Designing IoT Systems with Humans-in-the-Loop

The Internet of Things is advancing rapidly. Indeed, every piece of technology that is needed for its take up (to date) is already out there — sensors, data, storage, processing power, high bandwidth connection, cloud computing, mobile, and analytics. And yeah, businesses are agog with excitement and interest gearing up to out-compete each other in the space.

One of the long-term implications of the IoT, which is not always apparent from the way its evangelists portray the technology, is the ultimate automation of “everything” at ubiquitous scale.

In a few exceptions, the focus (as I believe it should) is on augmentation rather than automation. The real appeal of the IoT lies in the ability of millions of interconnected devices to share information — machines talking with machines, cars talking with cars and traffic control systems, fitness trackers talking with our healthcare providers, home refrigerators talking with grocery stores — automatically providing services and making decisions supposedly on behalf of the user. Decisions will be initiated calmly, as proactive responses to perceived user needs or changes in user environment, and must be personal, intelligent, actionable, and in real-time. The IoT will leverage the sensor technology to gain situational awareness of people, giving rise to multitude of signals and data that are analyzed to provide recommendations to the user and quietly shape their implicit values.

However, it still remains unclear what the place and role of “users” will be in this complex digital infrastructure where machines orchestrate the symphony. So far, we seem to approach IoT design by following in the footsteps of the end-user computing model of the Web and desktop era where people are viewed literally as “end-users” of computing, or the computing model of industrial automation where people watch over computer-controlled processes only stepping in when something goes wrong. But, will this approach suffice for the IoT?

In situations where machines are left completely in control — to collect data, perform analytics, and take actions without humans in the loop, the effect of erroneous data could be disastrous. With this vast sea of signals and data, come noisy or corrupt data, which could occur as an inherent part of unstructured data or, result from wrong sensor reading or erroneous computer code, or as a deliberate attempt by malicious hackers to wreak havoc on the system. In December 2013, a British man, Victor Hankins, was stuck in traffic in Braford, England. While waiting at a red light, he was photographed by a computer-controlled traffic camera in front of a bus stop. The IoT-enabled system automatically decided that Mr Hankins had violated a traffic rule by parking in front of a bus stop. Using his number plate, the system found Mr Hankins’s address in a database, and automatically generated an “evidence letter”, including video of the scene, a timestamp and location. The letter from Bradford city council demanding that Hankins pay a fine or face court action was composed, printed and mailed within minutes of the incident occurring — all without any human in the loop. Bradford city council initially dismissed Mr Hankins’s complaint, only admitting its error when he provided evidence that contradicted their system generated evidence and threatened them with a court case.

Even with humans in the IoT loop, it is still unclear, from a human-computer interaction perspective, how to design for optimized relationships between people and machines in a scalable manner. With a system possessing an inherent capability to learn, the power to interconnect with almost anything, and underlying so-called smart objects and interfaces acting on our behalf often quietly, it becomes challenging to make sense of how best to engage intelligently with it. How do we design triggers for proactive engagement and disengagement, and how do we handle the consequences of implied actions? When the system misbehaves as a result of erroneous data, for example, how do we design for real-time rules that can guarantee a fail-safe state for the IoT system? The sad story of Air France Flight 447 flying from Rio de Janeiro to Paris on May 31 2009 illustrates the weight of the challenge of designing for appropriate triggers for seamless and proactive engagement and disengagement between users and computers in IoT. An airspeed sensor on the plane had iced over and stopped functioning due to erroneous outside temperature reading, causing the autopilot to disconnect. According to aviation experts, the erroneous temperature data was not a major problem, but required the pilots to take control. However, in attempting to take control, the pilots made graver errors that ultimately led to the crash of Flight 447.

Besides the problem of designing support for the massive device inter-connectivity in IoT, it becomes even more concerning when one considers the fact that most customers cannot relate tangibly with IoT as they do with iPhone, a web application, or a home device. IoT is invisible to users. Customers do not buy IoT; they buy products — applications, gadgets, apps, cars, etc. — that use IoT. Designing IoT systems by focusing almost exclusively on the technology and data parts, without sufficient attention to the people interacting with the technology can lead to disastrous outcomes, especially during system failures.

