Below is the report recently produced for a small scale study I did working alongside the Horizon research institute in Nottingham, if you have any questions about the report - feel free to drop me an email. It is published here mainly for assessment purposes.
An Ethnographic Study of the perception of Data Storage,
Collection and Security in Households
University of Nottingham
The aim of this study was to gain an understanding of the means by which people manage their data within a household. More specifically, I looked to examine the processes of collecting, moving, storing, protecting, sharing and editing various forms of data – with a view to pick out the means by which participants ensure that their data is secure.
The main themes which were covered in the data collection were the types of data storage or collection devices within the home, the nature and content of the data which are stored on or collected by these devices; how, when and where they might seek to move, share or dispose of these pieces of data and, ultimately, their considerations toward protecting this data from remote access or else corruption from outside sources. Additionally, I sought to understand which processes people employed to handle these various data considerations. Within the household, whose job is it to manage these pieces of data, how do they do that and how is work of this nature delineated and delegated to other members of the household? If there are processes by which data is collected within the household, who does that and how was that process devised? Finally, who decides what data is shared to outside sources, how do they decide which data they want to release and what form does that process take?
The primary method of data collection in this study was semi-structured in-person interviews.
All interviews took place in the participants home, lasting from thirty to ninety minutes depending upon the participants. In total ten participants were studied across five separate interviews, participant households were chosen with consideration towards gaining a reasonable variety across a number of demographics.
All but one interview included more than one member of the household present, this was to encourage discussion not only between the researcher and the participants, but also between participants themselves. Participants were encouraged to share their opinions and experiences with regards to managing the data which is collected and stored in, and transmitted from their household and ultimately how they managed the security of that data. Wherever possible I allowed participants to speak for themselves and discuss the issues which the interview questions brought up with other members of the household present in order to try to gain an understanding of the human processes which the household has negotiated to tackle these problems.
Interviews were recorded on a two-way voice recording device. The recorded audio files were stored on a secure encrypted hard drive. All participants gave fully informed consent before any study processes and fully debriefed at the end of the session. All participating households were given an incentive of a £25 shopping voucher for taking part.
Conclusions drawn this data can be broadly grouped into three themes; security vs practicality, perceptions of remote access as a threat and finally concerns about governmental and private organisations as impinging on security and privacy.
Security as Practicality
Participants tended to weigh the impact of enacting various security measures to protect their data against the impact that instating these measures might have on the practicality of their everyday life. For example, one participant “A” is a female in her mid-twenties – in the interview she openly admits to using the same password for all of her online accounts and devices, despite having had two instances of security lapses with regards to her online presence in the past (her email address was hacked when she was 18 and she lost access to it, and in another incident her photos were downloaded from her Facebook account and re-uploaded under a different name) the only situation in which A would choose to change her password is if the practical limitations of the service required it (such as password creation required the use of a special character or having to be of an unusually long or short length). In this exchange she explains her using only one password for a number of accounts:
A: Mines only got one profile as well, one account – its password protected.
W: And its a decent length string?
A: Mine's quite long, thing is the password for my computer is the same for my bank, password for my Facebook account, my social media. I've got the same password for my emails – for everything!
W: Right – and, just like everyone, you must have been told a million times how dangerous that is?
A: Hmmm I know – but its a very abstract word and a series of numbers. Its a very... no one would even understand the connotations. It would be very difficult to guess.
And then later she states the practical limitations which would cause her to change her commitment to this one-password schema.
W: So do you use variations of one...?
G: No, no mine are very different.
A: I do actually have one other password that I use if... password has to be this length it can't be more.
Another example where practicality trumped security came from the same interview with G and A, where both participants were asked to think about the kinds of data they had stored on their devices. Both participants used banking apps on their mobile phones which they carried with them at all times – in A's case whilst the application did require her to log in using a unique password, she had also saved the required customer reference number to her phone so that she did not need to type it in every time she wished to log in. It is less secure to have this piece of information automatically entered into the login process, but it is more practical than A having to remember the long customer number.
Similarly, in an interview with another household, participants were asked to consider whether there was any type of data or device that they would not be comfortable taking out of relative safety of the house. Participant E stated that in actual fact the idea that data was restricted to the house did not apply with regards to her as a good deal of her stored data is actually housed on Dropbox (a cloud storage service) and so it is accessible from anywhere there is an internet connection. E is a busy student, who needs to travel between the office and home regularly – both of which are places where she might work – having all of her data accessible from both locations and synced regularly is very convenient. Having so many points of access to her data, however, is less secure than if it were stored on a secure hard drive at home or in the workplace. Just like A and her passwords, E has weighed the security of that data against the convenience of having almost ubiquitous access – and has come to the conclusion that the practical consideration is more of an advantage in this case.
