Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

A Two-Fold Study to Investigate Users’ Perception of IoT Information Sensitivity Levels and Their Willingness to Share the Information

  • Conference paper
  • First Online:
Emerging Information Security and Applications (EISA 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1403))

Abstract

The increase in the usage of the Internet of Things (IoT) raises privacy concerns for users. Depending on the types of information collected by IoT devices and shared with third-parties, users’ privacy concerns may vary. In this paper, we describe our detailed analysis of a two-fold user study with (1) 70 students from our institution and (2) 164 Amazon Mechanical Turk workers to understand how users perceive sensitivity level of different information types and to examine their attitude towards sharing their personal information with third-parties. We developed a taxonomy of IoT data practices to use for the study. In both of our studies, we noticed that users’ understanding of sensitivity levels differs based on their gender. We also identified users’ willingness to share an information with a third-party strongly depends on the sensitivity levels of the information type and the third-party categories. Based on our findings, we provide suggestions for privacy regulators, policymakers, companies, and researchers to mitigate and resolve IoT privacy risks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    List of 79 information types: https://tinyurl.com/3vpk6evr.

  2. 2.

    Survey Questionnaires: https://tinyurl.com/wcxw5tfk.

  3. 3.

    \(\chi ^2\) Critical Value is 9.48 at 4\(^\circ \) of freedom (df) and 5% level of significance.

  4. 4.

    The detailed results can be found: https://tinyurl.com/yhschu2o.

References

  1. California Consumers’ Privacy Act. https://oag.ca.gov/privacy/ccpa

  2. International Data Corporation Forecast. https://tinyurl.com/y694wg2v

  3. IoT Line Up. http://iotlineup.com/

  4. Privacy Grade Website. http://privacygrade.org/third_party_libraries

  5. Spearman Coefficient. https://tinyurl.com/nctpfudu

  6. The EU GDPR - Article 14. https://eugdpr.org. Accessed 01 May 2020

  7. The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

    Google Scholar 

  8. Nobakht, M., et al.: PGFit: static permission analysis of health and fitness apps in IoT programming frameworks. J. Network Comput. Appl. 152, 102509 (2020)

    Article  Google Scholar 

  9. Nickerson, R.C., et al.: A method for taxonomy development and its application in information systems. Eur. J. Inf. Syst. 22(3), 336–359 (2013). https://doi.org/10.1057/ejis.2012.26

    Article  Google Scholar 

  10. Kang, R., et al.: Privacy attitudes of mechanical Turk workers and the US public. In: 10th Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2014) (2014)

    Google Scholar 

  11. Gupta, S.D., Nygaard, A., Kaplan, S., Jain, V., Ghanavati, S.: PHIN: a privacy protected heterogeneous IoT network. In: Cherfi, S., Perini, A., Nurcan, S. (eds.) RCIS 2021. LNBIP, vol. 415, pp. 124–141. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75018-3_8

    Chapter  Google Scholar 

  12. Mare, S., et al.: Smart devices in AirBnBs: considering privacy and security for both guests and hosts. In: Proceedings on Privacy Enhancing Technologies

    Google Scholar 

  13. Slavin, R., et al.: PVDetector: a detector of privacy-policy violations for android apps. In: IEEE/ACM International Conference on Mobile Software Engineering and Systems, pp. 299–300 (2016)

    Google Scholar 

  14. Zimmeck, S., et al.: Maps: scaling privacy compliance analysis to a million apps. Proc. Priv. Enhancing Technol. 2019(3), 66–86 (2019)

    Article  Google Scholar 

  15. Zimmer, M., et al.: ‘There’s nothing really they can do with this information’: unpacking how users manage privacy boundaries for personal fitness information. Inf. Commun. Soc. 23(7), 1020–1037 (2020)

    Article  Google Scholar 

  16. Bhatia, J., Breaux, T.D.: Privacy risk in cybersecurity data sharing. In: ISCS 2016 (2016)

    Google Scholar 

  17. Bhatia, J., Breaux, T.D.: Empirical measurement of perceived privacy risk. ACM Trans. Comput. Hum. Interact. (TOCHI) 25(6), 1–47 (2018)

    Article  Google Scholar 

  18. Bokaie, H.M.: Information Retrieval and Semantic Inference from Natural Language Privacy Policies. Ph.D. thesis, The University of Texas at San Antonio (2019)

    Google Scholar 

  19. Breaux, T., Hibshi, H.: Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. REJ 19(3), 281–307 (2014)

    Google Scholar 

  20. Breaux, T.D., Smullen, D., Hibshi, H.: Detecting repurposing and over-collection in multi-party privacy requirements specifications. In: 2015 IEEE 23rd International Requirements Engineering Conference (RE). IEEE (2015)

    Google Scholar 

  21. Checkit, G.: Smart home device adoption. Article. https://tinyurl.com/yba69fcp

  22. Cyber Physical Systems Public Working Group: PRELIMINARY DISCUSSION DRAFT - Framework for Cyber-Physical Systems - Release 0.7 (2015)

    Google Scholar 

  23. Dinev, T., Hart, P.: An extended privacy calculus model for e-commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006)

    Article  Google Scholar 

  24. Emami-Naeini, P., Agarwal, Y., Cranor, L.F., Hibshi, H.: Ask the experts: what should be on an IoT privacy and security label? In: 2020 IEEE S&P (2020)

    Google Scholar 

  25. Emami-Naeini, P., Dheenadhayalan, J., Agarwal, Y., Cranor, L.F.: Which privacy and security attributes most impact consumers’ risk perception and willingness to purchase IoT devices?

