Informatization Policy (정보화정책)

National Information Society Agency (한국지능정보사회진흥원)
권호 표지
DOI QR코드

DOI QR Code

Smart IoT Service Users' Compliance with Personal Information Protection Behavior: An Empirical Study on the Message Design Features to Induce Installation of Software Updates

스마트 IoT 서비스 사용자의 개인정보 보호 행동 준수: 소프트웨어 업데이트 유도를 위한 메세지 디자인 특성에 관한 실증 연구

  • Lee, Ho-Jin (DOUZONE Bizon) ;
  • Kim, Hyung-Jin (Industrial Convergence Regulation Office, Korea Institute of Industrial Technology) ;
  • Lee, Ho-Geun (Yonsei University, School of Business)
  • 이호진 ;
  • 김형진 ;
  • 이호근
  • Received : 2024.05.29
  • Accepted : 2024.06.05
  • Published : 2024.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Smart home services are growing rapidly as the development of the Internet of Things (IoT) opens the era of the so-called "Connected Living." Although personal information leaks through smart home cameras are increasing, however, users-while concerned-tend to take passive measures to protect their personal information. This study theoretically explained and verified how to design effective software update notification messages for smart home cameras to ensure that users comply with the recommended security behavior (i.e., update installation). In a survey experiment participated in by 120 actual users, the effectiveness of both emotional appeals (i.e., security breach warning images for fear appeals) and rational appeals (i.e., loss-framed messages emphasizing the negative consequences of not installing the updates) were confirmed. The results of this study provide theoretical interpretations and practical guidelines on the message design features that are effective for threat appraisals (i.e., severity, vulnerability) of smart home camera users and their protection motivation.

사물인터넷(IoT)의 발전으로 이른바 '연결된 생활(Connected Living)'이 가능해지면서 스마트 홈 서비스가 급격한 성장세를 보이고 있다. 그런데 스마트 홈 카메라를 통한 개인정보 유출 피해가 늘어나고 있으나, 사용자들은 걱정을 하면서도 개인정보 보호 행동에는 소극적인 성향을 보이고 있다. 본 연구는 스마트 홈 카메라의 소프트웨어 업데이트 알림 메시지를 어떻게 디자인하는 것이 사용자의 보안행동 준수(업데이트 설치)에 효과적인지를 이론적으로 설명하고 검증하였다. 실제 사용자 120명이 참여한 설문 실험을 통해 확인한 결과, 감정적 소구(공포 유발을 위한 보안침해 경고 이미지), 이성적 소구(업데이트 미설치 시 발생할 수 있는 부정적 결과(영상 유출)를 강조한 손실 프레이밍 메시지))의 효과가 모두 확인되었다. 본 연구의 결과는 스마트 홈 카메라 사용자의 위협 판단(Threat Appraisal) 및 보호 동기(Protection Motivation) 형성에 효과적인 메시지 디자인 특성(Message Design Features)에 대한 이론적 해석을 제공하며, 실무적인 가이드라인 마련에 도움이 될 수 있다.

