Yes, I know this IoT Device Might Invade my Privacy, but I Love it Anyway! A Study of Saudi Arabian Perceptions

Noura Aleisa, Karen Renaud

2017

Abstract

The Internet of Things (IoT) ability to monitor our every move raises many privacy concerns. This paper reports on a study to assess current awareness of privacy implications of IoT devices amongst Saudi Arabians. We found that even when users are aware of the potential for privacy invasion, their need for the convenience these devices afford leads them to discount this potential and to ignore any concerns they might initially have had. We then conclude by making some predictions about the direction the IoT field will take in the next 5-7 years, in terms of privacy invasion, protection and awareness.

References

  1. Ministry of Communication and Information Technology (2010). Saudi Arabia ranks fifth globally in mobile phone growth rate. http://www.mcit.gov.sa/En/Communication/Pages/ LocalNews/telnews 31 en.aspx.
  2. Al-Ghaith, W., Sanzogni, L., and Sandhu, K. (2010). Factors influencing the adoption and usage of online services in Saudi Arabia. EJISDC: The Electronic Journal on Information Systems in Developing Countries, (40):1.
  3. Anthony, R. (2016). Internet of Things: Is the Future Susceptible to Hacking? 13 November http://www.inquisitr.com/3712810/internet-of-thingsis-the-future-susceptible-to-hacking/.
  4. Ashton, K. (2009). That 'internet of things' thing. RFiD Journal, 22(7):97-114.
  5. BakerHostetler (2013). Bakerhostetler's international compendium of data privacy laws. http://www.edrm.net/resources/data-privacyprotection/bakerhostetler-data-privacy-laws/saudiarabia#7 Breach Notification.
  6. BBC (2016). Privacy complaint for fitness wristband makers. http://www.bbc.co.uk/news/technology37859676.
  7. Boff, L. (2012). Satisfying fundamental human needs). https://leonardoboff.wordpress.com/2012/12/23/ satisfying-fundamental-human-needs/.
  8. Bracy, J. (2015). Senate committee explores internetof-things regulation. https://iapp.org/news/a/senatecommittee-explores-internet-of-things-regulation/.
  9. Clark, P. and Jones, S. (2016). GCHQ intervenes to secure smart meters against hackers. 18 March https://www.ft.com/content/ca2d7684-ed15-11e5- bb79-2303682345c8.
  10. Collingridge, D. (2014). Validating a Questionnaire. SAGE Publishing. http://www.methodspace.com/validatinga-questionnair.
  11. Compert, C. (2016). Football and a crystal ball: Data privacy predictions for 2016.
  12. Connelly, K., Khalil, A., and Liu, Y. (2007). Do i do what i say?: Observed versus stated privacy preferences. In IFIP Conference on Human-Computer Interaction, pages 620-623. Springer.
  13. Cuthbertson, A. (2016). Saudi Arabia: Government websites knocked offline by Anonymous hackers in revenge for executions. http://www.ibtimes.co.uk/saudi-arabia-kingdomswebsites-knocked-offline-by-anonymous-hackersrevenge-sheikh-nimr-1535961.
  14. de Saint-Exupery, A. (2009). Internet of things, strategic research roadmap. http://www.internet-of-thingsresearch.eu/pdf/IoT Cluster Strategic Research Agenda 2009.pdf.
  15. Edwards, L. (2003). Consumer privacy, on-line business and the internet: Looking for privacy in all the wrong places. International Journal of Law and Information Technology, 11(3):226-250.
  16. Eid, M. I. (2011). Determinants of e-commerce customer satisfaction, trust, and loyalty in Saudi Arabia. Journal of electronic commerce research, 12(1):78.
  17. Fink, G. A., Zarzhitsky, D. V., Carroll, T. E., and Farquhar, E. D. (2015). Security and privacy grand challenges for the internet of things. In Collaboration Technologies and Systems (CTS), 2015 International Conference on, pages 27-34.
  18. Gleicher, N. (2016). The Big Lesson We Must Learn From The Dyn DDoS Attack. http://www.darkreading.com/endpoint/the-biglesson-we-must-learn-from-the-dyn-ddos-attack/a/did/1327432.
