Skip to main content
main-content

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

2023 | OriginalPaper | Buchkapitel

Automated Approach to Analyze IoT Privacy Policies

verfasst von: Alanoud Subahi, George Theodorakopoulos

Erschienen in: Industry 4.0 Challenges in Smart Cities

Verlag: Springer International Publishing

share
TEILEN

Abstract

The massive popularity of IoT devices raises new challenges for user privacy. Hence, manufacturers are obliged to notify users about their privacy practices as well as give them choices to have control over their data. Privacy policies are long and full of legal jargon, thus not understandable by average users. The problem becomes worse with IoT devices due to the ability of these devices to access sensitive information about users. Previous research has addressed problems related to websites and mobile privacy policies. However, few works focus on analyzing IoT privacy policies. In this chapter, we analyze and annotate 50 IoT privacy policies to determine whether the IoT manufacturers collect personal information about the user as well as the type of such information. To ensure that we extract the correct information, we study in depth the complicated and ambiguous sentences that average users will not understand. With our method, we aim to mimic how an ordinary person reads and understands such policies sentence by sentence. We use supervised machine learning to label the collected personal information according to its sensitivity level to either sensitive personal information or non-sensitive personal information. The high accuracy achieved by the classifier (98.8%) proves its validity and reliability.
Anhänge
Nur mit Berechtigung zugänglich
Literatur
1.
Zurück zum Zitat Ammar W, Wilson S, Sadeh N, Smith NA (2012) Automatic categorization of privacy policies: A pilot study. School of Computer Science, Language Technology Institute, Technical Report CMU-LTI-12-019 Ammar W, Wilson S, Sadeh N, Smith NA (2012) Automatic categorization of privacy policies: A pilot study. School of Computer Science, Language Technology Institute, Technical Report CMU-LTI-12-019
2.
Zurück zum Zitat Baalous R, Poet R, Storer T (2018) Analyzing privacy policies of zero knowledge cloud storage applications on mobile devices. In: 2018 IEEE International conference on cloud engineering (IC2E). IEEE, pp 218–224 Baalous R, Poet R, Storer T (2018) Analyzing privacy policies of zero knowledge cloud storage applications on mobile devices. In: 2018 IEEE International conference on cloud engineering (IC2E). IEEE, pp 218–224
3.
Zurück zum Zitat Balebako R, Schaub F, Adjerid I, Acquisti A, Cranor L (2015) The impact of timing on the salience of smartphone app privacy notices. In: Proceedings of the 5th annual ACM CCS workshop on security and privacy in smartphones and mobile devices, pp 63–74 Balebako R, Schaub F, Adjerid I, Acquisti A, Cranor L (2015) The impact of timing on the salience of smartphone app privacy notices. In: Proceedings of the 5th annual ACM CCS workshop on security and privacy in smartphones and mobile devices, pp 63–74
4.
Zurück zum Zitat Cejuela JM, McQuilton P, Ponting L, Marygold SJ, Stefancsik R, Millburn GH, Rost B (2014) tagtog: interactive and text-mining-assisted annotation of gene mentions in PLOS full-text articles. Database 2014 Cejuela JM, McQuilton P, Ponting L, Marygold SJ, Stefancsik R, Millburn GH, Rost B (2014) tagtog: interactive and text-mining-assisted annotation of gene mentions in PLOS full-text articles. Database 2014
5.
Zurück zum Zitat Costante E, Den Hartog J, Petkovic M (2011) On-line trust perception: What really matters. In: 2011 1st workshop on socio-technical aspects in security and trust (STAST). IEEE, pp 52–59 Costante E, Den Hartog J, Petkovic M (2011) On-line trust perception: What really matters. In: 2011 1st workshop on socio-technical aspects in security and trust (STAST). IEEE, pp 52–59
6.
Zurück zum Zitat Cranor L, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle, J (2002) The platform for privacy preferences 1.0 (p3p1.0) specification Cranor L, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle, J (2002) The platform for privacy preferences 1.0 (p3p1.0) specification
9.
Zurück zum Zitat Harkous H, Fawaz K, Lebret R, Schaub F, Shin KG, Aberer K (2018) Polisis: Automated analysis and presentation of privacy policies using deep learning. In: 27th {USENIX} security symposium ({USENIX} security 18), pp 531–548 Harkous H, Fawaz K, Lebret R, Schaub F, Shin KG, Aberer K (2018) Polisis: Automated analysis and presentation of privacy policies using deep learning. In: 27th {USENIX} security symposium ({USENIX} security 18), pp 531–548
13.
Zurück zum Zitat McDonald AM, Cranor LF (2008) The cost of reading privacy policies. ISJLP 4:543 McDonald AM, Cranor LF (2008) The cost of reading privacy policies. ISJLP 4:543
14.
Zurück zum Zitat Perez AJ, Zeadally S, Cochran J (2018) A review and an empirical analysis of privacy policy and notices for consumer internet of things. Secur Privacy 1(3):e15 Perez AJ, Zeadally S, Cochran J (2018) A review and an empirical analysis of privacy policy and notices for consumer internet of things. Secur Privacy 1(3):e15
15.
