An informed consent model for managing the privacy paradox in smart buildings

Chehara Pathmabandu; John Grundy; Mohan Baruwal Chhetri; Zubair Baig

doi:10.1145/3417113.3422180

An informed consent model for managing the privacy paradox in smart buildings

Chehara Pathmabandu, John Grundy, Mohan Baruwal Chhetri, Zubair Baig

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

12 Citations (Scopus)

Abstract

Smart Buildings are defined as the 'buildings of the future' and use the latest Internet of Things (IoT) technologies to automate building operations and services. This is to both increase operational efficiency as well as maximize occupant comfort and environmental impact. However, these 'smart devices'-typically used with default settings-also enable the capture and sharing of a variety of sensitive and personal data about the occupants. Given the non-intrusive nature of most IoT devices, individuals have little awareness of what data is being collected about them and what happens to it downstream. Even if they are aware, convenience overrides any privacy concerns, and they do not take sufficient steps to control the data collection, thereby exacerbating the privacy paradox. At the same time, IoT-based building automation systems are revealing highly sensitive insights about the building occupants by synthesizing data from multiple sources and this can be exploited by the device vendors and unauthorised third parties. To address the tension between privacy and convenience in an increasingly connected world, we propose a user-centric informed consent model to foster an accurate user discretion process for privacy choice in IoT-enabled smart buildings the proposed model aims to (a) inform and increase user awareness about how their data is being collected and used, (b) provide fine-grained visibility into privacy compliance and infringement by IoT devices, and (c) recommend corrective actions through nudges (or soft notifications). We illustrate how our proposed consent model works through a use case scenario of a voice-Activated smart office.

Original language	English
Title of host publication	Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2020
Editors	Claire Le Goues, David Lo
Place of Publication	New York NY USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	19-26
Number of pages	8
ISBN (Electronic)	9781450381284
DOIs	https://doi.org/10.1145/3417113.3422180
Publication status	Published - 2020
Event	Workshop on Human Centric Software Engineering & Cyber Security 2020 - Virtual, Melbourne, Australia Duration: 22 Sept 2020 → 25 Sept 2020 https://dl.acm.org/doi/proceedings/10.1145/3417113 (Proceedings) https://conf.researchr.org/home/ase-2020 (Website)

Conference

Conference	Workshop on Human Centric Software Engineering & Cyber Security 2020
Abbreviated title	HCSE&CS 2020
Country/Territory	Australia
City	Melbourne
Period	22/09/20 → 25/09/20
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3417113 (Proceedings) https://conf.researchr.org/home/ase-2020 (Website)

Keywords

Informed consent
IoT
Privacy policies
Privacy Preservation
Privacy threats
Smart Buildings
Smart Homes
Voice-Assistants

Access to Document

10.1145/3417113.3422180

Cite this

Pathmabandu, C., Grundy, J., Chhetri, M. B., & Baig, Z. (2020). An informed consent model for managing the privacy paradox in smart buildings. In C. Le Goues, & D. Lo (Eds.), Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2020 (pp. 19-26). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1145/3417113.3422180

Pathmabandu, Chehara ; Grundy, John ; Chhetri, Mohan Baruwal et al. / An informed consent model for managing the privacy paradox in smart buildings. Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2020. editor / Claire Le Goues ; David Lo. New York NY USA : IEEE, Institute of Electrical and Electronics Engineers, 2020. pp. 19-26

@inproceedings{fc0f21908a6342c2b207bef1cbfc0581,

title = "An informed consent model for managing the privacy paradox in smart buildings",

abstract = "Smart Buildings are defined as the 'buildings of the future' and use the latest Internet of Things (IoT) technologies to automate building operations and services. This is to both increase operational efficiency as well as maximize occupant comfort and environmental impact. However, these 'smart devices'-typically used with default settings-also enable the capture and sharing of a variety of sensitive and personal data about the occupants. Given the non-intrusive nature of most IoT devices, individuals have little awareness of what data is being collected about them and what happens to it downstream. Even if they are aware, convenience overrides any privacy concerns, and they do not take sufficient steps to control the data collection, thereby exacerbating the privacy paradox. At the same time, IoT-based building automation systems are revealing highly sensitive insights about the building occupants by synthesizing data from multiple sources and this can be exploited by the device vendors and unauthorised third parties. To address the tension between privacy and convenience in an increasingly connected world, we propose a user-centric informed consent model to foster an accurate user discretion process for privacy choice in IoT-enabled smart buildings the proposed model aims to (a) inform and increase user awareness about how their data is being collected and used, (b) provide fine-grained visibility into privacy compliance and infringement by IoT devices, and (c) recommend corrective actions through nudges (or soft notifications). We illustrate how our proposed consent model works through a use case scenario of a voice-Activated smart office. ",

keywords = "Informed consent, IoT, Privacy policies, Privacy Preservation, Privacy threats, Smart Buildings, Smart Homes, Voice-Assistants",

author = "Chehara Pathmabandu and John Grundy and Chhetri, {Mohan Baruwal} and Zubair Baig",

year = "2020",

doi = "10.1145/3417113.3422180",

language = "English",

pages = "19--26",

editor = "{Le Goues}, {Claire } and Lo, {David }",

booktitle = "Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2020",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

note = "Workshop on Human Centric Software Engineering & Cyber Security 2020, HCSE&CS 2020 ; Conference date: 22-09-2020 Through 25-09-2020",

url = "https://dl.acm.org/doi/proceedings/10.1145/3417113, https://conf.researchr.org/home/ase-2020",

