Research & Development

Posted by Libby Miller on , last updated

It's an entire year since Andrew Nicolaou, Jasmine Cox and I installed our privacy-themed installation "Walls Have Eyes" at the Design Museum. To mark the end of the Designs of the Year 2015 exhibition that it was part of, Jasmine and I were invited to talk at a review of the year held at the museum, hosted by Delayed Gratification, a slow journalism magazine.

Walls Have Eyes uses off-the-shelf electronics and open source software to demonstrate the kinds of data that can be gleaned from your phone's wifi and by taking photos of you. It uses technologies that are widely used in commercial settings to track footfall and to determine audience characteristics in physical locations, such as when you are walking through a shopping centre or looking at a billboard or screen.

These are technologies that could also be used to personalise your media experiences. It is possible to determine how many people are near a TV in the home by detecting their phones' unique identifiers. Using cameras and face detection, it is feasible to approximate the amount of attention the people in the room are paying to the screen, understand something about their expression and mood, and determine their race, age and gender. This is data that is very valuable to advertisers and potentially to broadcasters too. Our installation was about starting to make these kinds of possibilities visceral to people, because these are technologies which are near-invisible and yet once fully understood, can feel quite invasive.

We appreciated the opportunity to attend the event - there was an excellent quiz of the year, and an informative and moving talk by Pieter van den Blink about his documentary about the impact of the Paris Charlie Hebdo attacks, "Paris - a long year". It also gave us an opportunity to reflect on the work and research changes in the environment since we made the installation.

The most significant change in the UK is probably that the Information Commissioner's Office has issued guidance on the use of wifi tracking devices to collect data of this kind. The guidance is very clear and worth reading in full (pdf) if you have interests or responsibilities in this area. It says that a MAC address (your phone's network identifier) can be regarded as personal information and therefore great care must be taken when collecting it. You must be clear on the purpose of your data collection and use that purpose to set limits on the time it is held for, as well as protecting that data, for example by hashing it. You must also display signs showing that the data is being collected. No-one in the UK should be speculatively accumulating raw data, particularly without notifying people they are doing it.

This raises some interesting issues around consent, particularly when the context is transposed to the home. The original installation at Mozfest in 2014 was part of a larger "Ethical Dilemma Café" run by Ian Forrester and Jasmine, designed to provoke conversations about the meaning of consent for the use of personal data on the web. Newer televisions are also starting to collect this kind of data, as are the new generation of Internet of Things devices, and other smart devices.

IoT and other "smart" devices sometimes request details that might be considered personal, such as your name, location, or information about your personal circumstances or behaviour. More generally, they may collect information about the fact that individuals are in a specific place or not, or information that can be used to derive something about you or your home. For example, data from the "smart meters" that are due to be installed in most homes and businesses in the UK by 2020 can be used to figure out if there is a person in the home at any given time. That's not necessarily personal data, but it could be used be a malicious party to figure out when is a good time to burgle a house, which certainly seems relevant to the occupants' privacy and security. Even simple devices that collect very little information can be used to infer this kind of conclusion if the location is known. Similarly, if a TV is on, located in place and monitoring consumption, that consitutues a significant amount of information about whoever is watching, even without a camera present and without requiring login.

There are currently very valid preoccupations with the security of IoT devices, as vividly illustrated by the Shodan search engine's ability to let you browse vulnerable webcams and industrial control systems.

Even if these systems were secure, ensuring meaningful consent for data to be collected and aggregated is still, as with web activity, a serious undertaking. How often have you clicked through a consent form without reading it in order to get something you wanted on the web? Do you know what your TV set's privacy policy is? How about your cable or other TV provider (here's the BBC's)? What if your TV connects your watching data with other data about you, for example information you or others have put on social networks? What if that data is accidentally leaked or stolen?

There are at least three strands for investigation. One is about the general category of smart devices in the home, the data they are enthusiastically collecting, the effect of that collection on our privacy, and the tradeoffs we are willing to make. @projectsbyif are doing some great work around this, exploring what meaningful consent might look like, and collecting design patterns around data collection, consent and sharing.

The second strand is around the security of data, which is part of a wider problem as we connect previously unconnected devices to the internet. What was a side effect of IP-based delivery of content (the information your browser sends about you while browsing), is now the reason for existence of a whole ecosystem of companies dedicated to monetising that information. Proliferation of connected objects into the physical environment adds an extra dimension of data to be extracted and an extra layer of uncertainty about what connected objects are doing, why they are doing it, and who is benefitting.

A third research area is specifically around personalisation and media. What happens to us when media is delivered mostly or all via the internet, raising the possibility of completely personalised media, via login or other, more subtle means? Privacy and consent is important here but also the social dynamics of media consumption.

For example, we often watch TV with other people, but most of the mechanisms for personalisation of TV, such as login and cookie-based tracking - inherit from those designed for one-person-devices such as phones or laptops. They are designed for a single person, not a family or group. Might personalisation to a single person for what is a collective device change our behaviour, perhaps by making watching TV less of a negotiation? If we don't negotiate, and we drift into watching only our own devices, might that exacerbate the filter bubble effects we are seeing online? Perhaps further reduce the social interaction with our families and friends? This is an ongoing topic for us as we research how people watch television in the home, and who with.

Finally, although it has been rather alarming researching this project, there are alternatives to tracking techniques that collect identifiable data. I have recently had some involvement with a Citizen Sensing project at Knowle West Media Centre in Bristol, as part of a group from Bristol Hackspace. Kit Wallace from Hackspace suggested that we could use the Walls Have Eyes code to help local shops measure footfall. This was something of a concern for me, given the goals of the Walls Have Eyes project, but it got me thinking and researching around the problem a bit further.

There are some serious flaws with just looking at wifi data for detecting the number of people passing by. What about the 40% of people in the UK who do not have smart phones? Are those people irrelevant? Triangulation using this data is approximate, so tracking the physical position of people in this way is also inaccurate.

There are also lots of other ways of collecting this kind of information. Some nice work been done at the Watershed in Bristol on detecting humans using cameras (but without face detection), and perhaps even more interestingly, thermal cameras are getting cheaper and can detect humans without capturing any privacy-invasive features. The work Kit Wallace has been doing on simple, very cheap proximity sensors can do a similar job. The information Commissioner's guidance is useful in this respect as it increases the cost of collecting this kind of wifi data and encourages you to think more broadly about what it is that you are trying to achieve. It is important to apply this principle elsewhere, to understand what the alternatives are for media consumption as well.

I hope it is evident that our small project has helped open up a broad, interesting and important research area for us. Jasmine and I would like to thank Delayed Gratification for inviting us along to the event, the Design Museum for hosting the installation (and letting us pop in and fix it occasionally), and Jon Rogers for nominating us for Designs of the Year.