Design Research Journal — August 2021-May 2022

Pursuing a 2-semester long design thesis at Carnegie Mellon School of Design is an interesting journey, some days are full of confusion and others bring clarity. There are two reasons for writing this journal: 1) I believe in a reflective practice and since the graduate thesis has a huge component of self-directed learning, capturing the weekly progress would be a helpful way for me to connect the dots as and when needed, 2) Design thesis tend to be iterative and could feel messy at times; I couldn’t find any references or examples of what this journey looks like so I hope this serves as a useful reference for future design students’ thesis jounrey.

There are 4 key things I hope to add every week: Activities, mind map/diagrams, key reflection(s) and References read, (next steps if there’s clarity).

Larger theme: Ethics of Emerging technology, Privacy in Physical Space & IoT

Thesis Topic: Investigating Privacy connotations for IoT from a situated and people-first lens.

Motivations for the topic:

1. Technology is evolving at a fast pace and I believe that ‘Fail fast, learn fast’ approach that has become popular for tech innovation often lacks the deliberation for how it implicates the people who use these technologies. I believe that technologies should be designed based on human values, on socio-cultural norms, human behaviors and emotions etc., instead of being fixed after the fact. Batya Friedman talks about similar notions in her work Value Sensitive Design, so does James Bridle.
2. Does everything needs to be ‘Smart’ for the sake of efficiency? I say no, and that we need to be conscientious of how this obsession with efficiency impacts other socio-cultural norms. An author with whose point of view I align is Shannon Mattern, who argues that not everything can be data-fied (Mattern, Shannon. 2021. A City Is Not a Computer: Other Urban Intelligences. Princeton University Press.)
3. I argue, that just because we can, shouldn’t mean we need to collect any and all data. This extreme obsession with data normalizes the idea of quantification of every aspect of human life, and over a period of time, might also create general comfort with surveillance.
4. I believe that data is ‘contextual’ and ‘situated’, in line with Genevieve Bell’s argument in ‘The Secret Life of Big Data’ and with Data Feminists: Catherine D’Ignazio & Lauren Klein. Another one is Yanni Loukissas (Assistant professor of Digital Media at the School of Literature and Media Communictaion at Georgia Tech).
5. Both Data and Privacy are double edged swords and I’m interested in exploring the limits of these double edged swords in ‘a’ specific context.
6. For Ethics of emerging Technology, connect the dots between a STS perspective and a purely technical one, by keeping the people-centered principles at the center. (I draw a distinction between human-centered and people centered because the term humans somehow seems more sterile and devoid of the messiness that comes with emotions, irrationality etc. of people).

Need:

Smart Buildings is becoming the new hot tech trend, additionally CMU has new buildings coming up. The human-centered qualitative research from one building where IoT has been deployed could inform decisions for the next one if CMU were to make the new buildings smart as well.

Scoping and Setting the boundaries:

(Even though this is evolving as I progress in my study, I’m using this space to lay them together, in the order of when they are getting teased out during the research).

September 24, 2021:

• Privacy does not equal secrecy but as appropriate flow of information (Nissenbaum, 2009). Hence, looking at the multiple conceptions of privacy, including surveillance but not equating it with surveillance.
• Seeing privacy from a neutral and contextual integrity perspective (Nissenbaum, 2009) and technology from a socio-technical perspective, “Data is an active actor in the a socio-technical system” (Paul Dourish).
• I’m not trying to create dystopian or speculative visions of privacy, hence even when I look at these references they are only out of curiosity and not because I intend that to be the outcome.

October 07, 2021:

• IoT is more than sensors, it is about the sensing human activity in physical spaces, hence we can’t look at it merely from a technical perspective because space and human activity have deep entanglements with each other and with technology.
• This is an interdisciplinary study, wherein, as a Design Researcher, I intent to create a feedback loop between the users, creators and decision makers for IoT in the specific context of a co-working space.
• This work lies under the larger umbrella of Privacy by Design but there haven’t been actionable principles for this yet, hence this study attempts to contribute to that discourse.

