Future Risks: Privacy and Security in On-Body Interaction Techniques
Compared to the possibilities offered by on-body interaction techniques such as wearables, smartphones and computers are increasingly beginning to look like technologies of the past. But what risks arise when mini-computers worn continuously on the body become part of everyday life? This question was investigated by CISPA researcher Dañiel Gerhardt. His central finding is that privacy and security issues are closely intertwined, creating significant risks for users. As a potential solution, he developed his own set of design guidelines. He presented his paper “Privacy & Safety Challenges of On-Body Interaction Techniques” at the ACM CHI Conference on Human Factors in Computing Systems.
Interacting with technological devices is part of everyday life for most people. “We use a mouse, a keyboard, or a touchscreen on a daily basis to interact with smartphones or laptops,” explains Dañiel Gerhardt, a doctoral candidate in the research group led by our CISPA-Faculty Dr. Katharina Krombholz. “With newer technologies such as smartwatches, smart glasses, or VR headsets, interaction is increasingly based on gestures or spatial input. Smart textiles further expand this by incorporating biometric interactions or inputs derived from bodily functions such as heart rate.” The key challenge for the privacy and security of users lies in the fact that interaction takes place directly on the body.
While traditional input methods such as the mouse or touchscreen have been extensively studied, there is still limited scientific knowledge on on-body interaction techniques. “This is exactly what makes the topic so exciting,” Gerhardt notes. “We assume that new, previously unknown issues may emerge.” Due to the exploratory nature of the research, Gerhardt conducted a qualitative interview study with 15 experts in the fields of human–computer interaction, as well as privacy and cybersecurity. The aim was to identify the privacy and security risks perceived by these experts. The study was initially grounded in a literature review of 91 different interaction techniques, which were systematically classified according to their observability and range. Building on this, Gerhardt developed fictional usage and attack scenarios, which were then discussed during the expert interviews.
Identified Security Risks and Potential Privacy Issues
The study shows that privacy and security issues in on-body technologies are closely interconnected and can have far-reaching consequences. “Privacy issues can directly lead to security problems, particularly with regard to personal well-being,” Gerhardt explains. “Because these technologies are worn in close proximity to the body and continuously collect high-resolution data, they enable extensive inferences about individuals.” Such information could be misused to influence, control, or harm people. A smart jacket with integrated heating elements, for example, could be manipulated to cause burns. Devices could also be exploited for extortion. “One expert described this using the term ‘ransomware for the body,’” the researcher notes.
More specifically, the study identifies several key privacy risks. These include excessive data collection, the risk of interference, meaning the overlap and combination of different data streams, the possibility of technical attacks, and potential threats to the privacy of bystanders. “Devices may also capture data from people in the surrounding environment without their knowledge or consent,” Gerhardt adds. Furthermore, the study highlights a range of physical and psychological safety risks, which may also affect uninvolved individuals. “Physical risks include injuries caused by large movements triggered by the devices. A psychological risk, by contrast, may involve stress induced by immersive or manipulative systems,” the researcher explains.
Proposed Solutions: Design Guidelines
The goal of engaging with an emerging technology such as on-body interaction techniques at an early stage is to address risks during the development process. “For this reason, we also developed a set of design guidelines,” Gerhardt says. “They are based on a combination of literature review and interview findings and are intended to make future interactions safer and more privacy-friendly.” The guidelines are aimed at stakeholders in research, industry, and design, and they follow a consistent security- and privacy-by-design approach. Among other recommendations, they call for minimizing data collection, increasing transparency for users, implementing robust security mechanisms for both hardware and software, and adopting a comprehensive ethical perspective.
Whether and how these approaches can be implemented in practice may be a subject for future research. What is already clear, however, is this: Designing secure and privacy-preserving on-body interaction techniques will be a central challenge of the digital future. “In this context, safety does not only mean preventing devices from causing physical harm,” Gerhardt concludes. “It also includes protecting people from being emotionally manipulated, losing control over their bodies, or being pushed into uncomfortable or unwanted experiences.”
Problem: On-body interaction techniques (e.g., wearables) introduce new and largely unexplored risks to privacy and security due to their close integration with the human body.
Analysis: Qualitative study with 15 experts who systematically evaluated different interaction techniques and usage scenarios.
Key Risks: Excessive data collection, far-reaching data inference, risks to bystanders, as well as physical and psychological harm.
Core Finding: Privacy and security issues are deeply intertwined and cannot be considered in isolation.
Solution: Development of eight concrete design guidelines to mitigate risks early in the design process.
Societal Impact: Promotes the trustworthy and responsible use of body-centric technologies while protecting users and those around them.
