Carnegie Mellon University

Privacy Expectations and Preferences in an IoT World Pardis Emami-Naeini, Sruti Bhagavatula, Martin Degeling, Hana Habib, Lujo Bauer, Lorrie Faith Cranor, Norman Sadeh

Internet of Things (IoT):

• • • • • • • • • • • • • • •

The future privacy assistant: What are they collecting?

• • • • • • • • • • • • • • •

The future privacy assistant:

With whom are they sharing my data?

• • • • • • • • • • • • • • •

The future privacy assistant:

How long are they keeping my data?

Privacy assistant’s design goals Inform people about data collection

– What should we notify people about? Enable privacy choices

– What factors influence privacy decisions? Automate privacy decision making

– Can we predict privacy preferences accurately?

Vignette study Asked participants to imagine themselves in hypothetical data collection scenarios

Example scenario

You are at [work]. This building has [cameras] that are recording [video of the entire building]. The video is [shared with law enforcement] to [improve public safety] and they [will not delete it].

15-minute survey Recruited 1007 US participants on Mechanical Turk Each participant shown 14 scenarios + asked questions

– How often would you want your phone to notify you of this data collection?

– How comfortable are you with this data collection? – Would you allow or deny this data collection? – …

Interpreting the results

Statistical models that explain relationship between factors explored in vignettes and …

– Users’ desire to be notified of data collection – Users’ comfort with data collection – Users’ willingness to allow data collection

~ [ ____ ] .,

~[ ]

Sample of results What affects preferences to be notified?

Data being shared Biometrics data

Beneficial purpose more likely want to be notified

less likely want to be notified

__ _____,]

* ~ (---__ _____,]

Sample of results

When are users (un)comfortable with data collection? Public location Environmental data Private location more comfortable

Biometrics data

less comfortable

++

~1 --+ [ ______ ]

•.• ~ [ _____ ]

Sample of results

Beneficial purpose Data being shared

When are users willing to allow data collection? more likely want to allow

less likely want to allow

What factors matter most to explain privacy preferences? – Type of data? – Location of data collection? – Purpose of data collection? – Retention time? – …

What factors matter most to explain privacy preferences? – Type of data? – Location of data collection? – Purpose of data collection? – Retention time? – …

What factors matter most to explain privacy preferences?

Combination of factors matters most!

X

X

What factors matter most?

Notification: Type of data × user-perceived benefit

× purpose they don’t see as beneficial = more notification

X

~ x

What factors matter most? Comfort level: Type of data × happening today

× happening today = comfort

X

)( SHOP

i • 1

What factors matter most? Allow/deny:

deny

Type of data × location

× =

Built models to understand people’s privacy preferences

Carnegie Mellon University

CMU Location Tr~k!1g

llnda, · h'.l1'.3tk 111 lrH·:kllg 11 f;i:ledOO

bJUng-conCUUeomp..1s u~lr~ blL":::ooth be~ns ari(I v1il1 aOCe&S p,r.,int$.

C:a,~ I! ccllc:ct-!:d ·,1r1rth ..,,-~c.Jt:o-,_U?>:;.-er r.:m l~collecledi!l!!rttifJ.'llJl'­

'fOUrCiolees

Coeoe gr~ir d ,~eking( ...

Fi'l t! ljr..li·n 11, tr.-1t':tillJ (h ..

Our results design

Long-term goal: design privacy assistant

P. Emami-Naeini, S. Bhagavatula, H. Habib, M. Degeling, L. Bauer, L. Cranor, N. Sadeh. Privacy expectations and preferences in an IoT World. In Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS’17)