Risk Perceptions for Wearable Devices

Wearable devices, or "wearables," bring great benefits but also potential risks that could expose users' activities with- out their awareness or consent. In this paper, we report findings from the first large-scale survey conducted to investigate user security and privacy concerns regarding wearables. We surveyed 1,782 Internet users in order to identify risks that are particularly concerning to them; these risks are inspired by the sensor inputs and applications of popular wearable technologies. During this experiment, our questions controlled for the effects of what data was being accessed and with whom it was being shared. We also investigated how these emergent threats compared to existent mobile threats, how upcoming capabilities and artifacts compared to existing technologies, and how users ranked technical and nontechnical concerns to sketch a concrete and broad view of the wearable device landscape. We hope that this work will inform the design of future user notification, permission management, and access control schemes for wearables.

[1]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[2]  L. Jean Camp,et al.  Designing for Trust , 2002, Trust, Reputation, and Security.

[3]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[4]  Vyas Sekar,et al.  Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[5]  J. Fleiss,et al.  Statistical methods for rates and proportions , 1973 .

[6]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[7]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[8]  Bettina Berendt,et al.  E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior , 2001, EC '01.

[9]  Naresh K. Malhotra,et al.  Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model , 2004, Inf. Syst. Res..

[10]  James A. Landay,et al.  Privacy risk models for designing privacy-sensitive ubiquitous computing systems , 2004, DIS '04.

[11]  Rainer Böhme,et al.  The security cost of cheap user interaction , 2011, NSPW '11.

[12]  Tadayoshi Kohno,et al.  In situ with bystanders of augmented reality glasses: perspectives on recording and privacy-mediating technologies , 2014, CHI.

[13]  L. Jean Camp,et al.  Risk Communication Design: Video vs. Text , 2012, Privacy Enhancing Technologies.

[14]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[15]  Gary W. Pritchard,et al.  Vines J, Pritchard G, Wright PC, Olivier P, Brittain K. An Age-Old Problem: Examining the Discourses of Ageing in HCI and Strategies for Future Research. ACM Transactions on Computer-Human Interaction (TOCHI) , 2014 .

[16]  Jean Scholtz,et al.  Toward a Framework for Evaluating Ubiquitous Computing Applications , 2004, IEEE Pervasive Comput..

[17]  Minho Shin,et al.  Anonysense: privacy-aware people-centric sensing , 2008, MobiSys '08.

[18]  B. Johnson Risk Communication: A Mental Models Approach , 2002 .

[19]  Abigail Sellen,et al.  Design for Privacy in Ubiquitous Computing Environments , 1993, ECSCW.

[20]  Gregory D. Abowd,et al.  Charting past, present, and future research in ubiquitous computing , 2000, TCHI.

[21]  Colin Potts,et al.  Privacy practices of Internet users: Self-reports versus observed behavior , 2005, Int. J. Hum. Comput. Stud..

[22]  Glenn Woroch,et al.  The demographics of the do-not-call list [security of data] , 2005, IEEE Security & Privacy.

[23]  B. Fischhoff,et al.  How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits , 1978 .

[24]  James A. Landay,et al.  Approximate Information Flows: Socially-Based Modeling of Privacy in Ubiquitous Computing , 2002, UbiComp.

[25]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[26]  Luminita Vasiu,et al.  Biometric Recognition - Security and Privacy Concerns , 2004, ICETE.

[27]  Tadayoshi Kohno,et al.  Augmented reality: hard problems of law and policy , 2014, UbiComp Adjunct.

[28]  L. Jean Camp,et al.  The internet as public space: concepts, issues, and implications in public policy , 2000, CSOC.

[29]  B. Everitt,et al.  Statistical methods for rates and proportions , 1973 .

[30]  L. Jean Camp,et al.  Targeted risk communication for computer security , 2011, IUI '11.

[31]  Tadayoshi Kohno,et al.  Security and privacy for augmented reality systems , 2014, Commun. ACM.

[32]  Lorrie Faith Cranor,et al.  Who's viewed you?: the impact of feedback in a mobile location-sharing application , 2009, CHI.

[33]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.