Empowering Privacy in the Connected Home Communal Use of Smart Technologies
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
he latest wave of internet-connected smart home technologies promises convenience and control over a diverse network of different systems, such as appliances, utilities, and entertainment devices. Striking the balance between convenience and control proves to be a minefield for product designers. Firstly, the data needs of these technologies amplify concerns over improper data collection and processing practices, highlighting a power imbalance between users and manufacturers. Secondly, convenience and control favour specific practices of use that manifest in related power differentials among household members. Additionally, devices are sometimes utilised for coercive control or domestic abuse.
These are issues of information and interpersonal privacy that surface in the home. However, due to the rapid evolution of technology, the nature of these issues remains under-explored. To fill in this research gap, we ask: 'How can households living in connected homes be empowered in their privacy?' Because privacy is a concept that invites many different definitions and interpretations, the thesis adopts an exploratory and inductive approach. It approaches the overarching research question in four steps: (1) 34 semi-structured interviews inquiring people about their internet-connected and smart device usage practices; (2) a six-month ethnomethodologically informed study of six households' experiences with smart home devices; (3) a conceptual framework to position emerging findings for research and design; and (4) two case studies that demonstrate the applicability of this framework to privacy in smart homes.
Inductive thematic analysis of interview data provided insights into the ways in which technology use in the home was communal. Building on these insights and their relationship to privacy, we used grounded analysis to analyse and present
data from home visits, individual diaries, and observations. Sensitising concepts from ethnomethodology provided focus and perspectives on the establishment of communal use. Key findings include (1) fluid divisions of labour (planned and unplanned) that contributed to the construction of roles with respect to devices; (2) the ways in which household members' interactions contribute to a sense of normalcy (e.g. appropriate use)and to the management of relationships inside and outside the home; (3) that household members sometimes articulated this normalcy in rules to highlight expectations of use and everyday considerations of privacy. We used conceptual framework analysis to link these insights with salient concepts from existing literature on privacy for smart technologies. The framework offered an additional agentic perspective and sensitising concepts to inform innovation in research and design. The case studies drew on the framework to discuss strengths and weaknesses of research contributions. The insights gained from the study offer implications for data protection regulations along with academic debates on interpersonal power imbalances in the home.
This project falls within the EPSRC Cyber Security research area
These are issues of information and interpersonal privacy that surface in the home. However, due to the rapid evolution of technology, the nature of these issues remains under-explored. To fill in this research gap, we ask: 'How can households living in connected homes be empowered in their privacy?' Because privacy is a concept that invites many different definitions and interpretations, the thesis adopts an exploratory and inductive approach. It approaches the overarching research question in four steps: (1) 34 semi-structured interviews inquiring people about their internet-connected and smart device usage practices; (2) a six-month ethnomethodologically informed study of six households' experiences with smart home devices; (3) a conceptual framework to position emerging findings for research and design; and (4) two case studies that demonstrate the applicability of this framework to privacy in smart homes.
Inductive thematic analysis of interview data provided insights into the ways in which technology use in the home was communal. Building on these insights and their relationship to privacy, we used grounded analysis to analyse and present
data from home visits, individual diaries, and observations. Sensitising concepts from ethnomethodology provided focus and perspectives on the establishment of communal use. Key findings include (1) fluid divisions of labour (planned and unplanned) that contributed to the construction of roles with respect to devices; (2) the ways in which household members' interactions contribute to a sense of normalcy (e.g. appropriate use)and to the management of relationships inside and outside the home; (3) that household members sometimes articulated this normalcy in rules to highlight expectations of use and everyday considerations of privacy. We used conceptual framework analysis to link these insights with salient concepts from existing literature on privacy for smart technologies. The framework offered an additional agentic perspective and sensitising concepts to inform innovation in research and design. The case studies drew on the framework to discuss strengths and weaknesses of research contributions. The insights gained from the study offer implications for data protection regulations along with academic debates on interpersonal power imbalances in the home.
This project falls within the EPSRC Cyber Security research area
Planned Impact
It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
Organisations
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/P00881X/1 | 01/10/2016 | 31/03/2023 | |||
| 1813608 | Studentship | EP/P00881X/1 | 01/10/2016 | 23/04/2021 | Martin Kraemer |
| Description | Title: "Empowering Communal and Digital Privacy Practices in Smart Homes" The complexity of privacy in smart homes is amplified by the use of emerging internet-connected technology in socially dynamic and diverse settings; new affordances of devices allow for novel ways of interaction and bringing about well-known context collapses: portability of devices and ad hoc sharing of information between locations causing traditional physical, social, and institutional boundaries to blur. Situated in this context, the goal of my efforts is to empower households' communal privacy practices by design. Because household members have diverse interests, aptitudes, and knowledge, and because social relationships are ever evolving, use of and responsibility for technology in the home is not shared equally. Considering this situation bares potential for severe issues when relationships break down (e.g. intimate partner violence), and it also reflects the realities of everyday life. My research [1] illustrates how the use of smart technology in the home is necessarily communal, breaking with the traditional "the administrator is the user" paradigm of personal devices. I further explore and observe the communal nature of these realities and privacy practices in relation to smart home devices [2]. These insights inform opportunities to design for communal privacy practices in smart homes [3]. Solutions to empower communal privacy practices in the home, necessarily stretch across social, physical, and technological domains. My thesis will discussion of how social practices (e.g. shared responsibilities, shared knowledge, and mutual consideration of householders) can provide insights for and be reflected in product design and privacy practice. [1] exploratory mixed method study with 35 interviews and 805 survey response [2] longitudinal ethnographic interview and diary study of 6 household (until May 2020) [3] four participatory design workshops on usable security and privacy |
| Exploitation Route | Research on my PhD is ongoing, and further studies to foster the understanding and inform the design of smart home devices are planned. |
| Sectors | Digital/Communication/Information Technologies (including Software) |