Tuesday, July 28, 2015

SOUPS 2015: Usable Privacy and Security and the Human Factor

The CyLab Usable Privacy and Security Laboratory (CUPS) 11th Annual Symposium on Usable Privacy and Security (SOUPS) was hosted by Carleton University in Ottawa, Canada on July 22-24, 2015. CUPS Director Lorrie Cranor welcomed the attendees for three days of workshops and proceedings with participation from researchers in business, academia and government. SOUPS underlying theme every year is the human aspect in usable privacy and security. The theme is readily apparent in the keynote address and the proceedings, all dishing up the factor with varying methodologies.
Dr. Valerie Steeves

Opening the conference was keynote speaker Dr. Valerie Steeves, Department of Criminology at the University of Ottawa, with her presentation titled, “Online Privacy for Kids: What Works, What Doesn’t.” Dr. Steeves opened her presentation by reminding the audience of the diversity of people impacted by digital privacy and security. She warned that the current digital privacy landscape leaves many children open to exploitation from commercial interests. While many view today's children as "digital natives" who are fluent with modern technology, she cautioned that 65% of older teen students had no understanding of even advanced web search features. As children increasingly flock to social media sites, which make up the majority of the top 10 websites most visited by kids, they expose themselves to data collection by large digital corporations. Despite laws like the Children's Online Privacy Protection Act, meant to curtail digital surveillance of children, these companies sidestep responsibility in their privacy policies by forbidding childrens' use of the site or deferring to parent to monitor kids' activity. Kids, in turn, don't understand the privacy risks they face—Dr. Steeves notes that many think the presence of a privacy policy on a website indicates their privacy is protected—and so are unprotected from surveillance.

Dr. Steeves went on to discuss that children conceptualize digital privacy very differently from adults. For the most part, she states, children rely on social norms to preserve their privacy online—in other words, if content wasn't meant for a certain audience, kids believe it is the responsibility of the audience to not look. Further, children use the digital world to explore their identities, to navigate trust and friendship, and to grow up. She explained that while kids might like talking to their family members online, parents and older relatives tend to "freak out" about online safety and end up invading kids' private online spaces, including private messages and texts. Children in her studies were very aware of surveillance from not only their parents and schools but also corporations and felt helpless and distrustful in response.

Finally, Dr. Steeves closed with a discussion of the social impact of this digital surveillance. She explained that algorithmic sorting—which is used to show ads based on the demographics and predicted interests of the viewer—exposes girls to female-focused products and media representations of women that establishes norms for social presentation. The girls she has studied were very aware of the sexist double-standard for how women present themselves online, and exposed the constant balancing act necessary to be "pretty, and a little sexy." Successful self-presentation is mediated, Dr. Steeves argued, by a girl's ability to live up to the popular media images that commercial interests present.

In sum, Dr. Steeves felt that the data protection model we currently have does not reflect kids' online world, and children need anonymity, space to explore identity and self-expression, and freedom from the commercialization that pushes impossible standards upon them.

Aside from the keynote address, the symposium included 22 papers and 30 posters. Carnegie Mellon University (CMU), home to the CyLab Usable Privacy and Security (CUPS) Lab and the MSIT-Privacy Engineering Masters Program, was well-represented at the symposium.
SOUPS 2015 poster session

In addition to the IAPP SOUPS Privacy Award winning paper, “My Data Just Goes Everywhere: User Mental Models of the Internet and Implications for Privacy and Security" by Ruogu Kang (HCII, CMU), Laura Dabbish (HCII & Heinz, CMU), Nathaniel Fruchter (Heinz, CMU), and Sara Kiesler (HCII, CMU); two other CMU papers were presented:
Florian Schaub presenting poster.
CMU also presented 2 posters, both of which were SOUPS Distinguished Poster Award winners:
SOUPS 2015 proceedings are available for download from USENIX.

SOUPS 2016 will be held June 22-24 in Denver, Colorado.

Related posts: