Design challenges of privacy controls for IoT systems
Licentiate thesis, 2019
Although the users of IoT environments had relatively accurate mental models about the data practices employed by IoT vendors, they did not steer the users towards taking protective actions. IoT users still expect vendors and regulators or policymakers to protect them from the privacy and security threats entailed by the adoption of in-house IoT devices. Other findings revealed that users underestimate these threats and are uncertain and/or unaware of privacy and security controls offered by IoT vendors. These findings suggest the demand for tools such as indicators of data collection and data flows, to address the issues of user awareness. Next, usable control interfaces are needed to empower IoT users in making informed decisions about the privacy of their household-generated data.
Following up on the prevalence of voice assistants as the main control interface for in-house IoT devices, the second work investigated users’ expectations of the next generation of this technology based on constant listening. It examined contextual factors such as the sensitivity of a conversation to be shared with the assistant in exchange for service provision, perceived service usefulness or perceived comfort of service provision. The most desired but at the same time the most controversial types of services this technology can offer turned out to be carrying out actions on users’ behalf. Main concerns respondents expressed pertained to privacy and conveniences such an assistant can offer. Further, study participants pointed to the importance of robustness of the system in respecting their preferences of how relevant or timely the offered assistance is. These concerns pointed to the need of providing ways of enforcing a set of user preferences in the end user product. The identified concerns were found to influence users’ privacy decision making when considering trade-offs between privacy and convenience offered by the next generation of voice assistants.
The thesis also offers a reflection on how to improve the usability of existing and which factors to consider when designing new privacy controls for IoT by investigating the data flows generated by IoT devices and by designing privacy indicators, controls and certification mechanism.
Internet of Things (IoT)
usable privacy and security
Chalmers, Computer Science and Engineering (Chalmers), Interaction Design (Chalmers)
WASP - Security for Autonomous Systems
Knut and Alice Wallenberg Foundation, 2016-03-01 -- 2021-02-28.
WASP - Interaction and Communication with Autonomous Agents in Sensor-Rich Environments
Knut and Alice Wallenberg Foundation, 2016-01-01 -- 2019-12-31.
Areas of Advance
Information and Communication Technology
Human Computer Interaction
Information Systemes, Social aspects
Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 199L
Chalmers University of Technology
Room Windows (KG-342), building Kuggen, floor 3, Chalmers Lindholmen
Opponent: Prof. Simone Fischer-Hübner, Department of Computer Science, Karlstad University