}

Pathmabandu, C, Grundy, J, Chhetri, MB & Baig, Z 2020, An informed consent model for managing the privacy paradox in smart buildings. in C Le Goues & D Lo (eds), Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2020. IEEE, Institute of Electrical and Electronics Engineers, New York NY USA, pp. 19-26, Workshop on Human Centric Software Engineering & Cyber Security 2020, Melbourne, Victoria, Australia, 22/09/20. https://doi.org/10.1145/3417113.3422180

An informed consent model for managing the privacy paradox in smart buildings. / Pathmabandu, Chehara; Grundy, John; Chhetri, Mohan Baruwal et al.
Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2020. ed. / Claire Le Goues; David Lo. New York NY USA: IEEE, Institute of Electrical and Electronics Engineers, 2020. p. 19-26.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - An informed consent model for managing the privacy paradox in smart buildings

AU - Pathmabandu, Chehara

AU - Grundy, John

AU - Chhetri, Mohan Baruwal

AU - Baig, Zubair

PY - 2020

Y1 - 2020

N2 - Smart Buildings are defined as the 'buildings of the future' and use the latest Internet of Things (IoT) technologies to automate building operations and services. This is to both increase operational efficiency as well as maximize occupant comfort and environmental impact. However, these 'smart devices'-typically used with default settings-also enable the capture and sharing of a variety of sensitive and personal data about the occupants. Given the non-intrusive nature of most IoT devices, individuals have little awareness of what data is being collected about them and what happens to it downstream. Even if they are aware, convenience overrides any privacy concerns, and they do not take sufficient steps to control the data collection, thereby exacerbating the privacy paradox. At the same time, IoT-based building automation systems are revealing highly sensitive insights about the building occupants by synthesizing data from multiple sources and this can be exploited by the device vendors and unauthorised third parties. To address the tension between privacy and convenience in an increasingly connected world, we propose a user-centric informed consent model to foster an accurate user discretion process for privacy choice in IoT-enabled smart buildings the proposed model aims to (a) inform and increase user awareness about how their data is being collected and used, (b) provide fine-grained visibility into privacy compliance and infringement by IoT devices, and (c) recommend corrective actions through nudges (or soft notifications). We illustrate how our proposed consent model works through a use case scenario of a voice-Activated smart office.

AB - Smart Buildings are defined as the 'buildings of the future' and use the latest Internet of Things (IoT) technologies to automate building operations and services. This is to both increase operational efficiency as well as maximize occupant comfort and environmental impact. However, these 'smart devices'-typically used with default settings-also enable the capture and sharing of a variety of sensitive and personal data about the occupants. Given the non-intrusive nature of most IoT devices, individuals have little awareness of what data is being collected about them and what happens to it downstream. Even if they are aware, convenience overrides any privacy concerns, and they do not take sufficient steps to control the data collection, thereby exacerbating the privacy paradox. At the same time, IoT-based building automation systems are revealing highly sensitive insights about the building occupants by synthesizing data from multiple sources and this can be exploited by the device vendors and unauthorised third parties. To address the tension between privacy and convenience in an increasingly connected world, we propose a user-centric informed consent model to foster an accurate user discretion process for privacy choice in IoT-enabled smart buildings the proposed model aims to (a) inform and increase user awareness about how their data is being collected and used, (b) provide fine-grained visibility into privacy compliance and infringement by IoT devices, and (c) recommend corrective actions through nudges (or soft notifications). We illustrate how our proposed consent model works through a use case scenario of a voice-Activated smart office.

KW - Informed consent

KW - IoT

KW - Privacy policies

KW - Privacy Preservation

KW - Privacy threats

KW - Smart Buildings

KW - Smart Homes

KW - Voice-Assistants

UR - http://www.scopus.com/inward/record.url?scp=85100629437&partnerID=8YFLogxK

U2 - 10.1145/3417113.3422180

DO - 10.1145/3417113.3422180

M3 - Conference Paper

AN - SCOPUS:85100629437

SP - 19

EP - 26

BT - Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2020

A2 - Le Goues, Claire

A2 - Lo, David

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - New York NY USA

T2 - Workshop on Human Centric Software Engineering & Cyber Security 2020

Y2 - 22 September 2020 through 25 September 2020

ER -

Pathmabandu C, Grundy J, Chhetri MB, Baig Z. An informed consent model for managing the privacy paradox in smart buildings. In Le Goues C, Lo D, editors, Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2020. New York NY USA: IEEE, Institute of Electrical and Electronics Engineers. 2020. p. 19-26 doi: 10.1145/3417113.3422180

An informed consent model for managing the privacy paradox in smart buildings

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this