Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Carnegie Mellon University
Privacy Expectations and Preferences in an IoT World Pardis Emami-Naeini, Sruti Bhagavatula, Martin Degeling, Hana Habib, Lujo Bauer, Lorrie Faith Cranor, Norman Sadeh
Internet of Things (IoT):
• • • • • • • • • • • • • • •
The future privacy assistant: What are they collecting?
• • • • • • • • • • • • • • •
The future privacy assistant:
With whom are they sharing my data?
• • • • • • • • • • • • • • •
The future privacy assistant:
How long are they keeping my data?
Privacy assistant’s design goals Inform people about data collection
– What should we notify people about? Enable privacy choices
– What factors influence privacy decisions? Automate privacy decision making
– Can we predict privacy preferences accurately?
Vignette study Asked participants to imagine themselves in hypothetical data collection scenarios
Example scenario
You are at [work]. This building has [cameras] that are recording [video of the entire building]. The video is [shared with law enforcement] to [improve public safety] and they [will not delete it].
15-minute survey Recruited 1007 US participants on Mechanical Turk Each participant shown 14 scenarios + asked questions
– How often would you want your phone to notify you of this data collection?
– How comfortable are you with this data collection? – Would you allow or deny this data collection? – …
Interpreting the results
Statistical models that explain relationship between factors explored in vignettes and …
– Users’ desire to be notified of data collection – Users’ comfort with data collection – Users’ willingness to allow data collection
~ [ ____ ] .,
~[ ]
Sample of results What affects preferences to be notified?
Data being shared Biometrics data
Beneficial purpose more likely want to be notified
less likely want to be notified
__ _____,]
* ~ (---__ _____,]
Sample of results
When are users (un)comfortable with data collection? Public location Environmental data Private location more comfortable
Biometrics data
less comfortable
++
~1 --+ [ ______ ]
•.• ~ [ _____ ]
Sample of results
Beneficial purpose Data being shared
When are users willing to allow data collection? more likely want to allow
less likely want to allow
What factors matter most to explain privacy preferences? – Type of data? – Location of data collection? – Purpose of data collection? – Retention time? – …
What factors matter most to explain privacy preferences? – Type of data? – Location of data collection? – Purpose of data collection? – Retention time? – …
What factors matter most to explain privacy preferences?
Combination of factors matters most!
X
X
What factors matter most?
Notification: Type of data × user-perceived benefit
× purpose they don’t see as beneficial = more notification
X
~ x
What factors matter most? Comfort level: Type of data × happening today
× happening today = comfort
X
)( SHOP
i • 1
What factors matter most? Allow/deny:
deny
Type of data × location
× =
Built models to understand people’s privacy preferences
Carnegie Mellon University
CMU Location Tr~k!1g
llnda, · h'.l1'.3tk 111 lrH·:kllg 11 f;i:ledOO
bJUng-conCUUeomp..1s u~lr~ blL":::ooth be~ns ari(I v1il1 aOCe&S p,r.,int$.
C:a,~ I! ccllc:ct-!:d ·,1r1rth ..,,-~c.Jt:o-,_U?>:;.-er r.:m l~collecledi!l!!rttifJ.'llJl'
'fOUrCiolees
Coeoe gr~ir d ,~eking( ...
Fi'l t! ljr..li·n 11, tr.-1t':tillJ (h ..
Our results design
Long-term goal: design privacy assistant
P. Emami-Naeini, S. Bhagavatula, H. Habib, M. Degeling, L. Bauer, L. Cranor, N. Sadeh. Privacy expectations and preferences in an IoT World. In Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS’17)