banner logo

Privacy and Security for Everyone, Anytime, Anywhere

4th Workshop on Inclusive Privacy and Security (WIPS)

Important Dates

Workshop early submission deadline: Friday, May 31, 2019
Workshop early submission acceptance notification to authors: Saturday, June 8, 2018
(These dates should be considered as a suggestion, not a requirement.)
Workshop date: August 11th, 2019
Anonymization: Submissions are NOT to be anonymized

Submission Site

Click Here
Alternatively, you can also email us your submission at wips.soups@gmail.com

Scope and Focus

Many privacy and security solutions are designed for and evaluated with a narrow range of users (e.g., technology literate, physically capable, young, western), and the solutions make assumptions about the environment and the user interaction capabilities and methods (e.g., keyboard, mouse, touch screen, audio, camera). However, these solutions (e.g., authentication, CAPTCHAs, anti-phishing tools) are used by a much wider variety of people, and in more varied situations than ever evaluated with. While there are accessible and environment-aware solutions, their research has been very narrow, often targeted at specific disability conditions (e.g., vision impairment) or situational deficiency (e.g., viewing private information in a public space). In general, marginalized groups, situational impairments, emotions, stress, and the social context are under-represented when designing privacy and security solutions.

To make these solutions more inclusive, we need to take into consideration a wider range of potential users, including vulnerable and marginalised groups and more contexts of use. These would include people with disabilities, older adults, children, those with mental health conditions, people living with stigmatized conditions, survivors of domestic abuse, gig workers, or those living or traveling in countries where freedom of speech is not exercised. We also need to consider not only the individual but also the cultural, social and physical environment in which they exist. Broadly, this workshop is devoted to exploring diverse privacy and security experiences and needs across the wide range of user groups and circumstances.

The goals of this workshop are as follows:

i) To understand and systemize the literature and resources relevant to inclusive privacy and security as well as inclusive design more broadly.

ii) To compile design guidelines and best practices that are relevant to inclusive design.

iii) To explore the application, adaption and extension of inclusive design guidelines to privacy and security challenges.

We expect participation from those who value the protection of personal and corporate privacy and security when using digitally-connected technologies, who seek to ensure that technology is accessible and appropriate for a wider user base, or who endeavour to improve the experience of vulnerable groups. We encourage participation from those who are not yet actively working in inclusive privacy and security!

We expect participation from those who value the protection of personal and corporate privacy and security when using digitally-connected technologies, who seek to ensure that technology is accessible and appropriate for a wider user base, or who endeavour to improve the experience of vulnerable groups. We encourage participation from those who are not yet actively working in inclusive privacy and security!

Submission

We are soliciting short submissions for this workshop, which must include the following components:

- An annotated bibliography containing five (5) works that fit broadly into inclusive privacy and security

- We are interested in not just academic research papers, but also white papers, policy papers, design guidelines, and anything else related to inclusive privacy and security

- See our workshop website for an example annotated bibliography

- A one-paragraph biographical sketch explaining how the materials you selected for your bibliography are related to your professional interest in inclusive privacy and security

- No prior work in the area is assumed—explain why you chose to highlight the works you did, and what research would interest you

Submissions should be made via a Google form [link to be added]. We will continue to read submissions up until the workshop date, and all submissions will be accepted. Questions about the workshop, including submissions, should be sent to the organizers (see below).

Example Annotated Bibliography Entry
Madden, Mary. "Privacy, security, and digital inequality: How technology experiences and resources vary by socioeconomic status, race, and ethnicity." Data & Society, Sep (2017).

Methods: Nationally representative telephone surveys of 3,000 American adults (in both English and Spanish)

Population Studied: Americans across socioeconomic status. Axes of diversity considered included race, ethnicity, income, education. Particular emphasis was placed on the experiences of foreign-born Hispanic people.

Results: Among other results, lower-SES individuals generally report:

- Higher levels of concern about security and privacy issues.

- Lower levels of confidence in their ability to find and use security-and-privacy-related tools and techniques to protect themselves.

- Lower levels of trust in relevant institutions such as ISPs, law enforcement, and cell phone providers.

- Being less likely to use privacy settings (e.g., turn off automatic location sharing) or to avoid communicating online to protect their privacy.