Keywords

References

  1. Anderson, C. & Agarwal, R. (2010). "Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions." MIS quarterly, 34 (3), 613-643.
  2. Angst, C. & Agarwal, R. (2009). "Adoption of Electronic Health Records in The Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion." MIS quarterly, 33 (2), 339-370.
  3. Bilge, L. & Dumitras, T. (2012). Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World. Paper presented at the ACM Conference on Computer and Communications Security, October 16-18.
  4. Block, L. & Keller, P. (1995). "When to Accentuate the Negative: The Effects of Perceived Efficacy And Message Framing on Intentions to Perform a Health-Related Behavior." Journal Of Marketing Research, 32(2), 192-203.
  5. Boss, S., Galletta, D., Lowry, P., Moody, G. & Polak, P. (2015). "What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors." MIS Quarterly, 39(4), 837-864.
  6. Buck, R., Anderson, E., Chaudhuri, A. & Ray, I. (2004). "Emotion and Reason in Persuasion: Applying The Ari Model And The CASE Scale." Journal of Business Research, 57(6), 647-656.
  7. Conzola, V. & Wogalter, M. (2001). "A Communication- Human Information Processing (C-Hip) Approach to Warning Effectiveness in the Workplace." Journal of Risk Research, 4 (4), 309-322.
  8. Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J., Metayer, D., Tirtea, R. & Schiffner, S. (2014). Privacy and Data Protection by Design - from Policy to Engineering. Attiki: ENISA.
  9. de Hoog, N., Stroebe, W. & de Wit, J. (2007). "The Impact of Vulnerability to And Severity of a Health Risk on Processing and Acceptance of Fear-Arousing Communications: A Meta- Analysis." Review of General Psychology, 11 (3), 258-285.
  10. Fagan, M., Khan, M. & Buck, R. (2015a). "A Study of Users' Experiences and Beliefs About Software Update Messages." Computers in Human Behavior, 51, 504-519.
  11. Fagan, M., Khan, M. & Nguyen, N. (2015b). "How Does This Message Make You Feel? A Study of User Perspectives on Software Update/Warning Message Design." Human-centric Computing and Information Sciences, 5(1), 36.
  12. Felt, A., Ha, E., Egelman, S., Haney, A., Chin, E. & Wagner, D. (2012). Android Permissions: User Attention, Comprehension, and Behavior. Paper presented at the Eighth Symposium on Usable Privacy and Security, July 11-13.
  13. Fishbein, M. & Ajzen, I. (1975). Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research, Reading, MA: Addison-Wesley.
  14. Great View Research (2023a). "Smart Home Market Size, Share & Trends Analysis Report By Products (Lighting Control, Security & Access Controls), By Application (New Construction, Retrofit), By Protocols (Wireless, Wired), By Region, And Segment Forecasts, 2023 - 2030." https://www.grandviewresearch.com/industryanalysis/smart-homes-industry (Retrieved on February 1, 2024)
  15. Great View Research (2023b). "Smart Home Security Camera Market Size, Share & Trends Analysis Report By Technology (Wired Camera,Wireless Camera), By Application (Doorbell Camera, Indoor Camera, Outdoor Camera), By Region, And SegmentForecasts, 2023 - 2030." https://www.grandviewresearch.com/industryanalysis/smart-home-security-camera-market (Retrieved on February 1, 2024)
  16. Hale, J., Lemieux, R. & Mongeau, P. (1995). "Cognitive Processing of Fear-Arousing Message Content." Communication Research, 22(4), 459-474.
  17. Hayes, A. (2024). "Smart Home: Definition, How They Work, Pros and Cons." Investopia, April 12.
  18. Johnston, A. & Warkentin, M. (2010). "Fear Appeals and Information Security Behaviors: An Empirical Study." MIS quarterly, 34(3), 549-566.
  19. Kahneman, D. & Tversky, A. (1979). "Prospect Theory: An Analysis of Decision under Risk." Econometrica, 47, 263-292.
  20. Kenrick, D., Neuberg, S. & Cialdini, R. (2005). "Attitudes and Persuasion," in Kenrick, D., Neuberg, S., & Cialdini, R. (ed.) Social Psychology: Unraveling the Mystery, Boston: Allyn & Bacon.
  21. Kim, M. (2016). "Privacy Protection Technologies on IoT Environments: Case Study of Networked Cameras." The Journal of the Korea Contents Association, 16(9), 329-338.
  22. Kim, S. & Kim, J. (2023). "The Effect of Involvement and Message Framing in Smartphone Security Behavior." The Journal of Internet Electronic Commerce Research, 23(1), 1-15.
  23. Kim, H., Ding, X. & Lee, H. (2021). "An Empirical Investigation of Customer Loyalty in Chinese Smartphone Markets with Large-Scale Data: Apple, Samsung, and Xiaomi Cases." In Lee, W., Leung, C. & Nasridinov, A. (ed.) Big Data Analyses, Services, and Smart Data, Singapore: Springer.
