4-VA@Mason Team Leads Consumer Privacy Analysis of Personal Assistant Devices
Today, smart home devices are ubiquitous, and increasingly, are playing a more prominent role in the lives of millions of Americans. The question is, however, how big of a role? And is it one that most of us are comfortable with?
These were the topics attracting the attention of Vivian Motti, Assistant Professor in Mason’s College of Engineering and Computing, Department of Information Sciences and Technology, along with two other Virginia professors — Ahmad Salman at James Madison University and Carol Fung (previously at Virginia Commonwealth University), now at Concordia University, Montreal. Although Motti was aware of the similar paths of work being conducted by Salman and Fung, she saw an opportunity to intersect with them and combine their work via a grant from 4-VA.
Now — two years, dozens of interviews, hundreds of reviews, thousands of hours of analysis, and one pandemic later — “Human-Centric Privacy-Preserving Controls for Smart Home Devices” has delivered a concrete set of privacy controls for smart home devices that are effective and easy for consumers to adopt, and relevant and useful for practitioners to incorporate in the implementation of next-generation smart home devices. In fact, the research team has already provided these controls for future implementation by community members from academia, industry, and standardization bodies including the National Institute of Standards and Technology (NIST).
Motti began her journey by considering how smart home devices were being used – by both tech savvy and not so tech savvy — consumers. “What we learned is that the people who are very tech savvy were able to keep their data more private because they know how to configure their network. Consequently, the devices they use only have access to information inside the house and it does not get out,” says Motti. The trouble began, however, with consumers that were not able to get control of their Amazon Alexa, Echo or Dot, or Google Home products. “These consumers didn’t know how to access the log, or how to delete it, were in danger of losing their personal information.” Further, Motti explains, the first versions of the device did not even provide access to these logs to the users. Consequently, says Motti, consumers started to complain.
But just as Motti’s team’s pencils were sharpened, the pandemic hit. Labs were shuttered and students were sent home. The plan to conduct individual consumer interviews needed to be scuttled. The group continued, undaunted. “We could not meet with participants in person, so we modified and amended the protocol of the user studies,” says Motti. “Specifically, we relied more on the analysis of online reviews. Then, we conducted user studies using Zoom and Miro (for the co-design sessions). Lastly, we collected data through Amazon MTurk, reaching a larger number of users and analyzed publicly available online reviews.”
With the data (finally) in hand, the team began parsing out the work. Salman handled the experimental design and data analysis while Fung evaluated physical prototypes to test controls, collaborating with data collection and analysis from user studies. Motti’s students got involved remotely, with Chola Chhetri, a Mason Graduate Research Assistant leading the way with experimental design and data collection and analysis. Chhetri also assisted with papers preparation, submission, and presentations. Graduate students Huining Feng and Haoran Lee helped with the analysis of online reviews, experimental design, and data collection while undergrads Jacob Cox and Joseph Aversa looked at graphic user interfaces for privacy controls.
The next hurdle was to aggregate the information and data collected and present it to stakeholders who could impact how the information is implemented within the industry. “Chola led the meeting with advisory board members from academia, industry, and NIST, sharing the major findings as well as the recommendations and suggestions that we developed to improve current devices,” says Motti. “It was great because he received very positive feedback about the validity of the work, and what the industry must first recognize to better understand the needs of consumers and end users, and second, to recommend what should be implemented and deployed in the next generation devices.”
While the pace of both compliance and legislation has been slow and reactive in the personal assistant environment, Motti says that a pathway forward is now in the hands of a breath of consumers, industry, and regulators thanks to the 4-VA grant. In fact, their findings have been widely distributed at the National Cyber Summit, Human Factors in Cybersecurity, Human Aspects of Information Security & Assurance, and the International Conference on Information. Additionally, the study will appear in the Association for Computing Machinery Conference on Computer Supported Cooperative Work, and at the Human Factors and Ergonomics Society Annual Meeting.
But Motti sees a longer road ahead, “This grant allowed me to start with an exploratory approach — we looked at the online polls, looked at the literature, interviewed and surveyed participants. But it also sparked new research questions, new areas we would like to test and to go into more depth. Once we saw the results, we know that there is still more work to be done. So, we plan to apply for larger grants from the Commonwealth Cyber Initiative and the National Science Foundation to have more validation for future work related to the project.”
Alexa will be listening…