Privacy-by-Design: Building Accountability into the Internet of Things

Lead Research Organisation: University of Nottingham
Department Name: School of Computer Science

Abstract

The Internet of Things (IoT) seeks to embed computation in mundane objects - pill bottles, shelves, weighing scales, etc. - and connect these 'things' to the internet to enable a broad range of new and improved services (e.g. improved healthcare services). The IoT will open up a wealth of personal data - biological data, data about our physical movements around the home, or interaction with objects therein, etc. - distributing it seamlessly across the internet. The seamless distribution of personal data presents real challenges to the adoption of the IoT by users, however. Personal data is not 'shared' blindly and there is need to understand how personal data transaction in the IoT can be made observable to users and available to their control if the projected benefits of the IoT are to come about. There is need, in other words, to understand what needs to be done to make the IoT accountable to users so that they can understand what data is being gathered, what is being done with it, and by whom, and to enable personal data management.

The need for accountability leads to a concern with 'articulation work' - i.e., making personal data transactions visible and available to user control. This fellowship seeks to engage industry and end-users in the co-design of awareness and control mechanisms that specify requirements for the support of articulation work. It seeks to do so in the context of the home - one of the most personal of settings in society and a key site for future personal data harvesting. Industry is engaged in the development of use cases specifying future IoT applications that exploit personal data across different infrastructures penetrating the home. The use cases are grounded in ethnographic studies of current interfaces to infrastructure and the personal data transaction models that accompany them. Current and future understandings are combined in 'provotypes' - provocative mock ups of new technological arrangements - which are subject to end-user evaluation to shape and refine articulation mechanisms around user need and which foster user trust in the IoT.

Planned Impact

Who will benefit from this research?

Industry partners and initiatives: The Internet of Things will be one the key drivers of Big Data - which is projected to be of colossal value to business over the coming decade - and the home will be one the primary engines of personal data generation. Understanding the possibilities, limitations and constraints of personal data harvesting in the home from a user perspective is critical to the development of useful and useable IoT applications and services.

Academic research communities: Understanding the social, human and ethical challenges of personal data harvesting in the home, the technical challenges these raise, and the nature of potential solutions are all of key concern to HCI, CSCW and Ubiquitous Computing communities.

End-users: In the longer term the research will ultimately be of benefit to end-users as well, enabling the development of IoT applications and services that respect the social, human and ethical dynamics of personal data transaction and fostering the trust that is essential to the broad adoption of the IoT in everyday life.

How will they benefit from this research?

Industry will benefit through user-centred exploration and co-development of projected business applications of the IoT in the home that cut across utilities, communications, consumption, media and key service infrastructures. The research will ground projected IoT applications in practice through detailed ethnographic work and elaborate future interfaces to the IoT and mechanisms for the management of personal data that are acceptable to users. In doing so it will elaborate key challenges for personal data harvesting across a range of key infrastructures that permeate the home.

Academic research communities will benefit through a range of distinct outputs including ethnographic studies of things-as-interfaces-to-infrastructure and elaboration of the socially organised character of personal data transaction within the home. These will be complemented by empirical elaboration of users' privacy concerns across different IoT application areas, the ethical subtleties and nuances that impact data disclosure, and design-based articulations of future interaction mechanisms that enable user awareness and control over personal data harvesting.

End-users will benefit through sensitising systems developers to user needs vis-à-vis personal data harvesting and requirements for interaction mechanisms supporting articulation work. This, in turn, will enable broad social and economic impact to be delivered through the human-centred development of IoT applications and services that respect and address user concerns over data privacy.
 
Description THE PROPOSAL
This 5-year EPSRC Established Career Fellowship put data at the heart of Digital Economy research into the emerging Internet of Things (IoT). It was premised on the recognition that in connecting billions of 'things' to the Internet the IoT would broadcast unprecedented amounts of human data and do so 'seamlessly', invisibly, unaccountably. Data, not the 'things' themselves, thus created a human problem that threatened the social acceptability of this emerging technology.

The proposed solution proposed focused on the need to build trust in the IoT. The suggestion was that this might be achieved by enabling data awareness and control and by reshaping privacy mechanisms from 'single click' one-time only interactions to ongoing interactions that enable citizens to negotiate the uses of their data by other parties.

The scope of the IoT was and is enormous so the Fellowship focused on the domestic environment not only to make the research tractable but more importantly because the home, in being a key site of personal data, provided a critical lens on the data challenge.

Our research proposed to engage industry partners in the sustained exploration of IoT applications and the data challenge in the home over the lifetime of the Fellowship. We would conduct ethnographic studies to understand how people reason about privacy and build and maintain trust. And we would build provocative human-centred configurations and interfaces to the IoT to engage citizens in analysis of the problem space and co-creation of acceptable solutions.

5 years later and the need to build trust into the digital ecosystem is broadly accepted, if not yet realised in practice. If Ed Snowden's whistleblowing on NSA surveillance hadn't caught the public's attention in 2013 then the Facebook / Cambridge Analytica scandal in 2018 certainly did, and the introduction of new data protection regulation in Europe (GDPR) in the same year bringing with it punitive fines for violations also grabbed industry's attention.

Back in 2014, however, growing cultural awareness (social, political, legal, ethical, etc.) of the data challenge seeded manifold efforts to make the digital ecosystem more 'human-centred'. It is within this broader cultural context and towards catalysing such a step change in the IoT that this Fellowship has sought to make a substantive contribution.


THE ACCOMPLISHMENT
Building on an established track record of social science research in design, and ethnomethodologically-informed ethnographic studies in particular, the Fellowship has delivered a series of outcomes that explicate the situated character of IoT data in the home and acceptability challenges confronting an increasingly 'smart' domestic IoT. The studies were enabled by the design and deployment of IoT applications in the home, including bespoke IoT devices designed to explore the use of data to drive the delivery of personalised consumer services (Tolmie et al. 2016, Fischer et al. 2016, Fischer et al. 2017, Crabtree et al. 2019).