October 24, 2021:

• Privacy and Security mean different things, yet they are used interchangeably in most discussions.

Week 1 (Aug 31-Sept 05)

Activities:

• I spent this week immersed in reading some of the papers I had collected on Privacy, IoT in homes, research through making for IoT.
• Had conversations to find contexts for case study: Design Studio + TCS building which has on-going privacy perception concerns.
• Discussed with Daragh Byrne, Lorrie and Dina for feedback.

Week 1: Mindmap

Key Reflection this week: Reading the work of others around my topic helped me explore work already done in the field and deepen my own understanding on Privacy and IoT; and identify a gap that might be potential direction. There would be value in looking at Privacy from a ‘people-first’ perspective because the papers I read made me feel strongly about not having a ‘Let’s jump to a solution’ approach. I also realized that most of the privacy papers heavily rely on quantitative analysis, a skill which I don’t have yet since all my research so far has been from a qualitative perspective.

References Read:

1. Privacy Tensions between smart home device owners and incidental users. Camille Cobb, Sruti Bhagavatula, Kalil Anderson Garrett, Alison Ho man, Varun Rao, and Lujo Bauer.
2. Understanding Privacy Expectations and Preferences in the Age of Video Analytics. Shikun Zhang, Yuanyuan Feng, Lujo Bauer, Lorrie Faith Cranor, Anupam Das, and Norman Sadeh.
3. Social Boundaries for Personal Agents in the Interpersonal Space of the Home. Michal Luria, Rebecca Zheng, Bennett Huffman, Shuangni Huang, John Zimmerman, Jodi Forlizzi.
4. Data Now Bigger and Better. Chapter: The Secret Life of Big Data. Genevieve Bell

Week 2 (Sept 06-Sept 12)

Activities:

Week: Initial mindmap

• Mind mapping to put together all the different threads that I was thinking of.
• Feedback from Daragh made it clear that it was too much to be considered in the short space of a 9 month research and that I should consider leveraging experiements for explortaory research. Both these points mean that I have to start picking up narrow pieces to work with and keep adding more as I’m learning more.

Week 2: Mindmap

Key Reflection this week: I intend to look at privacy from a situated perspective. It is clear to me that it is a complex topic with so many nuances that it cannot be looked at as a blanket concept. Privacy not only means different things to different people, but might also have a deeper relationship with space and there might be ideas or theories from social or behavioral science that can be helpful in informing some of the experiments I intend to conduct for my exploratory research.

References Read:

1. Privacy Perceptions and Designs of Bystanders in Smart Homes. Yaxing Yao, Justin Reed Basedo, Oriana Rosata McDonough, Yang Wang.
2. I’ve got nothing to hide. Daniel Solove.
3. Boundaries of Privacy Harm. Ryan M. Calo.

Week 3 (Sept 13-Sept 19)

Activities: Since situating myself in a specific context is important, I have taken the decision to look at co-working spaces. This was motivated by a quote in Irwin Altman’s book “Co-operative situations permit lowering of personal bounderies amd competition leads to strong barriers between people”. Hence thinking of the Design Studio as a cooperative working space to learn and then contrast it with TCS could give two varied case studies.

I kept reading while simultaneosuly capturing my thoughts for an exploratory experiment.

Week 3: Mapping connections between bits of information and floating ideas for a qucik experiment

Key Reflections this week:

• Privacy is a buzzword that everyone loves to talk about these days even if they don’t necessarily understand the nuances. Sometimes these conversations are interesting but often exhausting.
• Through the Connected Communities class I learnt of this interesting way of framing, wherein the technology itself is looked as the actor instead of an influencer. I could look at IoT devices or the space itself as an actor.
• Through some of the heavy discussions this week in other subjects, it has also become clear to me that I hope to leverage my thesis to make a commentary on the word ‘Smart’. Does everything need to be defined as smart just because of efficiency, and then do we need everything to be efficient? My gut says its seems wrong to want to data-fy everyhting in the pursuit of being more ‘productive in our decisions’ and Shannon Mattern has an eloquent way of putting this. She raises this question and eloquently expresses her take on the ‘epistemological and ontological significance of intel’ that “measurable aspects [of urbanity] come to delimit our conception of what an ‘ideal’ [city] can be.” This is not to say that I want to approach these questions from a mere philosophical point of view as seems to be the case in a lot of classes at the School of Design, but my thesis is my pursuit to identify the limits of a double edged sword.

