Privacy in Smart Cameras
Designing for Bystander privacy in Smart Home Cameras.
This is as a part of ongoing research with James Pierce in the
Design School @ UW.
Click here to go to a recent paper we published.
My Role - Interaction Designer
I acted as an interaction designer. My responsibilities included competitive analysis, storyboarding, defining features, user flows and prototyping.
Team - 4 Members
Parag Nandi, Heejun Park, Tae Kyeung Lim, Isha A
Duration - 16 Weeks
Jan 2022 - Jun 2022
Problem space
Design for privacy of incidental users without compromising user security of smart home camera devices.
Who are incidental Users?
Incidental users would people who end up being surveilled by IOT device as a part of their interactions with user. Examples include guests, neighbors, domestic workers and roommates.
Current privacy safeguards are build with the immediate users in mind and fail to include people who may not be users but are often surveilled or recorded by smart cameras.
Initial Research
My initial task as a part of the research group was to conduct a landscape analysis into the current practices and other research.
Landscape Analysis
Here is the initial landscape analysis with direct and indirect work in the area.
There are two main approaches to bystander privacy being worked on today: cooperative mechanisms (access request) and bystander-centric mechanisms (detecting nearby devices and controlling data collection/processing) that allow holistic privacy protection for bystanders.
  1. Most of the solutions require incidental users to input consent, buy wearable devices to avoid being captured, or proactively look for objects capturing them.
  2. People are not aware of the existing options. Most of the work for tech-savy individuals.
  3. Studies suggest using light indicators, sounds, owner-provided images of camera placements to give affordance to incidental users about the objects recording them.
  4. Most processes are reliant on the bystanders to actively take on the responsibility for their privacy. Owners of devices have it optional.
Currently, bystander’s privacy depends on owners taking steps to define the camera's field of interest, giving guests access, and AI-based content processing and filtering. Most of the solutions require bystanders to input consent, buy wearable devices to avoid being captured, or proactively look for objects capturing them. Also, a large part of the current work is built towards policy making and mandates with not many industrial implementations.
Privacy System Diagram: Smart Sensing Device
A system diagram that we referred to on our discussions to establish the device system.
The system diagram places how the IOT device and my work further was on the items highlighted in blue (sensed data, it's display and internal rules).
Existing Concepts and Work
The research group so far was exploring 2 main concepts with sub features:
Closed Mode
Closed mode is explores features that communicates the sensing status of a smart camera to nearby actors.
Guest Access
Guest Account enables owners to give limited access to the smart cameras to improve a guest’s privacy & trust.
Refining Concepts
Exploring Scenarios
With the above concepts in mind I began draft storyboards to illustrate the concepts. I also contributed to the user flows to some extent and you can visit the figjam for it here.
Here are a couple short storyboard illustrating the concept. Click to zoom.
Here are few scenarios that came up. Click to visit the fig jam board for a more detailed userflow.
Defining Features
In the second phase the research group's goals shifted to look into defining the features for the concept with the focus on the owner, introducing settings which nudge them to preserve bystander privacy.
Feature overview
The features we decided to define and move forward with are as below. I take a deep dive on our work on these in the next section of the case study.
Camera repositioning
Create assurances that users are notified and privacy is preserved whenever a device that should be stationary is moved.
Fences & Sense Zones
Creates spatial zones where sensing devices are restricted and users are assured of privacy.
Still Sensing Reminders
Notify users as the device continues to actively sense its environment. Environmental or app feedback to remind nearby users that a device is sensing.
Privacy Masks
Convert video and/or audio in abstracted shapes and symbols to preserve privacy. The camera can sense in hi-resolution, but sometimes you only require to display or record low-resolution.
Information Architecture
We defined user flows for each of the features and then began to them down into an information architecture, to find a place for each. We them went into exploring concept prototypes for each.
Here is a portion of information architecture. Click to open the fig jam
In the next part of the documentation I am going to go into the explorations I did for the features listed above along with the assets and research I had maximum ownership over.
Camera repositioning
Create assurances that users are notified and privacy is preserved whenever a device that should be stationary is moved.
Core Concept
This feature is an event that is recognised when a camera is moved when it’s position is locked.The reposition detection should be an addition onto alerts and notifications. It is highly reliant on the “sense of self within the camera”
How does this support privacy for Guests?
For a start, notifying the movement of the camera so the guest are aware of its location is essential.