The studies make it perspicuous that in practice IoT data is opaque, its sense, reference and meaning unclear. The issue is not that IoT data is inherently meaningless - algorithms will always be able to extract some information from the data - but that there is significant risk of misrepresentation (Tolmie et al. 2016); that the information gleaned by passing the data through analytics engines may be inaccurate and with potentially damaging consequences for the people whose behaviour generated the data and are subject to its use. There is strong need then for the 'human in the loop', not only to build trust but in doing so to ensure the accuracy or at least the practical adequacy of insights gleaned through data analytics.

The studies also make it perspicuous that IoT data is indexical to human action (ibid.) and the social and material circumstances of its production (Crabtree et al. 2019); furthermore, that these are not contained within or reflected by IoT data. For example, IoT data might document the total and average durations of showers taken in the home and amount of water used in a household, and the data might even be disaggregated to reveal specific occasions of showering occurring on specific days at specific times using specific amounts of water. However, it does not tell us specifically who generated the data, how or why, it only tells us that they used a specific amount of water at a specific time on a specific day.

The indexicality of IoT data occasions the need to support 'data work' (Fischer et al. 2016, 2017) between user and IoT system to avert misrepresentation and deliver effective personalised services. Automating data work turns on the construction of service-specific dialogues that provide users with methods for parsing relevant aspects of human action and the social and material circumstances of IoT data's production (Crabtree et al. 2019).

Our ethnographic work has also explicated digital privacy practices in the home. These studies extend beyond the IoT to take the broader digital ecosystem into account; privacy practices surrounding PCs, laptops, mobile phones, etc., online services, social media, and the data implicated in their day-to-day use. Our studies found that household members had an abiding concern to manage and indeed minimise the potential 'attack surface' of the digital on their everyday lives and relationships (Crabtree et al. 2017).

The attack surface is created in members' mundane interactions with the networked world, which rides roughshod over the practical politics of sharing and calculus of accountability that enable the careful design of data sharing for particular recipients (Tolmie and Crabtree 2017). Consequently, we find people taking great care over the management of cohorts, identities and the visibility of the digital self in near ubiquitous circumstances where it is impossible for people to control what other recipients might make of their data, and even who the recipients are or might be.

Our studies have also revealed mundane expectations potential users have of the IoT and autonomous systems that are increasingly intelligent or 'smart' and the human challenges that confront them. If IoT devices are to be demonstrably smart, for example, and not just dumb 'things' connected to the Internet then they must fit into the social milieu and become part of the division of labour that drives and provides for the anticipation of need, rather behave as agents operating in their own right (Hyland et al. 2018).

Similarly our studies demonstrate the practical irrelevance of black box explanations to human trust in autonomous systems for the home; members are no more interested in what goes on inside a smart device and how it arrived at decision or action than they are in what goes on inside their central heating system and how it works. Much more important and relevant is understanding on whose behalf a smart device acts and that their interests are not at odds with the users. Social accountability, rather than computational accountability, is critical (Nilsson et al. 2019).

Our studies of hyper-personalised media that exploits the IoT to deliver highly adaptive and physically immersive filmic experiences show that the use of IoT data may produce effects that are "magical". However, the experience is tempered by a perceptible asymmetry in value that undermines trust and leads to potential dystopian futures where users have no agency or control and no capacity to understand what is happening with or to their data and why (Sailaja et al. 2019).

And our studies of members' mundane reasoning about data in the current and future connected home reveal the potential for data utility in delivering personalised services is tempered by the ubiquitous need for 'recipient design' or the tailoring of data disclosure, particularly amongst family and friends (Kilic et al. 2020).

The Fellowship's work has been informed by, and informed, the Human Data Interaction (HDI) framework (Crabtree & Mortier 2015, Mortier et al. 2016) and its studies have been leveraged in the design of the Databox platform (www.databoxproject.uk), which seeks to implement core HDI principles enabling legibility, agency and negotiability in data-driven systems.

The Fellowship's studies have sensitised design activities to something of what 'human in the loop' means: enabling users to parse the indexicality of data, developing approaches that minimise the potential attack surface, building social accountability into data processing, and creating interaction mechanisms that support recipient design in data sharing.

The Fellowship developed the first model of the IoT Databox platform (Crabtree et al. 2016) prior to the launch of the Databox project (EP/N028260/2), which has since sought to elaborate, refine and implement it. The Databox adopts a radical approach to data processing, implementing the data minimisation principle mandated by GDPR and constraining data distribution to the results of data processing done on-the-box, which is situated in the user's home: only the outcome of data processing is shared with others then, not the data itself.

The Databox thus minimises the potential attack surface of the IoT on users; it exploits a familiar app-based environment that makes it accountable to users who wants their data and what they want to use it for, and allows users to control data processing through installing and uninstalling apps; apps are the locus for personalised service delivery and provide the opportunity to support users in parsing the indexicality of data; support for recipient design has been specified but at the timing of writing has yet to be implemented (Crabtree et al. 2018).

The Fellowship has developed support for the Databox platform, designing and implementing a software development kit (SDK) that provides an integrated development environment (IDE) for the creation of apps that exploit the IoT. In developing this environment, we have focused especially on building-in support mechanisms that enable developers to create GDPR compliant apps which respect the privacy of users (Lodge et al. 2018 a&b, Lodge and Crabtree 2019). We have also worked with legal-tech lawyers to assess the IoT Databox platform's overall ability to comply with the requirements of GDPR (Urquhart et al. 2018).