It is not that participant A or E are not concerned about the security of their data (though the apparent recklessness with which A handles passwords might seem to suggest this), in fact in the latter part of her interview A states that she is very conscious of surveillance and security issues (“ Not because I'm suspicious or that I'm planning a terrorist attack, just that I'm very aware... my dads brought me up to be... he's a bit of an anarchist, you know”) it is more that they have weighed the relative inconvenience of improving their security against the convenience of having all their data at their fingertips rather than in a single relatively inaccessible location, and the frustration of having to create a unique password for every service they use, and the output of this mental balancing is that practicalities win out over security – hence A has one password for every service, and both A and E store sensitive personal and financial information on their mobile phones and cloud storage services because it is far more convenient to do so.
Physical as opposed to remote threats
Another element where the practical and physical took precedence over the abstract nature of security was with regards to how participants felt about the possible external threats to their devices and data. From the interview with participants L and D we get the following interaction:
W: Why is the Chrome book password protected, but the PC and Kindles aren't?
D: Because when we set it up it asked to set up a password as part of the set up process. And Kindle didn't. Its interesting because I have thought about that actually, because if the Chromebook was stolen. As long as we'd turned it off properly, no-one could access anything. But the kindle you just turn on, and they could shop using our account...
D is not as concerned about weaknesses in security with regards to someone attempting to remotely access any of his internet enabled devices, rather he is concerned with the possibility of devices being actually stolen – thereafter someone might be able to physically access the device storage. Later in the interview L expresses a similar opinion but this time with regards to the security of using her mobile phone for shopping:
W: Ha yeah. Is there a type of data that you store on your chromebook or on your PC that you wouldn't be comfortable taking out of the house? If you stored it on an external device.
L: Yeah. I wouldn't, for example, buy anything on my phone. I'm happy to sit at the chromebook and buy something online but I wouldn't do it on my phone.
W: Whys that?
L: Because I suppose I don't quite trust it. I'm out there, and if I lost it – but with the chromebook I'm here in the house.
The chromebook is secure because it stays within the house, whereas the phone is less secure because it travels with her outside the house – it is more at risk of being lost or stolen than the chromebook. This is interesting because it effectively glosses over the potential risk of remote access through the internet, which both the chromebook and mobile phone would be relatively equally at risk of – both being internet enabled. L's concerns, however, are not with someone remote accessing her devices, but with the physical risk of them being stolen. There are other examples of L and D considering physical threats being of greater concern than the potentiality of remote access threats when thinking about their data within the house. When asked whether they have considered the potential threats to the security of their data when their home drives are unencrypted:
W: ...One of the things we're trying to get at is the different ways that different people use data and the different understandings of security. So I'm trying to get at the levels of comfort you have with people coming in and accessing data in the house.
D: Our data or their data?
W: Well, your data. Because its your internet access and...
D: Because actually would they be able to access our data on their machine? So they're not going to be able to access anything on my Kindle from their phone.
Here D does not consider his unencrypted drives to be a risk, because unless they have entered the home and have physically accessed one of their devices then the unencrypted status of the data would not be an issue as an outside threat would not be able to gain access. I believe that D and L do consider the potential for outside threats accessing their data illegitimately to be an issue, however, I think that in terms of the immediacy of the threat they are much more mindful of the danger posed by losing devices or having them stolen.
Security as it pertains to concrete effects
Participants were asked their opinions on the practice of big-data aggregation and the potential for governmental organisations. Largely these two issues were collected together under the main theme of outside organisations monitoring their data in ways that the participants had little control over. Many of the participants expressed the opinion that they were not wholly concerned with such matters as they did not directly impact the running of their every day life. For example, participant J discusses the ways that the concerns around the exposure of the governmental surveillance program over the past few years have impacted her life:
W: Well its all on the record now! Ummmm... so privacy and stuff like that has been in the news quite a lot over the past few years in terms of the Edward Snowden leaks about the NSA hacking people, tracking email correspondence. Have you thought about that in terms of your interactions with people over social media – does it cross your mind?
