Tuesday, July 28, 2015

SOUPS 2015: Usable Privacy and Security and the Human Factor

The CyLab Usable Privacy and Security Laboratory (CUPS) 11th Annual Symposium on Usable Privacy and Security (SOUPS) was hosted by Carleton University in Ottawa, Canada on July 22-24, 2015. CUPS Director Lorrie Cranor welcomed the attendees for three days of workshops and proceedings with participation from researchers in business, academia and government. SOUPS underlying theme every year is the human aspect in usable privacy and security. The theme is readily apparent in the keynote address and the proceedings, all dishing up the factor with varying methodologies.
Dr. Valerie Steeves

Opening the conference was keynote speaker Dr. Valerie Steeves, Department of Criminology at the University of Ottawa, with her presentation titled, “Online Privacy for Kids: What Works, What Doesn’t.” Dr. Steeves opened her presentation by reminding the audience of the diversity of people impacted by digital privacy and security. She warned that the current digital privacy landscape leaves many children open to exploitation from commercial interests. While many view today's children as "digital natives" who are fluent with modern technology, she cautioned that 65% of older teen students had no understanding of even advanced web search features. As children increasingly flock to social media sites, which make up the majority of the top 10 websites most visited by kids, they expose themselves to data collection by large digital corporations. Despite laws like the Children's Online Privacy Protection Act, meant to curtail digital surveillance of children, these companies sidestep responsibility in their privacy policies by forbidding childrens' use of the site or deferring to parent to monitor kids' activity. Kids, in turn, don't understand the privacy risks they face—Dr. Steeves notes that many think the presence of a privacy policy on a website indicates their privacy is protected—and so are unprotected from surveillance.

Dr. Steeves went on to discuss that children conceptualize digital privacy very differently from adults. For the most part, she states, children rely on social norms to preserve their privacy online—in other words, if content wasn't meant for a certain audience, kids believe it is the responsibility of the audience to not look. Further, children use the digital world to explore their identities, to navigate trust and friendship, and to grow up. She explained that while kids might like talking to their family members online, parents and older relatives tend to "freak out" about online safety and end up invading kids' private online spaces, including private messages and texts. Children in her studies were very aware of surveillance from not only their parents and schools but also corporations and felt helpless and distrustful in response.

Finally, Dr. Steeves closed with a discussion of the social impact of this digital surveillance. She explained that algorithmic sorting—which is used to show ads based on the demographics and predicted interests of the viewer—exposes girls to female-focused products and media representations of women that establishes norms for social presentation. The girls she has studied were very aware of the sexist double-standard for how women present themselves online, and exposed the constant balancing act necessary to be "pretty, and a little sexy." Successful self-presentation is mediated, Dr. Steeves argued, by a girl's ability to live up to the popular media images that commercial interests present.

In sum, Dr. Steeves felt that the data protection model we currently have does not reflect kids' online world, and children need anonymity, space to explore identity and self-expression, and freedom from the commercialization that pushes impossible standards upon them.

Aside from the keynote address, the symposium included 22 papers and 30 posters. Carnegie Mellon University (CMU), home to the CyLab Usable Privacy and Security (CUPS) Lab and the MSIT-Privacy Engineering Masters Program, was well-represented at the symposium.
SOUPS 2015 poster session

In addition to the IAPP SOUPS Privacy Award winning paper, “My Data Just Goes Everywhere: User Mental Models of the Internet and Implications for Privacy and Security" by Ruogu Kang (HCII, CMU), Laura Dabbish (HCII & Heinz, CMU), Nathaniel Fruchter (Heinz, CMU), and Sara Kiesler (HCII, CMU); two other CMU papers were presented:
Florian Schaub presenting poster.
CMU also presented 2 posters, both of which were SOUPS Distinguished Poster Award winners:
SOUPS 2015 proceedings are available for download from USENIX.

SOUPS 2016 will be held June 22-24 in Denver, Colorado.

Related posts:

Thursday, January 29, 2015

New CMU Study Highlights Challenges of Complex Trade-Off in Privacy Decision-Making; “Privacy is not a modern invention, but a historically universal need,” says CyLab's Acquisti

In "Privacy and Human Behavior in the Information Age", a review published in the Jan. 30 special issue of the journal Science, CMU CyLab's Alessandro Acquisti and a team of fellow CMU researchers have detailed the privacy hurdles people face while navigating in the information age, and offered some perspectives on what should be done about privacy at a policy level.

In their review, Acquisti, professor of information technology and public policy at CMU’s H. John Heinz III College, and his co-authors, Laura Brandimarte and George Loewenstein, challenges a number of claims that have become common in the ongoing debate over privacy, including the claim that privacy may be an historical anomaly, or that people do not really care for data protection.

“Privacy is not a modern invention, but a historically universal need,” said Acquisti, the lead author. “In certain situations, individuals will care for privacy quite a lot and act to protect it, but advances in technology and the acceleration of data collection challenge our ability to make self-interested decisions in the face of increasingly complex tradeoffs.”

In the paper, the authors identify three themes prevalent in empirical research on privacy decisions and behavior: People are often uncertain about the consequences of privacy-related behaviors and their own preferences over these consequence; People’s concern, or lack thereof, about privacy is context dependent; and Privacy concerns are malleable, particularly by commercial and government influences.

Full Text of CMU Press Release  

Some Related Links

CyLab's Alessandro Acquisti on Why Privacy Matters at TEDGlobal 2013

CyLab's Alessandro Acquisti and Co-Authors Release 7 Year Study on Evolution of Facebook Privacy and Disclosure

CyLab Researchers Featured on CBS Sixty Minutes

CyLab's Alessandro Acquisti at TEDx Mid-Atlantic

CyLab's Alessandro Acquisti and Fellow CMU Researcher Christina Fong Win IAPP Privacy Law Scholars Conference Award

New Study Co-Authored by CyLab Researcher: Face Recognition Software and Social Media Result in Increased Privacy Risks

CyLab Researcher’s Study Shows Social Security Numbers Can Be Predicted from Publicly Available Information

Friday, January 9, 2015

CMU CyLab's Dr. Lorrie Cranor named ACM Fellow

Dr. Lorrie Cranor, 10th Annual CyLab Partners Conference (October 2013)
Lorrie Faith Cranor, a professor in the Institute for Software Research and director of the CyLab Usable Privacy and Security Lab, is one of 47 computer scientists named as 2014 Fellows by the Association for Computing Machinery.

Cranor is a professor of computer science and of engineering and public policy and is co-director of the Privacy Engineering masters program. She was cited by the ACM for her contributions to research and education in usable privacy and security.

Cranor has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS).

She has authored over 100 research papers on online privacy, usable security, and other topics, served on numerous boards, and has testified about privacy issues before Congress.

She joined the CMU in faculty in 2003 after seven years at AT&T Labs-Research.
ACM President Alexander L. Wolf acknowledged the advances made by Cranor and the other newly named ACM Fellows. “Our world has been immeasurably improved by the impact of their innovations,” he said. “We recognize their contributions to the dynamic computing technologies that are making a difference to the study of computer science, the community of computing professionals, and the countless consumers and citizens who are benefiting from their creativity and commitment.”

ACM will formally recognize the 2014 Fellows at its annual Awards Banquet in June in San Francisco.

See Also

A Decade Into Its Vital Work, Another Savory SOUPS, A Report from the 10th Annual Symposium On Usable Privacy and Security