Prepaid electricity crisis looms for South Africa
William Brederode discusses a critical issue affecting all STS-compliant prepaid electricity meters worldwide. These meters will cease vending electricity on 24 November 2024, unless they are updated. The problem stems from a design flaw in the system used to generate prepaid electricity voucher codes, which relies on a timer that started counting from 1 January 1993. The limited storage space at the time led programmers to record dates using two digits instead of four, causing a similar issue to the Y2K problem. The prepaid meters have a built-in expiry date, and the update involves changing the base date of the token identifier from 1993 to 2014, providing an additional 20 years of functionality. However, progress on the update has been slow, and authorities, including Eskom and South Africa's municipalities, have not made significant strides in addressing the issue. Failure to update meters before the rollover date could result in a loss of electricity vending and potential revenue problems for municipalities.
By William Brederode
A problem affecting every STS-compliant prepaid electricity meter in the world will stop them all from vending electricity on 24 November 2024, unless they are updated.
This is because of how the system used to generate prepaid electricity voucher codes and guard against fraud is designed.
It relies on a timer that started counting from 1 January 1993 that will run out of digits sometime during 24 November 2024.
Households will either have to switch away from prepaid electricity or be left in the dark — unless local authorities step in.
Financial Mail reported that South Africa has 10 million STS-compliant meters of the 70 million installed across 100 countries.
However, Don Taylor, the inventor of the first integrated prepaid electricity meter and the man heading up the rollover project, said the 70-million figure was based on "an educated guess and actual reports from a few countries".
The problem is a typical time storage or date rollover bug — similar to the Year 2000 (Y2K) problem that affected computer systems at the turn of the century.
According to a US Senate committee report, over $100 billion was spent preparing for Y2K in the US alone. There was widespread panic and doomsday preparation in anticipation of the event.
Why did this happen?
Because of two digits.
When computer systems were rolling out in the 60s and 70s, they had a minuscule amount of storage space. IBM's first hard disk drive (launched in 1956) could store just under 5 megabytes of information.
Today it is not uncommon for a computer to have 512 gigabytes of storage space — about 100,000 times more.
Computers also had much less memory back then.
Given these space limitations, programmers often recorded dates using two digits instead of four to denote the year.
Instead of storing the year of the moon landing as 1969, computers would read the year as ‘69’.
Similarly, the year of Mandela's release was just ‘90’.
This worked adequately, but a problem was foreseen when the year ticked over from 1999 to 2000. This is because the year 2000 would be read as ‘00’ and interpreted as 1900.
This would cause issues in programs that used the date in calculations.
For instance, if a computer calculated how old someone was, it might subtract the year they were born from the current date. Like the following, if the year was 1990 and someone was born in 1970:
90 – 70 = 20 years old
That worked well enough until the year 2000.
If you wanted to use the same formula to calculate the age of someone born in 1970 when the year was 2002, the computer would do the following calculation:
‘02’ – ‘70’ = -68 years old
Needless to say, there are not many negative 68 year-olds running around.
Read more: Eskom in Pictures: No denying ANC's blame. Corruption or incompetence?
This doesn't seem like a dangerous error, but critical systems rely on date and time calculations.
For instance, in 2001, the UK's National Health Service had a computer system that allocated pregnant women Down syndrome screening tests using their age.
The computer system calculated their age similarly to what has been described above. The database was affected by a Y2K problem.
154 pregnant women in England received incorrect Down syndrome screenings because of this error.
Investigators revealed that two terminations were carried out as a direct result of Y2K-linked errors, and four mothers in the group, who had received low-risk test results, gave birth to Down syndrome children, the Guardian reported.
Y2K problems were not limited to age calculations — every line of code that used two digits to represent the year could have been susceptible to a date rollover problem.
According to AP news, the radiation alarm on a Japanese nuclear power plant was shut down due to a Y2K problem — just three months after the country was affected by a nuclear disaster.
A Y2K error also disabled a US spy satellite monitoring potential terrorist threats, CNN reported.
There could have been many more examples like these were it not for preventative efforts to find and fix Y2K problems.
It is impossible to know how many Y2K problems there were at the turn of the century as people weren't going to broadcast the issues they were facing given the level of hysteria that surrounded the so-called ‘millennium bug’, according to Peter de Jager, who spoke to News24.
