Selected Process Documentation
- interactive industrial design process book [PDF]
- app UX/UI design process book [PDF]
- branding design process book [PDF]
- early-stage design: research, scenarios, concept exploration [PDF]


Project Overview
Smart home cameras are one of the most popular smart home product categories. They’re used for many tasks, such as deterring intruders, monitoring kids and pets, and knowing when packages have arrived. But they also create serious concerns with privacy, power, and social relationships.

In response, we designed Arca to address the experiences of neighbors, guests, domestic workers and other bystanders who interact with and are impacted by smart cameras. On its face, Arca is a design prototype for a more inclusive, transparent, and privacy-enhancing smart home camera. But Arca is only partially a solution. It is also a research tool for investigating bigger problems.

As part of a multi-year design research project funded by the National Science Foundation, our work investigates tensions, trust, and tradeoffs with smart devices and surveillance. The more general problem motivating our design of Arca is that devices with cameras, microphones, and other sensors impact the privacy of people nearby. Smart home security cameras like Amazon’s Ring Doorbell and Google’s Nest Cams exemplify this issue. These products are used deliberately and incidentally to surveil family members, roommates, guests, neighbors, domestic workers, and passersby.

Our research defines these types of actors as adjacent users who interact with and are impacted by smart devices yet lack the awareness, consent, control, and benefits of use enjoyed by primary users. From this specific design case study, we generalize design patterns, principles, and problem-framings to help designers address the needs of adjacent users in related contexts that involve spatial computing, augmented reality, and other technologies involving cameras, microphones, and spatial sensors. In each of these contexts, sensors can create privacy concerns and social tensions among primary and adjacent users. The Arca project articulates techniques to help mitigate or avoid these issues.

Research Insights
Arca is based on extensive research, including 60 interviews we conducted with both primary and adjacent users of smart cameras. Several core insights inform our design:

• Silent Disclosure and Consent. Camera owners rarely disclose their cameras directly, but assume people will notice them. People do notice them, but rarely feel empowered to question, complain, or express their discomfort.

• Oversensing. Smart cameras are designed to sense the environment continously, widely, and deeply. This enables powerful functionality like detailed histories and smart event detection. But sometimes primary users oversense and surveil more than they need or want.

• Casual and Incidental Everyday Surveillance. Smart cameras encourage and teach primary users to surveil others, including in ways that primary users never intended. For example, features like event notifications prompt users to casually spy on neighbors and household members out of curiosity. These features can also be counterproductive and amplify feelings of paranoia, anxiety, and compulsion to monitor.

• Social Tensions/Conflicts. Surveilling people in their home and neighborhood can lead to resentment and indignation. Many adjacent users, like nannies and neighbors, feel disrespected and disempowered when they are surveilled. They often feel this way even though that have little or no concerns about the disclosure of their personally sensitive information, such as the content of video depicting how they are behaving.

Previously we have reported these insights in several research publications: here [PDF], here [PDF], and here [PDF]. Several publications reporting further insights from our fieldwork studying everyday surveillance are forthcoming.

Our research led to three key principles that informed our design approach:

1. Accept that the problem is hard and user needs may conflict. Acknowledge that there are inherent tensions and tradeoffs between primary and adjacent users stemming from power imbalances and conflicting needs. Design solutions must find compromises, concessions, or win-wins.

2. Work with and through the primary users. Ultimately they hold most of the power. We explore three basic approaches:

- Empower and encourage primary users to extend access/control to adjacent users.

- Discourage primary users from oversensing their environment and from casually and incidentally surveilling adjacent users by providing them with better tools to balance their personal security/functionality with others’ privacy (including members of their household or family).

- Reshape social norms and expectations such that adjacent users come to request or demand better awareness, consent, and control from primary users.



Key Features
We designed Arca to address the experiences of adjacent users who lack awareness, consent, control, and benefits. Arca offers four core features: (1) Flexible Sharing, (2) True On/Off Indicators, (3) Medium Privacy Mode, and (4) Strong Privacy Mode. Each exemplifies design patterns and principles applicable to other contexts involving adjacent users, privacy, and smart products.

Flexible Sharing. Other smart cameras offer a one-size-fits-all approach to sharing. Arca allows you to customize who you do (or don’t) share access with. The options range from equal Co-Owner to a limited Status View for letting neighbors, tenants, or workers know the location and privacy mode of devices.

With Status View you can share only basic information about the settings or location of your device. For example, you can use Status View to show a guest where your cameras are located and demonstrate that they are set to a privacy mode.

If you want to inform others but without sharing any access to your cameras, you can instead send them Arca’s Shareable mode guide. If you simply want to explain or prove how Arca works to someone, you can share the mobile screen guide. This allows them to learn about the different modes, and have greater trust that their privacy is being protected.

If you want to give someone more access, Arca allows you to select from 3 tiered levels. Co-Owner grants them full access. Basic Controls grants them access to displays and mode selection, but does not allow more advanced settings like sharing access or configuring events. View Only limits access to live video/audio and recorded timeline events. If none of these are suitable, users can create a Custom category of shared access.

