Each year, the Federal Trade Commission (FTC) hosts PrivacyCon, which brings together policymakers and academic researchers to share and discuss the latest research related to consumer privacy and data security. The FTC selected fewer than 20 papers to be presented at this year’s PrivacyCon, and two of them were written by CyLab researchers.
Privacy and security labels effectively convey risk
Pardis Emami-Naeini, a former CyLab Ph.D. student who is now a postdoctoral researcher at the University of Washington, presented her study on the effectiveness of a privacy and security “nutrition label” in conveying risk to consumers.
In their study, the researchers presented 1,371 participants with several randomly-assigned scenarios about the purchase of a smart device. In each scenario, participants were asked to imagine purchasing a smart device (e.g. a smart speaker or a smart light bulb) for themselves, for a friend, or for a family member. Each scenario ended by mentioning to the participants that there is a label on the package of the device, which discloses a single privacy or security practice of the device. Participants were then asked how the information on the label would change their risk perception and their willingness to purchase, as well as their reasoning.
Our findings pave the path to an improved IoT privacy and security label...Pardis Emami-Naeini, postdoctoral researcher, University of Washington
“In general, we found that people accurately perceived the risk associated with the vast majority of attributes that we tested for, and their perceptions influenced their willingness to purchase devices,” says Emami-Naeini. “Our findings pave the path to an improved IoT privacy and security label, which can ultimately lead to a safer and more secure IoT ecosystem.”
It’s time to make opting out easy
CyLab's Siddhant Arora, an M.S. student in the Language Technologies Institute, presented his study that shows how machine learning can be used to automatically extracting privacy choices from privacy policies, which no one comprehensively reads anyway, research has shown.
To help make opt-out choices more accessible to users, the team developed a browser extension called Opt-Out Easy in collaboration with the University of Michigan School of Information. The extension is now available to Chrome users.
“Our study aimed to provide an in-depth overview of whether popular websites allowed users the ability to opt out of some data collection and use practices,” Sadeh says. “In addition, we wanted to also develop a practical solution to help users access opt-out choices made available to them when such choices are present.”
- Pardis Emami-Naeini, University of Washington
- Janarth Dheenadhayalan, Carnegie Mellon University (CMU)
- Yuvraj Agarwal, CMU
- Lorrie Faith Cranor, CMU
- Vinayshekhar Bannihatti Kumar, Carnegie Mellon University (CMU)
- Roger Iyengar, CMU
- Namita Nisal, University of Michigan (UM)
- Yuanyuan Feng, CMU
- Hana Habib, CMU
- Peter Story, CMU
- Sushain Cherivirala, CMU
- Margaret Hagan, Stanford University
- Lorrie Faith Cranor, CMU
- Shomir Wilson, Penn State University
- Florian Schaub, UM
- Norman Sadeh, CMU