Confident Privacy Decision-Making in IoT Environments

Researchers are building Internet of Things (IoT) systems that aim to raise users’ privacy awareness, so that these users can make informed privacy decisions. However, there is a lack of empirical research on the practical implications of informed privacy decision-making in IoT. To gain deeper insights into this question, we conducted an online study (N = 488) of people’s privacy decision-making as well as their levels of privacy awareness toward diverse IoT service scenarios. Statistical analysis on the collected data confirmed that people who are well aware of potential privacy risks in a scenario tend to make more conservative and confident privacy decisions. Machine learning (ML) experiments also revealed that individuals overall privacy awareness is the most important feature when predicting their privacy decisions. We verified that ML models trained on privacy decisions made with confidence can produce highly accurate privacy recommendations for users (area under the ROC curve (AUC) of 87%). Based on these findings, we propose functional requirements for privacy-aware systems to facilitate well-informed privacy decision-making in IoT, which results in conservative and confident decisions that enjoy high consistency.

[1]  Mike Bergmann,et al.  Testing Privacy Awareness , 2008, FIDIS.

[2]  N. Lazar,et al.  Methods and Criteria for Model Selection , 2004 .

[3]  Tsuhan Chen,et al.  Video-based face recognition using adaptive hidden Markov models , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[4]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[5]  Brian Hill,et al.  Confidence and decision , 2013, Games Econ. Behav..

[6]  Alfred Kobsa,et al.  Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW).

[7]  Yoshua Bengio,et al.  DECISION TREES DO NOT GENERALIZE TO NEW VARIATIONS , 2010, Comput. Intell..

[8]  Mun Choon Chan,et al.  Pallas: Self-Bootstrapping Fine-Grained Passive Indoor Localization Using WiFi Monitors , 2017, IEEE Transactions on Mobile Computing.

[9]  Joshua Zhexue Huang,et al.  Extensions to the k-Means Algorithm for Clustering Large Data Sets with Categorical Values , 1998, Data Mining and Knowledge Discovery.

[10]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[11]  Joshua Zhexue Huang,et al.  A Fast Clustering Algorithm to Cluster Very Large Categorical Data Sets in Data Mining , 1997, DMKD.

[12]  Phil Wood Confirmatory Factor Analysis for Applied Research , 2008 .

[13]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[14]  Alfred Kobsa,et al.  Privacy preference modeling and prediction in a simulated campuswide IoT environment , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[15]  Gwen Littlewort,et al.  Recognizing facial expression: machine learning and application to spontaneous behavior , 2005, 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05).

[16]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[17]  Albert Y. Zomaya,et al.  Big Data Privacy in the Internet of Things Era , 2014, IT Professional.

[18]  Lujo Bauer,et al.  Privacy Expectations and Preferences in an IoT World , 2017, SOUPS.

[19]  Kirsten E. Martin Diminished or Just Different? A Factorial Vignette Study of Privacy as a Social Contract , 2012 .

[20]  Laura A. Dabbish,et al.  Privacy Attitudes of Mechanical Turk Workers and the U.S. Public , 2014, SOUPS.

[21]  Mary Madden,et al.  Privacy, security, and digital inequality , 2017 .

[22]  Peter H. Rossi,et al.  Measuring social judgments : the factorial survey approach , 1983 .

[23]  J. Sim,et al.  The kappa statistic in reliability studies: use, interpretation, and sample size requirements. , 2005, Physical therapy.

[24]  D. Bates,et al.  Fitting Linear Mixed-Effects Models Using lme4 , 2014, 1406.5823.

[25]  Lorrie Faith Cranor,et al.  Understanding and capturing people’s privacy policies in a mobile social networking application , 2009, Personal and Ubiquitous Computing.

[26]  Hongxia Jin,et al.  Location Sharing Preference: Analysis and Personalized Recommendation , 2014 .

[27]  Norman M. Sadeh,et al.  Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014, SOUPS.

[28]  Douglas A. Reynolds,et al.  Robust text-independent speaker identification using Gaussian mixture speaker models , 1995, IEEE Trans. Speech Audio Process..

[29]  Yuchen Zhao,et al.  Privacy-aware location privacy preference recommendations , 2014, MobiQuitous.

[30]  Matthew Smith,et al.  Using personal examples to improve risk communication for security & privacy decisions , 2014, CHI.

[31]  Alfred Kobsa,et al.  IoT Service Store: A Web-based System for Privacy-aware IoT Service Discovery and Interaction , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[32]  Alfred Kobsa,et al.  Understanding user privacy in Internet of Things environments , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[33]  Hongxia Jin,et al.  Location sharing privacy preference: analysis and personalized recommendation , 2014, IUI.

[34]  Mani B. Srivastava,et al.  Inferring occupancy from opportunistically available sensor data , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[35]  Hao Jiang,et al.  Robust occupancy inference with commodity WiFi , 2016, 2016 IEEE 12th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[36]  Nancy K. Lankton,et al.  Privacy Management Strategies: An Exploratory Cluster Analysis , 2016, AMCIS.

