An official website of the United States government
The U.S. Government is developing a package label to help consumers access reliable security and privacy information about Internet of Things (IoT) devices when making purchase decisions. The label will include the U.S. Cyber Trust Mark, a QR code to scan for more details, and potentially additional information. To examine how label information complexity and educational interventions affect comprehension of security and privacy attributes and label QR code use, we conducted an online survey with 518 IoT purchasers. We examined participants’ comprehension and preferences for three labels of varying complexities, with and without an educational intervention. Participants favored and correctly utilized the two higher-complexity labels, showing a special interest in the privacy-relevant content. Furthermore, while the educational intervention improved understanding of the QR code’s purpose, it had a modest effect on QR scanning behavior. We highlight clear design and policy directions for creating and deploying IoT security and privacy labels.
more »
« less
Consumer-Driven Design and Evaluation of Broadband Labels
This study examines the content and layout of the proposed broadband consumer disclosure labels mandated by the U.S. Federal Communications Commission (FCC). Our large-scale user study identifies key consumer preferences and comprehension factors through a two-phase survey of 2,500 broadband internet consumers. Findings reveal strong support for broadband labels, but dissatisfaction with the FCC's proposed labels from 2016. Participants generally struggled to use the label for cost computations and plan comparisons. Technical terms confused participants, but providing participants with brief education made the terms usable. Participants desired additional information, including reliability, speed measures for both periods when performance is “normal” and periods when performance is much worse than normal, quality-of-experience ratings, and detailed network management practices. This feedback informed our improved label designs that outperformed the 2016 labels in comprehension and preference. Overall, consumers valued clear pricing and performance details, comprehensive information, and an easy-to-understand format for plan comparison. Requiring broadband service providers to deposit machine-readable plan information in a publicly accessible database would enable third parties to further customize how information is presented to meet these consumer needs. Our work additionally highlights the need for user studies of labels to ensure they meet consumer demands.
more »
« less
- Award ID(s):
- 2150217
- PAR ID:
- 10480456
- Publisher / Repository:
- SSRN
- Date Published:
- Journal Name:
- SSRN Electronic Journal
- ISSN:
- 1556-5068
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Information about the privacy and security of Internet of Things (IoT) devices is not readily available to consumers who want to consider it before making purchase decisions. While legislators have proposed adding succinct, consumer accessible, labels, they do not provide guidance on the content of these labels. In this paper, we report on the results of a series of interviews and surveys with privacy and security experts, as well as consumers, where we explore and test the design space of the content to include on an IoT privacy and security label. We conduct an expert elicitation study by following a three-round Delphi process with 22 privacy and security experts to identify the factors that experts believed are important for consumers when comparing the privacy and security of IoT devices to inform their purchase decisions. Based on how critical experts believed each factor is in conveying risk to consumers, we distributed these factors across two layers—a primary layer to display on the product package itself or prominently on a website, and a secondary layer available online through a web link or a QR code. We report on the experts’ rationale and arguments used to support their choice of factors. Moreover, to study how consumers would perceive the privacy and security information specified by experts, we conducted a series of semi-structured interviews with 15 participants, who had purchased at least one IoT device (smart home device or wearable). Based on the results of our expert elicitation and consumer studies, we propose a prototype privacy and security label to help consumers make more informed IoTrelated purchase decisions.more » « less
-
People value their privacy but often lack the time to read privacy policies. This issue is exacerbated in the context of mobile apps, given the variety of data they collect and limited screen space for disclosures. Privacy nutrition labels have been proposed to convey data practices to users succinctly, obviating the need for them to read a full privacy policy. In fall 2020, Apple introduced privacy labels for mobile apps, but research has shown that these labels are ineffective, partly due to their complexity, confusing terminology, and suboptimal information structure. We propose a new design for mobile app privacy labels that addresses information layout challenges by representing data collection and use in a color-coded, expandable grid format. We conducted a between-subjects user study with 200 Prolific participants to compare user performance when viewing our new label against the current iOS label. Our findings suggest that our design significantly improves users' ability to answer key privacy questions and reduces the time required for them to do so.more » « less
-
null (Ed.)Internet users have suffered collateral damage in tussles over paid peering between large ISPs and large content providers. The issue will arise again when the FCC considers a new net neutrality order. In this paper, we model the effect of paid peering fees on broadband prices and consumer surplus. We first consider the effect of paid peering on broadband prices. ISPs assert that paid peering revenue is offset by lower broadband prices, and that ISP profits remain unchanged. Content providers assert that paid peering fees do not result in lower broadband prices, but simply increase ISP profits. We adopt a two-sided market model in which an ISP maximizes profit by setting broadband prices and a paid peering price. To separately evaluate the effect on consumers who utilize video streaming and on consumers who don’t, we model two broadband plans: a basic plan for consumers whose utility principally derives from email and web browsing, and a premium plan for consumers with significant incremental utility from video streaming. Our result shows that the claims of the ISPs and of the content providers are both incorrect. Paid peering fees reduce the premium plan price; however, the ISP passes on to its customers only a portion of the revenue from paid peering. We find that ISP profit increases but video streaming profit decreases as an ISP moves from settlement-free peering to paid peering price. We next consider the effect of paid peering on consumer surplus. ISPs assert that paid peering increases consumer surplus because it eliminates an inherent subsidy of consumers with high video streaming use by consumers without. Content providers assert that paid peering decreases consumer surplus because paid peering fees are passed onto consumers through higher video streaming prices and because there is no corresponding reduction in broadband prices. We simulate a regulated market in which a regulatory agency determines the maximum paid peering fee (if any) to maximize consumer surplus, an ISP sets its broadband prices to maximize profit, and a content provider sets its video streaming price. Simulation parameters are chosen to reflect typical broadband prices, video streaming prices, ISP rate of return, and content provider rate of return. We find that consumer surplus is a uni-modal function of the paid peering fee. The paid peering fee that maximizes consumer surplus depends on elasticities of demand for broadband and for video streaming. However, consumer surplus is maximized when paid peering fees are significantly lower than those that maximize ISP profit. However, it does not follow that settlement-free peering is always the policy that maximizes consumer surplus. The direct peering price depends critically on the incremental ISP cost per video streaming subscriber; at different costs, it can be negative, zero, or positive.more » « less
-
People value their privacy but often lack the time to read privacy policies. This issue is exacerbated in the context of mobile apps, given the variety of data they collect and limited screen space for disclosures. Privacy nutrition labels have been proposed to convey data practices to users succinctly, obviating the need for them to read a full privacy policy. In fall 2020, Apple introduced privacy labels for mobile apps, but research has shown that these labels are ineffective, partly due to their complexity, confusing terminology, and suboptimal in- formation structure. We propose a new design for mobile app privacy labels that addresses information layout challenges by representing data collection and use in a color-coded, expand- able grid format. We conducted a between-subjects user study with 200 Prolific participants to compare user performance when viewing our new label against the current iOS label. Our findings suggest that our design significantly improves users’ ability to answer key privacy questions and reduces the time required for them to do so.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.2139/ssrn.4528761
