George Chalhoub
Ivan Flechais
Ruba Abu-Salma
ABSTRACT
Smart home devices are growing in popularity due to their functionality, convenience, and comfort. However, they are raising security and privacy concerns for users who may have very little technical ability. User experience (UX) focuses on improving user interactions, but little work has investigated how companies factor user experience into the security and privacy design of smart home devices as a means of addressing these concerns. To explore this in more detail, we designed and conducted six in-depth interviews with employees of a large smart home company in the United Kingdom. We analyzed the data using Grounded Theory, and found little evidence that UX is a consideration for the security design of these devices. Based on the results of our study, we proposed user-centered design guidelines and recommendations to improve data protection in smart homes.
- Statista. 2020. Smart Home - worldwide | Statista Market Forecast. (Jan. 2020). https://www.statista. com/outlook/279/100/smart-home/worldwideGoogle Scholar
- Noura Abdi, Kopo M. Ramokapane, and Jose M. Such. 2019. More than Smart Speakers: Security and Privacy Perceptions of Smart Home Personal Assistants. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019).Google Scholar
- Noura Aleisa and Karen Renaud. 2017. Privacy of the Internet of Things: A systematic literature review. In Proceedings of the 50th Hawaii International Conference on System Sciences.Google ScholarCross Ref
- Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2017. A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic. arXiv preprint arXiv:1705.06805 (2017).Google Scholar
- Parks Associates. 2019. Parks Associates: Privacy concerns increasing among smart home device owners. (Oct. 2019).Google Scholar
- Daniel Bastos, Fabio Giubilo, Mark Shackleton, and Fadi El-Moussa. 2018. GDPR Privacy Implications for the Internet of Things.Google Scholar
- Johanna Bergman and Isabelle Johansson. 2017. The user experience perspective of Internet of Things development. (2017).Google Scholar
- Johanna Bergman, Thomas Olsson, Isabelle Johansson, and Kirsten Rassmus-Gröhn. 2018. An exploratory study on how Internet of Things developing companies handle User Experience Requirements. In International Working Conference on Requirements Engineering: Foundation for Software Quality. Springer, 20--36.Google ScholarCross Ref
- Dennis Basil Bromley and Dennis Basil Bromley. 1986. The case-study method in psychology and related disciplines. Wiley Chichester.Google Scholar
- Matt Burgess. 2018. The IoT's security nightmare will never end. You can now search insecure cameras by address. Wired UK (Nov. 2018). https://www.wired.co.uk/article/internet-of-things-security-camera-search-locationGoogle Scholar
- William Buxton and Richard Sniderman. 1980. Iteration in the design of the human-computer interface. In proceedings of the 13th Annual Meeting of the Human Factors Association of Canada, Vol. 7281. 37.Google Scholar
- Lee A. Bygrave. 2017. Data protection by design and by default: Deciphering the EU's legislative requirements. Oslo Law Review 4, 02 (2017), 105--120.Google ScholarCross Ref
- Charles F. Cannell, Peter V. Miller, and Lois Oksenberg. 1981. Research on interviewing techniques. Sociological methodology 12 (1981), 389--437.Google Scholar
- Isis Chong, Aiping Xiong, and Robert W. Proctor. 2019. Human factors in the privacy and security of the internet of things. Ergonomics in Design 27, 3 (2019), 5--10.Google ScholarCross Ref
- Paul Dunphy, John Vines, Lizzie Coles-Kemp, Rachel Clarke, Vasilis Vlachokyriakos, Peter Wright, John McCarthy, and Patrick Olivier. 2014. Understanding the experience-centeredness of privacy and security technologies. In Proceedings of the 2014 New Security Paradigms Workshop. ACM, 83--94.Google ScholarDigital Library
- Ivan Flechais, M. Angela Sasse, and Stephen Hailes. 2003. Bringing security home: A process for developing secure and usable systems. In Proceedings of the 2003 workshop on New security paradigms. ACM, 49--57.Google ScholarDigital Library
- Jesse James Garrett. 2010. The elements of user experience: user-centered design for the web and beyond. Pearson Education.Google Scholar
- Christine Geeng and Franziska Roesner. 2019. Who's In Control?: Interactions In Multi-User Smart Homes. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 268.Google ScholarDigital Library
- Leo A. Goodman. 1961. Snowball sampling. The annals of mathematical statistics (1961), 148--170.Google Scholar
- Seda Gürses, Carmela Troncoso, and Claudia Diaz. 2015. Engineering privacy by design reloaded. In Amsterdam Privacy Conference. 1--21.Google Scholar
- Marc Hassenzahl, Sarah Diefenbach, and Anja Göritz. 2010. Needs, affect, and interactive products--Facets of user experience. Interacting with computers 22, 5 (2010), 353--362.Google Scholar
- Marc Hassenzahl and Noam Tractinsky. 2006. User experience-a research agenda. Behaviour & information technology 25, 2 (2006), 91--97.Google Scholar
- Lassi A. Liikkanen, Harri Kilpiö, Lauri Svan, and Miko Hiltunen. 2014. Lean UX: the next generation of user-centered agile development?. In Proceedings of the 8th Nordic Conference on Human-Computer Interaction: Fun, Fast, Foundational. ACM, 1095--1100.Google ScholarDigital Library
- Kuo-Yi Lin, Chen-Fu Chien, and Rhoann Kerh. 2016. UNISON framework of data-driven innovation for extracting user experience of product design of wearable devices. Computers & Industrial Engineering 99 (2016), 487--502.Google ScholarDigital Library
