Outside the Box - The Tap Box; How Attention to Transparency and Understanding User Virtues can Improve the Socio-Technical Landscape for More Private and Secure IoT Devices

An Enhanced IoT Design with Practices and Protocols that Protect User Safety

If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.
-Tim Cook, EPIC’s Champions of Freedom Event

IoT or “Internet of Things” devices is a quickly expanding technology sector focused on connecting everyday items from toothbrushes, watches, and thermostats to the internet. Though these technologies are exciting, IoT devices commonly provide analytics to corporations that may include sensitive user information that details how and when a device is being used. This data is dangerous if it gets into the hands of cybercriminals, and it is incredibly important to address these vulnerabilities. My technical project, the Tap Box, is an IoT authentication device that accepts a light finger tap or knock sequence to unlock a hidden compartment within a fancy wooden tissue box enclosure. Though unrelated to my technical project, my STS Prospectus investigates how SCOT can facilitate the marketability of my formerly proposed technical project involving an ST-OPV wirelessly charging phone case. My STS research project discusses the current vulnerabilities of IoT devices including a lack of encryption in data transmission, unsolicited data harvesting, and a lack of user protections including reminders to set strong passwords. My STS research then focuses on sociotechnical solutions that could solve these vulnerabilities by focusing on user privacy values. Furthermore, my STS research paper was written concurrently with the Tap Box’s development and knowledge gained from this STS research project greatly influenced design decisions made in my technical project.

My capstone team wanted to make a fun, practical device as seen in the James Bond films, which inspired us to make a spy-like invisible authentication device called the Tap Box. The Tap Box is disguised as a wooden box that, on the outside, appears to be only used to dispense tissues. However, within this box, there is a hidden compartment that houses a battery-powered, Wi-Fi-enabled microcontroller that reads from two piezoelectric sensors along the sides of the box. When the user inputs a tap sequence to the sides of this box, the microcontroller evaluates a match, and, if the sequence is a match, the box unlocks. Additionally, the microcontroller communicates with a secure MQTT broker, which then communicates to a secure web application to provide the user with status updates and an option to reset a sequence as shown in Figure 1 in the Sociotechnical Synthesis.

In my STS research project, I explored existing IoT network vulnerabilities through a sociotechnical lens. I analyzed user sentiment trends on Twitter to gain a better understanding of how these vulnerabilities have impacted people’s lives. Startlingly, I found that cyberattack occurrences are only increasing— from health gadgets to baby monitoring systems— and, as a
consequence, users are only becoming increasingly distrustful of IoT. However, through Geels’ Multi-level Perspective Theory (MLP), I gained insights that offer hope for IoT devices to flourish without the expense of safety. Applying MLP, the theory reveals how it is natural for technologies to undergo changes over time in order to meet the demands and values of its users. My STS research illustrates how these vulnerabilities can be ameliorated with corporate leaders and engineers alike focusing on user feedback to quickly adapt the IoT device designs to embody values of transparency, honesty, and user consent.
My team and I began working on the Tap Box before I began my STS research topic, so, initially, we were focused on having a working device without thinking about user protections. However, as I began my STS research project, I realized the absolute necessity to include user protections in the technical design; otherwise, this device could have very real and detrimental consequences for the people who trusted us. In my STS 4600 class, I gave a presentation with my peers on “Engineering as Social Experimentation,” written by Schinzinger and Martin, that stresses the importance of engineers being conscientious, among many other virtues. The virtue of conscientiousness stuck out to me when I was working on my technical project one night, and I asked myself if the design honestly strived for the welfare of users. Seeing that it had not, I asked my team to join me in an endeavor to make the project as safe as possible. This new awareness gave us the motivation to add additional features such as Google Authentication, a secure MQTT protocol, a privacy disclaimer as seen in Figure 1, and a limit on soliciting user information. Over time, the ideas of both projects elevated my capstone to a higher level that never would have been reached if one project was done independently of the other.

School of Engineering and Applied Science
Bachelor of Science in Computer Engineering
Technical Advisor: Harry Powell
STS Advisor: Kathryn Neeley
Technical Team Members: Fayzan Rauf, Yusuf Cetin, Will Sivolella