Toronto Hydro Surveillance?
I can’t help but think there’s a movie in this somewhere. Love, devotion and allegations of betrayal are all present. Mix in smart meters and privacy and it becomes obvious why I’m blogging about this. It’s quite a fascinating story and it comes from, of all places, an unpublished Ontario IPC report, issued in September 2013, which was sent to me. The troubling bit is that there are more than a few questions that arise from the story.
The romantic side of this potential screenplay begins with a woman. Our heroine suffers from severe rheumatoid arthritis. To ease her pain, our hero, her husband, started growing a small amount of marijuana for her medical use in their basement. We don’t really know how much but this is definitely more mom-and-pop than drug lord. The husband was also honest. Instead of stealing his electricity as a grow house operator might, he simply paid Toronto Hydro for it as would any normal, law abiding homeowner.
When he started, neither the husband nor wife had a production license from Health Canada. A year later, the police raided the home and the husband was charged with production and possession. The Crown later dropped the charges. With no public reasons, we’re left to speculate as to why the Crown did so but it does suggest that the marijuana production was not large scale. If it was, it seems unlikely that the Crown would simply drop charges without even trying for a plea.
The husband subsequently filed a complaint with Ontario’s Information and Privacy Commissioner alleging a violation of Ontario’s Municipal Freedom of Information and Protection of Privacy Act (“MFIPPA”). Toronto Hydro is an “institution” for the purposes of that statute and subject to its requirements.
The husband alleged that his use of electricity was not extreme or abnormal. Essentially the argument was that growing a small amount of marijuana doesn’t set off alarm bells in that the activity did not significantly increase electricity usage to the point where Toronto Hydro should suspect a marijuana grow op. The suggestion made by the complainant was that there is a sophisticated, on-going use of energy analytics software by Toronto Hydro examining smart meter data and electricity consumption patterns.
The IPC Report
In the IPC’s report on the complaint, the focus was on whether Toronto Hydro violated MFIPPA in its collection, use and disclosure of smart meter data. A preliminary question was whether home smart meter data was personal information. In addition to identifying information, the IPC took the position that daily residential hydro consumption and graphs of hourly usage qualifies as personal information for the purposes of MFIPPA.
I’ll leave aside the issue of collection. Given the data elements in question, especially the electricity consumption data, it would be difficult to suggest Toronto Hydro doesn’t have a legitimate reason for its collection. But what about use and disclosure?
Section 31 of MFIPPA provides that:
An institution shall not use personal information in its custody or under its control except,
(a) if the person to whom the information relates has identified that information in particular and consented to its use;
(b) for the purpose for which it was obtained or compiled or for a consistent purpose; or
(c) for a purpose for which the information may be disclosed to the institution under section 32 or under section 42 of the Freedom of Information and Protection of Privacy Act.
“To minimize, investigate and/or report potentially dangerous use of electricity, error, fraud, theft of power or other breach of law or contract;”
That’s a very broad statement – especially that “other breaches of law or contract” bit. Most people might not think that their electric utility would do that in circumstances where Toronto Hydro is not a party to the breached contract or a victim of the breach of law. Fraud and theft of electricity? Yes. The dangerous use of electricity? Yes. But in the present instance there was no fraud or theft. If it was a large “grow op”, one can reasonably conclude there is the possibility of “dangerous use” of electricity but the Crown dropped the charges brought. One would think that they wouldn’t do that if the scale of activity were so large that there could be a dangerous use of electricity.
Going back to the question of whether there was an MFIPPA violation, the IPC concluded as to use:
Leaving aside the reference to “grow operation” – since the size of the growing activity is, at a minimum, debatable — it appears that Hydro’s position is that any marijuana production may pose a threat and increase system risk. As one can see from the text above, the IPC accepts that monitoring for unauthorized use was consistent with the purpose of collection and therefore allowed under MFIPPA.
Toronto Hydro’s position is that a random audit on our hero’s street was the means by which he came to their attention. However, if his claim of no abnormal or excessive use is true then something doesn’t make sense here. People grow all sorts of things indoors. Gardeners use hydroponics, grow lights and indoor garden gear to start seeds, grow indoor herb gardens, etc. The equipment is sold in stores such as Canadian Tire or Home Depot, not head shops.
