In the final blog in our series, we explore how this new approach to privacy is allowing Recurve to work with our utility partners to help them track and adjust for the impacts of COVID on energy use and to target customers who would benefit most from energy efficiency interventions. These two highly relevant and timely use cases for energy consumption data would be almost impossible to achieve without differential privacy, due to the very real need to limit access and protect customers.
Using Population Data to Adjust and Track COVID Impacts on Energy Use
A timely example of an enormous exogenous event is the impact of shelter in place orders related to COVID-19. With businesses shut down or running at lower capacity, many commercial facilities have closed or significantly reduced their consumption, even as residential consumption has increased as more people work from home. The traditional average estimated savings and site-based baselines, both calculated based on past usage and performance, are essentially unusable.
Filtering out the impacts of what can only be described as the mother of all non-routine events requires looking at portfolios, not single assets. By comparing the consumption data of buildings that had an intervention with non-participants, it's possible to estimate the impact of an event like COVID.
However, the non-participant data needed to conduct these comparisons is tightly controlled and available only to small teams of hand-selected analysts. Making use of this data to correctly determine the impact of programs and energy market participants requires a way to analyze it without expanding access or compromising privacy.
The example below demonstrates how applying differential privacy affects a COVID analysis. Your eyes are not going bad--that fuzzy line comes from the “noise” added by the differential privacy algorithm. A known epsilon value has shifted these load shapes. As portfolio sizes get smaller, the fuzzy line gets thicker. The larger the portfolio, the closer the modeled value is to the actual observed result--all while still keeping the energy use of any individual customer hidden.
Using Population Data to Identify Customers Likely to Benefit from a Retrofit
Identifying the customers most likely to benefit from various demand flexibility interventions illustrates another use case for differential privacy. Recurve’s Resource Planning tools have shown that existing patterns of energy use within a building can be highly predictive of the potential for future energy savings in a building (check out this short video on the impacts of targeting on cost-effectiveness).
Being able to more accurately target buildings with a high potential for valuable demand flexibility gives third parties an enormous advantage, especially for utility procurements in which incentives are tied to the value of the savings at particular times. Utilities would like to provide these third parties with portfolios of candidate sites for retrofits that significantly increase the likelihood of success without revealing any individual site’s energy consumption patterns.
For this use case, a differentially private targeting query can be constructed using a randomized response method. This method was developed in the 1960s for psychological research to protect the privacy of survey respondents and minimize bias and is at the core of Google’s Randomized Aggregatable Privacy-Preserving Ordinal Response (RAPPOR) privacy system.
To understand how a randomized response privacy protection works, consider how you might obscure answers to a yes/no question. In this case, participants are asked a yes-or-no question and flip two coins secretly. If face-up, the participants respond truthfully to the query. If face-down, the participant answers with the value shown by the second coin, i.e., randomly. With a large enough pool of participants, the effect of random response can be averaged out of the final out of “yes” and “no” answers.
This procedure can be adapted to the targeting use case. As a simplified example, consider a program that would like to target the top 50 percent of energy consumers in a population. A database is prepared with an entry for each building: one in the top 50 percent of energy consumers and zero otherwise. The randomized response procedure is performed for each building, and the set of all buildings that responded positively is returned.
Some fraction of these positive responses will not actually fall in the top 50 percent of energy consumers because of the randomized response procedure. Also, some fraction of the participants in the top 50 percent will not be included in this output set. The following plot shows the effect of various choices of the privacy parameter on the fraction of sites correctly targeted:
Differential privacy enables Recurve to work with our utility customers to identify the highest potential customers for a range of programs and business models, and then provide differentially privatized results to either aggregators or internal programs while protecting each customer’s privacy list. What aggregators know about these customers — for example, that they are in the top 50 percent of high potential customers for an HVAC retrofit — applies to all customers in the portfolio equally. Differential privacy ensures that at a customer level there is a known probability that this information is just random noise.
We have shown how differential privacy can be applied to valuable use cases in the energy efficiency sector. In many ways, the principle of differential privacy parallels the emergence of pay-for-performance in the energy efficiency sector.
In this sector, privacy regulation, namely the 15/15 standard for aggregation (at least 15 customers where no single customer is more than 15 percent of the load), has relied on ad-hoc definitions without a quantitative rationale for decision-making. It is exceedingly difficult to apply this standard to new analytics needs or understand the impact of data releases over time, and this standard is wholly insufficient for use with AMI.
The firm foundation provided by differential privacy can enable us to put energy data to work by unlocking a wide variety of beneficial use cases while simultaneously providing much stronger privacy guarantees.
Differential privacy isn’t a silver bullet that grants privacy for free, but a principled approach that allows decision-makers to understand their privacy decisions quantitatively.
Read the Whole Series: