Ask the Experts: What Should Be on an IoT Privacy and Security Label?

by   Pardis Emami-Naeini, et al.

Information about the privacy and security of Internet of Things (IoT) devices is not readily available to consumers who want to consider it before making purchase decisions. While legislators have proposed adding succinct, consumer accessible, labels, they do not provide guidance on the content of these labels. In this paper, we report on the results of a series of interviews and surveys with privacy and security experts, as well as consumers, where we explore and test the design space of the content to include on an IoT privacy and security label. We conduct an expert elicitation study by following a three-round Delphi process with 22 privacy and security experts to identify the factors that experts believed are important for consumers when comparing the privacy and security of IoT devices to inform their purchase decisions. Based on how critical experts believed each factor is in conveying risk to consumers, we distributed these factors across two layers—a primary layer to display on the product package itself or prominently on a website, and a secondary layer available online through a web link or a QR code. We report on the experts' rationale and arguments used to support their choice of factors. Moreover, to study how consumers would perceive the privacy and security information specified by experts, we conducted a series of semi-structured interviews with 15 participants, who had purchased at least one IoT device (smart home device or wearable). Based on the results of our expert elicitation and consumer studies, we propose a prototype privacy and security label to help consumers make more informed IoT-related purchase decisions.


page 3

page 4

page 6

page 7

page 8

page 9

page 14

page 15


A User Study to Evaluate a Web-based Prototype for Smart Home Internet of Things Device Management

With the growing advances in the Internet of Things (IoT) technology, Io...

Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products

With the expansion of the Internet of Things (IoT), the number of securi...

PrivacyCube: A Tangible Device for Improving Privacy Awareness in IoT

Consumers increasingly bring IoT devices into their living spaces withou...

Discovering Smart Home Internet of Things Privacy Norms Using Contextual Integrity

The proliferation of Internet of Things (IoT) devices for consumer "smar...

BLE Protocol in IoT Devices and Smart Wearable Devices: Security and Privacy Threats

Bluetooth Low Energy (BLE) has become the primary transmission media due...

Towards Automatic Identification and Blocking of Non-Critical IoT Traffic Destinations

The consumer Internet of Things (IoT) space has experienced a significan...

Threat Modelling in Virtual Assistant Hub Devices Compared With User Risk Perceptions (2021)

Despite increasing uptake, there are still many concerns as to the secur...

Please sign up or login with your details

Forgot password? Click here to reset