Quotes from Code and Clay, Data and Dirt:

Yesterday’s cities — even our earliest settlements — were just as
smart, although theirs was an intelligence less computational and more
material and environmental.

References Read:

1. The Environment and Social behavior: Privacy, Personal Space, Territory and Crowding. Irwin Altman.
2. Code and Clay, Data and Dirt. Shannon Mattern.
3. Re-considering human-centred approaches to Design in HCI4D: Using Design Methods to re-imagine technology in rural Kenya. Susan Wyche. (I found the research methods are interesting but I’m critical of the motivations for data collection and the assumption that HCI researchers from America need to ‘lend a helping hand’ to developing nations).
4. Privacy and human behavior in the age of information. Alessandro Acquisti, Laura Brandimarte, George Loewenstein.
5. I didn’t buy it for myself. Lorrie Cranor.
6. Misplaced Confidences: Privacy and the Control Paradox. Laura Brandimarte, Alessandro Acquisti and George LoewensteinFair Information Practice PrinciplesCommission Protecting America’s Consumers.
7. Privacy in context. Helen Nissenbaum. (watched an 1hr 15 minutes lecture)

Week 4 (Sept 20-Sept26)

Activities:

1. Recruited 12 participants for an exploratory experiment to be held on September 29th and September 30th, 2021.
2. Designed the experiment in detail. The process of getting to this experiment involved: a) reading about Privacy, the relationship between Environment and Social behavior, and Design Research methodologies; b) learning about different kinds of research methodologies used in academic papers that test the perceptions and awareness of indiviuals when it comes to privacy. A lot of these are Lorrie’s papers.
3. I lost all the sheets of paper I was capturing my thoughts on, hence no visuals in this week’s post. :(
4. Discussions with one of the advisors led to stopping of going ahead with the experiment next week. The decision is to apply for IRB instead.

This is how I spent my entire weekend after this majorly confusing state of affairs in my thesis journey (Photo by Matthew Henry on Unsplash)

Key Reflections this week:

• For the exploratory experiment, I had come up with two questions that seemed interesting, out of which I had decided to choose the first one because I had no vision for the second one to start with. 1) In framing Privacy in co-working spaces from people-first perspective, what can be learnt about the social dynamics in the with respect to being observed (/noticed/monitored/overseen/surveyed/surveilled)? 2) What aspects of physical space play a role in dimensions related to privacy in co-working spaces?

Establishing my position: My stance on Privacy for IoT is to look at it from a socio-technical lens. I’m unwilling to jump to ‘fixing Privacy’ in IoT enabled ecosystems without framing the topic from a ‘people first’ lens, or in other words, without looking at the nuances of data collection related to the context. This is because I believe that Privacy should NOT be an after thought, and since IoT is in the nascent stages of its development, there is opportunity to integrate Privacy in how we frame conversations around this new technology. Based on my research and personal reflections in the last 1.5 years (through readings on Data Privacy during Spring 2020, the readings for thesis, and the readings + discussions in course on Privacy, Law and Technology), my opinion is that while options like ‘Opt-Out’ are important, they don’t strike at the root of the problem. Providing ‘Opt-Out’ choices after deploying IoT without first considering the privacy connotations in the specific context isn’t the best practice. With IoT being an emerging technology, we have an opportunity to ask fundamental questions around Privacy and Data Collection and not carry over the models of privacy that ‘fix’ Privacy for data on the internet in general. I argue that learning about user perceptions once the deployment has happened, even if the intent is to ‘welcome suggestions’ are band-aid approaches and we can do better. The more important question is ‘how can the learnings about people’s behavior, needs or aspirations and social norms (in a co-working space, for the purpose of this thesis) be leveraged to model Privacy for IoT solutions in a specific context?’. This might be like flipping the current model on its head, where I also question these deployments done purely in the name of making the building more efficient.

