Friday 23 August 2013

Usable Privacy - did you install the seat belt in your car?

In a recent chat with the journalist Eva Wolfangel we discussed why digital security and privacy is so little usable and why many computer scientists seem not to understand the problem. Reading several articles in newspapers I got really annoyed by many of my CS colleagues who:
(1) blame the user for not taking enough care of the data and for making little effort in installing the encryption modules into their email programs and
(2) focusing on new technologies and better encryption and better algorithms to improve security and not considering the entire system including the human user.

Eva wrote an interesting and comprehensive article on usable security in Spectrum der Wissenschaft (it is German and the full version is online at her website). In the following I am sharing the some of the thougts..

@1: Mount the Seatbelts Yourself 
Technically I agree that encryption is not really complicated to install and that most people using computers could learn how to keep their data safe and how to communicate using encryption. From my experience in the real world I see that they chose not to learn it and I completely disagree that this is the user’s fault. Making the end user responsible for security and privacy is in my view entirely and utterly wrong.

Photo by Wikipedia/Michiel1972
Consider this (obviously fictional) example that applies “user responsibly for safety” to another widely used product and shows how strange the idea is:
When you get a new car there are already fixtures and wholes prepared where you can attach the seat belts. In order to get the seats belts which you can than mount in your car, you just have to fill in a post-card (you get with the car) and send it to the manufacturer of your favorite seat belts. You get then the safety belts mailed to you home – free of charge – together with a 2-page manual how to fix them in the car. The only thing you need is a screwdriver and a wrench. It is so easy that really everyone can make their car safe within 30 minutes.

It is very clear and little surprising to anyone that this is not how we do it with cars. We have agreed that the car company is responsible for the safety of the car. Economically the above example would make it cheaper for the manufacturer – probably not all people would claim their seatbelt and the company saves the effort in mounting it. Nevertheless car companies still have to provide you with a build in seat belt if they want to sell their car in Germany…

@2: Live in a Bunker 
Again from a technical perspective it is of great importance that the algorithms are secure and the encryption is strong. Nevertheless this is in my view not the key problem. Take the following example. What is better a 20 random character string password or a 4 digit PIN? From a technical perspective this is clear – however most people will be able to remember a 4 digit PIN (without writing it down) but not many will be able to remember a 20 random character string. Hence the overall system with the PIN – if well designed – may be “better” than the apparently save password based solution (as people will write it down or email it to themselves).

In the physical world we are used to complex (social) systems that allow us to live in a secure environment. In Germany people generally live in houses and flats where people who are determined can break in (e.g. using a sledge hammer on the door, a stone from the front yard on the window, or using more subtle methods). Even though people could fortify their house most people I know value their windows and easy access to their house and do not live in a bunker or add seven additional locks to their front doors – they balance risk and comfort. In traditional environments we rely on the whole system: we expect that neighbors will keep an open eye, forced entry will leave traces, police will try to find a burglar and that they will be punished, and that for most people the risk of committing a crime is not worth the potential benefit.

From a society perspective we similarly balance risk and freedom. If a purse is stolen in a small town the police will not seal off the area and check each person and search each house. Traditionally this is not possible due to the effort involved but also due to our understanding that the actions taken by law enforcement has to follow the proportionality principle. In Germany we do not consider imposing a curfew, even though one could imagine that this would even more reduce the crime rate.

I think we should take the physical and social world as example and inspiration to create usable and secure systems that offer privacy to the end user.

Overall I think security and privacy in digital systems is much more a human computer interaction problem than most people (especially from the security community) think! If you read German you may want to look at the article Eva Wolfangel wrote on the topic.

Friday 21 June 2013

Reading List: Developing Ubiquitous Computing Devices


Together with Thomas Kubitza I was teaching a class in the UBI summer school on Developing Ubiquitous Computing Devices. The summer school was held in Oulu and organized by Timo Ojala.