But if the electricity was paid for by the homeowner, how did Toronto Hydro know it was an unauthorized use? And if the use was not explainable in terms of the usual household consumption, why did they go to the police first? Did Toronto Hydro determine that this electricity usage was for marijuana production? (As opposed to, say, tropical plants.) Does Toronto Hydro use, as alleged, specialized analytical software to search for this kind of activity? If yes, how extensive is the use of such software? The IPC report indicates that four paragraphs were redacted from the Toronto Hydro submission provided to the complainant so he never found out what Toronto Hydro actually did.
In terms of what Toronto Hydro did with the information, there were four disclosures of information to the police. The first was unsolicited by the police — Toronto Hydro freely provided it. The following three were requests by the police for updates over the course of six weeks.
Section 32 of MFIPPA outlines the circumstances in which disclosure is permitted under the statute. It is a long list but the IPC focused on s. 32(c):
An institution shall not disclose personal information in its custody or under its control except,
(c) for the purpose for which it was obtained or compiled or for a consistent purpose;
At this point, it’s best to use the report’s articulation of positions. The reference to “your” below refers to the complainant.
The IPC’s position was that since the use was okay under MFIPPA, then s. 32(c) made disclosure permissible:
If the IPC had not made this finding, the next logical stage would be to ask if it was a “consistent purpose” under s. 33:
The purpose of a use or disclosure of personal information that has been collected directly from the individual to whom the information relates is a consistent purpose under clauses 31 (b) and 32 (c) only if the individual might reasonably have expected such a use or disclosure.
Would an individual have reasonably expected such a disclosure? I doubt it but I also have to recognize that other perspectives are out there.
The reader will, of course, reach their own conclusions as to the IPC’s findings but from a “privacy” perspective – not a legal compliance perspective — this conclusion is unsettling. In our post-Snowden world, given the general public unease with surveillance – as expressed by the Commissioner herself – the nature and extent of energy use analysis by a government-owned utility with an active policy of turning findings over to the police needs to be better explained to the public.
It would seem that smart meters allow Toronto Hydro to “play cop” in the sense that if they think you’re breaking the law, they will report you to the police. I do not know but suspect that this does not represent a change in Toronto Hydro policy. However, the granularity of data has changed a quite a bit and the fears of privacy advocates about the collection of smart data now appear more valid than not.
I’m not sure anyone would argue if it were a house given over to a “grow op”. But the IPC report doesn’t suggest we’re in that territory. Should any inexplicable use be automatically reported to the police? Remember this is not fraud or theft. Should a utility owned by the public make this kind of policy without a broad public consensus? Should a line be drawn as to which reports to police are acceptable and which are not? And, if yes, where?
And if the husband or wife had a medical marijuana production licence from Health Canada at the time of the police raid, it is likely that there would have been no charges in the first place. How would the reader then view Toronto Hydro’s conduct in reporting a legal activity to police?
While it is not exactly on point, Dr. Cavoukian’s Best Practices for Smart Grid Privacy By Design notes:
I think it safe to say that any broader monitoring and police reporting activities of Toronto Hydro are not well known to the average consumer. I doubt that the average Toronto Hydro customer is aware that part of the utility’s mandate: “To minimize, investigate and/or report … other breach of law or contract;”
The municipal utility did not escape unscathed although the result is not really clear in meaning.
Toronto Hydro has to develop written policies in order to comply with “privacy protective principles”. Just how is the utility supposed to do that? Are these policies to be published? Are there to be controls put in place? Is there to be any follow up by the IPC? Finally, when is this supposed to be completed?
From a privacy perspective, it would be better if Toronto Hydro indicated what kind of analytics it actually does and explain, in a more fulsome manner, the size and scale of any monitoring as well as its relationship with the police. It should do this to demonstrate that its collection of “smart grid data” has not crossed the line into surveillance.
It is somewhat regrettable that the IPC chose not to publish the report. (And since it is in the form of a letter to the complainant, I am not going to post it either.) It is within the Commissioner’s discretion whether or not to do so but given her interest in the subject of surveillance as well as smart grid privacy, an anonymized version of this report in the public domain would have been educational and instructive.