Research Interests

Secure and Usable Systems Design

  • requirements engineering
  • human computer interaction (HCI)
  • agile development for secure systems

Home Data Security and Privacy

  • risks and impact on the home and third parties
  • understanding home user security
  • preserving home user privacy

Related Areas

  • Appropriate and Effective Controls 
    • Usability, cost, effectiveness need exploring for household, families, and neighbourhoods
    • security design techniques, architectures, practices for home user as system administrators
  • Data Driven Behavioural Understanding
    • in a home setting (multi-households, across neighbourhoods, many families) - collecting, analysing, acting upon data (ethics)
  • Economics of Home Data Security
    • economic models for delivering services to serve the home security market
  • Organisational Role in Home Data Security
    • employers' responsibility in protecting employee's at home
  • Best Practice in Home Data Security
    • security best pracitces for the home

 

Recent Publications

  • Informing the Design of Privacy-Empowering Tools for the Connected Home

    2020
    |
    Conference paper
    Connected devices in the home represent a potentially grave new privacy threat due to their unfettered access to the most personal spaces in people's lives. Prior work has shown that despite concerns about such devices, people often lack sufficient awareness, understanding, or means of taking effective action. To explore the potential for new tools that support such needs directly we developed Aretha, a privacy assistant technology probe that combines a network disaggregator, personal tutor, and firewall, to empower end-users with both the knowledge and mechanisms to control disclosures from their homes. We deployed Aretha in three households over six weeks, with the aim of understanding how this combination of capabilities might enable users to gain awareness of data disclosures by their devices, form educated privacy preferences, and to block unwanted data flows. The probe, with its novel affordances—and its limitations—prompted users to co-adapt, finding new control mechanisms and suggesting new approaches to address the challenge of regaining privacy in the connected home.
    Technology Probe, Privacy-Empowering Technology, Network Disaggregator

  • Responsibility and Privacy: Caring for a Dependent in a Digital Age

    2020
    |
    c-report
    |
    Privacy and Power: Acknowledging the Importance of Privacy Research and Design for Vulnerable Populations (CHI '20 Workshop)
    Taking care of technology for a dependant can be a daunting task. Often poorly resourced and lacking the formal training and codes of practise available to professionals, those giving informal digital care need to be understood and empowered by the HCI community. These problems are particularly challenging when people who share access to devices must negotiate issues of privacy and security, or when those giving care must do so remotely. For example, situations where one user is given responsibility for devices in the home can further exacerbate existing power asymmetries. Using insights from our past and current work on technology adoption in smart homes, we illustrate the reality of informal digital care and highlight how this reality increases the complexity of researching privacy and requires a human-centered approach.
    communal use, smart home, multi-user

  • Factoring user experience into the security and privacy design of smart home devices: A case study

    2020
    |
    Conference paper
    |
    Conference on Human Factors in Computing Systems - Proceedings
    © 2020 Owner/Author. Smart home devices are growing in popularity due to their functionality, convenience, and comfort. However, they are raising security and privacy concerns for users who may have very little technical ability. User experience (UX) focuses on improving user interactions, but little work has investigated how companies factor user experience into the security and privacy design of smart home devices as a means of addressing these concerns. To explore this in more detail, we designed and conducted six in-depth interviews with employees of a large smart home company in the United Kingdom. We analyzed the data using Grounded Theory, and found little evidence that UX is a consideration for the security design of these devices. Based on the results of our study, we proposed user-centered design guidelines and recommendations to improve data protection in smart homes.

  • Further exploring communal technology use in smart homes: Social expectations

    2020
    |
    c-report
    |
    Conference on Human Factors in Computing Systems - Proceedings
    © 2020 Owner/Author. Device use in smart homes is becoming increasingly communal, requiring cohabitants to navigate a complex social and technological context. In this paper, we report findings from an exploratory survey grounded in our prior work on communal technology use in the home [4]. The findings highlight the importance of considering qualities of social relationships and technology in understanding expectations and intentions of communal technology use. We propose a design perspective of social expectations, and we suggest existing designs can be expanded using already available information such as location, and considering additional information, such as levels of trust and reliability.

  • “Alexa, are you spying on me?”: Exploring the effect of user experience on the security and privacy of smart speaker users

    2020
    |
    Conference paper
    |
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    © Springer Nature Switzerland AG 2020. Smart speakers are useful and convenient, but they are associated with numerous security and privacy threats. We conducted thirteen interviews with users of smart speakers to explore the effect of user experience (UX) factors on security and privacy. We analyzed the data using Grounded Theory and validated our results with a qualitative meta-synthesis. We found that smart speaker users lack privacy concerns towards smart speakers, which prompts them to trade their privacy for convenience. However, various trigger points such as negative experiences evoke security and privacy needs. When such needs emerge, existing security and privacy features were not found to be user-friendly which resulted in compensatory behavior. We used our results to propose a conceptual model demonstrating UX’s effect on risk, perceptions and balancing behavior. Finally, we concluded our study by recommending user-friendly security and privacy features for smart speakers.
    • More