• My stance comes with its own set of challenges. I have chosen to be in the middle of two very different ways of thinking about Privacy: a purely technical lens v/s a social behavior lens. Although this has been a deliberate choice, also refelected in my decision to have 2 advisors from 2 different schools at CMU (School of Design + CS and Public Policy), it’s very hard to be in this middle zone. I’m somehow trying to bridge these perspectives, but fielding questions on both sides can be challenging, as if there is no ‘home’ for my work at the moment.
• On the aspect of space: Because I’m looking at IoT, I believe that the social affordances of the space itself cannot be ignored. This also leads to questions and confusions on both aforementioned sides and I’m not sure how to explain it just yet. For example, spaces are not limited to the physical and material aspects disassociated with the social practices. Having spent 10 years being a spatial designer and theorist, I also hope to leverage the existing work on social and privacy norms in co-working spaces. This would not be the outcome of my thesis but something that at the back of my mind informs my perspective. I have found some papers that might help me clarify some initial thoughts in this direction.

References Read:

1. SneezeLove: Embodying Cultural Superstitions in Connected Devices. Malika Khurana, Zhenfang Chen, Daragh Byrne, Yang Bai (loved it because it is a situated intervention in terms of its specific cultural meaning)
2. A City is Not a Computer: Other Urban Intelligences. Shannon Mattern (read Introduction and Chapter 1 in depth).
3. Capturing Social Networking Privacy Preferences: Can Default Policies Help Alleviate Tradeoffs between Expressiveness and User Burden?. Ramprasad Ravichandran, Michael Benisch, Patrick Gage Kelley, and Norman M. Sadeh. Privacy Enhancing Technologies, 9th International Symposium, PETS 2009 Proceddings.
4. A Comparative Study of Online Privacy Policies and Formats. Aleecia M. McDonald, Robert W. Reeder, Patrick Gage Kelley, and Lorrie Faith Cranor.
5. The Cost of Reading Privacy Policies. Aleecia M. McDonald, and Lorrie Faith Cranor.

What Next?

1. Draft a plan for thesis, its a short research project with personal lofty goals.
2. Apply for IRB: figure whether I want to apply for interview or experiment category?
3. Start visiting TCS to make observations, take photos (while ensuring that faces aren’t discernible) or make sketches.

Week 5 (Sept 27-Oct 3)

Activities:

1. Silent observations of people’s behavior in different spaces at TCS: 1.5 hours on 29th.
2. Re-framed the Research question by going through 3 activities simultaneous to reading: a) Capturing my motivations for picking up this topic in the first place (found at the beginning of this post), b) Zooming out to look ahead of the thesis for how I want to position myself as a designer. c) articulating my thoughts by sharing it with a classmate and Dina.
3. Volunteered for the Privacy and Security Forum 2021 to learn more (volunteering is the easiest way to do this without paying the fee which also ensures being there). The most interesting session attended: Think Global — Process Local: The impact of Data Localization Requirements on International Privacy Strategies. Speakers: Alisa Bergman, Anupam Chander, Emily Hancock, Kai Westerwelle & Anna Zeiter. Although a lot of the language used seemed too technical for my current level of understanding on Privacy, I learnt about a new taxonomy by Anupam Chander to look at data localisation.