  19. Guinard, D. (2015). Internet of things: businesses must overcome data and privacy hurdles. https://www.theguardian.com/medianetwork/2015/jun/01/internet-of-things-businessesdata-privacy.
  20. Hospitality Technology (2016). Security Must Be Built into the Design of IoT Devices . 28 October http://hospitalitytechnology.edgl.com/news/SecurityMust-Be-Built-into-the-Design-of-IoT-Devices107556.
  21. Hutchinson, A. (2015). Convenience vs privacy: The latest study in the data tracking debate. http://www.socialmediatoday.com/technologydata/adhutchinson/2015-06-05/convenience-vsprivacy-latest-study-data-tracking-debate.
  22. Iqbal, S. T. and Horvitz, E. (2010). Notifications and awareness: A field study of alert usage and preferences. In Proceedings of the 2010 ACM Conference on Computer Supported Cooperative Work, CSCW 7810, pages 27-30. ACM.
  23. Kam, R. (2016). Top predictions for 2016: Privacy and security. http://www.healthcareitnews.com/blog/toppredictions-2016-privacy-and-security.
  24. Kelly, E. P. and Erickson, G. S. (2005). RFID tags: commercial applications v. privacy rights. Industrial Management & Data Systems, 105(6):703 - 713.
  25. Khera, M. (2016). Are regulations the answer to better Internet of Things security? 10 November https://www.cyberscoop.com/iot-security-op-eddyn-ddos-mandeep-khara/.
  26. Landau, S. (2015). What Was Samsung Thinking? IEEE Security & Privacy, (3):3-4.
  27. Lee, H. and Kim, J. (2006). Privacy threats and issues in mobile rfid. In First International Conference on Availability, Reliability and Security (ARES'06), pages 5-pp. IEEE.
  28. MacGregor, A. (2016). Telco CEO: Consumers have double standards over data privacy. 9 November https://thestack.com/big-data/2016/11/09/thorstendirks-telefonica-deutschland-double-standards-dataprivacy/.
  29. Markman, J. (2016). Massive IoT Hacks Should Lead To Positive Change. 10 November http://www.forbes.com/sites/jonmarkman/2016/11/10 /massive-iot-hacks-should-lead-to-positive-change/.
  30. Matyszczyk, C. (2015). Samsung's warning: Our Smart TVs record your living room chatter. http://www.cnet.com/uk/news/samsungs-warningour-smart-tvs-record-your-living-room-chatter/.
  31. McCrickard, D. S. and Chewar, C. M. (2003). Attuning notification design to user goals and attention costs. Commun. ACM, 46(3):67-72.
  32. Medaglia, C. M. and Serbanati, A. (2010). An overview of privacy and security issues in the internet of things. In The Internet of Things, pages 389-395. Springer.
  33. Nextgov (2016). Who'S in change of regulating the Internet of Things? 1 Sept http://www.nextgov.com/emergingtech/2016/09/internet-things-regulatingcharge/131208/.
  34. Nikkei Asian Review (2016). Japan, Saudi Arabia to cooperate on Internet of Things, renewables. http://asia.nikkei.com/PoliticsEconomy/International-Relations/Japan-SaudiArabia-to-cooperate-on-Internet -of-Thingsrenewables.
  35. Nordrum, A. (2016). Wanted: Smart Public Policy for Internet of Things Security. 10 November http://spectrum.ieee.org/techtalk/telecom/security/wanted-smart-public-policyfor-internet-of-things-security).
  36. Pauli, D. (2016). IoT worm can hack Philips Hue lightbulbs, spread across cities. 10 November http://www.theregister.co.uk/2016/11/10/iot worm can hack philips hue lightbulbs spread across cities/.
  37. Preuveneers, D. and Berbers, Y. (2008). Internet of things: A context-awareness perspective. The Internet of Things: From RFID to the Next-Generation Pervasive Networked Systems, pages 287-307.
  38. Price, R. (2016). The government needs to step in and save the internet from hacked toasters. 25 October http://www.businessinsider.com/dyn-hack-callsgrow-regulation-internet-of-things-security-mikkohypponen-f-secure-interview-2016-10.
  39. Pultarova, T. (2016). Webcam hack shows vulnerability of connected devices. 11 November https://eandt.theiet.org/content/articles/2016/11/web cam-hack-shows-vulnerability-of-connecteddevices/.