In total the summer school include the following 4 courses:

  • EXPERIENCE-DRIVEN DESIGN OF UBIQUITOUS INTERACTIONS IN URBAN SPACES Prof. Kaisa Väänänen-Vainio-Mattila, Tampere University of Technology, Finland & Dr. Jonna Häkkilä, University of Oulu, Finland
  • DESIGNING MOBILE AUGMENTED REALITY INTERFACES Prof. Mark Billinghurst, University of Canterbury, New Zealand 
  • DEVELOPING UBIQUITOUS COMPUTING DEVICES Prof. Albrecht Schmidt, University of Stuttgart, Germany 
  • URBAN RESOURCE NETWORKS Prof. Malcolm McCullough, University of Michigan, USA 
There was more than work... if you are curious have a look at flickr for photos and more photos.
As some people asked for the reading list for our course on Developing Ubiquitous Computing Devices, I thought I post it here.... The reading list is also available as PDF for download.

The reading list comprises 4 areas that are relevant to our course. We expect that you have come across the original paper by Marc Weiser, introducing the concept of ubiquitous computing [1].

In the first part we have included papers that provide an overview of interaction concepts that are relevant in the context of ubiquitous computing. In particular this is tangible interaction [2a] [2b], reality based interaction [3], embedded interaction [4]. The concept of informative art [5] is introduced as well as the notion of persuasive technologies [16].This part is concluded with an overview of interaction with computers in the 21st century [6].

In the second part we have included a paper on how to create smart devices [7], which gives an overview of sensors that may be useful for creating novel and reactive devices. In [8] sensing is extended to context and context-awareness. In the third part we introduce the .NET Gadgeteer platform [9] and show some trends in the development of ubiquitous computing devices: how can we create new products once we can fabricate things [10] and enclosures [10b] and how ubicomp technologies enable new devices and devices concepts [11].

The final part provides some ideas for application scenarios that we plan to assess during the course. In [12] a concept of how to change a bed into a communication media is presented and in [13] a social alarm clock is presented. A recent study [14] shows the impact of technology on communication and in [15] an overview of novel alarm clocks and sleep monitoring devices is given.

[1] Weiser, M. (1991). The computer for the 21st century. Scientific american,265(3), 94-104.
[2a] Ishii, H., & Ullmer, B. (1997, March). Tangible bits: towards seamless interfaces between people, bits and atoms. In Proceedings of the ACM SIGCHI Conference on Human factors in computing systems (pp. 234-241). ACM.
[2b] Ishii, H. (2008, February). Tangible bits: beyond pixels. In Proceedings of the 2nd international conference on Tangible and embedded interaction (pp. xv-xxv). ACM.
[3] Jacob, R. J., Girouard, A., Hirshfield, L. M., Horn, M. S., Shaer, O., Solovey, E. T., & Zigelbaum, J. (2008, April). Reality-based interaction: a framework for post-WIMP interfaces. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 201-210). ACM.
[4] Kranz, M., Holleis, P., & Schmidt, A. (2010). Embedded interaction: Interacting with the internet of things. Internet Computing, IEEE, 14(2), 46-53.
[5] Ferscha, A. (2007). Informative art display metaphors. In Universal Access in Human-Computer Interaction. Ambient Interaction (pp. 82-92). Springer Berlin Heidelberg.
[6] Schmidt, A., Pfleging, B., Alt, F., Sahami, A., & Fitzpatrick, G. (2012). Interacting with 21st-Century Computers. Pervasive Computing, IEEE, 11(1), 22-31.
[7] Schmidt, A., & Van Laerhoven, K. (2001). How to build smart appliances?.Personal Communications, IEEE, 8(4), 66-71.
[8] Schmidt, A. (2013). Context-Aware Computing: Context-Awareness, Context-Aware User Interfaces, and Implicit Interaction. The Encyclopedia of Human-Computer Interaction, 2nd Ed.
[9] Villar, N., Scott, J., Hodges, S., Hammil, K., & Miller, C. (2012). . NET gadgeteer: a platform for custom devices. In Pervasive Computing (pp. 216-233). Springer Berlin Heidelberg.
[10] Schmidt, A., Doring, T., & Sylvester, A. (2011). Changing How We Make and Deliver Smart Devices: When Can I Print Out My New Phone?. Pervasive Computing, IEEE, 10(4), 6-9.
[10b] Weichel C., Lau M., Gellersen,H. (2013). Enclosed: A Component-Centric Interface for Designing Prototype Enclosures. Tangible, embedded, and embodied interaction conference (TEI 2013)
[11] Hodges, S., Villar, N., Scott, J., & Schmidt, A. (2012). A New Era for Ubicomp Development. Pervasive Computing, IEEE, 11(1), 5-9.
[12] Dodge, C. (1997, March). The bed: a medium for intimate communication. InCHI'97 extended abstracts on Human factors in computing systems: looking to the future (pp. 371-372). ACM.
[13] Schmidt, A., Shirazi, A. S., & van Laerhoven, K. (2012). Are You in Bed with Technology?. Pervasive Computing, IEEE, 11(4), 4-7.
[14] Schmidt, A. (2006). Network alarm clock (The 3AD International Design Competition). Personal and Ubiquitous Computing, 10(2-3), 191-192.
[15] Shirazi, A. S., Clawson, J., Hassanpour, Y., Tourian, M. J., Schmidt, A., Chi, E. H., Borazio, M., & Van Laerhoven, K. (2013). Already Up? Using Mobile Phones to Track & Share Sleep Behavior. International Journal of Human-Computer Studies.
[16] Fogg, B. J. (2009, April). A behavior model for persuasive design. In Proceedings of the 4th international conference on persuasive technology (p. 40). ACM.