Key Reflections this week:

• Hitting a wall: So far, my argument had been that when it comes to privacy, technologies like IoT should be modeled on the human behaviors, needs and aspirations. It took me some time to understand why my recent discussions with this framing were reaching a dead end, and that it was because there is a disconnect between the social and the IoT aspect. It seemed unclear what exactly would the socio-technical perspective mean for my research when I hadn’t started digging deeper into IoT deployments. The papers in the Connected Communities class have definitely helped me in articulating something that I have always believed: technologies should not be looked at as isolated from the social and human aspects; but putting a pin in it and bringing it back later in the exploration seems ideal. To this end, my honest conversation with Dina was very helpful, wherein she helped me trace my steps back to the research question.

Week 5: Identifying the disconnects, re-framing the research question based on my motivations and ideating two possible directions ahead.

• Datasets v/s Data Setting: I learnt about Yanni Loukissas book called ‘All Data are Local’ and felt like he’s saying everything that I beleive in, both for Data and Technology. Building on the work of other feminists who have questioned the idea of ‘objective’, Yanni Loukissas argues that data is neither heterogeneous nor universal. He cautions us to not to give into the temptation to aggregate data or Digital Universalism, because the data is not place-less, its not place agnostic, but entangled with the communities, places, histories and ways of knowing. Contrasting Nichloas Negroponte’s argument that ‘being digital means less and less reliance on a particular place’ (Loukissas), he aruges that setting matters. The values and assumptions embedded in how and where data is created, when is it created (Christine Borgman/ Michael Buckland, ‘Data are alleged claim’), what data is captured and how it is intrepreted. Furthermore, al of this impacts the understanding of meaning of this data.

• Yanni’s work includes: 1) Stakes and why it matters, 2) Principles arising out of the work, 3) Examples of different settings, 4) Practices, 5) One project called Map Room.
• Yanni’s interested in making data settings more open, for example through a participatory process.
• Context of data could also mean the place of encounter of data.

• Multiple Allegiances: In the podcast on Data Materilaity hosted by Vasari Research Centre for Art and Technology, Yanni also talks about his dual allegiances: being a Designer and a scholar, as a Greek and an American, as a Designer and as an Ethnographer. He speaks about the multiplicity of identities depending on how they are received by others and the feeling of being an outsider everywhere. I have personally been experiencing these dualities in my multiple little worlds for years now and I appreciated hearing someone else’s perspective on this. For example, in my Design circle I seem more Technology oriented, in the technology circles I seem more Design oriented, in my Entreprenuership circle I seem more Research and Social science oriented, in India I seem too Western and in USA my values definitely feel Indian. Just like, Yanni, I have accepted these as a part of my identitiy, yet this comes with its own set of unique challenges. This goes back to how I felt caught in the middle of two very different worlds in my thesis this week and took me some time to re-center.
• Mites Document:

• Another key observation not mentioned in the images above is that the manner in which the document frames the questions to address concerns is more in line with Security of data than the principles of Privacy (whether its Westin’s privacy states or Solove’s Taxonomy or Calo’s harms).

References Read:

1. Addressing the Dilema Between Collaboration and Privacy in Coworking Spaces. Eric Prince Ondia, Sirimas Hengrasmee, Sant Chansomsak.
2. IoT Data in the Home: Observing Entanglements and Drawing New Encounters. Audrey Desjardins, Heidi R. Biggs, Cayla Key, Jeremy E. Viny.
3. Mites FAQ document pinned up in TCS building. (Background: TCS building on Carnegie Mellon Campus has a robust IoT ecosystem which is claimed to have been designed with privacy in mind. However the occupants of the building have on-going concerns. In an attempt to create more visibility on what data is collected, notices are put up in the public spaces of the building along with a QR code for a 20 page FAQ document.)
4. Data Materiality Episode 4: Yanni Loukissas on Understanding and Designing Data Settings.
5. All Data are Local (Talk by Yanni Loukissas at Berkeley Arts + Design).
6. EU Internet Law, Regulation and Enforcement. Tatiana-Elena Synodinou, Phillipe Jougleux, Christiana Markou. The GDPR: New Horizons. Springer 2017.
7. Disagreeable Privacy policies: Mismatches between Meaning and User’s Understanding. Joel R. Reidenberg, Travis Breaux, Lorrie Faith Cranor, Brian French, Amanda Grannis, James T. Graves, Fei Liu, Aleecia McDonald, Thomas B. Norton, Rohan Ramanath, N. Cameron Russell, Norman Sadeh and Florian Schaub.

