Useful shortcuts: Using design heuristics for consent and permission in smart home devices

Prior research in smart home privacy highlights significant issues with how users understand, permit, and consent to data use. Some of the underlying issues point to unclear data protection regulations, lack of design principles, and dark patterns. In this paper, we explore heuristics (also called “mental shortcuts” or “rules of thumb”) as a means to address security and privacy design challenges in smart homes. First, we systematically analyze an existing body of data on smart homes to derive a set of heuristics for the design of consent and permission. Second, we apply these heuristics in four participatory co-design workshops (n = 14) and report on their use. Third, we analyze the use of the heuristics through thematic analysis highlighting heuristic application, purpose, and effectiveness in successful and unsuccessful design outcomes. We conclude with a discussion of the wider challenges, opportunities, and future work for improving design practices for consent in smart homes

Usable Privacy Mechanisms in Home Security Camera Systems

IoT is the interconnection of People and things. When our home is connected to IoT devices it is referred to as smart home. The idea behind smart home is to make life easier such that there is little human intervention. The IoT devices in our smart home exchange data for storage and processing. This exchange of data leads to users concerns on data security and privacy. In this work, we implemented home security camera systems in such a way that the data is encrypted first before being sent to the cloud in a very simplified and almost automatic encryption process. This implementation was done putting in mind usability. A questionnaire was used to gather results on users’ perception about the system. The user study conducted yielded positive result

Ontological support for managing non-functional requirements in pervasive healthcare

We designed and implemented an ontological solution which makes provisions for choosing adequate devices/sensors for remote monitoring of patients who are suffering from post-stroke health complications. We argue that non-functional requirements in pervasive healthcare systems can be elicited and managed through semantics stored in ontological models and reasoning created upon them. Our contribution is twofold: we enrich the elicitation process and specification of non-functional requirements within the requirements engineering discipline and we address the pervasiveness of healthcare software systems through the way of choosing devices embedded in them and users expectations in terms of having access to pervasive services personalized to their needs

Understanding Circumstances for Desirable Proactive Behaviour of Voice Assistants: The Proactivity Dilemma

The next major evolutionary stage for voice assistants will be their capability to initiate interactions by themselves. However, to design proactive interactions, it is crucial to understand whether and when this behaviour is considered useful and how desirable it is perceived for different social contexts or ongoing activities. To investigate people's perspectives on proactivity and appropriate circumstances for it, we designed a set of storyboards depicting a variety of proactive actions in everyday situations and social settings and presented them to 15 participants in interactive interviews. Our findings suggest that, although many participants see benefits in agent proactivity, such as for urgent or critical issues, there are concerns about interference with social activities in multi-party settings, potential loss of agency, and intrusiveness. We discuss our implications for designing voice assistants with desirable proactive features

Culture-based artefacts to inform ICT design: foundations and practice

Cultural aspects frame our perception of the world and direct the many different ways people interact with things in it. For this reason, these aspects should be considered when designing technology with the purpose to positively impact people in a community. In this paper, we revisit the foundations of culture aiming to bring this concept in dialogue with design. To inform design with cultural aspects, we model reality in three levels of formality: informal, formal, and technical, and subscribe to a systemic vision that considers the technical solution as part of a more complex social system in which people live and interact. In this paper, we instantiate this theoretical and methodological view by presenting two case studies of technology design in which culture-based artefacts were employed to inform the design process. We claim that as important as including issues related to culture in the ICT design agenda—from the conception to the development, evaluation, and adoption of a technology—is the need to support the design process with adequate artefacts that help identifying cultural aspects within communities and translating them into sociotechnical requirements. We argue that a culturally informed perspective on design can go beyond an informative analysis, and can be integrated with the theoretical and methodological framework used to support design, throughout the entire design process

How WEIRD is Usable Privacy and Security Research? (Extended Version)

In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations.Comment: This paper is the extended version of the paper presented at USENIX SECURITY 202