The feature enables trust from the owner since camera repositioning would be informed.
Use Cases
  1. The camera accidentally is knocked out of position. It was very carefully setup.
  2. Someone turns the camera toward a wall or facedown to block it. Another user repositions the camera.
  3. Someone inappropriately moves the camera (into bedroom, to play a prank, etc.)
  4. Someone steals or tampers the camera.
What's out there
I looked into forums and features provided currently to see what was out there, what users asked for and why this would be a desirable feature.
Here are some of the notification flows for repositioning. Click to zoom.
User Flow
I began with defining a flow for camera reposition and the alerts sent out. I broke the flow down to setting up and notifications, also noting down unexpected situations.
Here are some of the notification flows for repositioning. Click to zoom.
Protyping for Concept testing
While my teammates defined the visual schema, I looked into user flows. We then whiteboarded and sketched different screens in the key path.
Here is the initial exploration for repositioning settings and notifications. Click to zoom.
Here are some of the notification flows made in figher fidelity for concept testing.
Still Sensing Reminders
Notify users as the device continues to actively sense its environment.
Core Concept
Environmental or app feedback to remind nearby users that a device is sensing. This feature protects privacy by sending a reminder to the registered users to notify that the camera is still sensing.
How does this support privacy for Guests?
Reminding guests that device is sensing and possibly recording information.

Nudging owner to create sensing schedules.
Use Cases
  1. Scheduled recording occurs within a sense zone and users are reminded when this starts.
  2. Owners are nudged to restrict sensing on staff/guest entrance into camera view.
  3. Device may send alerts to remove restrictions on suspicious events.
User Flow
Here are some of the notification flows for repositioning. Click to open image.
Exploration for testing
Here is the initial exploration for still sensing notifications. Click to zoom.
We did not develop higher fidelity set as a part of this feature. The scheduling and settings for the alerts here were created as part of the screens for Sense Zones.
Sense Zones
Creates spatial zones where sensing devices are restricted and users are assured of privacy.
Core Concept
This feature protects privacy by automatically closing the camera or restricting sensing when it enters a specific area. This is especially handy when a single camera covers multiple locations.
How does this support privacy for Guests?
Restriction of sensing by the camera in areas of shared use and private spaces.

Providing neighbors and bystanders privacy by masking areas outside of home boundaries.
Use Cases
  1. Someone moves the camera areas where privacy is expected (eg. bathroom).
  2. Uncontrolled a mobile indoor/outdoor cameras or surveillance drones monitoring the home.
  3. Shared living spaces where the owner moves their camera often.
  4. User schedules surveillance at appropriate times when people are not at home.
User Flow
Here are some of the flows for Sense Zones. Click to zoom.
Exploring for Concept testing
Here is the initial exploration for the setting, maps and sense zone implementations. Click to zoom.
Protyping for Concept testing
Camera setting explorations for focus zones, masked areas and how they would relate to event based or room based settings. My focus was on how this may relate back to repositioning alerts, particularly on camera tilt and shift in focus.
Here are some of the flows made in figher fidelity for concept testing.
Privacy masks and camera Settings
Convert video and/or audio in abstracted shapes and symbols to preserve privacy.
Core Concept
The camera can sense in hi-resolution, but it is not required to display or record hi-resolution. Abstracting the video and creating areas of focus can enable a better distribution of focus points.
How does this support privacy for Guests?
Restriction of sensing by the camera in areas of shared use and private spaces.

Providing neighbors and bystanders privacy by masking areas outside of home boundaries.
Use Cases
  1. Someone moves the camera areas where privacy is expected (eg. bathroom).
  2. Uncontrolled a mobile indoor/outdoor cameras or surveillance drones monitoring the home.
  3. Shared living spaces where the owner moves their camera often.
  4. User schedules surveillance at appropriate times when people are not at home.
User Flow
Here are some of the flows for Sense Zones. Click to zoom.
Exploring for Concept testing
Here is the initial exploration for the setting, maps and sense zone implementations. Click to zoom.
Protyping for Concept testing
Here are some of the flows made in figher fidelity for concept testing.
What's Next?
Note all these flow and screen have been made to test user responses to these concepts and studying their acceptance of these features. There is conflict between owners of cameras and incidental users, the current stage has been set to test the extent to which these features could potentially resolve these tensions.

I hope to share the results of these as the process continues.
Reflections & Learnings
Privacy can be a conflict.
- Incidental users and owners of smart home recording devices can often be in conflict when it comes to privacy. Resolving this tension can be harder than it seems.
In future I would like to...
- Explore changes in approach as smart cameras evolve to include mobility and integrate with other IOT devices.
- Explore how to shift the responsibility from the users to the IoT system.
- Reflect on the user's perception on these features and revisit them
More Work
Let's Go
Designing for urban hikers to create more meaningful connections.
Experience Design
App Design
Student
SG Recon
Internal tools to track & monitor external and internal transaction records.
UX ENGINEER
Design Strategy
NDA

Did that catch your interest?
Drop a hi at i.agarwal@outlook.com or any of the spaces below :