Privacy is the Boring Bit: User Perceptions and Behaviour in the Internet-of-Things

In opinion polls, the public frequently claim to value their privacy. However, individuals often seem to overlook the principle, contributing to a disparity labelled the 'Privacy Paradox'. The growth of the Internet-of-Things (IoT) is frequently claimed to place privacy at risk. However, the Paradox remains underexplored in the IoT. In addressing this, we first conduct an online survey (N = 170) to compare public opinions of IoT and less-novel devices. Although we find users perceive privacy risks, many still decide to purchase smart devices. With the IoT rated less usable/familiar, we assert that it constrains protective behaviour. To explore this hypothesis, we perform contextualised interviews (N = 40) with the public. In these dialogues, owners discuss their opinions and actions with a personal device. We find the Paradox is significantly more prevalent in the IoT, frequently justified by a lack of awareness. We finish by highlighting the qualitative comments of users, and suggesting practical solutions to their issues. This is the first work, to our knowledge, to evaluate the Privacy Paradox over a broad range of technologies.

[1]  Hock-Hai Teo,et al.  The Role of Push-Pull Technology in Privacy Calculus: The Case of Location-Based Services , 2009, J. Manag. Inf. Syst..

[2]  K. Sheehan,et al.  An investigation of gender differences in on-line privacy concerns and resultant behaviors , 1999 .

[3]  Jaydip Sen,et al.  Internet of Things - Applications and Challenges in Technology and Standardization , 2011 .

[4]  Sadie Creese,et al.  The Perfect Storm: The Privacy Paradox and the Internet-of-Things , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[5]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[6]  Sabine Trepte,et al.  Is the privacy paradox a relic of the past? An in‐depth analysis of privacy attitudes and privacy behaviors , 2015 .

[7]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[8]  Ajey Lele Internet of Things (IoT) , 2018, Disruptive Technologies for the Militaries and Security.

[9]  Tamara Dinev,et al.  An Extended Privacy Calculus Model for E-Commerce Transactions , 2006, Inf. Syst. Res..

[10]  Bruce Robinson,et al.  With a Different Marx: Value and the Contradictions of Web 2.0 Capitalism , 2015, Inf. Soc..

[11]  Natascha Just,et al.  Caring is not enough: the importance of Internet skills for online privacy protection , 2017 .

[12]  Sadie Creese,et al.  Future scenarios and challenges for security and privacy , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[13]  Sören Preibusch,et al.  Unwillingness to Pay for Privacy: A Field Experiment , 2011, SSRN Electronic Journal.

[14]  Menno D. T. de Jong,et al.  The privacy paradox - Investigating discrepancies between expressed privacy concerns and actual online behavior - A systematic literature review , 2017, Telematics Informatics.

[15]  Geir M. Køien,et al.  Security and privacy in the Internet of Things: Current status and open issues , 2014, 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS).

[16]  Serge Egelman,et al.  Information Disclosure Concerns in The Age of Wearable Computing , 2016 .

[17]  Cory R. A. Hallam,et al.  Wearable Device Data and Privacy: A study of Perception and Behavior , 2016 .

[18]  Jason R. C. Nurse,et al.  Cyber Security Awareness Campaigns: Why do they fail to change behaviour? , 2014, ArXiv.

[19]  D. Skiba The Internet of Things (IoT). , 2013, Nursing education perspectives.

[20]  Steven Furnell,et al.  Recognising and addressing ‘security fatigue’ , 2009 .

[21]  Sadie Creese,et al.  A Data-Reachability Model for Elucidating Privacy and Security Risks Related to the Use of Online Social Networks , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[22]  Alessandro Acquisti,et al.  Privacy in electronic commerce and the economics of immediate gratification , 2004, EC '04.

[23]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[24]  Vijay Erramilli,et al.  Your browsing behavior for a big mac: economics of personal information online , 2011, WWW.

[25]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[26]  Yiwen Gao,et al.  International Journal of Medical Informatics , 2016 .

[27]  Susan B. Barnes,et al.  A privacy paradox: Social networking in the United States , 2006, First Monday.

[28]  Wolfgang Maass,et al.  Critical Privacy Factors of Internet of Things Services: An Empirical Investigation with Domain Experts , 2012, MCIS.

[29]  Jaehyeon Ju,et al.  Are People Really Concerned About Their Privacy?: Privacy Paradox In Mobile Environment , 2015, IOT 2015.

[30]  Christiane Lehrer,et al.  Privacy-Related Decision-Making in the Context of Wearable Use , 2016, PACIS.

[31]  R. Fazio,et al.  Acting as We Feel: When and How Attitudes Guide Behavior. , 2005 .

[32]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[33]  Dara V. O'Neil Analysis of Internet Users’ Level of Online Privacy Concerns , 2001 .

[34]  L. Jean Camp,et al.  Influence of Privacy Attitude and Privacy Cue Framing on Android App Choices , 2016, WPI@SOUPS.

[35]  Hangjung Zo,et al.  User acceptance of smart home services: an extension of the theory of planned behavior , 2017, Ind. Manag. Data Syst..