The social and technical accomplishments of the Fellowship are complemented by methodological innovation in human-centred IT research and design. In addition to conducting 'classical' field studies of user environments (e.g., digital privacy practices in the current home) and situated evaluation of technology deployments (e.g., connected showers or energy monitoring systems), we have also developed 'hybrid' methods to engage potential users in technological research.

Our hybrid methods exploit the underlying analytic of our studies - ethnomethodology - alongside human-centred research methods used in design in a bid to create 'breaching experiments' that provoke mundane reasoning about technological visions and articulate challenges that confront their social acceptability.

We have thus leveraged contravision (Nilsson et al. 2019), design fiction (Coulton et al. 2019, Sailaja et al. 2019), and technology probes (Kilic et al. 2020) to stimulate the imagination, enable potential users to reason about the place of future and emerging technologies in their everyday lives, and elicit perceptible barriers to their adoption in the course of doing so. Methodological innovation underpins the award of the Digital Economy Investigator-led project (EP/S02767X/1) Experiencing the Future Mundane.

However, the Fellowship has not been without its problems. Industry engagement has been a notable challenge. Letters of support for the research have been all that has materialised in some cases. Others have suffered from economic downturns that have led to a reframing of their priorities. Then there has been wholesale organisational restructuring to contend with. And last, but by no means least, have been the IP lawyers and negotiations that stretched out for years to no useful end.

Nonetheless, the Fellowship has not been without industry involvement or impact. Notably our engagement with BT has shaped the Databox SDK, and resulted in our being invited to exhibit the Databox platform at BT's flagship Innovation Showcase in 2017, and we have had close involvement with BBC R&D over the lifetime of the Fellowship.

The principles of HDI chimed with the BBC from the outset of the Fellowship (https://www.bbc.co.uk/rd/projects/human-data-interaction) and R&D had strong interest in the Databox (https://www.bbc.co.uk/rd/projects/databox) as a means of delivering on the corporation's public service remit and maintaining public trust in increasingly data-driven, personalised media services. Indeed as the Fellowship entered its final year, BBC R&D began developing its own data platform and trialling the 'BBC Box' (https://www.bbc.co.uk/rd/blog/2019-06-bbc-box-personal-data-privacy). We have also been commissioned by the Institution of Engineering and Technology (https://www.theiet.org) to assemble an edited collection based on the Fellowship core thematic entitled 'Privacy by Design for the Internet of Things: Building Accountability and Security'.

OUTCOMES
Publications:

1. Andy Crabtree; Richard Mortier; Hamed Haddadi (eds.). Privacy by Design for the Internet of Things: Building Accountability and Security. Work in progress. Commissioned by the Institution of Engineering and Technology.

2. Damla Kilic; Andy Crabtree; Glenn McGarry; Murray Goulden (2020) The Cardboard Box Study: Understanding Collaborative Data Management in the Connected Home. https://drive.google.com/open?id=1PQVmB3l8L_riBWepdTLT55zGNBfKvXtv

3. Tom Lodge; Andy Crabtree (2019). Privacy Engineering for Domestic IoT: Enabling Due Diligence. Sensors, vol. 19 (20), 10 October 2019, Article 4380. https://doi.org/10.3390/s19204380

4. Andy Crabtree; Lewis Hyland; James Colley; Martin Flintham; Joel Fischer; Hyosun Kwon (2019). Probing IoT-based Consumer Services: 'Insights' from the Connected Shower. Personal and Ubiquitous Computing, 5 September 2019. https://doi.org/10.1007/s00779-019-01303-3

5. Neelima Sailaja; James Colley; Andy Crabtree; Adrian Gradinar; Paul Coulton; Ian Forrester; Lianne Kerlin; Phil Stenton (2019). The Living Room of the Future. In TVX '19. Proceedings of the ACM International Conference on Interactive Experiences for Television and Online Video, Salford, UK, 5-7 June 2019. New York: ACM Press, pp. 95-107. https://doi.org/10.1145/3317697.3323360 || https://nottingham-repository.worktribe.com/output/2329205

6. Andy Crabtree; Lachlan Urquhart; Jiahong Chen (2019). Right to an Explanation Considered Harmful. Social Science Research Network, 8 April 2019. https://doi.org/10.2139/ssrn.3384790

7. Tommy Nilsson; Andy Crabtree; Joel Fischer; Boriana Koleva (2019). Breaching the Future: Understanding Human Challenges of Autonomous Systems for the Home. Personal and Ubiquitous Computing, vol. 23 (2), April 2019, pp. 287-307. https://doi.org/10.1007/s00779-019-01210-7

8. Paul Coulton; Joseph Lindley; Adrian Gradinar; James Colley; Neelima Sailaja; Andy Crabtree; Ian Forrester; Lianne Kerlin (2019). Experiencing the Future Mundane. In RTD '19. Research Through Design Conference, Delft, The Netherlands, 19-22 March 2019. The Netherlands: RTD, Article 19. https://nottingham-repository.worktribe.com/output/1547788

9. John Moore; Andrés Arcia-Moret; Poonam Yadav; Richard Mortier; Anthony Brown; Derek McAuley; Andy Crabtree; Chris Greenhalgh; Hamed Haddadi; Yousef Amar (2019). Zest: REST over ZeroMQ. In SPT-IoT '19. Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops. Kyoto, Japan, 11-15 March 2019. New Jersey: IEEE, pp. 1015-1019. https://doi.org/10.1109/PERCOMW.2019.8730686 || https://nottingham-repository.worktribe.com/output/1547750

10. Lachlan Urquhart; Tom Lodge; Andy Crabtree (2018). Demonstrably Doing Accountability in the Internet of Things. International Journal of Law and Technology, vol. 27 (1), 24 December 2018, pp. 1-27. https://doi.org/10.1093/ijlit/eay015

