“Children are a formidable adversary – unlike any other,” says Microsoft security researcher Stuart Schechter in a paper entitled The User is the Enemy, and (S)he Keeps Reaching for the Bright Shiny Power Button. Schechter’s paper is to be presented at the SOUP (Symposium on Usable Privacy Security) conference in Newcastle, UK, next week.
“Children represent a unique challenge to the security and privacy considerations of the home and technology deployed within it,” Schechter writes. “There is a gaping chasm between the traditional approaches technologists apply to problems of security and privacy and the approaches used by those who deal with this adversary on a regular basis.”
Describing children’s role in the home as “far from that of hapless victims”, Schechter describes how children are “natural hackers, because they live in a world designed for people with stronger muscles, better motor skills, keener senses, better communications skills, and other essential abilities and knowledge.”
“Designing security with children in mind requires a more nuanced approach than simply restricting access,” Schechter writes, suggesting that overt “surveillance” may cause children to react badly. Shechter suggests that parents could monitor the location of bicycles, rather than children themselves, or monitor doors, rather than using webcams. “Alternatively, always-on surveillance could be used more judiciously by only allowing video to be monitored if both the child and parent agree. Children could then use surveillance feeds as evidence of their innocence, but not have the video used against them,” Shechter suggests.
“An interesting (and somewhat amusing) piece,” says ESET Senior Research Fellow David Harley. “I can’t say I ever regarded my baby daughter as my adversary when I went around the apartment installing stair-gates and socket covers, but the points about striking a balance between keeping children safe without stunting their emotional and moral development are worth making.”
“While she never had the opportunity to inadvertently buy me a sports car on my smartphone – at any rate, not until she was old enough to know better – I’m all too aware that there are elements of risk posed by the Internet of Things that were barely envisaged two decades ago. The real problem there is thinking beyond a safety checklist approach – a flawed approach that in security we too often mistake for education – to raising the security awareness of adults sufficiently to allow them to make informed decisions tailored to securing their own individual environments.”