Zurück zum Zitat Ramanath R, Liu F, Sadeh N, Smith NA (2014) Unsupervised alignment of privacy policies using hidden Markov models. In: Proceedings of the 52nd annual meeting of the association for computational linguistics (Vol. 2: Short Papers), pp 605–610 Ramanath R, Liu F, Sadeh N, Smith NA (2014) Unsupervised alignment of privacy policies using hidden Markov models. In: Proceedings of the 52nd annual meeting of the association for computational linguistics (Vol. 2: Short Papers), pp 605–610
16.
Zurück zum Zitat Reidenberg JR, Bhatia J, Breaux TD, Norton TB (2016) Ambiguity in privacy policies and the impact of regulation. J Legal Stud 45(S2):S163–S190 CrossRef Reidenberg JR, Bhatia J, Breaux TD, Norton TB (2016) Ambiguity in privacy policies and the impact of regulation. J Legal Stud 45(S2):S163–S190 CrossRef
17.
Zurück zum Zitat Sathyendra KM, Schaub F, Wilson S, Sadeh N (2016) Automatic extraction of opt-out choices from privacy policies. In: 2016 AAAI fall symposium series Sathyendra KM, Schaub F, Wilson S, Sadeh N (2016) Automatic extraction of opt-out choices from privacy policies. In: 2016 AAAI fall symposium series
18.
Zurück zum Zitat Sathyendra KM, Wilson S, Schaub F, Zimmeck S, Sadeh N (2017) Identifying the provision of choices in privacy policy text. In: Proceedings of the 2017 conference on empirical methods in natural language processing, pp 2774–2779 Sathyendra KM, Wilson S, Schaub F, Zimmeck S, Sadeh N (2017) Identifying the provision of choices in privacy policy text. In: Proceedings of the 2017 conference on empirical methods in natural language processing, pp 2774–2779
19.
Zurück zum Zitat Schaub F, Balebako R, Durity AL, Cranor LF (2015) A design space for effective privacy notices. In: Eleventh symposium on usable privacy and security ({SOUPS} 2015), pp 1–17 Schaub F, Balebako R, Durity AL, Cranor LF (2015) A design space for effective privacy notices. In: Eleventh symposium on usable privacy and security ({SOUPS} 2015), pp 1–17
20.
Zurück zum Zitat Shayegh P, Ghanavati S (2017) Toward an approach to privacy notices in IoT. In: 2017 IEEE 25th international requirements engineering conference workshops (REW). IEEE, pp 104–110 Shayegh P, Ghanavati S (2017) Toward an approach to privacy notices in IoT. In: 2017 IEEE 25th international requirements engineering conference workshops (REW). IEEE, pp 104–110
21.
Zurück zum Zitat Shayegh P, Ghanavati S (2017) Toward an approach to privacy notices in IoT. In: 2017 IEEE 25th international requirements engineering conference workshops (REW). IEEE, pp 104–110 Shayegh P, Ghanavati S (2017) Toward an approach to privacy notices in IoT. In: 2017 IEEE 25th international requirements engineering conference workshops (REW). IEEE, pp 104–110
22.
Zurück zum Zitat Shayegh P, Jain V, Rabinia A, Ghanavati S (2019) Automated approach to improve IoT privacy policies. Preprint. arXiv:1910.04133 Shayegh P, Jain V, Rabinia A, Ghanavati S (2019) Automated approach to improve IoT privacy policies. Preprint. arXiv:1910.04133
23.
Zurück zum Zitat Siboni S, Shabtai A, Tippenhauer NO, Lee J, Elovici Y (2016) Advanced security testbed framework for wearable IoT devices. ACM Trans Internet Technol (TOIT) 16(4):1–25 CrossRef Siboni S, Shabtai A, Tippenhauer NO, Lee J, Elovici Y (2016) Advanced security testbed framework for wearable IoT devices. ACM Trans Internet Technol (TOIT) 16(4):1–25 CrossRef
24.
Zurück zum Zitat Singh RI, Sumeeth M, Miller J (2011) Evaluating the readability of privacy policies in mobile environments. Int J Mobile Human Comput Interact (IJMHCI) 3(1):55–78 CrossRef Singh RI, Sumeeth M, Miller J (2011) Evaluating the readability of privacy policies in mobile environments. Int J Mobile Human Comput Interact (IJMHCI) 3(1):55–78 CrossRef
26.
Zurück zum Zitat Subahi A, Theodorakopoulos G (2018) Ensuring compliance of IoT devices with their privacy policy agreement. In: 2018 IEEE 6th international conference on future internet of things and cloud (FiCloud). IEEE, pp 100–107 Subahi A, Theodorakopoulos G (2018) Ensuring compliance of IoT devices with their privacy policy agreement. In: 2018 IEEE 6th international conference on future internet of things and cloud (FiCloud). IEEE, pp 100–107
27.
Zurück zum Zitat Sunyaev A, Dehling T, Taylor PL, Mandl KD (2015) Availability and quality of mobile health app privacy policies. J Am Med Inf Assoc 22(e1):e28–e33 CrossRef Sunyaev A, Dehling T, Taylor PL, Mandl KD (2015) Availability and quality of mobile health app privacy policies. J Am Med Inf Assoc 22(e1):e28–e33 CrossRef
29.
Zurück zum Zitat Wilson S, Schaub F, Dara AA, Liu F, Cherivirala S, Leon PG, Andersen MS, Zimmeck S, Sathyendra KM, Russell NC, et al (2016) The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th annual meeting of the association for computational linguistics (Vol 1: Long Papers), pp 1330–1340 Wilson S, Schaub F, Dara AA, Liu F, Cherivirala S, Leon PG, Andersen MS, Zimmeck S, Sathyendra KM, Russell NC, et al (2016) The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th annual meeting of the association for computational linguistics (Vol 1: Long Papers), pp 1330–1340
Metadaten
Titel
Automated Approach to Analyze IoT Privacy Policies
verfasst von
Alanoud Subahi
George Theodorakopoulos
Copyright-Jahr
2023
DOI
https://doi.org/10.1007/978-3-030-92968-8_12