- Robert C. Martin. 2002. Agile software development: principles, patterns, and practices. Prentice Hall.Google Scholar
- John McCarthy and Peter Wright. 2007. Technology as experience. MIT press.Google ScholarDigital Library
- Sharan B. Merriam. 1988. Case study research in education: A qualitative approach. Jossey-Bass.Google Scholar
- Sharan B. Merriam. 1998. Qualitative Research and Case Study Applications in Education. Revised and Expanded from" Case Study Research in Education.". ERIC.Google Scholar
- Gabe Morazan. 2019. What Is Privacy UX? (May 2019). https://www.cmswire.com/digital-experience/what-is-privacy-ux/Google Scholar
- Jack Narcotta. 2018. Smart Home Surveillance Camera Market Analysis and Forecast. (April 2018).Google Scholar
- Razvan Nicolescu, Michael Huth, Petar Radanliev, and David De Roure. 2018. State of The Art in IoT-Beyond Economic Value. London. (2018).Google Scholar
- Norbert Nthala and Ivan Flechais. 2018. Informal support networks: An investigation into home data security practices. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). 63--82.Google Scholar
- Jeungmin Oh and Uichin Lee. 2015. Exploring UX issues in Quantified Self technologies. In 2015 Eighth International Conference on Mobile Computing and Ubiquitous Networking (ICarnegie Mellon University). 53--59. DOI: http://dx.doi.org/10.1109/ICarnegie Mellon University.2015.7061028Google ScholarCross Ref
- Helena Holmström Olsson, Jan Bosch, and Brian Katumba. 2016. User Dimensions in 'Internet of Things' Systems: The UDIT Model. In Software Business (Lecture Notes in Business Information Processing), Andrey Maglyas and Anna-Lena Lamprecht (Eds.). Springer International Publishing, Cham, 161--168. DOI: http://dx.doi.org/10.1007/978--3--319--40515--5_13Google ScholarCross Ref
- Janice Redish and Carol Barnum. 2011. Overlap, influence, intertwining: The interplay of UX and technical communication. Journal of Usability Studies 6, 3 (2011), 90--101.Google ScholarDigital Library
- Claire Rowland and Martin Charlier. 2015. User Experience Design for the Internet of Things. O'Reilly Media.Google Scholar
- Claire Rowland, Elizabeth Goodman, Martin Charlier, Ann Light, and Alfred Lui. 2015. Designing connected products: UX for the consumer Internet of Things. "O'Reilly Media, Inc.".Google ScholarDigital Library
- F. B. Shava and D. Van Greunen. 2013. Factors affecting user experience with security features: A case study of an academic institution in Namibia. In 2013 Information Security for South Africa. 1--8. DOI: http://dx.doi.org/10.1109/ISSA.2013.6641061Google ScholarCross Ref
- Anselm Strauss and Juliet M. Corbin. 1997. Grounded theory in practice. Sage.Google Scholar
- Jitesh Ubrani, Ramon Llamas, and Michael Shirer. 2019. Double-Digit Growth Expected in the Smart Home Market, Says IDC. (March 2019). https://www.idc.com/getdoc.jsp?containerId=prUS44971219Google Scholar
- Paul Voigt and Axel Von dem Bussche. 2017. The eu general data protection regulation (gdpr). A Practical Guide, 1st Ed., Cham: Springer International Publishing (2017).Google ScholarCross Ref
- Elizabeth Wolfe and Brian Ries. 2019. Ring camera: A hacker accessed a family's security camera told their 8-year-old daughter he was Santa Claus - CNN. (Dec. 2019). https://edition.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.htmlGoogle Scholar
- Teng Xu, James B. Wendt, and Miodrag Potkonjak. 2014. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design. IEEE Press, 417--423.Google ScholarDigital Library
- Robert K. Yin. 2017. Case study research and applications: Design and methods. Sage publications.Google Scholar
- Eric Zeng and Franziska Roesner. 2019. Understanding and improving security and privacy in multi-user smart homes: A design exploration and in-home user study. In 28th USENIX Security Symposium (USENIX Security 19). 159--176.Google Scholar
- Kai Zhao and Lina Ge. 2013. A survey on the internet of things security. In 2013 Ninth international conference on computational intelligence and security. IEEE, 663--667.Google ScholarDigital Library
- Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster. 2018. User perceptions of smart home IoT privacy. Proceedings of the ACM on Human-Computer Interaction 2, CSCW (2018), 200.Google ScholarDigital Library
- Mary Ellen Zurko. 2005. User-centered security: Stepping up to the grand challenge. In 21st Annual Computer Security Applications Conference (ACSAC'05). IEEE, 14--pp.Google ScholarDigital Library
Index Terms
- Factoring User Experience into the Security and Privacy Design of Smart Home Devices: A Case Study
Recommendations
The UX of Things: Exploring UX Principles to Inform Security and Privacy Design in the Smart Home
CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing SystemsSmart home devices have been successful in fulfilling functional requirements but have often failed at incorporating user-centric security and privacy. This research project addresses the problem of security and privacy in the smart home through the lens ...
“It did not give me an option to decline”: A Longitudinal Analysis of the User Experience of Security and Privacy in Smart Home Products
CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing SystemsSmart home products aren’t living up to their promise. They claim to transform the way we live, providing convenience, energy efficiency, and safety. However, the reality is significantly less profound and often frustrating. This is particularly ...
User Perceptions of Smart Home IoT Privacy
Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart ...
Comments