Design challenges of privacy controls for IoT systems

Licentiate thesis, 2019

The Internet of Things (IoT), based on single-purpose internet-connected devices, becomes more and more pervasive. It is increasingly adopted by private households and hospitality industry, providing services such as security, monitoring or voice assistance via the "cloud". In order to develop effective privacy controls for this technology, users should be kept in the loop of managing the flows of the data they generate. That's why user’s privacy preferences and respective contextual factors need to be understood and incorporated in the design of corresponding controls, which is the topic of this work.
Although the users of IoT environments had relatively accurate mental models about the data practices employed by IoT vendors, they did not steer the users towards taking protective actions. IoT users still expect vendors and regulators or policymakers to protect them from the privacy and security threats entailed by the adoption of in-house IoT devices. Other findings revealed that users underestimate these threats and are uncertain and/or unaware of privacy and security controls offered by IoT vendors. These findings suggest the demand for tools such as indicators of data collection and data flows, to address the issues of user awareness. Next, usable control interfaces are needed to empower IoT users in making informed decisions about the privacy of their household-generated data.
Following up on the prevalence of voice assistants as the main control interface for in-house IoT devices, the second work investigated users’ expectations of the next generation of this technology based on constant listening. It examined contextual factors such as the sensitivity of a conversation to be shared with the assistant in exchange for service provision, perceived service usefulness or perceived comfort of service provision. The most desired but at the same time the most controversial types of services this technology can offer turned out to be carrying out actions on users’ behalf. Main concerns respondents expressed pertained to privacy and conveniences such an assistant can offer. Further, study participants pointed to the importance of robustness of the system in respecting their preferences of how relevant or timely the offered assistance is. These concerns pointed to the need of providing ways of enforcing a set of user preferences in the end user product. The identified concerns were found to influence users’ privacy decision making when considering trade-offs between privacy and convenience offered by the next generation of voice assistants.
The thesis also offers a reflection on how to improve the usability of existing and which factors to consider when designing new privacy controls for IoT by investigating the data flows generated by IoT devices and by designing privacy indicators, controls and certification mechanism.