In 1993, De Jager wrote the first article that got widespread attention about Y2K in ComputerWorld. He played a significant role in communicating the problem over the years that followed.
He said they had no idea how big the Y2K problem really was. "We literally did not know where all the dates were, and we literally had billions of lines of code to look at."
Herein lies a key difference between Y2K and the metering problem, said De Jager.
"You know exactly where the problem is — it's in every meter."
As a consequence of their design, prepaid electricity meters have a built-in expiry date.
The prepayment system works simply: Users purchase a 20-digit token that provides them with electricity units when they punch it into their device.
However, when the system was first designed, certain challenges arose.
For one thing, the tokens that users enter into their meters must be unique to prevent fraud — two users must not be able to enter the same token.
In addition, the meter designers had to ensure that users couldn't enter the same token into the meter twice.
The designers used a time-based mechanism to solve these problems.
When a user buys an electricity voucher, a section of the 20-digit token corresponds to the minute it was purchased.
This time-based sequence of numbers in the 20-digit token is known as the token identifier (TID).
Just like in Y2K, where 1900 was the lowest possible date, the meter designers set 1 January 1993 as the base date for the system.
Simply put, if you bought a voucher at 1 minute past midnight on 1 January 1993, it would be attached to minute ‘1’.
Buying another token an hour later will be attached to minute ‘60’. After the first day passes, the voucher will use minute ‘1440’, and so on.
Those numbers will be represented in the token and, when put into the meter, it will know the exact minute the voucher was bought.
However, there is a limit on the number of minutes vouchers can use.
Without a limit, the voucher code would become too long for users to enter into their meters.
There are also hardware constraints because the meters must store a certain number of previously used tokens to prevent fraud.
In the end, the designers allocated two bytes of space for the time portion of the token. This grants 16,777,216 unique minutes that can be attached to a voucher, amounting to 31.92 years.
If you count 16,777,216 minutes from midnight on 1 January 1993, you reach 20:16 on 24 November 2024.
Here is where the problem comes in.
If you were to generate a token at 20:15 on 24 November 2024, it would be attached to minute ‘16,777,216’.
Then, if you were to generate a token a minute later, it would roll over to minute ‘0’.
The meter would not accept the second token.
This is because, to prevent voucher reuse and protect the system from potential fraud, the meters keep track of the last 50 tokens entered into them.
When a voucher code is entered into the meter, it checks two things:
If the token is the same as a previous one or older than the oldest one entered, the meter will reject it.
Prepaid electricity vouchers generated with 1993 as the base date will therefore be rejected after 24 November 2024 because the meter will interpret their timestamps as being older, not newer.
All that is needed to fix this is a simple update.
Read more: From the FT: Eskom, Pravin in China – seek support as SA faces energy-starved winter
To resolve this issue, the Standard Transfer Specification Association (STSA), which is responsible for standardising prepayment technology, created an update mechanism for the system.
The update will change the base date of the token ID from 1993 to 2014 — buying the meters 20 extra years of functionality. (The standard also allows the base date to be changed to 2035 in future.)
It also includes an update to the cryptography meters use to encrypt and decrypt tokens.
Using the 2014 base date and the same 16,777,216 minutes allowed by the standard takes us to 24 November 2045.
Tokens can already be generated with a 2014 base date, but meters must be updated manually to accept the new tokens.
All that is needed to update the meter is for two 20-digit numbers to be entered into the meter — known as key change tokens.
One of those numbers clears the TID stack memory of the meter so that the device has no recorded tokens and thus cannot identify a newly entered voucher as being ‘old’.
The other updates the technology used to decrypt the tokens to be more secure.
Once the update tokens have been generated for an electricity meter, prepaid vendors will generate 2014 base date vouchers for that meter.
Vendors can currently generate tokens for both 1993 and 2014 base date meters.
That's one of the reasons why users need to provide their meter number when buying a token – so vendors can generate vouchers with the appropriate base date.
There is no way to remotely update a meter to use the 2014 base date. The key change tokens must be manually entered into the meter.
There are two ways to perform the update:
Allowing users to self-update has a hitch: Any error in entering the key change tokens will leave the meter non-functional from the moment the update numbers were generated.
The update process is not complicated, provided the necessary customer support is in place.