  40. Rao, L. (2011). Sexual Activity Tracked By Fitbit Shows Up In Google Search Results. 3 July https://techcrunch.com/2011/07/03/sexual-activitytracked-by-fitbit-shows-up-in-google-search-results/.
  41. Roberts, J. J. (2016). Who to blame for the attack on the internet. http://fortune.com/2016/10/23/internet-attackperpetrator/.
  42. Rouse, M. (2014). Internet of Things privacy (IoT privacy). http://internetofthingsagenda.techtarget.com/definition /Internet-of-Things-privacy-IoT-privacy.
  43. rt.com (2016). Smart fridge browses porn in us store, shows hot action while keeping its cool. 3 October https://www.rt.com/viral/361440-iot-fridgeshows-porn/.
  44. Sait, S., Al-Tawil, K., and Hussain, S. (2004). E-commerce in Saudi Arabia: Adoption and perspectives. Australasian Journal of Information Systems, 12(1).
  45. Schneier, B. (2016). Regulation of the Internet of Things. November https://www.schneier.com/blog/archives/2016/11/ regulation of t.html.
  46. Shirazi, A., Henze, N., Dingler, T., Pielot, M., Weber, D., and Schmidt, A. (2014). Large-scale assessment of mobile notifications. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 7814, pages 3055-3064. ACM.
  47. Siegel, D. (2008). The need for a sense of control).
  48. Singer, N. (2015). Sharing data, but not happily. http://www.nytimes.com/2015/06/05/technology/ consumers-conflicted-over-data-miningpolicies-report-finds.html.
  49. Slettemea°s, D. (2009). RFID-the “Next Step” in Consumer-Product Relations or Orwellian Nightmare? Challenges for Research and Policy. Journal of Consumer Policy, 32(3):219-244.
  50. Solomon, H. (2016). Most makers of IoT devices still dont explain how personal info is used: Report. http://www.itworldcanada.com/article/most-makersof-iot-devices-still-dont-explain-how-personal-infois-used-report/386650.
  51. Solove, D. J. (2008). Understanding privacy. Harvard University Press.
  52. Spiekermann, S. and Berthold, O. (2005). Maintaining privacy in RFID enabled environments. In Privacy, Security and Trust within the Context of Pervasive Computing, pages 137-146. Springer.
  53. Turow, J., Hennessy, M., and Draper, N. A. (2015). The tradeoff fallacy: How marketers are misrepresenting american consumers and opening them up to exploitation. Available at SSRN.
  54. Warren, S. D. and Brandeis, L. D. (1890). The right to privacy. Harvard law review, pages 193-220.
  55. Weber, R. H. (2010). Internet of things-new security and privacy challenges. Computer Law & Security Review, 26(1):23-30.
  56. Weinberger, M. (2016). This is how Microsoft is preventing hackers from hijacking IoT devices. 26 October http://www.businessinsider.com/microsoft-azureiot-security-program-2016-10.
  57. Weinstein, M. (2015). What your FitBit doesn't want you to know.
  58. Yu, E. (2016). Asia must adopt 'data protection by design' in IoT era. 10 November http://www.businessinsider.com/microsoft-azureiot-security-program-2016-10.
Download


Paper Citation


in Harvard Style

Aleisa N. and Renaud K. (2017). Yes, I know this IoT Device Might Invade my Privacy, but I Love it Anyway! A Study of Saudi Arabian Perceptions . In Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-245-5, pages 198-205. DOI: 10.5220/0006233701980205


in Bibtex Style

@conference{iotbds17,
author={Noura Aleisa and Karen Renaud},
title={Yes, I know this IoT Device Might Invade my Privacy, but I Love it Anyway! A Study of Saudi Arabian Perceptions},
booktitle={Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},
year={2017},
pages={198-205},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006233701980205},
isbn={978-989-758-245-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - Yes, I know this IoT Device Might Invade my Privacy, but I Love it Anyway! A Study of Saudi Arabian Perceptions
SN - 978-989-758-245-5
AU - Aleisa N.
AU - Renaud K.
PY - 2017
SP - 198
EP - 205
DO - 10.5220/0006233701980205