Privacy and Security Threat Models and Mitigation Strategies of Older Adults

TitlePrivacy and Security Threat Models and Mitigation Strategies of Older Adults
Publication TypeConference Paper
Year of Publication2019
AuthorsFrik, A., Nurgalieva L., Bernd J., Lee J. S., & Schaub F.
Published inProceedings of SOUPS '19

Older adults (65+) are becoming primary users of emerging smart systems, especially in health care. However, these technologies are often not designed for older users and can pose serious privacy and security concerns due to their novelty, complexity, and propensity to collect and communicate vast amounts of sensitive information. Efforts to address such concerns must build on an in-depth understanding of older adults' perceptions and preferences about data privacy and security for these technologies, and accounting for variance in physical and cognitive abilities. In semi-structured interviews with 46 older adults, we identified a range of complex privacy and security attitudes and needs specific to this population, along with common threat models, misconceptions, and mitigation strategies. Our work adds depth to current models of how older adults' limited technical knowledge, experience, and age-related declines in ability amplify vulnerability to certain risks; we found that health, living situation, and finances play a notable role as well. We also found that older adults often experience usability issues or technical uncertainties in mitigating those risks -- and that managing privacy and security concerns frequently consists of limiting or avoiding technology use. We recommend educational approaches and usable technical protections that build on seniors' preferences.


We thank Joy Qiaoying Tang for recruitment help. CHI workshop participants provided helpful comments about the study, as did anonymous CHI and SOUPS reviewers. We also thank our participants, as well as the senior centers and care facilities that assisted in recruitment. This work was supported by generous gifts from Cisco and Mozilla, by a grant from the Center for Long-Term Cybersecurity (CLTC) at U.C. Berkeley, by National Science Foundation grants CNS-1514211 and CNS-1528070, and by the National Security Agency’s Science of Security program. Opinions, findings, and conclusions are those of the authors and do not necessarily reflect the views of the funders

ICSI Research Group

Usable Security and Privacy