Empowering Privacy in the Connected Home Communal Use of Smart Technologies

Lead Research Organisation: University of Oxford
Department Name: Computer Science

Abstract

he latest wave of internet-connected smart home technologies promises convenience and control over a diverse network of different systems, such as appliances, utilities, and entertainment devices. Striking the balance between convenience and control proves to be a minefield for product designers. Firstly, the data needs of these technologies amplify concerns over improper data collection and processing practices, highlighting a power imbalance between users and manufacturers. Secondly, convenience and control favour specific practices of use that manifest in related power differentials among household members. Additionally, devices are sometimes utilised for coercive control or domestic abuse.

These are issues of information and interpersonal privacy that surface in the home. However, due to the rapid evolution of technology, the nature of these issues remains under-explored. To fill in this research gap, we ask: 'How can households living in connected homes be empowered in their privacy?' Because privacy is a concept that invites many different definitions and interpretations, the thesis adopts an exploratory and inductive approach. It approaches the overarching research question in four steps: (1) 34 semi-structured interviews inquiring people about their internet-connected and smart device usage practices; (2) a six-month ethnomethodologically informed study of six households' experiences with smart home devices; (3) a conceptual framework to position emerging findings for research and design; and (4) two case studies that demonstrate the applicability of this framework to privacy in smart homes.

Inductive thematic analysis of interview data provided insights into the ways in which technology use in the home was communal. Building on these insights and their relationship to privacy, we used grounded analysis to analyse and present
data from home visits, individual diaries, and observations. Sensitising concepts from ethnomethodology provided focus and perspectives on the establishment of communal use. Key findings include (1) fluid divisions of labour (planned and unplanned) that contributed to the construction of roles with respect to devices; (2) the ways in which household members' interactions contribute to a sense of normalcy (e.g. appropriate use)and to the management of relationships inside and outside the home; (3) that household members sometimes articulated this normalcy in rules to highlight expectations of use and everyday considerations of privacy. We used conceptual framework analysis to link these insights with salient concepts from existing literature on privacy for smart technologies. The framework offered an additional agentic perspective and sensitising concepts to inform innovation in research and design. The case studies drew on the framework to discuss strengths and weaknesses of research contributions. The insights gained from the study offer implications for data protection regulations along with academic debates on interpersonal power imbalances in the home.


This project falls within the EPSRC Cyber Security research area

Planned Impact

It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:

* The IT industry; vendors of hardware and software, and within this the IT Security industry;

* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;

* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;

* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;

* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;

* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.

Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.

Publications

10 25 50

Studentship Projects

Project Reference Relationship Related To Start End Student Name
EP/P00881X/1 01/10/2016 31/03/2023
2816044 Studentship EP/P00881X/1 01/10/2016 23/04/2021 Martin Kraemer