11. Poonam Yadav; John Moore; Qi Li; Richard Mortier; Anthony Brown; Andy Crabtree; Chris Greenhalgh; Derek McAuley; Yousef Amar; Ali Shahin Shamasabadi; Hamed Haddadi (2018). Providing Occupancy as a Service with Databox. In CitiFog '18. Proceedings of the 1st International Workshop on Smart Cities and Fog Computing, Shenzhen, China, 4 November 2018. New York: ACM Press, pp. 29-34. https://doi.org/10.1145/3277893.3277894 || https://nottingham-repository.worktribe.com/output/1425041

12. Tom Lodge; Andy Crabtree; Anthony Brown (2018b). IoT App Development: Supporting Data Protection by Design and Default. In UbiComp '18. Proceedings of the 2018 International Joint Conference and International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers, Singapore, 8-12 October 2018. New York: ACM Press. pp. 901-910. https://doi.org/10.1145/3267305.3274151 || https://nottingham-repository.worktribe.com/output/1234975

13. Tom Lodge; Andy Crabtree; Anthony Brown (2018a). Developing GDPR Compliant Apps for the Edge. In DPM '18. Proceedings of the 13th International Workshop on Data Privacy Management, Barcelona, Spain, 6-7 September 2018. Cham: Springer, pp. 313-328. https://doi.org/10.1007/978-3-030-00305-0_22 || https://nottingham-repository.worktribe.com/output/1158927

14. Neelima Sailaja; Andy Crabtree; Derek McAuley; Phil Stenton (2018). Explicating the Challenges of Providing Novel Media Experiences Driven by User Personal Data. In TVX '18. Proceedings of the ACM International Conference on Interactive Experiences for Television and Online Video, Seoul, Korea, 26-28 June 2018. New York: ACM Press, pp. 101-113. https://doi.org/10.1145/3210825.3210830 || http://eprints.nottingham.ac.uk/52562/

15. Lewis Hyland; Andy Crabtree; Joel Fischer; James Colley; Carolina Fuentes (2018). "What Do You Want for Dinner?" - Need Anticipation and the Design of Proactive Technologies. Computer Supported Cooperative Work: The Journal of Collaborative Computing and Work Practices, vol. 27 (3-6), May 2018, pp. 917-946. https://doi.org/10.1007/s10606-018-9314-4

16. Tom Lodge; Anthony Brown; Andy Crabtree (2018). Enabling Trusted App Development @ The Edge. arXiv, 26 April 2018. https://arxiv.org/abs/1805.10987

17. Jhim Verame; Enrico Costanza; Joel Fischer; Andy Crabtree; Sarvapali Ramchurn; Tom Rodden; Nick Jennings (2018). Learning from the Veg Box: Designing Unpredictability in Agency Delegation. In CHI '18. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Montreal, Canada, 21-26 April 2018. New York: ACM Press, Paper No. 447. https://doi.org/10.1145/3173574.3174021 || http://eprints.nottingham.ac.uk/49597/

18. Alan Chamberlain; Andy Crabtree; Hamed Haddadi; Richard Mortier (2018). Privacy and the Internet of Things. Personal and Ubiquitous Computing, vol. 22 (2), April 2018, pp. 289-292. https://doi.org/10.1007/s00779-017-1066-5

19. Peter Tolmie; Andy Crabtree (2018). The Practical Politics of Sharing Personal Data. Personal and Ubiquitous Computing, vol. 22 (2), April 2018, pp. 293-315. https://doi.org/10.1007/s00779-017-1071-8 || http://eprints.nottingham.ac.uk/45056/1/PUC.pdf

20. James Colley; Andy Crabtree (2018). Object Based Media, the IoT and Databox. In PETRAS '18. Proceedings of the 1st Living in the Internet of Things Conference 'Cybersecurity of the IoT', London, UK, 28-29 March 2018. London: Institute of Engineering and Technology. https://doi.org/10.1049/cp.2018.0034 || https://nottingham-repository.worktribe.com/output/1308343

21. Yousef Amar; Hamed Haddadi; Richard Mortier. Anthony Brown; James Colley; Andy Crabtree (2018). An Analysis of Home IoT Network Traffic and Behaviour. arXiv, 14 March 2018. https://arxiv.org/abs/1803.05368

22. Andy Crabtree; Tom Lodge; James Colley; Chris Greenhalgh; Kevin Glover; Hamed Haddadi; Yousef Amar; Richard Mortier; Qi Li; John Moore; Liang Wang; Poonam Yadav; Jianxin Zhao; Anthony Brown; Lachlan Urquhart; Derek McAuley (2018). Building Accountability into the Internet of Things: The IoT Databox Model. Journal of Reliable Intelligent Environments, vol. 4 (1), 27 January 2018, pp. 39-55. https://doi.org/10.1007/s40860-018-0054-5

23. Joel Fischer; Andy Crabtree; James Colley; Tom Rodden (2017). Data Work: How Advisors and Clients Make IoT Data Accountable. Computer Supported Cooperative Work: The Journal of Collaborative Computing and Work Practices, vol. 26 (4), 23 June 2017, pp. 597-626. https://doi.org/10.1007/s10606-017-9293-x

24. Andy Crabtree; Tom Lodge; James Colley; Chris Greenhalgh; Richard Mortier (2017). Accountable IoT? Outline of the Databox Model. In WoWMoM '17. Proceedings of the International Symposium on a World of Wireless, Mobile, and Multimedia Networks, Macau, China, 12-15 June 2017. New Jersey: IEEE, pp. 1-6. https://doi.org/10.1109/WoWMoM.2017.7974335 || http://eprints.nottingham.ac.uk/42233/

