Just last Friday at Little Springs we were all talking about – among other things – granting and controlling access to device services and sensors. And this morning I read this paper (pdf) from MS Research, via Bruce Schneier that brings up some good points.
Sure, their premise is valid. Devices (they refer to desktops mostly, but it obviously carries through to mobile) generally get access to every service for free. A few mobiles are trying to make users more aware; I particularly like how Android apps tell you what services will be used.
But their solution seems mostly useless. This pains me, but I think there’s no interaction design or software solution to the issue. About two days after the first webcams, there were exploits (or admin tools if the computer was owned by your employer) that granted remote access.
A number of laptops have hardware switches for services like wifi and bluetooth, and nice lights to tell you the camera is on. Except they are all software controlled. Exploits can bypass the switches and lights.
This post isn’t just a lament. It’s to point out that, however sad to me as an interaction designer, sometimes a hardware solution is the answer. Cameras can be easily blocked with movable shutters (and should be). Maybe we’re up to the point there need to be consumer protection laws that mandate hardware shutoff switches are truly hardware switches and cut power/access to devices.
There are other issues, around locational privacy and information retention and so forth. But it seems to me that if you want users to start trusting systems, a key starting point is assuring you have control over the sensors you carry with you all the time.