Internet of Things (IoT) device manufacturers provide little information to consumers about their security and data handling practices. Therefore, IoT consumers cannot make informed
purchase choices around security and privacy. While prior research has found that consumers would likely consider security and privacy when purchasing IoT devices, past work lacks empirical evidence as to whether they would actually pay more to purchase devices with enhanced security and privacy. To fill this gap, we conducted a two-phase incentive compatible online study with 180 Prolific participants. We measured the impact of five security and privacy factors (e.g., access control) on participants’ purchase behaviors when presented individually or together on an IoT label. Participants were willing to pay a significant premium for devices with better security and privacy practices. The biggest price
differential we found was for de-identified rather than identifiable cloud storage. Mainly due to its usability challenges, the least valuable improvement for participants was to have multi-factor authentication as opposed to passwords. Based on our findings, we provide recommendations on creating more effective IoT security and privacy labeling programs.
more »
« less
Which Privacy and Security Attributes Most Impact Consumers’ Risk Perception and Willingness to Purchase IoT Devices?
In prior work, researchers proposed an Internet of
Things (IoT) security and privacy label akin to a food nutrition
label, based on input from experts. We conducted a survey with
1,371 Mechanical Turk (MTurk) participants to test the effectiveness of each of the privacy and security attribute-value pairs
proposed in that prior work along two key dimensions: ability
to convey risk to consumers and impact on their willingness to
purchase an IoT device. We found that the values intended to
communicate increased risk were generally perceived that way
by participants. For example, we found that consumers perceived
more risk when a label conveyed that data would be sold to
third parties than when it would not be sold at all, and that
consumers were more willing to purchase devices when they
knew that their data would not be retained or shared with others.
However, participants’ risk perception did not always align with
their willingness to purchase, sometimes due to usability concerns.
Based on our findings, we propose actionable recommendations
on how to more effectively present privacy and security attributes
on an IoT label to better communicate risk to consumers
more »
« less
- NSF-PAR ID:
- 10316411
- Date Published:
- Journal Name:
- 2021 IEEE Symposium on Security and Privacy (SP)
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Information about the privacy and security of Internet of Things (IoT) devices is not readily available to consumers who want to consider it before making purchase decisions. While legislators have proposed adding succinct, consumer accessible, labels, they do not provide guidance on the content of these labels. In this paper, we report on the results of a series of interviews and surveys with privacy and security experts, as well as consumers, where we explore and test the design space of the content to include on an IoT privacy and security label. We conduct an expert elicitation study by following a three-round Delphi process with 22 privacy and security experts to identify the factors that experts believed are important for consumers when comparing the privacy and security of IoT devices to inform their purchase decisions. Based on how critical experts believed each factor is in conveying risk to consumers, we distributed these factors across two layers—a primary layer to display on the product package itself or prominently on a website, and a secondary layer available online through a web link or a QR code. We report on the experts’ rationale and arguments used to support their choice of factors. Moreover, to study how consumers would perceive the privacy and security information specified by experts, we conducted a series of semi-structured interviews with 15 participants, who had purchased at least one IoT device (smart home device or wearable). Based on the results of our expert elicitation and consumer studies, we propose a prototype privacy and security label to help consumers make more informed IoTrelated purchase decisions.more » « less
-
null (Ed.)The proliferation of the Internet of Things (IoT) has started transforming our lifestyle through automation of home appliances. However, there are users who are hesitant to adopt IoT devices due to various privacy and security concerns. In this paper, we elicit peoples’ attitude and concerns towards adopting IoT devices. We conduct an online survey and collect responses from 232 participants from three different geographic regions (United States, Europe, and India); the participants consist of both adopters and non-adopters of IoT devices. Through data analysis, we determine that there are both similarities and differences in perceptions and concerns between adopters and non-adopters. For example, even though IoT and non-IoT users share similar security and privacy concerns, IoT users are more comfortable using IoT devices in private settings compared to non-IoT users. Furthermore, when comparing users’ attitude and concerns across different geographic regions, we found similarities between participants from the US and Europe, yet participants from India showcased contrasting behavior. For instance, we found that participants from India were more trusting in their government to properly protect consumer data and were more comfortable using IoT devices in a variety of public settings, compared to participants from the US and Europe. Based on our findings, we provide recommendations to reduce users’ concerns in adopting IoT devices, and thereby enhance user trust towards adopting IoT devices.more » « less
-
Producer and consumer perspectives on supporting and diversifying local food systems in central Iowamore » « less
Abstract The majority of food in the US is distributed through global/national supply chains that exclude locally-produced goods. This situation offers opportunities to increase local food production and consumption and is influenced by constraints that limit the scale of these activities. We conducted a study to assess perspectives of producers and consumers engaged in food systems of a major Midwestern city. We examined producers’ willingness to include/increase cultivation of local foods and consumers’ interest in purchasing/increasing local foods. We used focus groups of producers (two groups of conventional farmers, four local food producers) and consumers (three conventional market participants, two locavores) to pose questions about production/consumption of local foods. We transcribed discussions verbatim and examined text to identify themes, using separate affinity diagrams for producers and consumers. We found producers and consumers are influenced by the
status quo and real and perceived barriers to local foods. We also learned participants believed increasing production and consumption of local foods would benefit their community and creating better infrastructure could enhance efforts to scale up local food systems. Focus group participants also indicated support from external champions/programs could support expansion of local foods. We learned that diversifying local food production was viewed as a way to support local community, increase access to healthy foods and reduce environmental impacts of conventional production. Our research indicates that encouraging producers and consumers in local food systems will be more successful when support for the local community is emphasized. -
Identity authentication based on Doppler radar respiration sensing is gaining attention as it requires neither contact nor line of sight and does not give rise to privacy concerns associated with video imaging. Prior research demonstrating the recognition of individuals has been limited to isolated single subject scenarios. When two equidistant subjects are present, identification is more challenging due to the interference of respiration motion patterns in the reflected radar signal. In this research, respiratory signature separation techniques are functionally combined with machine learning (ML) classifiers for reliable subject identity authentication. An improved version of the dynamic segmentation algorithm (peak search and triangulation) was proposed, which can extract distinguishable airflow profile-related features (exhale area, inhale area, inhale/exhale speed, and breathing depth) for medium-scale experiments of 20 different participants to examine the feasibility of extraction of an individual’s respiratory features from a combined mixture of motions for subjects. Independent component analysis with the joint approximation of diagonalization of eigenmatrices (ICA-JADE) algorithm was employed to isolate individual respiratory signatures from combined mixtures of breathing patterns. The extracted hyperfeature sets were then evaluated by integrating two different popular ML classifiers, k-nearest neighbor (KNN) and support vector machine (SVM), for subject authentication. Accuracies of 97.5% for two-subject experiments and 98.33% for single-subject experiments were achieved, which supersedes the performance of prior reported methods. The proposed identity authentication approach has several potential applications, including security/surveillance, the Internet-of- Things (IoT) applications, virtual reality, and health monitoring.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/SP40001.2021.00112