[37]  Hojung Cha,et al.  Personalized Energy Auditor: Estimating personal electricity usage , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[38]  Stefanie Pötzsch,et al.  Privacy Awareness: A Means to Solve the Privacy Paradox? , 2008, FIDIS.

[39]  Helen Nissenbaum,et al.  Measuring Privacy: An Empirical Test Using Context To Expose Confounding Variables , 2015 .

[40]  William M. Campbell,et al.  Support vector machines for speaker verification and identification , 2000, Neural Networks for Signal Processing X. Proceedings of the 2000 IEEE Signal Processing Society Workshop (Cat. No.00TH8501).

[41]  Jason Hong The Privacy Landscape of Pervasive Computing , 2017, IEEE Pervasive Computing.

[42]  Ian D. Reid,et al.  A general method for human activity recognition in video , 2006, Comput. Vis. Image Underst..

[43]  Nancy K. Lankton,et al.  Privacy Management Strategies : An Exploratory Cluster Analysis Full Paper , 2016 .

[44]  Serge Egelman,et al.  Is This Thing On?: Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms , 2015, CHI.

[45]  Wei Niu,et al.  Human activity detection and recognition for video surveillance , 2004, 2004 IEEE International Conference on Multimedia and Expo (ICME) (IEEE Cat. No.04TH8763).

[46]  Rhys Goldstein,et al.  Real-time occupancy detection using decision trees with multiple sensor types , 2011, SpringSim.

[47]  Daniel J. Solove,et al.  Introduction: Privacy Self-Management and the Consent Dilemma , 2013 .

[48]  Alfred Kobsa,et al.  Dimensionality of information disclosure behavior , 2013, Int. J. Hum. Comput. Stud..

[49]  L. Jean Camp,et al.  Mental models of privacy and security , 2009, IEEE Technology and Society Magazine.

[50]  Ioannis Pitas,et al.  Facial Expression Recognition in Image Sequences Using Geometric Deformation Features and Support Vector Machines , 2007, IEEE Transactions on Image Processing.

[51]  John A. Stankovic,et al.  Context-aware wireless sensor networks for assisted living and residential monitoring , 2008, IEEE Network.

[52]  André Deuker,et al.  Addressing the Privacy Paradox by Expanded Privacy Awareness - The Example of Context-Aware Services , 2009, PrimeLife.

[53]  Mahadev Satyanarayanan,et al.  Enabling Live Video Analytics with a Scalable and Privacy-Aware Framework , 2018, ACM Trans. Multim. Comput. Commun. Appl..

[54]  Colin Potts,et al.  Privacy practices of Internet users: Self-reports versus observed behavior , 2005, Int. J. Hum. Comput. Stud..

[55]  Alfred Kobsa,et al.  TIPPERS: A privacy cognizant IoT environment , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[56]  Richard Chow,et al.  The Last Mile for IoT Privacy , 2017, IEEE Security & Privacy.

[57]  Bernhard Rinner,et al.  User-centric privacy awareness in video surveillance , 2011, Multimedia Systems.

[58]  G. Tutz,et al.  Random effects in ordinal regression models , 1996 .

[59]  Anupam Das,et al.  Personalized Privacy Assistants for the Internet of Things: Providing Users with Notice and Choice , 2018, IEEE Pervasive Computing.

[60]  Zhi-Hua Zhou,et al.  Face recognition from a single image per person: A survey , 2006, Pattern Recognit..

[61]  M. Kosinski,et al.  Deep Neural Networks Are More Accurate Than Humans at Detecting Sexual Orientation From Facial Images , 2018, Journal of personality and social psychology.

[62]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[63]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[64]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[65]  Alessandro Acquisti,et al.  Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online , 2016, SOUPS.

[66]  Mahadev Satyanarayanan,et al.  Assisting Users in a World Full of Cameras: A Privacy-Aware Infrastructure for Computer Vision Applications , 2017, 2017 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[67]  Berker Agir,et al.  A machine-learning based approach to privacy-aware information-sharing in mobile social networks , 2016, Pervasive Mob. Comput..

[68]  Alessandro Acquisti,et al.  Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions , 2016, SOUPS.

[69]  Nora J. Rifon,et al.  Promoting i-Safety: Effects of Privacy Warnings and Privacy Seals on Risk Assessment and Online Privacy Behavior , 2007 .

[70]  KokolakisSpyros Privacy attitudes and privacy behaviour , 2017 .

[71]  Bart P. Knijnenburg,et al.  A Data-Driven Approach to Developing IoT Privacy-Setting Interfaces , 2018, IUI.

[72]  David J. Kriegman,et al.  Video-based face recognition using probabilistic appearance manifolds , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[73]  Carlo Maria Medaglia,et al.  An Overview of Privacy and Security Issues in the Internet of Things , 2010 .

[74]  Alfred Kobsa,et al.  The effect of personalization provider characteristics on privacy attitudes and behaviors: An Elaboration Likelihood Model approach , 2016, J. Assoc. Inf. Sci. Technol..

[75]  R. Berk,et al.  Varieties of Normative Consensus , 1985 .

[76]  Michael Weber,et al.  Who, how, and why? Enhancing privacy awareness in Ubiquitous Computing , 2013, 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).