In the wake of the California energy crisis of 2000-2001, the California Energy Commission (CEC) and California Public Utilities Commission (CPUC) are aggressively pursuing “demand response” (DR) energy programs aimed at reducing peak energy demand. Demand response systems convey information about market conditions through pricing or reliability signals to customers, who in turn, hopefully, alter their electricity consumption choices. In particular DR programs are aimed at shifting the time at which customers use energy through the implementation of time-varying tariffs. Armed with information about the time-varying cost of electricity residential and commercial customers are expected to reduce energy usage and/or shift their usage to non-peak, less costly, hours. Such shifts, even absent reductions in overall consumption, will reduce the likelihood of energy brown and black outs and provide direct savings to consumers. Technologies to enable the demand response system, including advanced metering research and development [OpenAMI] and sensor and control technologies development [DRETD], are under development. These technologies will be coupled with a communication and network infrastructure that supports the multicast of real-time pricing information, and the aggregation of energy usage and billing information.
Demand response energy infrastructure is a policy imperative. The federal Energy Policy Act of 2005 directs the Department of Energy to identify target levels of demand response benefits that can be achieved by January of 2007. The statute directs electric utilities to begin offering time-varying energy rates, and meters capable of supporting those rates, to consumers within 18 months of August 8, 2005. The Department of Energy is charged with educating consumers about the benefits of the systems; both state and federal agencies are charged with investigating the potential of, and making plans for, demand response adoption. It is expected that various demand response programs will be adopted throughout the country. Similar infrastructures are being put in place in other countries, some more advanced than in the U.S.
A core component of the demand response system is the collection of information about energy consumption from residential and commercial buildings at frequent intervals. The analog electric meters prevalent today are unsophisticated instruments that allow a meter reader to assess electricity use during the time interval between meter readings. The meters found in basements and on exterior walls, are typically read once a month by an employee of the utility who visits on foot.
Over the next two to five years these meters will be replaced by digital meters that collect data at frequent intervals, store it for many days, and transmit it wirelessly to the utility. Meters likely to be installed during 2006 are expected to contain a data collection module that will enable hourly readings and wireless transmittal of these readings to the utilities. Advanced metering installations projected to begin in 2007 will be capable of greater internal processing and have enhanced data storage capability. These meters are expected to collect data on electricity consumption at intervals ranging from one hour down to fifteen minutes. There is little agreement on how often meter readings will be sent to the utility or the intermediate nodes (concentrators) within the neighborhood, and the period for which readings will be retained in the meter, the nodes or the utility. The meters will collect and send a data set including a unique meter identifier, timestamp, usage data and some form of time synchronization information. The data is expected to be in a proprietary format unique to the individual manufacturer or utility, although some participants are looking forward to the availability of open standards and
architecture for meters.
Current utility practices include saving many years worth of customer usage data to facilitate customer dispute resolution as well as load and other research. These data retention practices are expected to persist. If all the readings are maintained, a customer’s yearly record will shift from a record of one data point per month reflecting average daily usage to a record of 750- 3000 distinct and time-stamped data points per month that reflect actual energy use. The information itself is distinct from the averages found in today’s bills. More significantly, the information one can glean or infer from this more accurate and detailed data set is radically different. Electricity consumption patterns in the coming DR system will reveal variations in power consumption that in turn can be associated with various household activities. Over time, power consumption can reveal personal sleep and work habits, the presence of certain medical equipment and other specialized devices, and of course signal the illegal behavior which today prompts law enforcement to seek them in certain drug production cases.
The changes in the frequency, format, contents, storage and transmission of data about electricity consumption that are integral to the planned demand response infrastructure raise interesting questions about the ongoing viability of maintaining, as a technical, practical and legal matter, the privacy of activities occurring within the home. How will the system architecture and business models address the increased sensitivity of meter readings? For example, imagine a future “wardriving” incident where wardrivers detect and monitor the unencrypted traffic between household meters and neighborhood level concentrators that relay energy usage information to the utilities. Monitoring such communications could provide information about occupancy on a per house, block, or neighborhood level. Armed with such information a criminal could relatively easily assess the best time to burglarize homes or engage in other property crimes in a neighborhood. How will the business models of utilities evolve to take advantage of the more detailed information that can be gleaned from energy consumption data taken at fifteen-minute intervals? Most significantly for the purposes of this paper, how will the increased information about in-home activities generated, transmitted and stored in DR systems be dealt with under the Fourth Amendment?
Existing legal precedent addressing the privacy of in-home activities, the energy they require, and the heat signatures they emit point in different directions. On the one hand the Supreme Court relatively recently affirmed the primacy of privacy in the home by prohibiting the use of a thermal imager to gather details about the home previously inaccessible without a physical trespass—at least until such time as the technology to do so becomes widely available to the general public. On the other hand, the Court has an entrenched position that where the government obtains personal details from third-party business records the Fourth Amendment is not implicated. In the first instance the Court has resisted limitations on Fourth Amendment protections for the home premised on the quality or quantity of the data that can be known. In contrast, the quality and quantity of the data in third party records clearly animates the existing Fourth Amendment case law finding no protection for personal details found in business records and has played a strong role in State Court decisions about the privacy protections provided by Fourth Amendment corollaries in state constitutions. While eschewing an examination of the
quality and quantity of information that devices reveal about the inside of the home, the Supreme Court has allowed the location of that information—in business records—to be completely determinative of the scope of Fourth Amendment protection.
