A framework of comparing privacy policies for smart home devices
Smart home devices are becoming increasingly popular and by 2021, it is estimated to have 80 million devices in the households of the U.S. The privacy and security threats involved with devices, as a result, are also scaling up in recent years. Smart home cameras have been hacked, private conversations recorded via Alexa have been shared without users’ awareness, data recorded through smart TVs have been sold to third parties, and many more. Privacy policies are the place where information about data collection and handling practices are mentioned. Although prior research attempted to improve website privacy policies readability through various approaches such as creating labels, automation analysis tools, these fail to capture the sensitive details that are recorded in the IoT domain. Moreover, an in-depth analysis of data handling practices has not been explored before. In this thesis, we develop a Privacy Framework, a method for analyzing the privacy poli! cies of smart home devices. This framework specifically includes the information categories collected by smart home devices, how the companies handle users’ data as well as the informed choices they provide to end users. The framework captures policy information of three smart home devices (camera, lock, vacuum) spanning 20 company policies. To evaluate the privacy framework, we conducted an online pilot survey with 60 Mturk participants to understand users’ concerns about different data handling practices given an information category. Our findings show that participants are more likely to agree to the company using (setting up the device, user authentication) or sharing (emergency services) their data for users’ benefits. But when the company uses (user behavior analysis) or shares (data marketplace) the data for their benefits, users disagree for such practices. We also find that participants are significantly concerned about data handling practices that involve high-se! nsitive data when compared to low-sensitive data.
Major Advisor: Anita Sarma
Committee: Rakesh Bobba
Committee: Glencora Borradaile
GCR: Leonard Coop
Wednesday, June 17, 2020 at 10:00am to 12:00pmVirtual Event