Week 6 (Oct 4-Oct 10)

Activities:

• Learnt about Research Through Design in depth to be able to explain how I plan to do the research. The term was originally coined by Christopher Frayling and has been contextulized specifically in HCI by Zimmerman et al. (aim of Research through Design: knowledge contribution instead of creating a commercially viable product, making discoveries by envisioning a preferred state, working model that contributes back to Engineering, behavioral science and Anthropology). The motivation for creating this was to give designers a structured way to participate in research for HCI community.

Slides from ‘Research through design as a method for interaction design research in HCI’, presented by the authors John Zimmerman, Jodi Forlizzi and Shelly Evenson at CHI’07.

• Identified the IRB category: Exempt 3, since I’m doing Research Through Design.
• Worked on a short deck to establish my stance so far and frame the research ahead in order to share with Dina and Lorrie during the joint meeting.

Selected slides from the deck

Plan for the research as of October 07, 2021

Key Reflections this week:

• Based on how I intend to approach the topic and the papers I have been reading, I’ve realized that my work lies in the domain of HCI and Social Computing. I’ve also signed up for CSCW 2021 and registering for a workshop on Designing for Data Awareness.

Workshop at CSCW 2021

• Aspect of Data: In the early stages of the thesis I wasn’t clear as to which aspect of data I should focus on: data collection, data use or data dissemination. But based on recent learnings and the progress it seems clear that my interest is in questioning the data collection practices: when is it desirable to collect data, why should we do it, when should we not do it?
• Reflections from the discusison with Dina and Lorrie: terms like Experiment are used differently, the kind of study that might be categoried as exploratory for CS is generative research for SoD and HCI. Need for Qualitative coding may not occur for my thesis.
• Defining a threshold: During the meeting, Lorrie mentioned that what I’m calling efficiency is about creating new functionalities. For example, Ring by Amazon introduces new functionality for home security in a manner that wasn’t possible earlier. Lorrie agreed with me that this may have unintended consequences for sure, but argued this isn’t solely about efficiency. In retrospect as I’m writing this days later, the word ‘efficiency’ itself might have a technical connotation in the context of CS where as I’m using it more colloquially for the ease in doing activities that have traditionally not relied on technology. Nonetheless, I absolutely see her point, and can see my own bias when I’m pushing back and questioning when does the benefit outweight the harms. So far, I had been raising the question ‘If IoT is the answer, what is the question?’ but this discussion led to a very important sub-question during the conversation, that is ‘What is the threshold between trying things for innovation and anticipating the possible harms?”. The point of conflict between the development of technologies for research for future applications and not knowing what problem is it solving becomes particularly relevant for emerging technologies like IoT that are in the nascent stage of their development. I personally feel conflicted by this because it is not as black and white, which is exactly what makes this an interesting enquiry for me. The question of threshold is similar to privacy being a double edged sword, this may not be the direct question for my thesis but definitely serves as a guiding question to find the balance in my thesis.
• Overall the meeting was very productive and both Dina and Lorrie were on board with the plan. Dina also brought up an interesting point, the fact that TCS building has developers and privacy experts that occupy the building as well as incidental users who visit the building, makes it an interesting case study to understand the similarities or differences in perceptions. This could be done through a workshop that tries to capture these nuances.

References Read:

1. Research Through Design by Christopher Frayling (5 vidoes, only Part 1 of 5 linked).
2. Value Sensitive Design: Theory and Methods. Batya Friedman, Peter H. Kahn, Jr., Alan Borning.
3. Believe it Yourself by Automato.farm
4. Spooky Tech course taught at CMU in Summer 2020.
5. Requests to delist content under European privacy law.
6. Google Transparency Report.
7. Analysis: The California Consumer Privacy Act of 2018
8. California AG Requires Businesses to Recognize GPC Signals for Requests to Opt Out of Sales

Next Steps:

• What are the human-centered values, this would be important to know what values I’m looking to embed even when I design the generative research?