25. Andy Crabtree; Peter Tolmie; Will Knight (2017). Repacking Privacy for a Networked World. Computer Supported Cooperative Work: The Journal of Collaborative Computing and Work Practices, vol. 26 (4), May 2017, pp. 453-488. https://doi.org/10.1007/s10606-017-9276-y

26. Neelima Sailaja; Andy Crabtree; Phil Stenton (2017). Challenges of Using Personal Data to Drive Personalised Electronic Programme Guides. In CHI '17. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Denver (CO), 6-11 May 2017. New York: ACM Press, pp. 5226-5231. https://doi.org/10.1145/3025453.3025986 || http://eprints.nottingham.ac.uk/42750/

27. Charith Perera; Susan Wakenshaw; Tim Baarslag; Hamed Haddadi; Arosha Bandara; Richard Mortier; Andy Crabtree; Irene Ng; Derek McAuley; Jon Crowcroft (2017). Valorising the IoT Databox: Creating Value for Everyone. Transactions on Emerging Technologies, vol 28 (1), January 2017, Article 38. https://doi.org/10.1002/ett.3125

28. Richard Mortier; Hamed Haddadi; Tristan Henderson; Derek McAuley; Jon Crowcroft; Andy Crabtree (2016). Human Data Interaction. Encyclopedia of Human-Computer Interaction (2nd ed.), Chapter 41, Interaction Design Foundation. https://www.interaction-design.org/literature/book/the-encyclopedia-of-human-computer-interaction-2nd-ed/human-data-interaction

29. Richard Mortier; Jianxin Zhao; Jon Crowcroft; Liang Wang, Qi Li; Hamed Haddadi; Yousef Amar; Andy Crabtree; James Colley; Tom Lodge; Anthony Brown; Derek McAuley; Chris Greenhalgh (2016). Personal Data Management with the Databox: What's Inside the Box? In CAN '16. Proceedings of the ACM Workshop on Cloud-Assisted Networking, Irvine (CA), USA, 12 December 2016. New York: ACM Press, pp. 49-54. https://doi.org/10.1145/3010079.3010082 || http://eprints.nottingham.ac.uk/45061/

30. Andy Crabtree; Tom Lodge; James Colley; Chris Greenhalgh; Richard Mortier (2016). Building Accountability into the Internet of Things. Social Science Research Network, 7 December 2016. https://doi.org/10.2139/ssrn.2881876

31. Andy Crabtree; Richard Mortier (2016). Personal Data, Privacy and the Internet of Things: The Shifting Locus of Agency and Control. Social Science Research Network, 22 November 2016. https://doi.org/10.2139/ssrn.2874312

32. Andy Crabtree; Tom Lodge; James Colley; Chris Greenhalgh; Richard Mortier; Hamed Haddadi (2016). Enabling the New Economic Actor: Data Protection, the Digital Economy, and the Databox. Personal and Ubiquitous Computing, vol 20 (6), 2 August 2016, pp. 947-957. https://doi.org/10.1007/s00779-016-0939-3

33. Joel Fischer; Andy Crabtree; Tom Rodden; James Colley; Enrico Costanza; Mike Jewell; Sarvapali Ramchurn (2016). "Just Whack It On Until It Gets Hot" - Working with IoT Data in the Home. In CHI '16. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, San Jose (CA), USA, 7-12 May 2016. New York: ACM Press, pp. 5933-5944. https://doi.org/10.1145/2858036.2858518 || http://eprints.nottingham.ac.uk/31391/

34. Andy Crabtree (2016). "Enabling the New Economic Actor: Personal Data Regulation and the Digital Economy. In IC2EW '16. Proceedings of the 2016 IEEE International Conference on Cloud Engineering Workshop, Berlin, Germany, 4-8 April 2016. New Jersey: IEEE, pp. 124-129. https://doi.org/10.1109/IC2EW.2016.18 || https://drive.google.com/open?id=169zB4jpi6BAjxBlDYZ08WcEpOPz1rbv4

35. Peter Tolmie; Andy Crabtree; Tom Rodden; James Colley; Ewa Luger (2016). "This Has To Be The Cats" - Personal Data Legibility in Networked Sensing Systems. In CSCW '16. Proceedings of the 19th Conference on Computer Supported Cooperative Work, San Francisco (CA), USA, 27 February - 2 March 2016. New York: ACM Press, pp. 491-502. https://doi.org/10.1145/2818048.2819992 || http://eprints.nottingham.ac.uk/30346/

36. Andy Crabtree; Peter Tolmie (2016). A Day in the Life of Things in the Home. In CSCW '16. Proceedings of the 19th Conference on Computer Supported Cooperative Work, San Francisco (CA), USA, 27 February - 2 March 2016. New York: ACM Press, pp. 1738-1750. https://doi.org/10.1145/2818048.2819954 || http://eprints.nottingham.ac.uk/30347/

37. Graham Button; Andy Crabtree; Mark Rouncefield; Peter Tolmie (2015). Deconstructing Ethnography: Towards a Social Methodology for Ubiquitous and Interactive Computing Systems. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-21954-7

38. Andy Crabtree; Richard Mortier (2015). Human Data Interaction: Historical Lessons from Social Studies and CSCW. In ECSCW '15. Proceedings of the 14th European Conference on Computer Supported Cooperative Work, Oslo, Norway, 19-23 September 2015. Cham: Springer, pp. 1-20. https://doi.org/10.1007/978-3-319-20499-4_1 || http://eprints.nottingham.ac.uk/30345/


Software and technical products:

39. Databox https://github.com/me-box/

40. Databox SDK https://github.com/me-box/platform-sdk
Exploitation Route Our ethnographic insights are of relevance to researchers involved in the fields of human computer interaction, computer supported cooperative work, and ubiquitous computing who wish to understand and respond to the privacy challenges created by the emerging digital ecosystem; our studies are in the top 25% of all research outputs scored by Altmetric.
Our interaction design work is of interest to researchers interested in the nascent field of Human Data Interaction and the developers of IoT services and applications for domestic use; it includes publications that are in the top 5% of all research outputs scored by Altmetric.