Appendix: .NET Gadgeteer Links (optional)

Tuesday 4 June 2013

Keynote at PerDis2013: Proxemic Interactions by Saul Greenberg

Saul Greenberg presented the opening keynote at PerDis2013, the second international symposium on pervasive displays, held at Google in Mountain View, US.

Saul gave a brief history motivating the challenges that arise from the move to interactive ubiquitous computing environments. The degrees of freedom for interaction, when moving from graphical user interfaces to ubiquitous computing environments, are massively increased and the social context becomes central.

The other line of motivation Saul used is the notion of proxemics as studied in social science. The primary element is the distance between people. By physical proximity a lot in the interaction between people is determined. Interpersonal relationships are at the heart of the theory by Edward Hall, who explored this already in the 1960ties ([1], for a short overview and introduction see the Wiki-Pages on Edward Hall and on Proxemics). It is interesting (and not undisputed) to see that people in computer science have moved the notion of proxemics beyond human-to-human interaction to include technologies.

Saul outlined the dimensions for proximic interactions:
  • Distance 
  • Movement 
  • Location 
  • Orientation 
  • Identity 

In a paper in ACM Interactions Saul provides a really good and easy to read introductory text to proximic interactions – which is also well suitable for teaching [2]. There is more on the dimensions, the overall concept of proximic interactions, and potential applications in a 2010 paper they presented at ITS [3]. One of the aspects they have looked into in their work is at supporting proxemic interactions through a toolkit [4]. For more details we can be looking forward to the PhD thesis of Nicolai Marquardt, who worked in Saul’s group and who will defend in a few weeks.

Proxiemic interaction is a hot topic and several researchers have started to explore this space. There is also a Dagstuhl Seminar on the topic later this year ( orgamized by Saul Greenberg, Kasper Hornbæk, Aaron Quigley, and Harald Reiterer.

[1] Hall, E. T., & Hall, E. T. (1969). The hidden dimension (p. 119). New York: Anchor Books.
[2] Greenberg, S., Marquardt, N., Ballendat, T., Diaz-Marino, R., & Wang, M. (2011). Proxemic interactions: the new ubicomp?. interactions, 18(1), 42-50.
[3] Ballendat, T., Marquardt, N., & Greenberg, S. (2010, November). Proxemic interaction: designing for a proximity and orientation-aware environment. In ACM International Conference on Interactive Tabletops and Surfaces (pp. 121-130). ACM.
[4] Marquardt, N., Diaz-Marino, R., Boring, S., & Greenberg, S. (2011, October). The proximity toolkit: prototyping proxemic interactions in ubiquitous computing ecologies. In Proceedings of the 24th annual ACM symposium on User interface software and technology (pp. 315-326). ACM.