Below is the report recently produced for a small scale study I did working alongside the Horizon research institute in Nottingham, if you have any questions about the report - feel free to drop me an email. It is published here mainly for assessment purposes.
An
Ethnographic Study of the perception of Data Storage,
Collection
and Security in Households
William
Knight
PhD
Candidate
University
of Nottingham
The
aim of this study was to gain an understanding of the means by which
people manage their data within a household. More specifically, I
looked to examine the processes of collecting, moving, storing,
protecting, sharing and editing various forms of data – with a view
to pick out the means by which participants ensure that their data is
secure.
The
main themes which were covered in the data collection were the types
of data storage or collection devices within the home, the nature and
content of the data which are stored on or collected by these
devices; how, when and where they might seek to move, share or
dispose of these pieces of data and, ultimately, their considerations
toward protecting this data from remote access or else corruption
from outside sources. Additionally, I sought to understand which
processes people employed to handle these various data
considerations. Within the household, whose job is it to manage these
pieces of data, how do they do that and how is work of this nature
delineated and delegated to other members of the household? If there
are processes by which data is collected within the household, who
does that and how was that process devised? Finally, who decides what
data is shared to outside sources, how do they decide which data they
want to release and what form does that process take?
The
primary method of data collection in this study was semi-structured
in-person interviews.
All
interviews took place in the participants home, lasting from thirty
to ninety minutes depending upon the participants. In total ten
participants were studied across five separate interviews,
participant households were chosen with consideration towards gaining
a reasonable variety across a number of demographics.
All
but one interview included more than one member of the household
present, this was to encourage discussion not only between the
researcher and the participants, but also between participants
themselves. Participants were encouraged to share their opinions and
experiences with regards to managing the data which is collected and
stored in, and transmitted from their household and ultimately how
they managed the security of that data. Wherever possible I allowed
participants to speak for themselves and discuss the issues which the
interview questions brought up with other members of the household
present in order to try to gain an understanding of the human
processes which the household has negotiated to tackle these
problems.
Interviews
were recorded on a two-way voice recording device. The recorded audio
files were stored on a secure encrypted hard drive. All participants
gave fully informed consent before any study processes and fully
debriefed at the end of the session. All participating households
were given an incentive of a £25 shopping voucher for taking part.
Conclusions
drawn this data can be broadly grouped into three themes; security vs
practicality, perceptions of remote access as a threat and finally
concerns about governmental and private organisations as impinging on
security and privacy.
Security
as Practicality
Participants
tended to weigh the impact of enacting various security measures to
protect their data against the impact that instating these measures
might have on the practicality of their everyday life. For example,
one participant “A” is a female in her mid-twenties – in the
interview she openly admits to using the same password for all of her
online accounts and devices, despite having had two instances of
security lapses with regards to her online presence in the past (her
email address was hacked when she was 18 and she lost access to it,
and in another incident her photos were downloaded from her Facebook
account and re-uploaded under a different name) the only situation in
which A would choose to change her password is if the practical
limitations of the service required it (such as password creation
required the use of a special character or having to be of an
unusually long or short length). In this exchange she explains her
using only one password for a number of accounts:
A:
Mines only got one profile as well, one account – its password
protected.
W:
And its a decent length string?
A:
Mine's quite long, thing is the password for my computer is the same
for my bank, password for my Facebook account, my social media. I've
got the same password for my emails – for everything!
W:
Right – and, just like everyone, you must have been told a million
times how dangerous that is?
A:
Hmmm I know – but its a very abstract word and a series of numbers.
Its a very... no one would even understand the connotations. It would
be very difficult to guess.
And
then later she states the practical limitations which would cause her
to change her commitment to this one-password schema.
W:
So do you use variations of one...?
G:
No, no mine are very different.
A:
I do actually have one other password that I use if... password has
to be this length it can't be more.
Another
example where practicality trumped security came from the same
interview with G and A, where both participants were asked to think
about the kinds of data they had stored on their devices. Both
participants used banking apps on their mobile phones which they
carried with them at all times – in A's case whilst the application
did require her to log in using a unique password, she had also saved
the required customer reference number to her phone so that she did
not need to type it in every time she wished to log in. It is less
secure to have this piece of information automatically entered into
the login process, but it is more practical than A having to remember
the long customer number.
Similarly,
in an interview with another household, participants were asked to
consider whether there was any type of data or device that they would
not be comfortable taking out of relative safety of the house.
