This incident shows that when the design allows a third party to interfere with the operation of the device, the developer must ensure that a certain degree of control is reserved for the customer. JpCednc
It seems that most developers of smart thermostats do this. Therefore, users usually have to log in to the "bring your own thermostat" program of energy companies and actively register their thermostats, so as to allow energy companies to intervene when energy conservation is urgently needed. The program usually provides cash back or other financial incentives to encourage users to register. Therefore, it should not be too surprising for users that energy companies can adjust their device settings. JpCednc
In addition, thermostat developers also provide a mechanism through which customers can be informed when energy companies are about to take "energy saving actions". In general, this kind of notification will appear on the display screen of the thermostat, and in other cases, the notification will be sent through the smartphone application (App) of the thermostat. In any case, this mechanism can inform users before or during the intervention. JpCednc
Figure 1: Traditional thermostats allow users to fully control their system settings, but intelligent thermostats can delegate some control to energy companies. (Source: PublicDomainPictures.net) jpcednc
Most importantly, thermostat developers must ensure that users can retain a certain degree of control over their systems. When the energy company improves the thermostat setting, the user can use the conventional control mechanism of the device to simply restore its original setting, which is actually an "opt-out" power saving event. At the very least, they can undo the specific event. If you want to permanently withdraw from the plan, you may sometimes have to have a long and complicated interaction with energy companies, and the specific details depend on the provisions of the plan. JpCednc
Nevertheless, the recent events in Texas surprised some users and even triggered an angry reaction. Users don’t understand the meaning of participating in the plan, or don’t notice whether they have received the notice about the upcoming power saving event. But this kind of problem is not something that suppliers can avoid through their design tasks. JpCednc
However, once the energy company steps in to ensure that the customer knows how to control the thermostat again, it is within the supplier’s control. This is where suppliers can take some positive actions. They must ensure that the user guide of their devices specifically mentions the possibility of a third party controlling the operation of their devices, and how to revoke this control when necessary. JpCednc
I can’t check every supplier’s user guide one by one, but the few guides I can get and read carefully hardly mention this ability of third-party control devices, nor do they explain what steps users should take to regain their control. I have checked several plan descriptions of energy companies, and they do provide most of the information, but only in general form, not to mention any information specifically provided for specific devices. JpCednc
The problem is that although angry users may blame the energy company, they may also blame the device supplier or even the device itself because of the accident and unhappiness of an external agency controlling its thermostat. Whether this anger is reasonable or not, user dissatisfaction does exist, and developers may have to think about how to transfer this anger from their products. A good way is to let suppliers ensure that they provide users with relevant information, instead of relying on third parties to inform consumers. In this case, a brief description of the energy-saving plan, possible impacts and mitigation techniques will obviously help to transfer users’ anger. Even if the user doesn’t read the information, make sure to convey the message that the supplier cares about the user and tries to avoid negative accidents. JpCednc
When developers consider including any function in their IoT design that may hand over the control of devices to third parties, they must also ensure that a certain degree of control over the process is reserved for users. In order to ensure that users understand the potential and influence of third-party control, easily identify the occurrence of such incidents, and know how to regain control, the more developers can do, the better users will know about the products and their suppliers. JpCednc
(The original text was published in the American version of EDN under ASPENCORE, reference link: maintain a degree of control in your IOT device, compiled by Susan Hong)JpCednc.