However, authorities have been dragging their feet.
There are 10 million prepaid meters in South Africa. Eskom is responsible for 6.5 million of them, and municipalities for 3.5 million.
Eskom has only rolled over 5,800 in a pilot project in Gauteng — or about 0.09% of their total.
They were told about the need for this project ten years ago.
They have decided to follow the model where users enter key change tokens into the meters themselves. They have yet to announce this publicly or run a communication drive to inform people of the need for the update.
There is a South African Local Government Association (SALGA) trackerwhere municipalities can self-report their progress with the project.
43 municipalities out of the 167 licensed distribution zones have indicated that they have started with the project. 79 have logged their data on the site.
At the time of publication, Taylor said the data on the tracker was incorrect.
According to Riccardo Pucci, a TID rollover project coordinator, it will be impossible to get accurate data internationally for the level of progress made in the rollover.
Acquiring accurate information rests on the authorities responsible for the rollover sharing their progress data. Pucci said that data will never be complete.
However, the STSA does have access to data on supply group codes. A supply group code is a number given to an authority that vends electricity.
The STSA can check whether a particular supply group code for a 2014 base date has been requested from the STSA, providing a rough indication of whether the authority has started its update project.
According to Pucci, the amount of individual meters on a supply group code is highly variable.
For instance, Indonesia alone has 50 million prepaid electricity meters — five times the amount in South Africa — but there are more supply group codes in South Africa than in the rest of the world combined.
346 out of 1165 supply group codes in South Africa, or about 30%, have started their project, and only 90 out of 790 have in the rest of the world — about 11%.
The fact that authorities have not made much progress is not surprising, said De Jager.
"There are no technical problems. This is not and never will be a technical problem. It's a people problem. It's about people deciding that they need to do this; it's about people deciding that they need to do it early," he said.
BusinessTech reported in January that Johannesburg and Tshwane have embarked on their upgrade programmes, with City Power sending officials to people's homes to input the key change tokens.
Johannesburg urged residents to cooperate with officials when they come around to update or upgrade the systems. However, it also cautioned that residents should always check for proof of appointment to identify an official.
City Power official staff cards will have the following information:
There is a hologram of City Power's Firefly logo and the contact numbers for the Risk Team on the back of the card, should you want to verify the staff member's identity.
Tshwane said it first had to upgrade its servers at a cost of R5.2 million before it could begin its upgrade programme.
Once the servers are upgraded, it would start updating customers’ meters as part of a year-long project.
Tshwane said it hopes to conclude the update project by the end of 2023.
The City of Cape Town began its prepaid meter upgrade project in November 2021 and hopes to be finished by December 2023.
Read more: SA's Power Crisis: Cold winter inevitable with the longest period of blackouts and a lack of coordination – Katzenellenbogen
Any meter not updated by the time the rollover event happens will not be able to vend electricity after that date.
The meters will not go dark immediately, but users will not be able to load more electricity credit until it is updated.
Taylor said it isn't a "drop-dead" situation, as meters that have not been updated come the rollover date can still be updated.
However, some experts believe people may elect to illegally bypass their meters to get access to electricity if they suddenly stop working and the user doesn't understand why.
This could be a massive hit to municipal revenues, many of which rely on reselling electricity as a significant source of income.
According to the 2022/2023 medium-term revenue end expenditure framework, revenue from the energy sources accounted for R160 billion of the R277 billion total income that South Africa's metros were expected to bring in for the year.
If meters aren't rolled over in time, TID project coordinator Riccardo Pucci warned municipalities could face a huge electricity piracy problem.
"You are going to get record numbers of meter bypasses. That's essentially what's going to end up happening. If the revenue protection problem was an issue before, it's going to skyrocket," Pucci said.
This article was first published by MyBroadband and is republished with permission
Listen to the story of Cyril Ramaphosa's rise to presidential power, narrated by our very own Alec Hogg.
Narration by Alec Hogg
South Africa faces massive prepaid electricity problem By William Brederode reported US Senate committee report IBM's first hard disk drive Read more: the Guardian reported AP news reported spoke in ComputerWorld The technical problem Read more: The update Punching numbers No progress tracker Joburg, Pretoria, and Cape Town reported City of Cape Town Read more: Consequences