User-centric privacy and security

On The Importance of Current Research Topics.

What are the privacy and security challenges that average users of technology face in their daily life? How important are they and how well do current research topics cover those challenges? In essence, I want to analyse the risks and consequences of different threats, to determine if all categories of threats are adequately covered by current researcher. In other words, the research effort spent on a particular topic should be proportional to the importance of that topic. With average users, I’m referring to the big bulk of users, including not only engineers and computer scientists, but all grandmothers, neighbours, cleaning staff, taxi drivers, sales personnel, and so on.

For a user-centring framing of the discussion, let’s list the possible groups with whom a user could have interactions;

• Family, friends, and colleagues, i.e. white hats.
• Service and hardware providers (email providers, chat operators, phone manufacturers etc.), customers, business associates, i.e. business contacts.
• Third-party contacts, such as advertisers, robo-callers and other legitimate but unwanted service providers, i.e. spammers.
• Criminals (such as stalkers, denial of service attackers, credit-card and identity theft etc.) and foreign spies, i.e. black hats.

To quantify the importance of these groups, we need to assess the risk, in terms of how frequently we are in contact with persons from the group, as well as consequence, in terms of severity of a breach in privacy. As a purely subjective and non-scientific exercise, I’ll therefore make an ordered list of how frequently I have personally encountered such contacts;

• White hats; Family, friends and colleagues — Every day
• Business contacts —Most days
• Spammers — Most days
• Black hats; Denial of Service attacks — I’ve witnessed crashed websites many times
• Black hats; Credit card fraudsters — I’ve encountered fraud attempts a few times
• Black hats; Identity theft attempts — I’ve suspected several attempts
• Black hats; Stalkers — One or more friends have been victims
• Black hats; Spies — One or more people I know have suspected attacks

Similarly, to quantify the consequences, I’ll list the severity of consequences according to my personal (non-scientific) expectations;

• Black hats; Denial of Service attacks — Had to wait a day or two visit a particular website, oh what malady!
• Spammers and advertisers — Annoying, but little actual cost other than wasted time.
• Family, friends and colleagues — The times I’ve witnessed a breach, it usually led to a serious beach of trust.
• Black hats; Credit card fraudsters and Identity theft attempts — Could ruin your economy for a long time.
• Black hats; Stalkers — Physical injury which can in the extreme case be even lethal.
• Black hats; Spies — Potentially lethal, at least loss of reputation and job.

To better understand the outcome, let’s visualize it in a four-quadrant representation:

Frequency vs. consequency of privacy and security breaches.

You can here see that you encounter “Spies” rarely and “Spam” frequently, so they reside, respectively, left and right on the horizontal axis. Similarly, the consequence of a “stalker” can be high, while “Spam” is usual just annoying, such that their positions on the vertical axis are, respectively, high and low. Though my ordering of items is completely heuristic, I do contend that the conclusions are valid. Frequent and high-consequence events would be very bad. Fortunately the figure does not identify any events in that quadrant. The conclusion is however that in the direction of the arrow “Importance” (orthogonal to the dashed lines) events become more important.

The main outcome of this seems to be that for the average user, privacy threats purported by his family and friends (“White-hat”) are most important. Denial-of-Service attacks are, rightly, not of particular concern to individuals, while all the other threats (spies, criminals and spam) are of similar importance. Corporations and governments certainly have different preferences, but this study quantifies average users’ preferences.

What are then the “White-hat” threats, purported by friends and family? To get some idea of possible threats, I can recollect events from my own past:

• By mistake, I sent a chat message to a person B, which was intended for person A, where I lamented how B was annoying me. The anger of person B towards me was justified. However, my privacy was breached, since B saw a message intended for person A.
• When sitting in a bar with some friends, one of the friends left to fetch more drinks and left her camera on the table. Without thinking, I browsed through some of the photos. Her anger towards me was justified. I had breached her privacy.
• At a party at my place, I turned on the desktop computer with the intent of playing some music. However, for the guest to see, up pops some private pictures which I had browsed the last time I used the computer. My privacy was breached.
• I bought a tablet for my partner as a birthday present. A day later I wanted to tune some configurations to make it better suited for my partner. She rightly felt that I breached her privacy, since she had already logged in to her personal email and chat services.
• A friend of mine demonstrated the command history for his speech operated smart device. He could access the history of his smart loudspeaker from his phone. He could even listen to the voice commands made by his spouse and children when he was away. The privacy of his spouse and children were breached.

I could continue the list. The large number of such privacy breaches tells me that either I am particularly exposed to threats, or that such breaches are actually common to many users. I believe the latter, privacy breaches among friends and family are probably common.

Yet all examples are related to desired services. I want to send messages to both persons A and B. We want to share photos among friends and family. My partner does ask me to configure her devices. Smart devices should have a log of past voice commands.

In research related to privacy and security, it would then seem that such privacy among family and friends should be prominently displayed. As a random example, in the newest issue of IEEE Security and Privacy, we should find a large percentage of articles devoted to privacy among friends and family. Uh. Would you believe it if I said that there should be at least one paper devoted to privacy among friends and family? No. No such luck.

Talking to colleagues, I have heard rumours that privacy is an issue that has been considered in research about human-computer interfaces (HCI). Yet I’ve failed to find a representative collection of such papers. Let me know if you have a list of good resources!

In any case, since our research is in the area of speech processing, we have decided to take the matter in our own hands. Since a few years, we are now researching privacy in multi-user and multi-device scenarios. How do you manage privacy when some interactions with your voice services are private and others are shared with multiple users? How do you manage privacy when you sometimes want to share photos and some photos must remain private? Our first results will be published in September. Stay tuned!