With smart meters, this becomes so easy that you could automate it. With smart meters you can more or less continuously monitor usage by the subscribers and delivered power to the group of subscribers, cheaply and on-line. Simple statistical anomaly detection can relatively easily point out both when someone is "stealing" electricity and point the finger at the subscriber that's probably the culprit. Before there was a large lag and metering to catch the "thief" was expensive and involved manual labour. Today you have computerised reporting every hour.
  So while "stealing" electricity may be as easy as ever, getting away with it just now became harder.
  
  --
  Stefan Axelsson
13. Re:open source? by TheRaven64 · 2015-09-23 21:31 · Score: 2
  
  For open source, that's not practical. First off, the customer here is not the home owner. The customer is the utility. The utility does NOT want the home owner to be hacking on the meters. Given the number of anti-smart-meter kooks out there, these are active targets for hacking. Even if open source is used they images would inevitably have to be signed. Yes, only Telefonica (or other provider) will be able to fix these meters, but that's normal and expected and required under many regulations. Yes, someone can fiddle with them, open them up, cut some wires, etc, but you break the seal on the meters and the owners will notice soon enough.
  Open source here is not about allowing the end user to install their own version of the software, it's about interoperability. In the UK, part of privatisation of the energy companies meant that you are able to switch between providers at will. This means that if I get an electricity metre installed by one provider then the next one must be able to use it, whether I switch next week or in five years time. The new company now takes responsibility for the metre and so must be able to update it for their tariffs and must be able to ensure that the previous company can not get access to my consumption (e.g. by changing the encryption key used).
  
  --
  I am TheRaven on Soylent News
14. Re:open source? by w3woody · 2015-09-24 01:20 · Score: 2
  
  You're assuming, of course, that those who write the regulations come from this relatively rare species of intelligent people. The problem is, we have no way to guarantee this. And we run the risk of codifying in regulation something remarkably stupid instead.
  I'm not suggesting not to use regulation. I'm suggesting that concluding we should use technically competent technocrats because there is a lack of technically competent people--especially in a world which seems to discount technical competence--runs the risk of creating single points of failure.
Open source example by dbIII · 2015-09-23 20:29 · Score: 2

The oil and gas industries use fully documented data formats of which one from nearly fifty years ago (SEGD) is still in use which means files from the 1970s can still be read by current software with no need to convert.
If an industry as commercially focused as oil can use published open source data formats then so can this telecommunications company.
Just look at Irish Water by An+dochasac · 2015-09-23 22:18 · Score: 2

Irish water's smart meters block several digits of each consumer's water meter. This makes it nearly impossible for anyone to see their own utility usage. The data is sent via an unpublished protocol to Irish water's meter readers. When consumer's receive a bill, they must believe and pay it, or face fines, legal action and jail.
Some consumers are concerned by the exposure to an unknown amount of RF from the unknown protocol. Others are concerned by the safety of the haphazardly installed meter system or the possibility that the poorly installed meters might be causing leaks or mis-configured meters causing artificially high bills.
The Irish government supports this private company intervening between public water and private users. So if a consumer's remote control or outdoor thermometer on the crowded 433Mhz or 900Mhz bands interferes with the unknown protocol, they are likely to be charged with hacking.
An open protocol would have allowed independent companies to develop inexpensive consumer-focused smart meters which would have helped with the goal of reducing water wastage. As it is now, Irish water decides if and when consumer have access to their own consumption patterns, they will decide what to charge for meter-readers and they alone will determine the accuracy of the flow meters which determine their revenue.
Petrol stations don't regulate their pump's flow meters. Grocery stores don't calibrate their own fruit scales. Butchers don't calibrate their own weighing scales.
So why do we let utilities decide how their product is measured?
Just say no... by TomGreenhaw · 2015-09-23 22:56 · Score: 2

...to unnecessary regulation codified by politicians who don't understand the technology in question. At the end of the day, it only drives up cost and stifles innovation. At most we need to enforce a law that says you cannot operate something without the owner's permission except in cases of public emergency.

--
Greed is the root of all evil.