‘Privacy Risks and Environmental Impacts of End-of-Use Electronic
Devices: An Empirical Analysis.’
Summary: The study investigates the dual challenges of data security and
environmental sustainability concerning the disposal of electronic
devices. To gather the data, a survey was conducted across the ten most used
internet-connected device categories, collecting over 4000 responses based on
the latest US census population. The responses collected helps in understanding
US consumers’ disposal & security behaviours with end-of-use electronic
devices, the risks of residual data and the effectiveness of data wiping
protocols. In order to quantitatively analyse these aspects, regression
analysis will be employed to identify the relationships and predict outcomes
based on the collected data. This approach will allow for a detailed
examination of the factors influencing both privacy and environmental
practices, thereby suggesting a need for improved strategies and policy
interventions.
List of 10 Device Categories:
1.
SmartKitchen
1a. Coffee Maker
1b. Fridge
1c. Oven
2. Security Devices
2a. Security Camera
2b. Smart Lock
2c. Video Baby Monitor
2d. Video Doorbell
3. Gaming Device
4. ARVR
5. Smarthome
5a. Lawnmower
5b. Lightbulb
5c. Thermostat
5d. Vacuum Cleaner
6. Smart TV
7. SmartPhone
8. Streaming Device
9. Tablet
10.Wearable
Project summary:
What are the major goals of the project?
The
research project addresses the following questions:
What are the data security and post-use behaviors for electronic
devices of U.S. consumers?
What are the security risks associated with data remaining on
post-use electronics devices?
Can security and post-use behaviors of consumers be modelled so as
to inform interventions to improve sustainability and privacy outcomes?
The goals of the project are the to address these questions
via the following research activities:
1.
For a set of electronic devices, survey consumers on
their security knowledge, practices and end-of-use knowledge and
practices.
2.
Construct a model that predicts security and end-of-use
behaviors for different consumer groups.
3.
Use the results of the above three research to suggest
effective interventions to improve security and sustainability outcomes.
What was accomplished under
these goals and objectives
Major Activities:
1.
Analysis
to determine device choice and aggregation
The goal of these is to determine what consumer electronicdevices
will be considered and how to group them. Consumers own many types of
electronic devices, and in general there are multiple manufacturers and models
for each device. It is infeasible to
study all device types and models, a conceptual structure and practical aggregation
is needed to categorize devices expected to be similar with respect to study
goals. For example, all smartphones are probably more similar to each other in
terms of privacy risks and end-of-use behavior than a smart plug or smart thermostat.
This aggregation will enable survey design and also selection of specific
devices to purchase for penetration and usability studies. It is important to cover the range of security
risks posed by different devices.
Rather than looking at individual brands, we decided to first
group electronic devices according to their use-cases. Regardless of
manufacturer, most smartphones and tablets offer similar features to a given
user. The same principle applies to how all smart speakers utilize a companion
application to store user credentials and respond to voice commands that are
collected using built-in microphones. Similarly, all smart entertainment
devices provide access to streaming services or gaming platforms.
In the second stage, and with the purpose of further
aggregating device categories, we examined multiple Electronic taxonomy
standards to better understand the categorization of information stored by Electronic
devices. Smart lightbulbs and smart thermostats may appear different in terms
of their functionality, however they both store activity logs that show when
they were activated or disabled. They also capture information from the
environment using light or temperature sensors. Based on our findings, we
devised a PII sensitivity ranking system in order to prioritize the devices which
would capture more sensitive PII that could subsequently be exploited for
malicious purposes. Having created umbrella categories that encompassed devices
in a more comprehensive manner, the following criteria was ultimately developed
to select the parent device categories and the instances that were chosen from
each for penetration testing:
–
Ownership: chosen devices should be owned by a
considerable percentage of the US population to ensure the statistical
significance of our behavioral findings.
–
PII type and sensitivity: The type of personally
identifiable information stored on an Electronic device could vary depending on
its features and use cases. A smart lightbulb could store an activity log while
a smart gaming device might store banking information to facilitate the
purchase of a game. On the other hand, the sensitivity of the stored information
is equally crucial in our selection process. While an activity log on the
mentioned smart light bulb might appear insignificant, it could be used to
detect patterns of presence at a given location.
–
Duration of software/hardware support: How long
a manufacturer is willing to offer software/firmware patches and updates for a
device, will impact its capability of storing information securely and how long
the consumer will hold on to it.
–
Resale value: More expensive devices usually
receive higher trade-in/resell values in secondary markets; which means that at
the end of their first use, the correct wiping of PII by the previous owner is
very important.
2.
Development of survey of e-waste and security
attitudes, knowledge and behavior
A survey will be developed on e-waste and security
attitudes, knowledge, and behavior which will involve various important
activities. It starts off with an in depth understanding of e-waste and
security issues so that the relevant topics and questions are determined for
the survey. This includes thoroughly doing research on latest trends and best
practices in e-waste management and data security. It is followed by the survey
development process encompassing designing clear and concise questions that will
help us in capturing the respondents attitudes, knowledge and behavior
accurately. The survey will be structured in a logical and organized manner to
ensure ease of completion and data analysis, ensuring that all aspects are
adequately covered and that the survey instruments are valid and reliable. But,
the rapidly evolving nature of e-waste and security issues is one of the major
challenges and requires continuous monitoring of industry developments and
emerging trends. Also, another challenge is to ensure the accuracy and
reliability of the data collected because the respondents may have varying
levels of understanding or they may lead to biased responses. In order to
overcome these challenges careful design and validation of survey questions, as
well as employing appropriate data analysis techniques is necessary.
This activity is development of a survey to query typical
U.S. consumers on their attitudes, knowledge and behavior with regard to
personal and home electronic devices. The goal is to understand linkages
between these in order to inform interventions in security and sustainability
outcomes. For example, it might be that old smartphones are being stockpiled at
home because users are concerned about personal data on the device and unsure
of how to remove it. In this case, more useable and prominent interfaces and
applications on smart phones could help address the problem. The survey results
will be analyzed for statistical correlations and also form the core for
calibrating a machine learning model predicting consumer behavior.
Significant results:
Analysis to determine device choice and aggregation
The main result is establishment of a categorical structure
for devices grouped according to basic qualities of personal information
contained, how consumers interact with them, and ownership.
Development of survey of e-waste and security attitudes,
knowledge and behavior
For the 10 set of selected device categories, a 15 minutes
survey is developed using Qualtrics software, which consists of approximately
52* questions. It will be administered online via the Prolific platform to a
representative sample of the US population, aiming for 400 responses per device
category. Screening of participants ensures statistically significant data for
each device category. Questions address security attitudes, knowledge, and
behaviors as well as end of use practices including device duration and disposition
e.g., store, discard, donate, recycle, resell. Reporting both actual behaviors
and expectations for future behaviors may introduce some inaccuracy, but this
will serve as the best proxy in the absence of prior experience. This
comprehensive survey aims to inform interventions for improved security and
sustainability outcomes in electronic device usage.
Deployment and analysis of survey
The survey questions will next be refined by working with
cohort of test respondents who will take the survey and provide feedback. On
finalization, the firm Prolific has been contracted to administer the survey to a
cohort of 4,000 individual representative of the U.S. population, with 400
respondents per product category.
Statistical analysis of the survey responses will be done to
establish correlations between demographics, knowledge, attitudes, and
behaviors. This analysis will be developed into a journal submission.
What is the impact on the development of the principal
discipline(s) of the project?
In the world of data security there is a need for formalized
work assessing data security for Electronic devices, and to work towards
interventions to improve outcomes. The privacy of data on end-of-life consumer
electronics is largely unexplored in computing security.
We aim to write a set of “flag-planting” papers and engage
in outreach activities that raises the importance of the topic among academia,
industry and policy-makers, leading to increased research activities and
interventions.
What is the impact on other disciplines?
In the world of sustainability, assessing and managing electronic
waste is a research area in its own right. Thus far the role of privacy
concerns in the management of e-waste is largely unexplored. In particular this
work aims to promote beneficial reuse and repair of devices. Anecdotally it is
known that concerns over data contained in devices leads to stockpiling at
home, which inhibits reuse and recycling. However, there is no formal research
characterizing the extent of security concern/stockpiling effect or how to
manage it. We expect that the research of this project will bring attention,
and hopefully intervention, to improving sustainability outcomes of end-of-life
electronics through better management of security concerns.
What is the impact on society beyond science and technology?
The research is directly relevant to managing issues of
concern to modern society: data security and waste management. Outreach
activities are planned to bring the journal research to broader audiences, such
as popular media articles. The goal is for the research to inform interventions
in device design and informing consumers that will improve security and
sustainability outcomes.
Guidelines
to write the paper:
The research paper should be of publication-level
quality.
The paper must include all of the following
sections and address each component mentioned therein:
• Abstract – summarizing the key points of the
research motivations, approach, and findings in a focused and concise format
• Introduction and literature review – providing
the context, motivation, and importance of the research problem, particularly
as it relates to addressing a sustainability challenge. This must
demonstrate the student’s ability to review and critically evaluate scientific
literature to document and explain past work on the research topic and identify
the knowledge gap that the student’s research seeks to fill. The student may
choose to provide integrated or separate introduction and literature review
sections, following conventions of journal articles in their domain.
• Methods – presenting a clear and reproducible
methodology used to carry out research, collect data, and analyze findings, and
also justifying why the selected method is appropriate for addressing the
identified research problem. Format and content of the methods section will
vary significantly across analytical, empirical, and/or qualitative research
approaches, and students are encouraged to follow the conventions of published
journal articles within their specific domain.
• Results and discussion – effectively presenting
results that illustrate the key research findings and interpreting these
results in the context of both the student’s research goal and the novelty and
significance of results relative to past work in the field.
• Conclusions – summarizing key points of the
article relative to the sustainability challenge being addressed
Posted inUncategorized
‘Privacy Risks and Environmental Impacts of End-of-Use Electronic Devices: An Em