Our engagement activities have provided concrete demonstrators of a Human Data Interaction approach towards personal data processing in the IoT, which has and continues to be promoted by leading industry players; the BBC is a notable champion of our approach and key collaborator in creating technology demonstrators, including the BBC Box https://www.bbc.co.uk/rd/projects/databox

Our methodological innovations are of broad interest to the development of future and emerging digital technologies more generally, and tie in with the EPSRC's IoT Research Hub 'Petras' through our collaboration with Petras investigator Paul Coulton.

Overall, our findings speak to a broad cohort of academic and industrial researchers who are interested in Human Data Interaction, are engaged with the development of the domestic IoT, and seek to address the privacy challenges that accompany smart domestic technologies. Our IoT Databox approach is thus applicable to the delivery of a wide variety of domestic IoT applications and services. The methodological innovation of creating hands on experiences to engage the public imagination and surface key challenges confronting the adoption of digital applications and services in everyday life applies to future and emerging technologies more generally.
Sectors Creative Economy,Digital/Communication/Information Technologies (including Software)
URL http://www.cs.nott.ac.uk/~pszaxc/Fellowship/EP_M001636_1.html
 
Description The Fellowship has developed the Human Data Interaction (HDI) approach as manifest concretely in the IoT Databox model. The model posits a networked device that sits at the edge of the network in the user's home and allows them to control access to their connected devices and personal data. Our engagement with BT has shaped the Databox SDK, and resulted in our being invited to exhibit the Databox platform at BT's flagship Innovation Showcase in 2017, and we have had close involvement with BBC R&D over the lifetime of the Fellowship. The principles of HDI chimed with the BBC from the outset of the Fellowship (https://www.bbc.co.uk/rd/projects/human-data-interaction) and R&D had strong interest in the Databox (https://www.bbc.co.uk/rd/projects/databox) as a means of delivering on the corporation's public service remit and maintaining public trust in increasingly data-driven, personalised media services. Indeed as the Fellowship entered its final year, BBC R&D began developing its own data platform and trialling the 'BBC Box' (https://www.bbc.co.uk/rd/blog/2019-06-bbc-box-personal-data-privacy). We have also been commissioned by the Institution of Engineering and Technology (https://www.theiet.org) to assemble an edited collection based on the Fellowship core thematic entitled 'Privacy by Design for the Internet of Things: Building Accountability and Security' and reflects the broader societal relevance of the Fellowship's work.
First Year Of Impact 2016
Sector Creative Economy,Digital/Communication/Information Technologies (including Software)
Impact Types Societal
 
Description DE TIPS 2
Amount £1,011,787 (GBP)
Funding ID EP/R03351X/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 09/2018 
End 09/2020
 
Description DETIPS
Amount £998,335 (GBP)
Funding ID EP/N028260/2 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 11/2017 
End 10/2019
 
Description Experiencing the Future Mundane
Amount £461,078 (GBP)
Funding ID EP/S02767X/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 09/2019 
End 09/2021
 
Description Horizon: Trusted Data-Driven Products
Amount £4,075,505 (GBP)
Funding ID EP/T022493/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 07/2020 
End 07/2025
 
Description Next Generation of Immersive Experiences
Amount £60,409 (GBP)
Funding ID AH/R008728/1 
Organisation Arts & Humanities Research Council (AHRC) 
Sector Public
Country United Kingdom
Start 01/2018 
End 07/2018
 
Description Next Stage Digital Economy
Amount £3,999,737 (GBP)
Funding ID EP/M02315X/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 10/2015 
End 09/2020
 
Description The Next Generation: Design Research for the 21st Century
Amount £1,207,848 (GBP)
Funding ID MR/T019220/1 
Organisation United Kingdom Research and Innovation 
Sector Public
Country United Kingdom
Start 08/2020 
End 07/2024
 
Description UKRI Trustworthy Autonomous Systems Node in Governance and Regulation
Amount £2,631,811 (GBP)
Funding ID EP/V026607/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 11/2020 
End 04/2024
 
Description User Interaction with ICT
Amount £806,742 (GBP)
Funding ID EP/N014243/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 01/2016 
End 12/2018
 
Description BBC R&D 
Organisation British Broadcasting Corporation (BBC)
Department BBC Research & Development
Country United Kingdom 
Sector Public 
PI Contribution Staff and resources in exploring potential relevance of IoT Databox to BBC R&D
Collaborator Contribution Staff and resources in exploring potential relevance of IoT Databox to BBC R&D
Impact 1. The Kitchen Databox Demo at the Mozilla Festival, https://www.bbc.co.uk/rd/blog/2016-11-bbc-rd-at-mozfest-2016 2. The Living Room of the Future at FACT, https://www.bbc.co.uk/rd/projects/living-room-of-the-future 3 The Living Room of the Future at the V&A, https://www.vam.ac.uk/event/6YVLW34q/digital-design-weekend-2018-ldf 3. Databox, https://www.bbc.co.uk/rd/projects/databox Multidisciplinary collaboration involving media, computer science, engineering, HCI, design, art.
Start Year 2014
 