Week 7 (Oct 11-Oct 17) — Mid-Sem week

Activities:

Didn’t do much this week because of the mid-terms except meeting with Yuvraj Aggarwal to learn more about the Mites Project, no notes just a conversation.

References Read:

1. Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance, Chapter 2. Julia Angwin. Macmillan, 2014.
2. United States of America Before the Federal Trade Commission in In the Matter of EVERALBUM, INC., also d/b/a EVER and PARAVISION, a corporation.

Week 8 (Oct 18-Oct 24)

Activities:

• Meeting with Daragh: Daragh really appreciated my work so far and said that this is really high quality research (which I obviously hadn’t realized!). He also mentioned that I’m already contributing to knowledge production through the collection of silent observations I have so far at TCS as well as my questions after reading the Mites documents, and that these are what would count as Patchwork Ethnography .
• Read parts of Batya Friedman’s Value Sensitive Design to extract the insights and methodologies that might be useful for me.

Left: 10 Strategies and Hueristics from the book and how it relates to my work, Right: first attempt at thinking about the workshop based on Methods and Strategies of Value Sensitive Design

• Meeting with Molly: chatted about thesis on a high level, working with blurred lines, what it means to be a designer beyond ‘product or UX design’, as well as how does this tie into the big picture of what I hope to do after thesis. Molly told me about Ame Elliot whose journey seemed interesting to me.
• Meeting with Lorrie: spoke about the decision to go ahead with Privacy Engineering students who are occupants of TCS and learn from them through a workshop, Lorrie introduced me to the NIST Privacy framework and Strategic Privacy by Design by Jason Cronk, LINDDUN Privacy Threat Analysis framework for software architecture and LINDDUN GO toolkit.
• Attended ‘Designing for Data Awareness for IoT’ workshop as a part of pre- CSCW 2021 Conference. I met some cool people that I need to connect with during the week and also try to attend the actual conference as and when I get time outside my classes.

Reflections:

• Value Sensitive Design: There are terms which seemed a little unclear and even confusing for me to distinguish from each other. For example, I was really intrigued by the terms Value Representation, Value Elicitation and Value Interaction but the the difference between the three are unclear, may be it is mentioned elsewhere in the book which I haven’t read yet. But this also makes me wonder about the applicability of the framework if it’s not easy to comprehend. Its comprehensive, no doubt, but I’m not sure yet how to use it for the design of a workshop and how is it different from me just coming up with similar activities as a designer?
• Stitch in Time Saves Nine: I had been alluding to this but took me a while to realize that the discourse that I’m trying to contribute to is Privacy by Design principles. I referred to the work of Ann Cavoukian in this regard but found the principles to be too broad with unclear applicability. Additionally the space of Privacy by Design is currently composed of 1) individuals primarily from technical backgrounds, 2) looking at Privacy from operational perspective with a weak voice for the human-centered perspective. Helen Nisseumbaum’s work makes a lot of sense to me but, based on my impression from hearing other privacy experts talk about it, it seems there are difficulties in applying it since it lays out a process. In this regard, I found the work of R. Jason Cronk quite refreshing wherein he talks about Steategic Privacy by Design. In his talk for NIST Framework at PEPR’20 he used an example of fundamental privacy values that must be embedded in an app for parishioners to send a message to their religious leaders.

• Designing for Data Awareness for IoT, CSCW 2021:
• Privacy V/s Security: The terms Privacy and Security are used interchangeably even by the burgeoning group of privacy academics working on the topic. I find this confusing because to me these terms are distinctly different. While Privacy, to me, is about the appropriate flow of information, security is the protection of that information once it has left the person whose information is in question. Because they are different, they need different mechanisms and different ways of conceptualizing unique to each of them. This observation for how these terms are used interchangeably has led to an interest in somehow adding this as a question in workshop with participants.