  24. Kim, H., Hong, S. & Park, S. (2016a). "A Study on Personal Information Protection Guideline : Through Research Case Study Analysis in Internet of Things Environment." Journal of Security Engineering, 13(2), 155-168.
  25. Kim, H., Kim, I. & Lee, H. (2016b). "Third- Party Mobile App Developers' Continued Participation in Platform-Centric Ecosystems: An Empirical Investigation of Two Different Mechanisms." International Journal of Information Management, 36, 44-59.
  26. Kim, H., Lee, Y. & Lee, H. (2019). "Negative Transition of Smart Device Utility: Empirical Study on IT-Enabled Work Flexibility, After-Hours Work Connectivity, and Work-Life Conflict." Informatization Policy, 26(4), 36-61.
  27. Kim, H., Shin, B. & Lee, H. (2013). "The Mediating Role of Psychological Contract Breach in IS Outsourcing: Inter-Firm Governance Perspective." European Journal of Information Systems, 22, 529-547.
  28. Korea Development Institute (2016). "Three-Year Implementation Plan for the Internet of Things (IoT) Information Security Roadmap." https://eiec.kdi.re.kr/skin_2016/common/epicdownload.jsp?num=143619&filenum=2 (Retrieved on April 20, 2024).
  29. Korea Information Security Industry Association (2022). Survey on Information Security. Seoul: Korea Information Security Industry Association.
  30. Lee, B., Sohn, Y., Seo, D., Jwa, B., Hong, H. & Lee, J. (2013). "A Research Synthesis of Fear Appeal Studies over the Past 40 Years: A Meta-Analysis of Fear Appeals in Korea." The Korean Journal of Advertising and Public Relations, 15 (3), 126-155.
  31. Lee, H. (2019). "IoT is the Prey of Hackers... Security 'Red Flag'." AI TIMES, April 8.
  32. Lee, H. (2021). "Smart Home Camera User's Update Motivation :Intended Privacy Protection Behavior Using Fear Appeals And Message Framing." Master's Thesis, Department of Business Administration, Yonsei University.
  33. Lee, J., Kim, H. & Lee, H. (2023). "An Empirical Study on the User Experience Model of Music Streaming Service." Informatization Policy, 30 (3), 92-121.
  34. Lee, K., Kim, B. & Cho, J. (2018). "Negative Transition of Smart Device Utility: Empirical Study on ITEnabled Work Flexibility, After-Hours Work Connectivity, and Work-Life Conflict." Journal of KIISE, 45(4), 321-331.
  35. Lee, S. (2023). "Poor IoT Security, Private Lives of 400,000 People were Exposed." SisaIN , January 13.
  36. Leventhal, H. (1970). "Findings and theory in the study of fear communications." In Berkowitz, L. (ed.) Advances in Experimental Social Psychology, 119-186. New York: Academic Press.
  37. Li, Y., Kim, H. & Lee, H. (2022). "Why Do Users Participate in Hashtag Challenges in a Shortform Video Platform? The Role of Para-Social Interaction." Informatization Policy, 29 (3), 82-104.
  38. Lipkus I. (2007). "Numeric, Verbal, and Visual Formats of Conveying Health Risks: Suggested Best Practices and Future Recommendations." Medical Decision Making, 27(4), 696-713.
  39. Lyu, J. & Kwon, S. (2021). "A Study on the Privacy Paradox in the IoT-based Smart Home Camera Usage Environment: Focusing on a Comparative Study of User Experience." Journal Of Information Technology Applications & Management, 28(6), 145-161.
  40. Majeed, A. (2017). Internet of Things(IoT): A Verification Framework. Paper presented at the 2017 IEEE 7th Annual, Computing and Communication Workshop and Conference, January 9-11.
  41. Mathur, A. & Chetty, M. (2017). Impact of User Characteristics on Attitudes Towards Automatic Mobile Application Updates. Paper presented at the Thirteenth Symposium on Usable Privacy and Security, July 12-14.
  42. Meyerowitz, B. & Chaiken, S. (1987). "The Effect of Message Framing on Breast Self-Examination Attitudes, Intentions, and Behavior." Journal of Personality and Social Psychology, 52(3), 500.
  43. Microsoft (2012). Microsoft Security Intelligence Report Volume 13 (January - June 2012) , Washington: Microsoft.
  44. Milne, S., Orbell, S. & Sheeran, P. (2002). "Combining Motivational and Volitional Interventions to Promote Exercise Participation: Protection Motivation Theory and Implementation Intentions," British Journal of Health Psychology, 7, 163-184.
  45. Moller, A., Michahelles, F., Diewald, S., Roalter, L., & Kranz, M. (2012). Update Behavior in App Markets and Security Implications: A Case Study in Google Play. Paper presented at the 3rd International Workshop Held in Conjunction with Mobile HCI, September 21-24.
  46. Mullinix, K., Leeper, T., Druckman, J. & Freese, J. (2015). "The Generalizability of Survey Experiments." Journal of Experimental Political Science, 2(2), 109-138.