Description BT 
Organisation BT Group
Department BT Research
Country United Kingdom 
Sector Private 
PI Contribution Staff and resources in exploring potential relevance of IoT Databox to BT
Collaborator Contribution Staff and resources in exploring potential relevance of IoT Databox to BT
Impact Demonstration of IoT Databox at BT's flagship Innovation Showcase in 2017 as part of the 'Smart World' Exhibition
Start Year 2014
 
Description Centre for Sustainable Energy 
Organisation Centre for Sustainable Energy (CSE)
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution Staff
Collaborator Contribution Staff and resources
Impact 2 research papers: DOI 10.1007/s10606-017-9293-x & DOI 10.1145/2858036.2858518
Start Year 2016
 
Description Digital Catapult 
Organisation Digital Catapult
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution Exploring future IoT applications
Collaborator Contribution Promoting future IoT applications
Impact Involvement in Catapult activities
Start Year 2014
 
Description E.ON 
Organisation E ON
Department E ON UK
Country United Kingdom 
Sector Private 
PI Contribution Exploring business use case
Collaborator Contribution Developing business use case
Impact Collaboration ceased following organisational restructuring.
Start Year 2014
 
Description ESRC Impact Acceleration Account 
Organisation British Broadcasting Corporation (BBC)
Department BBC Research & Development
Country United Kingdom 
Sector Public 
PI Contribution Knowledge exchange
Collaborator Contribution Knowledge exchange
Impact Participation in community-based activities
Start Year 2015
 
Description FACT 
Organisation Foundation for Art and Creative Technology (FACT)
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution Staff time and resources
Collaborator Contribution Staff time and resources
Impact Public deployment of the Living Room of The Future. Multidisciplinary collaboration involving Object Based Media, Design Fiction, Databox, and HCI
Start Year 2016
 
Description Unilever 
Organisation Unilever
Department Unilever UK R&D Centre Port Sunlight
Country United Kingdom 
Sector Private 
PI Contribution Exploring business use case
Collaborator Contribution Developing business use case
Impact Research proposals EP/R011893/1 & EP/S013520/1; not funded.
Start Year 2014
 
Title IoT Databox 
Description The software sits on an open-source personal networked device called the 'Databox', which is augmented by cloud-hosted services, and collates, curates, and mediates access to an individual's personal data by verified and audited third party applications and services to protect privacy, enhance accountability and give individuals control over the use of their personal data. 
Type Of Technology Software 
Year Produced 2017 
Open Source License? Yes  
Impact See the broad range of engagement events associated with this grant; also further funding (Objects of Immersion) 
URL https://www.databoxproject.uk
 
Title The IoT Databox Software Development Kit (SDK) 
Description The IoT Databox SDK enables developers with a broad skill set (from novice to expert) to rapidly construct privacy-preserving application that exploit personal data generated by IoT devices and other data sources 
Type Of Technology Software 
Year Produced 2017 
Open Source License? Yes  
Impact See engagement activities associated with this grant; also further funding (objects of immersion) 
URL http://www.iotdatabox.com
 
Description BT Innovation Showcase 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Demonstration of the IoT Databox at BT's flagship 'innovation showcase' event at Adastral Park as part of the 'smart world' expo; the event raised widespread interest in the IoT Databox approach, including how it responds to GDPR and the privacy challenge
Year(s) Of Engagement Activity 2017
URL http://connect2.globalservices.bt.com/innovationweek2017
 
Description CHIST-ERA 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Keynote address; impact shaping funding call for CHIST-ERA network on Intelligent Computation for Dynamic Networked Environments
Year(s) Of Engagement Activity 2018
URL http://conference2018.chistera.eu/conference-programme
 
Description Databox Hack Day at the 2017 Mozilla Festival 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact A hack day held at the pioneering Internet privacy event 'Mozfest', introducing developers and the public at large to the Databox infrastructure
Year(s) Of Engagement Activity 2017
URL https://guidebook.com/guide/114124/event/16836420/
 
Description Digital Catapult IoT Investment Package Roundtable 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Involvement in roundtable discussions to build the case for the £40m Dept. of BIS investment package in IoT

The investment package was funded
Year(s) Of Engagement Activity 2015
 
Description EC round-table on personal information management 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? Yes
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact Shaped continued dialogue with the Commission about personal data management

Plan to further round-table discussions at EC
Year(s) Of Engagement Activity 2015
 
Description Joint UK/Japan Socio-Cyber Physical Systems Workshop 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact Presentation of the IoT Databox at a prestigious closed door event hosted by the Japanese Embassy in Tokyo to promote awareness of ethical handling of personal data and elaboration of the privacy challenge
Year(s) Of Engagement Activity 2017
URL https://docs.google.com/forms/d/e/1FAIpQLSc0LamvzsD6SJhhYrVSa6lIsA4cid0lpU7eP8moDy0rhbweBQ/closedfor...
 
Description London Design Festival 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Invitation to discuss the utility of ethnographic approaches in shaping policy at the Cabinet Office Policy Lab as part of its 'Design Research' programme
Year(s) Of Engagement Activity 2017
URL https://openpolicy.blog.gov.uk/2017/09/08/a-look-ahead-to-the-london-design-festival/
 
Description Mozfest 2016 - Databox: Hack an App 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact The Databox - www.databoxproject.uk - provides a radical alternative to widespread data harvesting and data processing 'in the cloud'. Instead data processing takes place 'on the box' and is limited to what is needed to deliver specific services. We introduce the Databox platform to the Mozilla community and provide participants with the opportunity to get their hands on this novel privacy-preserving platform. This hands on session will exploit data provided by Internet of Things devices deployed around the Mozilla Festival. Participants will be provided with a brief overview of the Databox platform before being invited to build 'apps' that sit on the Databox. Exploiting a modified Node Red app-building environment, participants will discover how to make apps that respect the requirement of informed consent and allow individuals to exercise granular choice over data processing; choices which are translated into enforceable policies on the Databox and govern data access and use.
Year(s) Of Engagement Activity 2016
URL https://app.mozillafestival.org/#_session-172
 
