A Storm in an IoT Cup: The Emergence of Cyber-Physical Social Machines

The concept of social machines is increasingly being used to characterise various socio-cognitive spaces on the Web. Social machines are human collectives using networked digital technology which initiate real-world processes and activities including human communication, interactions and knowledge creation. As such, they continuously emerge and fade on the Web. The relationship between humans and machines is made more complex by the adoption of Internet of Things (IoT) sensors and devices. The scale, automation, continuous sensing, and actuation capabilities of these devices add an extra dimension to the relationship between humans and machines making it difficult to understand their evolution at either the systemic or the conceptual level. This article describes these new socio-technical systems, which we term Cyber-Physical Social Machines, through different exemplars, and considers the associated challenges of security and privacy.Comment: 14 pages, 4 figure

Proteomic Analysis of a Noninvasive Human Model of Acute Inflammation and Its Resolution: The Twenty-one Day Gingivitis Model

The 21-day experimental gingivitis model, an established noninvasive model of inflammation in response to increasing bacterial accumulation in humans, is designed to enable the study of both the induction and resolution of inflammation. Here, we have analyzed gingival crevicular fluid, an oral fluid comprising a serum transudate and tissue exudates, by LC−MS/MS using Fourier transform ion cyclotron resonance mass spectrometry and iTRAQ isobaric mass tags, to establish meta-proteomic profiles of inflammation-induced changes in proteins in healthy young volunteers. Across the course of experimentally induced gingivitis, we identified 16 bacterial and 186 human proteins. Although abundances of the bacterial proteins identified did not vary temporally, Fusobacterium outer membrane proteins were detected. Fusobacterium species have previously been associated with periodontal health or disease. The human proteins identified spanned a wide range of compartments (both extracellular and intracellular) and functions, including serum proteins, proteins displaying antibacterial properties, and proteins with functions associated with cellular transcription, DNA binding, the cytoskeleton, cell adhesion, and cilia. PolySNAP3 clustering software was used in a multilayered analytical approach. Clusters of proteins that associated with changes to the clinical parameters included neuronal and synapse associated proteins

The Data that Drives Cyber Insurance: A Study into the Underwriting and Claims Processes

Cyber insurance is a key component in risk management, intended to transfer risks and support business recovery in the event of a cyber incident. As cyber insurance is still a new concept in practice and research, there are many unanswered questions regarding the data and economic models that drive it, the coverage options and pricing of premiums, and its more procedural policy-related aspects. This paper aims to address some of these questions by focusing on the key types of data which are used by cyber-insurance practitioners, particularly for decision-making in the insurance underwriting and claim processes. We further explore practitioners' perceptions of the challenges they face in gathering and using data, and identify gaps where further data is required. We draw our conclusions from a qualitative study by conducting a focus group with a range of cyber-insurance professionals (including underwriters, actuaries, claims specialists, breach responders, and cyber operations specialists) and provide valuable contributions to existing knowledge. These insights include examples of key data types which contribute to the calculation of premiums and decisions on claims, the identification of challenges and gaps at various stages of data gathering, and initial perspectives on the development of a pre-competitive dataset for the cyber insurance industry. We believe an improved understanding of data gathering and usage in cyber insurance, and of the current challenges faced, can be invaluable for informing future research and practice

Cost-effectiveness of Dementia Care Mapping in care home settings – Evaluation of a randomised controlled trial

Background: Behaviours such as agitation impact on the quality of life of care home residents with dementia and increase health care use. Interventions to prevent these behaviours have little evidence supporting their effectiveness or cost-effectiveness. We conducted an economic evaluation alongside a trial assessing Dementia Care Mapping™ (DCM) versus usual care for reducing agitation and highlight methodological challenges of conducting evaluations in this population and setting. Methods: RCT data over 16 months from English care home residents with dementia (intervention n = 418; control n = 308) were analysed. We conducted a cost-utility analysis from the healthcare provider perspective. We gathered resource use and utility (EQ-5D-5L and DEMQoL-Proxy-U) from people living with dementia and proxy informants (staff and relatives). Data were analysed using seemingly unrelated regression, accounting for care home clustering and bootstrapping used to capture sampling uncertainty. Results: Costs were higher in the intervention arm than control arm (incremental = £1,479) due in part to high cost outliers. There were small QALY gains (incremental = 0.024) in favour of DCM. The base case ICER (£64,380 per QALY) suggests DCM is not cost-effective versus usual care. With the exception of analyses excluding high cost outliers, which suggested a potential for DCM to be cost-effective, sensitivity analyses corroborated the base case findings. Bootstrapped estimates suggested DCM had a low probability (p<0.20 where λ=£20,000) of being cost-effective versus control. Conclusion: DCM does not appear to be a cost-effective intervention versus usual care in this group and setting. The evaluation highlighted several methodological challenges relating to validity of utility assessments, loss to follow-up and compliance. Further research is needed on handling high cost individuals and capturing utility in this group

