With an eye towards policy, Landau publishes research on the Internet of Things

If a landlord installs a smart doorbell with a camera on their rental properties, how does the data get stored and who should be able to access it? How would a tenant’s need for privacy compete with the landlord’s priorities? Professor Susan Landau of the Department of Computer Science explores these questions and more in two recent papers on the integration of Internet of Things (IoT) devices into daily life.

As IoT devices become more common, key conflicts emerge between users with differing priorities. Landau’s first paper, “Tussle in Home IoT: Conflicting Requirements and Pathways to Resolution” explores these conflicting requirements. Landau and co-author Tushar Jois of the City College of New York examine different features (privacy, reliability, controllability) that stakeholders such as residents, owners, managers, and authorities may prioritize in a device. Their work draws on earlier models exploring the role of safety, security and privacy in the adoption of earlier technologies and introduces IoT-specific factors such as controllability, usability, and data portability. The paper will appear at the upcoming Technology Privacy Research Conference in September. 

Home IoT devices have largely been conceptualized and implemented in single family home environments, but Landau’s work encompasses a range of living scenarios. How is installing a smart lock different in an apartment building compared to a single-family home? What unique issues arise when using smart devices in collective living settings such as college dorms or assisted living facilities? Through a series of real-world examples, the researchers attempt to untangle the unique characteristics of different living environments and balance conflicting needs of different groups. Their work makes clear that IoT implementation and use are too nuanced for a single solution, but stronger policy could help guide decisions between equally important priorities.

Landau’s second paper focuses more specifically on issues related to IoT device repair, which often requires specialized knowledge, equipment, or access. “Help me help you: Privacy Concerns for Third Party IoT Device Repair,” proposes the concept of a HandyTech, a repair technician like a plumber or electrician who can troubleshoot and fix IoT devices. Although HandyTech is not currently an established occupation, the researchers make recommendations that could facilitate the growth of this field. They presented their findings at the Privacy Enhancing Technologies Symposium in Washington, DC.

Through interviewing a representative population of the United States, the researchers evaluated people’s willingness to use a HandyTech to repair three smart devices with varying levels of sensitive data: a CPAP machine, a smart refrigerator, and a smart speaker. They analyzed the results for demographic trends and situational factors that could influence people’s decision to use HandyTech services.

Users who are younger, have multiple children, or already own several smart home devices were more likely to use a HandyTech in hypothetical scenarios. Other factors such as gender, education, or income did not show any significant differences in participants’ willingness to use a HandyTech. People tended to be more cautious with devices that contain private information, but urgency to fix an important device could override some of those privacy concerns.

Their research investigated whether there were any best practices that could increase the likelihood of someone using a HandyTech. For example, if people were more open to using licensed HandyTechs, implementing state licensing requirements could make people more willing to use them. Their findings offer insights for developers, device manufacturers, and policymakers.

Landau’s research is part of a five-year National Science Foundation Frontier grant that examines the human, social, and technological scope of the security and privacy challenges emerging in Smart Homes across a wide range of residential stakeholders. Security and Privacy in the Lifecycle of IoT for Consumer Environments (SPLICE) involves eleven faculty investigators from City College of the City University of New York, Dartmouth, Johns Hopkins, Morgan State, Tufts University, the University of Illinois, the University of Michigan, and the University of Maryland.

On a broader scale, Landau’s work connects policy and technology with a focus on social impact. At Tufts, she founded a master’s program in cybersecurity and public policy. She is also the director of the Tufts Cybersecurity Center for the Public Good which pursues cybersecurity work with attention to technology's impact on civic engagement and societal well-being. 

The content of this article is solely the responsibility of the authors and does not necessarily represent the official views of the National Science Foundation. Research reported in this article was supported by the National Science Foundation, under award number 1955228.