Sensor Dimmer Switch
Arca allows users to achieve the right balance of privacy and security with a better on/off, and a few privacy mode options in between.

True On and True Off. Arca's indication system reliably displays when a camera is fully activated (True On) or deactivated (True Off) with a combination of lights, sounds, and physical sensor-overlays. For greater transparency, the camera and a microphone sensors are independently indicated on the device.

True On indicates that the camera’s sensors are fully “open and active:” the device is recording and any number of event detection states may be active.

True Off indicates a sensor is completely deactivated and unable to record video, detect events, or perform any other functions. When Arca is in True Off mode, a mechanical lens cover encloses the lens. Users can select between high and low visibility indication display.

Medium Privacy mode adds a removable mask that blurs video and muffles audio. Owners can always unmask video to review events, but other users may be notified. Further, unmasked video is watermarked and the time and user who unmasked the video is visible in the history view.

Medium Privacy is designed to discourage you and other co-users from reviewing videos of your household, guests, neighbors, and so on. Unmasking video is a somewhat tedious process, and the unmasking feature holds users socially accountable by notifying other users if video is unmasked. This gives you and your household a double peace of mind. Peeking is discouraged, but it’s always an option if something happens.

Strong Privacy mode fully disables the cam/mic from recording. But you can still be notified with text descriptions of events—like when the kids arrive home, or the cat is chewing on plants.

Separate Cam and Mic Indicators
Current cameras use a single point light indicator. This system is ambiguous, unreliable, and distrusted by both adjacent and primary users. We use intuitive mappings to implement separate mic and camera indicator lights.

High and Low Visibility Indicator Settings
When more discretion is desired, users can set the device to a less conspicuous Low Visibility setting. Users can adjust the indicator brightness ranging from ultra-bright to very dim. But to maintain trust through reliability, it is not possible to completely disable the indicator lights.

Branding

Logo and design system. The Arca name, logo, and visual design system is intended to evoke it's marketing tagline: "An inclusive, privacy-enhancing smart camera for you and your extended household."

Speculative marketing. As a design research project, we want our audiences composed of experts and the general public to critically reflect on the broader issues and opportunities that Arca exemplifies. To help communicate this intent and provoke our audiences, we created fictional marketing materials for Arca. Whereas companies typically market products to their end user and paying customer, our ads challenge camera owners to consider the needs of adjacent users.

Physical Computing Prototypes
To help us envision and test Arca's novel light indication system, we built a realistic prototype of the camera device with functional LED indicators. Using a program call Protopie Bridge, we further built a prototype that allows users to tap a button on the Arca mobile app prototype and activate the correct corresponding indicator on our camera prototype.

User Testing
We've conducted extensive concept evaluation and usability testing of Arca prototypes. Overall, these studies validate the value and usability of our design to a variety of primary and adjacent users. The results of these studies will be reported in a forthcoming research publication.


Exhibition/Dissemination

Contribution and Impact
Arca isn’t simply a proposed solution. It’s also a research tool. Our intended audience is other designers, technologists, and experts. Our project generalizes design patterns, principles, and problem-framings. We then disseminate these insights through public exhibitions, research publications, and forthcoming dedicated project website. Below are several design patterns/principles that we developed through this project, and which our Arca design concept exemplifies:

• Define a True Off state that reliably communicates that a spatial sensor device is completely deactivated, and a True On state that is fully active.

• Offer Sensor Dimmer Switches for configuring privacy-enhancing states between true on and off.

• Include Privacy Speed Bumps that discourage primary users from using functionality that invades the privacy of adjacent users.

• Provide System Status Sharing features that enable primary users to inform adjacent users without giving them access to sensitive data or settings.

• Encourage primary users to extend access as Peace Offerings and Conversation Starters to improve communication and respect. Doing so can improve trust and respect (even if adjacent users do not actually use them!).

In a forthcoming research publication we will report these and related design patterns and principles to help designers address improve privacy and ease interpersonal tensions between primary and adjacent users of surveillant sensing technologies.


Design Process
Our iterative process involved competitive audits, user research, scenarios, design proposals, mixed-fidelity prototyping, user testing, branding, and dissemination/exhibition.

We've documented our process across several booklets and research publications:

- interactive industrial design process book [PDF]
- app UX/UI design process book [PDF]
- branding design process book [PDF]
- formative design process: research, scenarios, concept exploration [PDF]

Project Team
Principal Investigator, Design+Research Lead
James Pierce

Interaction + Visual Design
Lian Bensaadon
Faith Ong
Burke Smithers
Hope Terpilowski

Industrial Design
Ann Lai
Cole Young

Physical Prototyping
Chongjiu Gao
Wayne Jiang
Sergio Medina

Research
Robyn Anderson
Claire Weizenegger

Early-stage project work and team.