    Google Scholar 

  26. Haney, J., Acar, Y., Furman, S.: “It’s the company, the government, you and i”: user perceptions of responsibility for smart home privacy and security. In: 30th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 21) (2021)

    Google Scholar 

  27. Kim, D., Park, K., Park, Y., Ahn, J.H.: Willingness to provide personal information: Perspective of privacy calculus in IoT services. Comput. Hum. Behav. 92, 273–281 (2019)

    Article  Google Scholar 

  28. Liu, L., Karatas, C., et al.: Toward detection of unsafe driving with wearables. In: Proceedings of the 2015 Workshop on WSA, pp. 27–32. ACM (2015)

    Google Scholar 

  29. Maitra, S., Suh, B., Ghanavati, S.: Privacy consistency analyzer for android applications. In: 5th International Workshop (ESPRE), pp. 28–33 (2018)

    Google Scholar 

  30. Markos, E.C.: Consumer privacy: A two essay dissertation examining perceptions of information sensitivity. University of Massachusetts Amherst (2010)

    Google Scholar 

  31. Mekovec, R.: Factors that influence internet users’ privacy perception. In: ITI 2011, pp. 227–232. IEEE (2011)

    Google Scholar 

  32. Michalevsky, Y., Schulman, A.: Powerspy: location tracking using mobile device power analysis. In: 24th \(\{\)USENIX\(\}\) Security Symposium, pp. 785–800 (2015)

    Google Scholar 

  33. Milne, G.R., Pettinico, G., Hajjat, F.M., Markos, E.: Information sensitivity typology: mapping the degree and type of risk consumers perceive in personal data sharing. J. Consum. Affairs 51(1), 133–161 (2017)

    Article  Google Scholar 

  34. National Science and Technology Council: National Privacy Research Strategy (2016). https://www.nitrd.gov/PUBS/NationalPrivacyResearchStrategy.pdf

  35. Okoyomon, E., Samarin, N., et al.: On the ridiculousness of notice and consent: contradictions in app privacy policies (2019)

    Google Scholar 

  36. Safi, M., Reyes, I., Egelman, S.: Inference of user demographics and habits from seemingly benign smartphone sensors

    Google Scholar 

  37. Smullen, D.: Modeling, analyzing, and consistency checking privacy requirements using eddy. In: Proceedings of the Symposium and Bootcamp on the Science of Security

    Google Scholar 

  38. Torabi, S.: Understanding users’ perception toward sharing personal health information

    Google Scholar 

  39. Weible, R.J.: Privacy and data: An empirical study of the influence of types of data and situational context upon privacy perceptions. Ph.D. thesis, MSU (1993)

    Google Scholar 

  40. Xu, F., Michael, K., Chen, X.: Factors affecting privacy disclosure on social network sites: an integrated model. Electron. Comm. Res. 13(2), 151–168 (2013)

    Article  Google Scholar 

  41. Yu, L., Lou, X.: Can we trust the privacy policies of android apps? IEEE (2016)

    Google Scholar 

  42. Zeng, E.: End user security and privacy concerns with smart homes. In: SOUPS

    Google Scholar 

  43. Zheng, S., Apthorpe, N., Chetty, M., Feamster, N.: User perceptions of smart home IoT privacy. In: Proceedings of the ACM on Human-Computer Interaction (CSCW), vol. 2

    Google Scholar 

  44. Creswell, J.W., Creswell, J.D.: Research Design: Qualitative, Quantitative, and Mixed Methods Approaches. Sage publications (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing and Information Science, University of Maine, Orono, ME, USA

    Sanonda Datta Gupta, Stephen Kaplan, Aubree Nygaard & Sepideh Ghanavati

Authors
  1. Sanonda Datta Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen Kaplan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aubree Nygaard
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sepideh Ghanavati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sanonda Datta Gupta .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  2. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gupta, S.D., Kaplan, S., Nygaard, A., Ghanavati, S. (2022). A Two-Fold Study to Investigate Users’ Perception of IoT Information Sensitivity Levels and Their Willingness to Share the Information. In: Meng, W., Katsikas, S.K. (eds) Emerging Information Security and Applications. EISA 2021. Communications in Computer and Information Science, vol 1403. Springer, Cham. https://doi.org/10.1007/978-3-030-93956-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93956-4_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93955-7

  • Online ISBN: 978-3-030-93956-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation