Discovering Smart Home Internet of Things Privacy Norms Using Contextual Integrity

TL;DR

This paper introduces a scalable survey method based on the Contextual Integrity framework to identify privacy norms in smart home IoT environments, providing insights for device design and privacy policy.

Contribution

It presents a novel, efficient survey approach to discover privacy norms in smart homes at scale using the CI framework, applied to a large sample of adults.

Findings

Identified key privacy acceptability patterns for IoT data flows.

Provided actionable recommendations for IoT device privacy design.

Demonstrated rapid, cost-effective norm discovery method.

Abstract

The proliferation of Internet of Things (IoT) devices for consumer "smart" homes raises concerns about user privacy. We present a survey method based on the Contextual Integrity (CI) privacy framework that can quickly and efficiently discover privacy norms at scale. We apply the method to discover privacy norms in the smart home context, surveying 1,731 American adults on Amazon Mechanical Turk. For $2,800 and in less than six hours, we measured the acceptability of 3,840 information flows representing a combinatorial space of smart home devices sending consumer information to first and third-party recipients under various conditions. Our results provide actionable recommendations for IoT device manufacturers, including design best practices and instructions for adopting our method for further research.