Under the Court’s jurisprudence it is quite plausible that information about energy consumption inside the home contained in the records of a public utility—regardless of how sophisticated and detailed it becomes or how much it can reveal about the residents—will be found unprotected by the Fourth Amendment while the use of a relatively unsophisticated “device” that enhances law enforcement officers’ senses, allowing them to retrieve far less detailed information about in-home energy consumption, will require a warrant. At least until these devices become widely available to the public—as we would suggest they are today.
We are interested in exploring the Court’s divergent Fourth Amendment analyses when considering technological advancements that directly enhance the ability of law enforcement to gather information, and data collection and retention advancements in the private sector that similarly enhance the ability of law enforcement to gather information. In the leading case examining the law enforcement use of a thermal imager to gather information about the heat signatures of a home the Court refused to consider the privacy issues about the “waste heat” emanating from the home as driven by the notions of voluntarily disclosure, assumption of the risk, or abandonment. These concepts are the animating force behind the business records decisions. But as a logical matter these concepts are a far better fit for the “waste heat” which is freely available for anyone with the right technology to “see” from a public vantage point then they are for the utility records that are a necessary derivative of heating a home and are provided solely to the utility for the purpose of that service.
As more and more information about individuals’ activities is collected and archived by the private sector the Court’s disparate approach to considering the Fourth Amendment implications of direct collection of information by the government versus indirect collection from private sector entities (even where the data collection may be mandated by law) forces us to confront the possibility of a world with virtually no constitutional protection constraining government prying into citizen’s private acts whenever those acts are recorded or can be inferred from data collected in the private sector. If details of individuals’ in-home activities are directly recorded in or easily inferred from business records does the Fourth Amendment simply have nothing to say about the governments access and use of this information? Given that individuals are increasingly dependent on businesses to help them continually and in real-time manage activities and events in the home including the television they view, the nanny they hired, and the energy they use, will there be any private activities that remain outside the Fourth Amendment free-zone created by the business records case law? This article considers the Fourth Amendment issues raised by the changes in the quantity and quality of the data that soon will be routinely available in utility records in California and eventually across the nation. We begin our exploration of these questions in Part II by exploring the Court’s Fourth Amendment analysis of law enforcement use of technologies that directly enhance their senses. We compare and contrast this with the Supreme Court’s Fourth Amendment analysis and state courts’ analysis of comparable state constitutional privacy protections in the context of business records that yield information similar to that available through technological devices. We consider the Kyllo, Smith and Miller cases and state constitutional decisions considering
the privacy expectations in utility records. The comparisons highlight the inability of the Supreme Court’s current Fourth Amendment jurisprudence to provide a rational and satisfying description of the privacy interests the constitution protects in a world of networks, devices, and personal services that by design collect and retain personal information on private acts. They also illustrate the flimsy protection likely found in the Kyllo cases narrow limitation on “government-only” technology.
As the information in utility records becomes more detailed the Court’s disparate analysis of these two techniques for collecting information about activities taking place in the home leads to increasingly unsatisfying results from a normative perspective. The continued conclusion that personal information contained in third party business records is outside the Fourth Amendment is poised to obliterate the “firm line [the Fourth Amendment draws] at the entrance to the house.” We provide details of the DR architecture in Section III and explore the ramifications of the business records case law in this context in Section IV.
In Part V, we conclude that the economics of information processing are changing in a manner that is shifting the scope and effect of the Court’s business records doctrine. Technology that makes it cheaper and easier to collect and maintain information about customers, aligned with a service economy aimed at assisting individuals in managing their every need, activity and interaction, are diminishing the need for law enforcement to engage in the gumshoe surveillance activities of yesteryear or even the high-tech surveillance activities of yesterday. The private sector is subsidizing, at times displacing, the activities of law enforcement (and intelligence). The ability of law enforcement to cheaply and relatively easily access detailed profiles of individual household energy consumption or individual cell phone users’ locations, or access and combine billions of records from a multitude of private sector sources containing personal information as was planned in the Total Information Assessment project will make the Fourth Amendment less and less useful as a tool for prescribing limits on what the government can know and in what circumstances about its citizens.
The evolution of the DR architecture provides a particularly stark example of the capacity of the business records case law to erode the core of Fourth Amendment protections. The cultural dependence on private sector services that generate records containing personal information about activities occurring within the home are blurring the “firm line” around the home that the founders sought to protect. But it is just one example in a growing list. The Court’s disjointed approach to dataveillance and surveillance cannot sustain the privacy of the home as the framers’ or the current court envisioned it. By placing personal information contained in business records outside the scope of Fourth Amendment protection the Supreme Court has consigned us to a future without privacy.