More Like this

1. Which Privacy and Security Attributes Most Impact Consumers’ Risk Perception and Willingness to Purchase IoT Devices?

   https://doi.org/10.1109/SP40001.2021.00112  

   Emami-Naeini, Pardis; Dheenadhayalan, Janarth; Agarwal, Yuvraj; Cranor, Lorrie Faith (May 2021, 2021 IEEE Symposium on Security and Privacy (SP))

   In prior work, researchers proposed an Internet of Things (IoT) security and privacy label akin to a food nutrition label, based on input from experts. We conducted a survey with 1,371 Mechanical Turk (MTurk) participants to test the effectiveness of each of the privacy and security attribute-value pairs proposed in that prior work along two key dimensions: ability to convey risk to consumers and impact on their willingness to purchase an IoT device. We found that the values intended to communicate increased risk were generally perceived that way by participants. For example, we found that consumers perceived more risk when a label conveyed that data would be sold to third parties than when it would not be sold at all, and that consumers were more willing to purchase devices when they knew that their data would not be retained or shared with others. However, participants’ risk perception did not always align with their willingness to purchase, sometimes due to usability concerns. Based on our findings, we propose actionable recommendations on how to more effectively present privacy and security attributes on an IoT label to better communicate risk to consumers 

   more » « less
2. Ask the Experts: What Should Be on an IoT Privacy and Security Label?

   https://doi.org/10.1109/SP40000.2020.00043  

   Emami-Naeini, Pardis; Agarwal, Yuvraj; Faith Cranor, Lorrie; Hibshi, Hanan (May 2020, The 41st IEEE Symposium on Security and Privacy)

   Information about the privacy and security of Internet of Things (IoT) devices is not readily available to consumers who want to consider it before making purchase decisions. While legislators have proposed adding succinct, consumer accessible, labels, they do not provide guidance on the content of these labels. In this paper, we report on the results of a series of interviews and surveys with privacy and security experts, as well as consumers, where we explore and test the design space of the content to include on an IoT privacy and security label. We conduct an expert elicitation study by following a three-round Delphi process with 22 privacy and security experts to identify the factors that experts believed are important for consumers when comparing the privacy and security of IoT devices to inform their purchase decisions. Based on how critical experts believed each factor is in conveying risk to consumers, we distributed these factors across two layers—a primary layer to display on the product package itself or prominently on a website, and a secondary layer available online through a web link or a QR code. We report on the experts’ rationale and arguments used to support their choice of factors. Moreover, to study how consumers would perceive the privacy and security information specified by experts, we conducted a series of semi-structured interviews with 15 participants, who had purchased at least one IoT device (smart home device or wearable). Based on the results of our expert elicitation and consumer studies, we propose a prototype privacy and security label to help consumers make more informed IoTrelated purchase decisions. 

   more » « less
3. Is a Trustmark and QR Code Enough? The Effect of IoT Security and Privacy Label Information Complexity on Consumer Comprehension and Behavior

   https://doi.org/10.1145/3613904.3642011  

   Chen, Claire C; Shu, Dillon; Ravishankar, Hamsini; Li, Xinran; Agarwal, Yuvraj; Cranor, Lorrie Faith (May 2024, ACM)

   The U.S. Government is developing a package label to help consumers access reliable security and privacy information about Internet of Things (IoT) devices when making purchase decisions. The label will include the U.S. Cyber Trust Mark, a QR code to scan for more details, and potentially additional information. To examine how label information complexity and educational interventions affect comprehension of security and privacy attributes and label QR code use, we conducted an online survey with 518 IoT purchasers. We examined participants’ comprehension and preferences for three labels of varying complexities, with and without an educational intervention. Participants favored and correctly utilized the two higher-complexity labels, showing a special interest in the privacy-relevant content. Furthermore, while the educational intervention improved understanding of the QR code’s purpose, it had a modest effect on QR scanning behavior. We highlight clear design and policy directions for creating and deploying IoT security and privacy labels. 

   more » « less
4. Understanding People’s Attitude and Concerns towards Adopting IoT Devices

   https://doi.org/10.1145/3411763.3451633  

   Lafontaine, Evan; Sabir, Aafaq; Das, Anupam (May 2021, CHI Conference on Human Factors in Computing Systems CHI Conference on Human Factors in Computing Systems Extended Abstracts)

   null (Ed.)

   The proliferation of the Internet of Things (IoT) has started transforming our lifestyle through automation of home appliances. However, there are users who are hesitant to adopt IoT devices due to various privacy and security concerns. In this paper, we elicit peoples’ attitude and concerns towards adopting IoT devices. We conduct an online survey and collect responses from 232 participants from three different geographic regions (United States, Europe, and India); the participants consist of both adopters and non-adopters of IoT devices. Through data analysis, we determine that there are both similarities and differences in perceptions and concerns between adopters and non-adopters. For example, even though IoT and non-IoT users share similar security and privacy concerns, IoT users are more comfortable using IoT devices in private settings compared to non-IoT users. Furthermore, when comparing users’ attitude and concerns across different geographic regions, we found similarities between participants from the US and Europe, yet participants from India showcased contrasting behavior. For instance, we found that participants from India were more trusting in their government to properly protect consumer data and were more comfortable using IoT devices in a variety of public settings, compared to participants from the US and Europe. Based on our findings, we provide recommendations to reduce users’ concerns in adopting IoT devices, and thereby enhance user trust towards adopting IoT devices. 

   more » « less
5. Encouraging pro-environmental behavior: Do testimonials by experts work?

   https://doi.org/10.1371/journal.pone.0291612  

   Savchenko, Olesya M; Palm-Forster, Leah H; Xie, Lusi; Rahman, Rubait; Messer, Kent D (October 2023, PLOS ONE)

   Follert, Florian (Ed.)

   Using non-pecuniary interventions to motivate pro-environmental behavior appeals to program administrators seeking cost-effective ways to increase adoption of environmental practices. However, all good-intended interventions should not be expected to be effective and reporting when interventions fail is as important as documenting their successes. We used a framed field experiment with 308 adults from the Mid-Atlantic in the United States to test the effectiveness of an expert testimonial in encouraging adoption of native plants in residential settings. Though studies have found testimonials to be effective in other contexts, we find that the video testimonial had no effect on residents’ willingness to pay for native plants. Our analysis also shows that consumers who are younger, have higher incomes, and use other environmentally friendly practices on their lawns are more likely than other consumers to purchase native plants. 

   more » « less