Unauthorized physical access to personal devices by people known to the owner of the device is a common concern, and a common occurrence. But how do people experience incidents of unauthorized access? Using an online survey, I’ve collaborated with Diogo Marques from the University of Lisbon, his co-supervisors, and my UBC colleague Prof. Ivan Beschastnikh. Diogo led a study, in which he collected 102 accounts of unauthorized access. Participants wrote stories about past situations in which either they accessed the smartphone of someone they know, or someone they know accessed theirs. The findings of the study will be presented in May at ACM SIG CHI conference, the top HCI venue in the world..
In this paper, we describe the context leading up to these incidents, the course of events, and the consequences. We then identify two orthogonal themes in how participants conceptualized these incidents. First, participants understood trust as performative vulnerability: trust was necessary to sustain relationships, but building trust required displaying vulnerability to breaches. Second, participants were self-serving in their sensemaking: they blamed the circumstances, or the other person’s shortcomings, but rarely themselves. We discuss the implications of our findings for security design and practice.
To find out more about the findings, come to her presentation at CHI in May or read now the paper.
