Is a Trustmark and QR Code Enough? The Effect of IoT Security and Privacy Label Information Complexity on Consumer Comprehension and Behavior

要旨

The U.S. Government is developing a package label to help consumers access reliable security and privacy information about Internet of Things (IoT) devices when making purchase decisions. The label will include the U.S. Cyber Trust Mark, a QR code to scan for more details, and potentially additional information. To examine how label information complexity and educational interventions affect comprehension of security and privacy attributes and label QR code use, we conducted an online survey with 518 IoT purchasers. We examined participants' comprehension and preferences for three labels of varying complexities, with and without an educational intervention. Participants favored and correctly utilized the two higher-complexity labels, showing a special interest in the privacy-relevant content. Furthermore, while the educational intervention improved understanding of the QR code’s purpose, it had a modest effect on QR scanning behavior. We highlight clear design and policy directions for creating and deploying IoT security and privacy labels.

著者
Claire C. Chen
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Dillon Shu
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Hamsini Ravishankar
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Xinran Li
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Yuvraj Agarwal
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Lorrie Faith. Cranor
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
論文URL

https://doi.org/10.1145/3613904.3642011

動画

会議: CHI 2024

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2024.acm.org/)

セッション: Security Systems

317
5 件の発表
2024-05-15 18:00:00
2024-05-15 19:20:00