During the “What in the World” segment of his regular GPS programme of July16 2017, CNN host, Fareed Zakari presented three fascinating examples of an IoT-enabled world gone wrong that, to me, lends credence to the argument about designing the IoT with users in the loop. First was the 2016 hacking of Bangladesh Central Bank. Cyber thieves allegedly using a flaw in the computerized systems that banks use to talk with one another, attempted to electronically steal almost $1 billion from the Bangladesh Central Bank. The hackers got away with transferring $81 million out of the bank before being stopped. The second example was the 2015 demonstration of a hacked driverless car. Independent security researchers working with a Wired magazine reporter for a story remotely hacked the dashboard computer of a Jeep Cherokee from a laptop 10 miles away. Demonstrating a software vulnerability many new cars have, the researchers were able to hijack the braking systems, forcing the Jeep to drive into a ditch. It should be noted that Jeep’s parent company said there has not been a single real-world incident of an unlawful or unauthorized remote hack into any of its vehicles. But the demonstration was able to show that the potential now exists for hackers, terrorists, or cyber criminals to remotely disable a car’s brakes, lock the doors and steer passengers right off a cliff. Lastly, the CNN host told of the May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm. The ransomeware notoriously locked up hundreds of thousands of computers around the world. As a result, hospitals, train systems, and factories were all crippled by hackers taking advantage of a vulnerability in Microsoft’s operating system.

Although these examples are relatively well-known, at least within the technology world, they do raise major challenges for IoT design. From the perspective of human-computer interaction, these challenges are about the fundamental questions of not only how to make our interconnected digital infrastructures usable and smart, but also how to design them for maximum user value, safety and trustworthiness. In particular, how do we judiciously shape interactions between users and the IoT in a way that goads such interactions, and compels them even in the face of corrupt data or unanticipated situations, to create value for the user?

Design Considerations

To design IoT systems with humans in the loop, this article proposes the following design considerations. They are not yet well developed, and should only serve to provoke further discussions.

1 Build trust through transparency and user control

A key question for user-centered IoT design is how do we, as human-computer interaction professionals, evaluate and optimize the value of the information users get from an IoT system? For the user who relies on a self-driving car to take them to their next appointment, schedule the car’s next oil change, or who counts on their IoT-powered refrigerator for their next grocery purchase, a number of critical questions become apparent. Who is in control? Toward what goal was the IoT algorithm acting? Who generates the data? From where? Under what contexts? How do these issues ultimately affect the services and decisions that the IoT system delivers to the user?

I think a possible answer to these questions lies in finding a balance between autonomy and control through transparent human-IoT interaction. Design should thus focus more on user empowerment by providing them with the knowledge required to understand and control their IoT environment in a way that builds trust between the user and the system. In addition, design should aim to provide users with intuitive and accessible interfaces that offer support for multimodal engagement, as well as reconfigurable and interactive platforms that make it possible, through active end-user computing, for users to imagine new and personalized functionalities. The Microsoft .NET Gadgeteer is one example of this kind of platform.

2 Make security and safety a central design focus

Much unlike UI and collaborative workflow support, which have been the key foci of design in consumer products and enterprise applications respectively, designing optimal user experience for the IoT will mostly center around the issue of safer and more secure product use. IoT is going to be the power behind apps and devices that will not only be ubiquitous, but also have a mind of their own and the capability to reach into users’ lives to influence their personal choices and implicit values. Building security and safety into the design choices we make from the get go will be an important metric in evaluating the user experience of IoT devices. Support for top notch authentication, access, encryption, and other security and privacy features will be the sine qua non of IoT design. In addition, giving users the power to control and personalize their security and privacy needs, as active entities in the IoT loop, and ensure a fail-safe state for the system even in the face of corrupt data will be a critically important factor to consider as well.

3 Design support for signifiers

The IoT will take computing beyond the traditional systems and devices we know of — computers, tablets, iPhones — into a whole new range of everyday objects — furniture, cars, wearable objects, refrigerators, washing machines, etc.. The degree of connectivity that would arise as a result will present huge opportunities for re-thinking the way we do design. A major challenge would be how to design for optimal and focused user experience when the user has to keep track of dynamic interactions between multitude of devices within the IoT ecosystem. Design approaches that treat the user as a passive end-user are very likely to fail.