Participant E stated that in actual fact the idea that data was
restricted to the house did not apply with regards to her as a good
deal of her stored data is actually housed on Dropbox (a cloud
storage service) and so it is accessible from anywhere there is an
internet connection. E is a busy student, who needs to travel between
the office and home regularly – both of which are places where she
might work – having all of her data accessible from both locations
and synced regularly is very convenient. Having so many points of
access to her data, however, is less secure than if it were stored on
a secure hard drive at home or in the workplace. Just like A and her
passwords, E has weighed the security of that data against the
convenience of having almost ubiquitous access – and has come to
the conclusion that the practical consideration is more of an
advantage in this case.
It
is not that participant A or E are not concerned about the security
of their data (though the apparent recklessness with which A handles
passwords might seem to suggest this), in fact in the latter part of
her interview A states that she is very conscious of surveillance and
security issues (“ Not because I'm suspicious or that I'm
planning a terrorist attack, just that I'm very aware... my dads
brought me up to be... he's a bit of an anarchist, you know”)
it is more that they have weighed the relative inconvenience of
improving their security against the convenience of having all their
data at their fingertips rather than in a single relatively
inaccessible location, and the frustration of having to create a
unique password for every service they use, and the output of this
mental balancing is that practicalities win out over security –
hence A has one password for every service, and both A and E store
sensitive personal and financial information on their mobile phones
and cloud storage services because it is far more convenient to do
so.
Physical
as opposed to remote threats
Another
element where the practical and physical took precedence over the
abstract nature of security was with regards to how participants felt
about the possible external threats to their devices and data. From
the interview with participants L and D we get the following
interaction:
W:
Why is the Chrome book password protected, but the PC and Kindles
aren't?
D:
Because when we set it up it asked to set up a password as part of
the set up process. And Kindle didn't. Its interesting because I have
thought about that actually, because if the Chromebook was stolen. As
long as we'd turned it off properly, no-one could access anything.
But the kindle you just turn on, and they could shop using our
account...
D
is not as concerned about weaknesses in security with regards to
someone attempting to remotely access any of his internet enabled
devices, rather he is concerned with the possibility of devices being
actually stolen – thereafter someone might be able to physically
access the device storage. Later in the interview L expresses a
similar opinion but this time with regards to the security of using
her mobile phone for shopping:
W:
Ha yeah. Is there a type of data that you store on your chromebook or
on your PC that you wouldn't be comfortable taking out of the house?
If you stored it on an external device.
L:
Yeah. I wouldn't, for example, buy anything on my phone. I'm happy to
sit at the chromebook and buy something online but I wouldn't do it
on my phone.
W:
Whys that?
L:
Because I suppose I don't quite trust it. I'm out there, and if I
lost it – but with the chromebook I'm here in the house.
The
chromebook is secure because it stays within the house, whereas the
phone is less secure because it travels with her outside the house –
it is more at risk of being lost or stolen than the chromebook. This
is interesting because it effectively glosses over the potential risk
of remote access through the internet, which both the chromebook and
mobile phone would be relatively equally at risk of – both being
internet enabled. L's concerns, however, are not with someone remote
accessing her devices, but with the physical risk of them being
stolen. There are other examples of L and D considering physical
threats being of greater concern than the potentiality of remote
access threats when thinking about their data within the house. When
asked whether they have considered the potential threats to the
security of their data when their home drives are unencrypted:
W:
...One of the things we're trying to get at is the different ways
that different people use data and the different understandings of
security. So I'm trying to get at the levels of comfort you have with
people coming in and accessing data in the house.
D:
Our data or their data?
W:
Well, your data. Because its your internet access and...
D:
Because actually would they be able to access our data on their
machine? So they're not going to be able to access anything on my
Kindle from their phone.
Here
D does not consider his unencrypted drives to be a risk, because
unless they have entered the home and have physically accessed one of
their devices then the unencrypted status of the data would not be an
issue as an outside threat would not be able to gain access. I
believe that D and L do consider the potential for outside threats
accessing their data illegitimately to be an issue, however, I think
that in terms of the immediacy of the threat they are much more
mindful of the danger posed by losing devices or having them stolen.
Security
as it pertains to concrete effects
Participants were asked
their opinions on the practice of big-data aggregation and the
potential for governmental organisations. Largely these two issues
were collected together under the main theme of outside organisations
monitoring their data in ways that the participants had little
control over. Many of the participants expressed the opinion that
they were not wholly concerned with such matters as they did not
directly impact the running of their every day life. For example,
participant J discusses the ways that the concerns around the
exposure of the governmental surveillance program over the past few
years have impacted her life:
W:
Well its all on the record now! Ummmm... so privacy and stuff like
that has been in the news quite a lot over the past few years in
terms of the Edward Snowden leaks about the NSA hacking people,
tracking email correspondence. Have you thought about that in terms
of your interactions with people over social media – does it cross
your mind?