  47. Mwagwabi, F., McGill, T. & Dixon, M. (2014). Improving Compliance with Password Guidelines: How User Perceptions of Passwords and Security Threats Affect Compliance with Guidelines. Paper presented at 2014 47th Hawaii International Conference on System Sciences, January 6-9.
  48. Nov, O. & Ye, C. (2008). "Users' Personality and Perceived Ease of Use of Digital Libraries: The Case For Resistance to Change." Journal of the American Society for Information Science and Technology, 59(5), 845-851.
  49. Park, J. (2017). Designing Fear Appeal Cues to Enhance Security Protection of Users: Leveraging from Cognitive Bias of Humans. Paper presented at the 2017 KMIS Spring Conference, June 9-10.
  50. Park, J., Kim, J. & Kim, B. (2017). "Online Users' Password Security Behavior : The Effects of Fear Appeals and Message Framing, and Mechanism of Password Security Behavior." Journal of Information Technology Services, 16 (3), 147-165.
  51. Rogers, R. (1975). "A Protection Motivation Theory of Fear Appeals and Attitude Change." The Journal of Psychology, 91(1), 93-114.
  52. Rogers, R. (1983). "Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation." In Cacioppo, J. & Petty, R. (ed.) Social Psychophysiology: A Sourcebook, 153-176. New York: Guilford.
  53. Rothman, A., Salovey, P., Antone, C., Keough, K. & Martin, C. (1993). "The Influence of Message Framing on Intentions to Perform Health Behaviors." Journal of Experimental Social Psychology, 29(5), 408-433.
  54. Salman, O., Elhajj, I., Chehab, A. & Kayssi, A. (2017). Software Defined IoT Security Framework. Paper presented at the SDS 2017 4th Conference, May 8-11.
  55. Schneider, T., Salovey, P., Pallonen, U., Mundorf, N. & Smith, N. (2001). "Visual and Auditory Message Framing Effects on Tobacco Smoking." Journal of Applied Social Psychology, 31 (4), 667-682.
  56. Statista (2024), "Number of Smart Homes forecast in the World from 2017 to 2025(in millions)." https://www.statista.com/statistics/1252975/smart-home-households-worldwide/, (Retrieved on March 8).
  57. Steindl, C., Jonas, E., Sittenthaler, S., Traut-Mattausch, E. & Greenberg, J. (2015). "Understanding Psychological Reactance New Developments and Findings," Zeitschrift fur Psychologie, 223 (4), 205-214.
  58. Symantec Corporation (2013). "Internet Security Threat Report 2013 Volume 18, 2013." https://www.insight.com/content/dam/insight/en_US/pdfs/symantec/symantec-corp-internetsecurity-threat-report-volume-18.pdf, (Retrieved on March 2).
  59. Townsend, C. & Kahn, B. (2014). "The Visual Preference Heuristic: The Influence of Visual versus Verbal Depiction of Assortment Processing, Perceived Variety, and Choice Overload." Journal of Consumer Research, 40 (5), 993-1015.
  60. Tsai, H. Y. S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N. J. & Cotten, S. R. (2016). "Understanding online safety behaviors: A protection motivation theory perspective." Computers & Security, 59, 138-150.
  61. Tversky, A. & Kahneman, D. (1981). "The Framing of Decisions and The Psychology of Choice." Science, 211(4481), 453-458.
  62. Tversky, A. & Kahneman, D. (1984). "Choice, Values and Frames." American Psychologist, 39 (4), 341-350.
  63. Tversky, A. & Kahneman, D. (1986). "Rational Choice and the Framing of Decisions." Journal of Business, 59(4), S251-S278.
  64. Wash, R., Rader, E., Vaniea, K. & Rizor, M. (2014). Out of the Loop: How Automated Software Updates Cause Unintended Security Consequences. Paper presented at the 10th Symposium on Usable Privacy and Security, July 9-11.
  65. Wilson, D., Purdon, S. & Wallston, K. (1988). "Compliance to Health Recommendations: A Theoretical Overview of Message Framing." Health Education Research, 3(2), 161-171.
  66. Witte, K. (1992). "Putting the Fear Back into Fear Appeals: The Extended Parallel Process Model." Communications Monographs, 59(4), 329-349.
  67. Witte, K. (1994). "Fear Control and Danger Control: A Test of the Extended Parallel Process Model (EPPM)." Communication Monographs, 61 (2), 113-134
  68. Witte, K. & Allen, M. (2000). "A Meta-Analysis of Fear Appeals: Implications for Effective Public Health Campaigns." Health Education & Behavior, 27(5), 591-615.
  69. Yoo, Y. (2022). "Cloud security authentication platform design to prevent user authority theft and abnormal operation during remote control of smart home Internet of Things (IoT) devices." Journal of Convergence Security, 22 (4), 99-107.
  70. Zhang, L. & McDowell, W. (2009). "Am I Really at Risk? Determinants of Online Users' Intentions to Use Strong Passwords." Journal of Internet Commerce, 8(3-4), 180-197.