Description Mozfest 2016 - Databox: Hack an App (Hack On 1) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact This is a quiet hack following the previous hack a Databox session - www.databoxproject.uk - Introducing the Databox platform to the Mozilla community and provide participants with the opportunity to get their hands on this novel privacy-preserving platform. This hands on session will exploit data provided by Internet of Things devices deployed around the Mozilla Festival.
Year(s) Of Engagement Activity 2016
URL https://app.mozillafestival.org/#_session-1172
 
Description Mozfest 2016 - Databox: Hack an App (Hack On 2) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact This is a quiet hack following the previous hack a Databox session - www.databoxproject.uk - Introducing the Databox platform to the Mozilla community and provide participants with the opportunity to get their hands on this novel privacy-preserving platform. This hands on session will exploit data provided by Internet of Things devices deployed around the Mozilla Festival.
Year(s) Of Engagement Activity 2016
URL https://app.mozillafestival.org/#_session-1173
 
Description Mozfest 2016 - Introducing the Databox 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact The Databox - www.databoxproject.uk - provides a radical alternative to widespread data harvesting and data processing 'in the cloud'. Instead data processing takes place 'on the box' and is limited to what is needed to deliver specific services. We introduce the Databox platform to the Mozilla community and provide participants with the opportunity to get their hands on this novel privacy-preserving platform.
Year(s) Of Engagement Activity 2016
URL https://app.mozillafestival.org/#_session-950
 
Description Mozfest 2016 - The Kitchen Databox Demo with BBC R&D 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact In collaboration with BBC R&D, Nottingham, Cambridge and Queen Mary universities present the Databox - www.databoxproject.uk - to drive community engagement with and discussion of the dilemmas of connected spaces. The Databox allows people to control access to personal data generated by Internet-enabled things, and allows them to exploit that data for their own benefit. Lucky participations will take part in making a cold chocolate dessert in front of a live audience, following a novel 'object-based media' recipe that exploits data from their interactions with Internet-enabled appliances, utensils and food packaging to deliver timely and appropriate video instructions. Getting your hands on our connected future will drive discussion of the positives and negatives of using the personal data produced in our mundane interactions with everyday things to drive new media experiences. Of course participants will also be able to eat and enjoy the fruits of their labour. Bon appétit!
Year(s) Of Engagement Activity 2016
URL https://app.mozillafestival.org/#_session-171
 
Description Mozilla Festival 2015 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact Public engagement workshop that sought to develop insights into public reasoning about the Internet of Things in the home.

The workshop informed the development of user interfaces for personal data management vis-a-vis IoT applications in the home.
Year(s) Of Engagement Activity 2015
URL https://app.mozillafestival.org/#_session-550
 
Description Mozilla Festival Main Session: Decentring Personal Data Processing 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Dedicated session at the pioneering Internet privacy venue 'Mozfest' introducing and engaging developers and the public at large to privacy-preserving application development for the internet of things
Year(s) Of Engagement Activity 2017
URL https://guidebook.com/guide/114124/event/16741331/
 
Description Ofcom Workshop on Digital Media and Big Data, University of Nottingham 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Invited to discuss my research activities around the Internet of Things and its potential impact on personal data

Fostering awareness of potential impact of Internet of Things
Year(s) Of Engagement Activity 2015
 
Description Privacy and Trust Workshop, Horizon Digital Economy Hub 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact The workshop presented and explored contemporary concerns with privacy and trust occasioned by the Internet of Things

Workshop participants were invited to explore how the issues discussed might impact their professional practice, and to envision future research trajectories
Year(s) Of Engagement Activity 2015
 
Description Public Service Internet 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Exploring the concept of a public service internet
Year(s) Of Engagement Activity 2018
URL https://ti.to/Mozilla/mozfesthouse-publicserviceinternethealth/en
 
Description Sarajevo Unlimited 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact This activity brought together a group of young creatives from across the Western Balkans to take part in designing the future of broadcasting by working with the BBC, Mixed Reality Laboratory, Databox and the Foundation for Art and Creative Technology (FACT) as part of the British Council's PlayUK programme and design of The Living Room of the Future
Year(s) Of Engagement Activity 2017
URL https://kosovo.britishcouncil.org/en/the-living-room-of-the-future
 
Description SmartEnergy GB: Leveraging energy data for digital health and care monitoring 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Roundtable discussion with SmartEnergyGB centring on the potential to leverage energy data to support digital health care applciations
Year(s) Of Engagement Activity 2017
URL https://www.smartenergygb.org/en/resources/press-centre/press-releases-folder/energising-healthcare
 
Description The Living Room of the Future at FACT 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact Deployment of the Living Room of the Future at the Foundation for Art and Creative Technologies (FACT); key impact is uptake of IoT Databox by BBC R&D: https://www.bbc.co.uk/rd/projects/databox
Year(s) Of Engagement Activity 2018
URL https://www.youtube.com/watch?v=yneprnGCRm0&feature=youtu.be
 
Description Unilever Consumer Technology Insight Group 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Professional Practitioners
Results and Impact The results of ethnographic work on human interaction with things in the home and its relevance for logging movements of multiple objects were presented and discussed

Shaping industry thinking around R&D activities
Year(s) Of Engagement Activity 2015
 
Description V&A Digital Design Weekend 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact Deployment of the Living Room of the Future (LRoTF) at Victoria and Albert museum; increased public awareness of IoT-based technologies and the Databox
Year(s) Of Engagement Activity 2018
URL https://www.vam.ac.uk/event/6YVLW34q/digital-design-weekend-2018-ldf