Privacy and security online continue to be major issues for Americans, according to an NTIA survey conducted by the U.S. Census Bureau. Nearly three-quarters of Internet-using households had significant concerns about online privacy and security risks in 2017, while a third said these worries caused them to hold back from some online activities. About 20 percent said they had experienced an online security breach, identity theft, or a similar crime during the past year.
However, the 2017 survey showed a decline in households reporting concerns and avoiding certain online activities compared with the 2015 survey, which first asked these questions. The proportion of online households reporting privacy or security concerns fell from 84 percent to 73 percent during this period. Similarly, the proportion of online households that said privacy concerns stopped them from doing certain online activities dropped from 45 percent to 33 percent.
Since 1994, NTIA has regularly commissioned the U.S. Census Bureau to conduct surveys on Internet use. In the latest survey, which went into the field in November 2017, over 43,000 of the more than 52,000 interviewed households reported having at least one Internet user, and those Internet-using households were asked the privacy and security questions.
An analysis of the 2017 data reveals that the decrease in reported privacy and security concerns was driven in large part by a reduction in the number of households specifically naming identify theft as a concern. Fifty-seven percent of online households cited identify theft as a major privacy or security concern in 2017, compared with 63 percent in 2015. In contrast, households named credit card or bank fraud, data collection by online services, loss of control over personal information, and other concerns at nearly the same rates in 2017 as 2015 (see Figure 1).
While it is difficult to determine what led to the decrease in concerns about identity theft between 2015 and 2017, it may be worth considering the potential for personal experiences to alter perceptions. For example, on June 4, 2015, the U.S. Office of Personnel Management (OPM) announced that it had “identified a cybersecurity incident potentially affecting personnel data for current and former federal employees, including personally identifiable information.” A month later, the agency reported uncovering a second incident that may have exposed an estimated 21.5 million Social Security numbers—including some from individuals who had never applied for federal employment. Interviews for NTIA’s 2015 survey began shortly after those reports, as part of the Census Bureau’s regularly scheduled Current Population Survey.
Because the Census Bureau conducts the NTIA Internet Use Survey as a supplement to the Current Population Survey, which counts the nation’s official labor force statistics, it is possible to determine which households had federal employees in 2015 and 2017. The results here are striking: Internet-using households with federal employees were twice as likely as their peers (36 percent vs. 18 percent) to report in 2015 that they had experienced a breach during the past year, and were more likely to report all categories of deterred online activities and all major privacy and security concerns. In particular, 69 percent of households with federal employees reported identity theft concerns in 2015, compared with 63 percent of other online households, and households with federal employees were 4 percentage points more likely than their peers to say they did not post on a social network due to privacy or security concerns (30 percent vs. 26 percent). By 2017, the gaps between online households with and without federal employees had narrowed significantly. The proportion of online households with federal employees reporting a security breach in the past year declined to 28 percent in 2017, while that figure rose slightly to 20 percent among other households. And the previous gaps in privacy and security concerns and deterred activities nearly disappeared.
Both surveys showed that households that experienced a security breach—whether they had federal employees or not—were more likely to say they had concerns about privacy and security risks. For example, in both 2015 and 2017, 70 percent of Internet-using households affected by a security breach expressed concern about identity theft. In contrast, households that were not victims of a breach were significantly less likely to name identity theft as a concern in both 2015 (62 percent) and 2017 (54 percent).
Moreover, online households that had experienced a security breach during the past year continued to be more likely to have refrained from certain online activities. For example, 33 percent of online households reporting a breach said in 2017 that they had declined to conduct a financial transaction on the Internet at some point during the past year, compared with 22 percent of those not reporting a breach. While the 2017 survey showed a decline in avoided online activities across the board compared with 2015 (see Figure 2), there continued to be large gaps between those households that had experienced a breach and those that had not.
NTIA did not change the way it asked privacy and security questions in the 2017 survey, but it did ask online households an additional question about whether privacy or security concerns deterred their search engine usage. Overall, 9 percent of online households reported that privacy concerns had stopped them from online searching at some point during the previous year. Similar to the trend seen with other categories of avoided activities, 14 percent of online households experiencing a breach had declined to conduct a search during the past year, compared with 7 percent of those not affected by a breach.
In general, the surveys show that households personally affected by a negative experience online are especially likely to have more privacy and security concerns and even to change their behavior. It is also possible that other factors, such as current events, technological developments, and the increasing centrality of the Internet in daily life may influence perceptions more broadly. NTIA will continue to analyze these data to ensure policymakers have the best information possible to help build trust and confidence among Internet users.
This is the second post in NTIA’s series on the results of the November 2017 CPS Computer and Internet Use Supplement. You can sign up for the Data Central mailing list to receive future posts.