Designing for Data Awareness for IoT at CSCW 2021: At the end, I raised the question to the 15–16 participants of the workshop if they have seen exmaples wherein the idea of ‘Privacy by Design’ was applied effectively. The responses revealed two things: 1) the association of the term ‘Privacy by Design’ is very specific and is related to the principles made by Ann Cavoukian. I had been using this term not in the same sense but in a generalized sense of what it might mean to think of privacy during the design and development of the technology itself. 2) 4–5 peple responded to my question mentioning that these principles are difficult to apply in practice and there are no incentives to think of privacy by design currently. This insight in particular resonates with my personal observation of these principles being vague and in-actionable, which means there is clearly a gap that could be filled with research through design.

References Read:

1. Value Sensitive Design: Shaping Technology with Moral Imagination. Batya Friedman, Peter H. Kahn, Jr., Alan Borning. (Read the 17 methods and the 10 Strategies and Heuristics).
2. Engineering Ethics into the NIST Privacy Framework by R. Jason Cronk, Enterprivacy. PEPR’ 20
3. A Framework for Reasoning About the Human in the Loop. Lorrie Cranor.
4. Design Ethically Framework + Toolkit.
5. The daily you: How the new advertising industry is defining your identity and your worth, Chapter 2: Clicks and Cookies. Turow, J. (2012). Yale University Press.

Week 9 (Oct 25-Oct 31)

Activities:

• Attended some talks at CSCW whenever I could manage time around my class and meeting schedule. Specifically, I learnt about the paper “Re-place-ing space: the roles of place and space in collaborative systems” by Steve Harrison and Paul Dourish which is the recipient of this year’s award. This might be helpful in my research for bringing the spatial element that I have been talking about.
• Pilot Study Plan: As a part of Seminar 3 we are required to make a pilot study plan for our research. I spent this entire week outside of classes, working on the design research activities and getting started on the IRB documents.

Attempt 1.1 after numerous notes in my diary based on discussions with Lorrie, Daragh and Dina, combined with broad guidance from Value Sensitive Design Process.

Attempt 1.2

Attempt 2.1

Attempt 2.2

• Meeting with Daniel Cardoso Llach:

Reflections:

• Position of the Researcher: Bias
• Chat with Nandini: larger picture of how this connects to my larger vision for my career.
• Time to apply for IRB
• Even though I needed sleep, I also needed to stop thinking about work for some time and relax, so I decided to watch the movie The Net (1995). It was interesting to see how in 1995, just before the dotcom bubble, this movie was hinting at Privacy, Security and the risks associated with access to Data linked across multiple systems, through the story of an analyst whose life gets hacked because of inadvertently having access to a floppy disk containing backdoor to bypass authentication/encryption.

Screenshots from The Net (1995) on Netflix.

References Read:

1. Unique in the Crowd: The privacy bounds of human mobility. Y.-A. de Montjoye, C. A. Hidalgo, M. Verleysen, and V. D. Blondel. Scientific Reports 3, 1376 (2013).
2. Calm Technology, Chapter 2: Principles of Calm Technology. Amber Case (2015). O’Reilly Media.

To do next:

• Learn about Zotero- Library videos
• Ask Stacie for recording from last sem for Zotero training.
• Value Sensitive Design Lab examples, reach out to Michael Zimmer, Batya Friedman?
• Strategic Privacy by Design. R. Jason Cronk. (Section 4)
• Check out LINDDUN cards.
• Re-place-ing space: the roles of place and space in collaborative systems

Week 10 (Nov 01-Nov07)

Activities:

Reflections:

References Read:

First shot at planning for the end of semester presentation on December 10, 2021

Link to revised version of pilot study plan: https://ihans13.medium.com/penumbra-of-privacy-f99b62a68090