In his iconic book “The Design of Everyday Things”, Don Norman introduced the concept of signifiers as “perceivable affordances” or signs that give a user clues that might help them understand or cope with a product or service and to make sense of what the product or service is or what it is used for, what is happening, and what the alternative actions are. To navigate our way through this complex world, Norman observes that we constantly look for significant signifiers that offer us guidance — whether it is the difference between empty or crowded train platforms that suggests whether or not we’ve missed our train, or light shining through the window of a house that suggests there is someone in. Providing support for signifiers seems imperative in order to design useful and usable IoT systems. Signifiers will be useful in designing interface metaphors that beckon users as active end-users in IoT. For example, users may receive control input from the system in the form of signifiers (e.g. suggestions, warnings, incentives, or even penalties) to diverge from default behavior or to quickly recommend an alternative set of actions in the event of system failure. To function actively and successfully in the IoT world, design support for signifiers will help users develop internal models of what “things” mean, and of how they operate. Providing design support for signifiers resonates strongly with the emerging idea of anticipatory design that seeks to provide predictive user experience as a service.

4 Design for augmented intelligence rather than artificial intelligence

There is a fine line between augmented intelligence and artificial intelligence that is not always apparent in the way most organizations pursue intelligent systems design. As noted in a recent IBM Research blog, the difference between the two is in seeking to enhance and scale human expertise versus attempting to replicate all of human intelligence. An example of the former includes a car collision avoidance system that can help a driver prevent an accident, without actually taking the driver out of control, whereas Google’s autonomous car, where the machine completely takes the place of the human driver denotes an example of the latter.

Indeed, designing IoT systems correctly would require a focus on augmented intelligence. From that point of view, the key questions for human-computer interaction design would become, what is the user’s situation as-is, and what information technology capabilities are required to supplement the situation and help the user achieve their goals? Providing design support for augmented intelligence instead of artificial intelligence will therefore allow for the design of IoT systems with the capability to self-manage human-IoT system interaction by keeping users in the loop.

5 Keep it simple

With 50 billion connected “things” by 2020, according to Ericsson, the IoT is already complex enough. Besides, as noted earlier, the IoT is invisible to users, who are in most cases unaware of what it is or what it does. As a result, technologists and designers must approach IoT development with the famous “keep it simple” mandate. In addition, if there is anything that we have learned from user experience research and design in the personal consumer industry over the last decade, it is that consumers demand simple design solutions to everyday problems, and IoT should be no different. Keeping users in the loop will go a long way to realizing this design mandate.

Wrapping up

As IoT progresses and adoption grows, the technology presents a whole new set of design challenges for human-computer interaction. In the effort to connect everything, we’ve rendered ourselves victims of the paradox of automation and created a monster that’s just waiting to take advantage of a design flaw in our system, making it all too easy to inadvertently let cyber criminals into our homes, our cars, our bank accounts, and our personal lives. The IoT will only be a success if it is designed in a way that ensures that these myriad technologies and interconnected devices all fit in seamlessly to deliver the best experience to the user.

Long-standing HCI design principles seem insufficient for designing for the complex people-machine relationship in IoT. In some cases, they hardly apply as they are lacking on some critical issues like transparency, loops, transfer of control, empathy, anticipatory interaction, interconnected product design, security and privacy. A number of new HCI design principles have been proposed; two appear particularly prominent, namely anticipatory design and the concept of signifiers. However, they seem to be insufficiently developed at this stage; anticipatory design is still in its infancy, whereas signifiers as a design technique is yet to garner much research attention. While the famous UX design mantra of “put the user first” remains the holy grail of most design approaches, the fact that IoT is largely invisible to customers means that people’s understanding of, as well as interaction and experience with the technology has not progressed as much as the technology has. As a result, customers may not know actually what they want out of IoT, at least not at this early stage of its development.

Providing design support for “humans in the loop” thus seems like a pertinent approach to take to handle the seemingly inevitable failure states of the algorithm.

The approach will potentially give rise to IoT systems that utilize the complementary nature of human and machine intelligence to build a synergy where interaction gives rise to services capable of meeting customer needs in a whole range of new ways. It will lead to machines that truly take advantage of our capabilities while compensating for the things we are bad at, leading to smarter, more creative ubiquitous scale IoT systems. However, a potential downside of the idea is the danger of creating situations where users try out maneuvers for coping or even manipulating the IoT system in ways that could complicate the user-system relationship even further. And not to forget its potential effect on the scalability of the IoT.