Fight to Be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems

A long history of longitudinal and intercultural research has identified decommissioned storage devices (e.g., USB memory sticks) as a serious privacy and security threat. Sensitive data deleted by previous owners have repeatedly been found on second-hand USB sticks through forensic analysis. Such data breaches are unlikely to occur when data is securely erased, rather than being deleted. Yet, research shows people confusing these two terms. In this paper, we report on an investigation of possible causes for this confusion. We analysed the user interface of two popular operating systems and found: (1) inconsistencies in the language used around delete and erase functions, (2) insecure default options, and (3) unclear or incomprehensible information around delete and erase functions. We discuss how this could result in data controllers becoming non-compliant with a legal obligation for erasure, putting data subjects at risk of accidental data breaches from the decommissioning of storage devices. Finally, we propose improvements to the design of relevant user interface elements and the development of official guidelines for best practice on GDPR compatible data erasure procedures

Machine Unlearning: A Survey

Machine learning has attracted widespread attention and evolved into an enabling technology for a wide range of highly successful applications, such as intelligent computer vision, speech recognition, medical diagnosis, and more. Yet a special need has arisen where, due to privacy, usability, and/or the right to be forgotten, information about some specific samples needs to be removed from a model, called machine unlearning. This emerging technology has drawn significant interest from both academics and industry due to its innovation and practicality. At the same time, this ambitious problem has led to numerous research efforts aimed at confronting its challenges. To the best of our knowledge, no study has analyzed this complex topic or compared the feasibility of existing unlearning solutions in different kinds of scenarios. Accordingly, with this survey, we aim to capture the key concepts of unlearning techniques. The existing solutions are classified and summarized based on their characteristics within an up-to-date and comprehensive review of each category's advantages and limitations. The survey concludes by highlighting some of the outstanding issues with unlearning techniques, along with some feasible directions for new research opportunities

Nudging purchase intention towards more secure domestic IoT:The effect of label features and psychological mechanisms

The domestic Internet of Things market is flooded with unsecure devices and yet, the demand rises. This study aimed to find ways for labels to nudge consumers into purchasing safer devices. Two studies were conducted, one with a Dutch student sample (N = 193) and one with a UK population sample (N = 278). Multiple labels were presented to participants to test potential effects of security degree (high vs. low), framing (positive vs. negative) and label type (grade format vs. informative format), in interaction with initial attitude towards smart devices and trust in the label, on purchase intention. Furthermore, we investigated the antecedents of trust in the label. Findings for both studies indicated significant positive effects of high security degree, positive framing, initial attitude and trust in the label on purchase intention. Both studies find that the positive effect of security degree on purchase intention was stronger when initial attitude was higher and when trust in the label was higher. The informative label was both more trusted and more preferred, so therefore recommended to be used. Overall, security information is effective in steering people towards purchasing safer IoT, and higher trust in the label increases the effectiveness of the label