Physically-intuitive Privacy and Security: A Design Paradigm for Building User Trust in Smart Sensing Environments

TL;DR

This paper introduces the PIPS paradigm, a physics-based design approach for privacy and security controls in smart sensing environments to enhance user trust.

Contribution

It proposes the PIPS paradigm with three principles and demonstrates their effectiveness through three case studies improving user trust.

Findings

Case studies show increased user trust with PIPS principles.

PIPS principles enable intuitive physical control of sensors.

Perceptible assurance enhances user confidence in privacy controls.

Abstract

Sensor-based interactive systems -- e.g., "smart" speakers, webcams, and RFID tags -- allow us to embed computational functionality into physical environments. They also expose users to real and perceived privacy risks: users know that device manufacturers, app developers, and malicious third parties want to collect and monetize their personal data, which fuels their mistrust of these systems even in the presence of privacy and security controls. We propose a new design paradigm, physically-intuitive privacy and security (PIPS), which aims to improve user trust by designing privacy and security controls that provide users with simple, physics-based conceptual models of their operation. PIPS consists of three principles: (1) direct physical manipulation of sensor state; (2) perceptible assurance of sensor state; and, (3) intent-aligned sensor (de)activation. We illustrate these principles through three case studies -- Smart Webcam Cover, Powering for Privacy, and On-demand RFID -- each of which has been shown to improve trust relative to existing sensor-based systems.