*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Physicalizing Security and Privacy against Privacy-Invasive Sensors in Everyday Environments
Date: Friday, December 2, 2022
Time: 9:00 AM - 11:00 AM ET
Location (in-person): CODA C1215
Location (remote): click here to join via Zoom
Youngwook Do
PhD Student in Computer Science
School of Interactive Computing
Georgia Institute of Technology
Committee:
Dr. Gregory D. Abowd (co-advisor), College of Engineering, Northeastern University, USA and School of Interactive Computing, Georgia Institute of Technology, USA
Dr. Sauvik Das (co-advisor), Human-Computer Interaction Institute, Carnegie Mellon University, USA and School of Interactive Computing, Georgia Institute of Technology, USA
Dr. Hyunjoo Oh, School of Interactive Computing & School of Industrial Design, Georgia Institute of Technology, USA
Dr. Thad Starner, School of Interactive Computing, Georgia Institute of Technology, USA
Dr. Jason I. Hong, Human-Computer Interaction Institute, Carnegie Mellon University, USA
Abstract:
Security and privacy (S&P) operations of sensor-enabled devices in everyday environments often fail end-users. Specifically, the S&P operations are running inside the devices and are not apparent to end-users. For example, it is unclear to discern if a laptop webcam could be activated without turning on its associated LED indicator or if a smart speaker microphone could record the users’ conversation unwittingly. Moreover, despite claims that end-users’ data is not collected without their knowledge or consent, the users found evidence to the contrary. Owing to that, this creates a discrepancy between how S&P operations actually work and how end-users think they work. Due to this discrepancy, end-users have started losing their trust in using such sensor-enabled devices.
In my research, I aim to narrow the discrepancy by leveraging tangible and physical operations that allow end-users to physically perceive their S&P actions, which, in turn, helps improve trust in sensor-enabled devices. However, privacy concerns with different sensor-enabled devices need to be handled differently. As a metaphor, people could close their doors and perceptibly guarantee that no one can see inside their room. However, closing the door may not completely prevent a conversation sound from going outside the room as sound could propagate through.
In my thesis proposal, I present a series of case studies and demonstrate how to approach such challenges according to various sensing system types. First, I present Smart Webcam Cover (IMWUT 2021), an intelligent physical barrier for a laptop webcam, and discuss design components that establish trust in using the laptop webcam. Second, I showcase Power for Privacy (under review) and explain how to design a physical S&P operation to address privacy concerns with a smart speaker microphone that cannot be completely blocked by a physical barrier.
In my proposed work, I propose how to design a solution to address S&P concerns with passive RFID tags. Passive RFID information could be collected imperceptibly and passively by RFID transceivers without end-users’ knowledge or consent. Unlike a laptop webcam and smart speaker microphone that belong to end-users, the RFID transceiver device does not belong to end-users and they cannot control the RFID transceiver. This uniquely situated sensing system needs to be addressed differently from the webcam and microphone setups. Therefore, I will discuss consideration factors to address the concerns against the passive RFID setup and evaluation plans to assess trust in the effectiveness of the proposed S&P solution. These design implications will contribute to S&P solution designs to address privacy concerns with various sensor-enabled devices situated in a variety of contexts.