Privacy is the boring bit: User perceptions and behaviour in the Internet-of-Things

In opinion polls, the public frequently claim to value their privacy. However, individuals often seem to overlook the principle, contributing to a disparity labelled the `Privacy Paradox'. The growth of the Internet-of-Things (IoT) is frequently claimed to place privacy at risk. However, the Paradox remains underexplored in the IoT. In addressing this, we first conduct an online survey (N = 170) to compare public opinions of IoT and less-novel devices. Although we find users perceive privacy risks, many decide to purchase smart devices. With the IoT rated less usable/familiar, we assert that it constrains protective behaviour. To explore this hypothesis, we perform contextualised interviews (N = 40) with the general public. In these dialogues, owners discuss their opinions and actions with a personal device. We find the Paradox is significantly more prevalent in the IoT, frequently justified by a lack of awareness. We finish by highlighting the qualitative comments of users, and suggesting practical solutions to their issues. This is the first work, to our knowledge, to evaluate the Privacy Paradox over a broad range of technologies

The perfect storm: The privacy paradox and the Internet-of-Things

Privacy is a concept found throughout human history and opinion polls suggest that the public value this principle. However, while many individuals claim to care about privacy, they are often perceived to express behaviour to the contrary. This phenomenon is known as the Privacy Paradox and its existence has been validated through numerous psychological, economic and computer science studies. Several contributory factors have been suggested including user interface design, risk saliency, social norms and default configurations. We posit that the further proliferation of the Internet-of-Things (IoT) will aggravate many of these factors, posing even greater risks to individuals’ privacy. This paper explores the evolution of both the paradox and the IoT, discusses how privacy risk might alter over the coming years, and suggests further research required to address a reasonable balance. We believe both technological and socio-technical measures are necessary to ensure privacy is protected in a world of ubiquitous data collection

Privacy Salience: Taxonomies and Research Opportunities

Privacy is a well-understood concept in the physical world, with us all desiring some escape from the public gaze. However, while individuals might recognise locking doors as protecting privacy, they have difficulty practising equivalent actions online. Privacy salience considers the tangibility of this important principle; one which is often obscured in digital environments. Through extensively surveying a range of studies, we construct the first taxonomies of privacy salience. After coding articles and identifying commonalities, we categorise works by their methodologies, platforms and underlying themes. While web browsing appears to be frequently analysed, the Internet-of-Things has received little attention. Through our use of category tuples and frequency matrices, we then explore those research opportunities which might have been overlooked. These include studies of targeted advertising and its affect on salience in social networks. It is through refining our understanding of this important topic that we can better highlight the subject of privacy

(Smart)Watch Out! Encouraging Privacy-Protective Behavior through Interactive Games

The public frequently appear to overlook privacy, even when they claim to value it. This disparity between concern and behavior is known as the Privacy Paradox. Smartwatches are novel products that offer helpful functionality. However, although they often store sensitive data (e.g. text messages), owners rarely use protective features (e.g. app permissions). Campaigns have sought to increase privacy awareness, but initiatives tend to be ineffective. We therefore explore the efficacy of a serious game in encouraging protective smartwatch behavior. The application is designed with Learning Science principles and evaluated through a study with 504 smartwatch owners. After soliciting concerns and behavior, our treatment group [n = 252] play the online simulation. Our control group do not participate [n = 252], as we seek to limit extraneous variables. In a follow-up session, all users report posttest responses and qualitative justifications. We appear to encourage protective behavior, with our treatment group using privacy features more often. We also significantly reduce the prevalence of the Paradox, realigning behavior with concern. These quantitative findings are complemented by an inductive analysis of user rationale. Smartwatch behavior is influenced by several factors, including privacy awareness and data sensitivity. Finally, we use Protection Motivation Theory (PMT) to develop intervention recommendations. These include risk exposure tools and protective demonstrations. To our knowledge, this is the first tool to encourage protective smartwatch behavior

Security risk assessment in Internet of Things systems

Information security risk assessment methods have served us well over the past two decades. They have provided a tool for organizations and governments to use in protecting themselves against pertinent risks. As the complexity, pervasiveness, and automation of technology systems increases and cyberspace matures, particularly with the Internet of Things (IoT), there is a strong argument that we will need new approaches to assess risk and build trust. The challenge with simply extending existing assessment methodologies to IoT systems is that we could be blind to new risks arising in such ecosystems. These risks could be related to the high degrees of connectivity present or the coupling of digital, cyber-physical, and social systems. This article makes the case for new methodologies to assess risk in this context that consider the dynamics and uniqueness of the IoT while maintaining the rigor of best practice in risk assessment