J2: Ummm... to be honest, no. Ummm... the only thing I would ever be conscious of – and I don't know why – I would never send over WhatsApp anything that I wouldn't want other people to see. However, SnapChat I might – now I don't know why I think one is more safer than the other I think its more because it disappears so the person on the other end can't save anything, not that I would send anything like that to anyone other than my husband, just hypothetically! Umm... no to be honest, no. Not really.
Concerns about the morality of the practice of surveillance of previously though private correspondence does not particularly bother participant J2, rather if she must choose between two messaging services through which to send photos (hypothetical or otherwise) she would choose SnapChat over WhatsApp due to the in-built deletion mechanic which SnapChat employs. This is a practical choice, as opposed to her taking any moral stance on the issue. Another example from participant E:
E: What I don't like is things like the energy company selling my data to somebody else, because of all the spam and phone calls.
W: So is it just the spam and the phone calls from people? Or is it a principle thing?
E: In reality its just the spam and the phone calls. But it is in part the principle of the thing because I've got to give you all these details so that you can give me electricity, I need electricity.
Again, this is explicitly not a moral objection, rather E is concerned that the ultimate effect of the practice of her energy company selling her data is that she will receive spam and phone calls. Later in the interview, when discussing the potential implications of companies using internet activity to inform their interactions with customers J2 relates the issues of companies sharing data without the knowledge of the customer to concrete effects in the real world:
W: And its the precedent that it sets, once you release that data how long are you going to allow it to go before you draw the line? You know?
J: Imagine if... so here's a point – so imagine if people use it to work out how much insurance costs you... you know? Suddenly your insurance doubles because they're using it to work out exactly where you drive. You wouldn't like that! So it depends how its being used for – if its used for health, and insurance and stuff it could be quite a nasty shock – and its not unethical necessarily, its just more accurate.
J2 considers the impact that this data sharing might have on companies administering insurance claims, this is a potential concrete effect, rather than simply an ethical or moral objection – it concerns J2 because it could potentially directly impact his life.
This particular sentiment is not universally shared by all participants, however, during their interviews participants D and L discussed the potential implications that governmental surveillance might have on their lives in a hypothetical future scenario:
W: ...So obviously in the news and media there's a lot about government accessing data. Like browsing data not just on your phones but also your computers, laptops. Does that bother you at all?
L: Not where that's concerned. Because I haven't really given it a lot of thought. But things like loyalty cards for various stores, because they know you, so it'll be a similar kind of thing won't it? They know what we...
Here L expresses much the same opinion as E and J did: “it does not really affect my life, why should it concern me?” But when pressed on this particular opinion L brings out an argument which I encountered numerous times during the various interviews:
W: Why not? Why does it not concern you, not that it should, but I'm just asking why it doesn't?
L: Because I always think “Well I haven't really got anything to hide”.
The “nothing to hide, nothing to fear” argument is one which comes up time and again in this particular debate during the interviews. In this particular instance participant D retorts with some hypothetical examples of the potential difficulties which these breaches of privacy might bring about:
L: But I'm thinking about Joe Public out there, sort of a body that's gathering this information – I can't think what they would do with that information anyway.
D: Well they could, on a...
L: On a macro level...
D: No no, on a personal level they could, they could see from my postings on Facebook that I am massively pro EU because I like things that are pro EU, and I hide things that I find offensive. And if they knew that pattern there are all sorts of assumptions. So say for example that um...
L: They would know that I like crocheting! * laughs *
W: They'd be able to leverage that...
D: And if crocheting became illegal because it is a sign of witchery...
W: Which it should be.
Here we share a joke, but D is beginning to engage with the ethical questions about the morality of governmental surveillance. D goes on to argue that perhaps if a particular type of government gained power then his internet search history concerning revolutionaries or pro European Union Facebook posts might be used against him. D does not express the opinion that, at this time, this consideration affects the way he conducts himself with regards to his data, rather he is conscious of the potential ethical challenges that this hypothetical scenario poses.
All three of the above findings relate to the extent to which the abstract nature of security can be made concrete and physical, and so impact on the everyday life of the participants. Most participants were conscious of the potential security implications of their actions with regards to data and internet activity, but it is more trouble than it is worth to act upon these concerns if the effect that inaction will have is relatively minimal.
Participants were largely aware of the various pieces of advice around information governance and data security, as well as the moral and ethical questions around governmental surveillance and big data aggregation, however, in terms of practicality sometimes these concerns took a back seat to the concerns of every day life.