Posted on behalf of Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster.
Our work on “User Perceptions of Smart Home Internet of Things (IoT) Privacy” will be presented at the ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW) on November 6th, 2018. We briefly summarize our findings below.
What did we do? Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected appliances that continuously monitor user activities. We wanted to investigate how users perceive the privacy implications of smart home technology and what role privacy considerations play in device purchasing and use decisions.
How did we do it? We conducted 11 interviews of early adopters of smart home technology in the United States, investigating their reasons for purchasing IoT devices, perceptions of smart home privacy risks, and actions taken to protect their privacy from entities external to the home who create, manage, track, or regulate IoT devices and/or their data.
What did we find? We identified four common themes across interview responses:
- Convenience and connectedness are priorities for smart home device users. These values often outweigh other concerns about IoT devices, including obsolescence, security, and privacy.
- User opinions about who should have access to their smart home data (e.g., manufacturers, Internet service providers, and governments) depend on perceived benefit to the user.
- User assumptions about privacy protections are contingent on their trust of IoT device manufacturers, although they do not know whether these companies actually perform data encryption or anonymization.
- Users are less concerned about privacy risks from devices, such as lightbulbs and thermostats, that do not record audio or video, despite research showing that metadata from such devices can be used to infer home occupancy, work routines, sleeping patterns, and other user activities.
What are the implications of this work? These themes motivate recommendations for smart home device designers, researchers, regulators, and industry standards bodies. Participants’ desires for convenience and trust in IoT device manufacturers limit their willingness to take action to verify or enforce smart home data privacy. This means that privacy notifications and settings must be exceptionally clear and convenient, especially for smart home devices without screens. Improved cybersecurity and privacy regulation, combined with industry standards outlining best privacy practices, would also reduce the burden on users to manage their own privacy. We encourage follow-up studies examining the effects of smart home devices on privacy between individuals within a household and comparing perceptions of smart home privacy in different countries.