Seven HCI Grand Challenges

This article aims to investigate the Grand Challenges which arise in the current and emerging landscape of rapid technological evolution towards more intelligent interactive technologies, coupled with increased and widened societal needs, as well as individual and collective expectations that HCI, as a discipline, is called upon to address. A perspective oriented to humane and social values is adopted, formulating the challenges in terms of the impact of emerging intelligent interactive technologies on human life both at the individual and societal levels. Seven Grand Challenges are identified and presented in this article: Human-Technology Symbiosis; Human-Environment Interactions; Ethics, Privacy and Security; Well-being, Health and Eudaimonia; Accessibility and Universal Access; Learning and Creativity; and Social Organization and Democracy. Although not exhaustive, they summarize the views and research priorities of an international interdisciplinary group of experts, reflecting different scientific perspectives, methodological approaches and application domains. Each identified Grand Challenge is analyzed in terms of: concept and problem definition; main research issues involved and state of the art; and associated emerging requirements

User-Centered Context-Aware Mobile Applications―The Next Generation of Personal Mobile Computing

Context-aware mobile applications are systems that can sense clues about the situational environment and enable appropriate mechanisms of interaction between end users and systems, making mobile devices more intelligent, adaptive, and personalized. In order to better understand such systems and the potentials and barriers of their development and practical use, this paper provides a state-of-the-art overview of this emerging field. Unlike previous literature reviews that mainly focus on technological aspects of such systems, we examine this field mainly from application and research methodology perspectives. We will present major types of current context-aware mobile applications, and discuss research methodologies used in existing studies and their limitations, and highlight potential future research

Designing AI-Based Systems for Qualitative Data Collection and Analysis

With the continuously increasing impact of information systems (IS) on private and professional life, it has become crucial to integrate users in the IS development process. One of the critical reasons for failed IS projects is the inability to accurately meet user requirements, resulting from an incomplete or inaccurate collection of requirements during the requirements elicitation (RE) phase. While interviews are the most effective RE technique, they face several challenges that make them a questionable fit for the numerous, heterogeneous, and geographically distributed users of contemporary IS. Three significant challenges limit the involvement of a large number of users in IS development processes today. Firstly, there is a lack of tool support to conduct interviews with a wide audience. While initial studies show promising results in utilizing text-based conversational agents (chatbots) as interviewer substitutes, we lack design knowledge for designing AI-based chatbots that leverage established interviewing techniques in the context of RE. By successfully applying chatbot-based interviewing, vast amounts of qualitative data can be collected. Secondly, there is a need to provide tool support enabling the analysis of large amounts of qualitative interview data. Once again, while modern technologies, such as machine learning (ML), promise remedy, concrete implementations of automated analysis for unstructured qualitative data lag behind the promise. There is a need to design interactive ML (IML) systems for supporting the coding process of qualitative data, which centers around simple interaction formats to teach the ML system, and transparent and understandable suggestions to support data analysis. Thirdly, while organizations rely on online feedback to inform requirements without explicitly conducting RE interviews (e.g., from app stores), we know little about the demographics of who is giving feedback and what motivates them to do so. Using online feedback as requirement source risks including solely the concerns and desires of vocal user groups. With this thesis, I tackle these three challenges in two parts. In part I, I address the first and the second challenge by presenting and evaluating two innovative AI-based systems, a chatbot for requirements elicitation and an IML system to semi-automate qualitative coding. In part II, I address the third challenge by presenting results from a large-scale study on IS feedback engagement. With both parts, I contribute with prescriptive knowledge for designing AI-based qualitative data collection and analysis systems and help to establish a deeper understanding of the coverage of existing data collected from online sources. Besides providing concrete artifacts, architectures, and evaluations, I demonstrate the application of a chatbot interviewer to understand user values in smartphones and provide guidance for extending feedback coverage from underrepresented IS user groups