J2:
Ummm... to be honest, no. Ummm... the only thing I would ever be
conscious of – and I don't know why – I would never send over
WhatsApp anything that I wouldn't want other people to see. However,
SnapChat I might – now I don't know why I think one is more safer
than the other I think its more because it disappears so the person
on the other end can't save anything, not that I would send anything
like that to anyone other than my husband, just hypothetically!
Umm... no to be honest, no. Not really.
Concerns
about the morality of the practice of surveillance of previously
though private correspondence does not particularly bother
participant J2, rather if she must choose between two messaging
services through which to send photos (hypothetical or otherwise) she
would choose SnapChat over WhatsApp due to the in-built deletion
mechanic which SnapChat employs. This is a practical choice, as
opposed to her taking any moral stance on the issue. Another example
from participant E:
E:
What I don't like is things like the energy company selling my data
to somebody else, because of all the spam and phone calls.
W:
So is it just the spam and the phone calls from people? Or is it a
principle thing?
E:
In reality its just the spam and the phone calls. But it is in part
the principle of the thing because I've got to give you all these
details so that you can give me electricity, I need electricity.
Again,
this is explicitly not a moral objection, rather E is concerned that
the ultimate effect of the practice of her energy company selling her
data is that she will receive spam and phone calls. Later in the
interview, when discussing the potential implications of companies
using internet activity to inform their interactions with customers
J2 relates the issues of companies sharing data without the knowledge
of the customer to concrete effects in the real world:
W:
And its the precedent that it sets, once you release that data how
long are you going to allow it to go before you draw the line? You
know?
J:
Imagine if... so here's a point – so imagine if people use it to
work out how much insurance costs you... you know? Suddenly your
insurance doubles because they're using it to work out exactly where
you drive. You wouldn't like that! So it depends how its being used
for – if its used for health, and insurance and stuff it could be
quite a nasty shock – and its not unethical necessarily, its just
more accurate.
J2
considers the impact that this data sharing might have on companies
administering insurance claims, this is a potential concrete effect,
rather than simply an ethical or moral objection – it concerns J2
because it could potentially directly impact his life.
This
particular sentiment is not universally shared by all participants,
however, during their interviews participants D and L discussed the
potential implications that governmental surveillance might have on
their lives in a hypothetical future scenario:
W:
...So obviously in the news and media there's a lot about government
accessing data. Like browsing data not just on your phones but also
your computers, laptops. Does that bother you at all?
L:
Not where that's concerned. Because I haven't really given it a lot
of thought. But things like loyalty cards for various stores, because
they know you, so it'll be a similar kind of thing won't it? They
know what we...
Here
L expresses much the same opinion as E and J did: “it does not
really affect my life, why should it concern me?” But when pressed
on this particular opinion L brings out an argument which I
encountered numerous times during the various interviews:
W:
Why not? Why does it not concern you, not that it should, but I'm
just asking why it doesn't?
L:
Because I always think “Well I haven't really got anything to
hide”.
The
“nothing to hide, nothing to fear” argument is one which comes up
time and again in this particular debate during the interviews. In
this particular instance participant D retorts with some hypothetical
examples of the potential difficulties which these breaches of
privacy might bring about:
L:
But I'm thinking about Joe Public out there, sort of a body that's
gathering this information – I can't think what they would do with
that information anyway.
D:
Well they could, on a...
L:
On a macro level...
D:
No no, on a personal level they could, they could see from my
postings on Facebook that I am massively pro EU because I like things
that are pro EU, and I hide things that I find offensive. And if they
knew that pattern there are all sorts of assumptions. So say for
example that um...
L:
They would know that I like crocheting! *
laughs *
W:
They'd be able to leverage that...
D:
And if crocheting became illegal because it is a sign of witchery...
W:
Which it should be.
Here
we share a joke, but D is beginning to engage with the ethical
questions about the morality of governmental surveillance. D goes on
to argue that perhaps if a particular type of government gained power
then his internet search history concerning revolutionaries or pro
European Union Facebook posts might be used against him. D does not
express the opinion that, at this time, this consideration affects
the way he conducts himself with regards to his data, rather he is
conscious of the potential ethical challenges that this hypothetical
scenario poses.
Summary
All
three of the above findings relate to the extent to which the
abstract nature of security can be made concrete and physical, and so
impact on the everyday life of the participants. Most participants
were conscious of the potential security implications of their
actions with regards to data and internet activity, but it is more
trouble than it is worth to act upon these concerns if the effect
that inaction will have is relatively minimal.
Participants
were largely aware of the various pieces of advice around information
governance and data security, as well as the moral and ethical
questions around governmental surveillance and big data aggregation,
however, in terms of practicality sometimes these concerns took a
back seat to the concerns of every day life.
No comments:
Post a Comment