- Having been the victim of an online scam more often.

Higher desire for education on security and privacy

Lower levels of usage of technical strategies to protect their children online.

Discussion: The paper identifies several overarching lessons, which I copy below from the text of the paper:

  1. The digital privacy and security concerns of low-SES Americans are deeply intertwined with a wide array of offline concerns regarding physical safety and security.
  2. Many of the survey findings underscore the importance of “mobile-first” approaches to privacy communications, design and policy
  3. The demand for educational resources about privacy and security is particularly strong among foreign-born Hispanic internet users; this represents a significant opportunity for outreach and engagement.

Tentative Agenda

1:30 - 1:45 Introduction: attendee introductions, discussion of goals, and establishment of group norms.

1:45 - 2:00 Card-matching game (see below)

2:00 - 3:15 Jigsaw design activity (see below)

3:15 - 3:45 Break

3:45 - 5:00 Storytelling activity (see below)

5:00 - 5:30 Wrap up: Reflection and next steps

Workshop Activities

Card-matching game

This will serve as a 15-minute icebreaker for participants to get to talk to each other and think broadly about the topics and populations that we are considering. Due to time constraints, the cards may be based on the organizers’ background research/experiences, since it may not be possible to print them in time to consider all of the submitted annotated bibliographies.

Set-up Phase (5 minutes)

The organizers will print a custom card deck with five types of cards: population, privacy issue, guideline, methodology, and blank.

After the organizers divide participants into groups, each group will draw one or more (amount to be decided) cards of each type. Each group may draw as many blank cards as they wish.

After drawing cards, the organizers present a brief summary of the populations on each card and known vulnerabilities/issues relevant to each population. This will be an important step in contextualizing participants about the population and their challenges, before they can jump into guidelines and design ideas.

Card Matching Phase (10 minutes)

The activity consists of communicating with each other and across groups to trade cards so that each group can have a complete set of matching population, issue, and guideline cards. After participants finish matching cards, they will:

  1. Write one (or more) relevant guideline for their set coming out of their discussion on a blank card
  2. Write, on a blank card, one (or more) other population that could benefit from the guidelines of their set, reflecting upon the issues that they see on the table about their population
  3. Write, on a blank card, one (or more) potential adversary/threat for their set

Participants will be encouraged to use the blank cards generously in order to capture any interesting ideas coming out of their discussion. For example, they can write methodologies or issues not originally identified on the blank cards.

Presentation Phase (optional, if time available: 5 minutes)

One person from each group will briefly talk about their set of cards, including the blank cards they wrote on.

Continued Visibility

At the end of the activity, the organizers will place matched card sets where they can be seen throughout the day, and participants can feel free to write on and add blank cards as the workshop develops.

Jigsaw design activity

This activity will be a structured discussion of the literature:

- The organizers will hand out abstracts of papers from many areas of inclusive privacy and security, including annotated bibliographies and background research/organizer experiences

- Participants will discuss the papers in small groups in a structured manner, yielding “experts” from each group in a sub-area of inclusive privacy and security

- Groups will spread out to combine "experts" of different areas into "diverse" groups that can contrast, compare, and combine the different areas

- The "diverse" groups will present what common ground they found to all attendees

- Besides combining, workshop attendees could also look out for (1) trade-offs, where making it "better" for one population makes it "worse" for others, and (2) universal design, where the practices identified can not only benefit people from diverse populations, but also people who do not belong in any of the populations listed.

Storytelling activity

Stories put people at the heart of the design process; they can help us put a human face on our researchdata. Personas can be used to represent the characters in our stories, they allow us to understand the people who have a role to play in the stories, while storyboards are illustrations that represent scenes that ultimately represent a story. Basically, images are presented in an order which allows us to visualise the story. Storyboarding has been used in user experience design to visually predict and explore a user’s experience with a product. It is not about focusing on the design of the product, rather the focus is on the role the product plays in the life of the user and what the product needs to provide to fulfil that role. Approaching design through storytelling can inspire design concepts that fit into the stories being explored. Storyboards are particularly useful to develop a shared understanding of the problem area being explored and how a product might address that problem.

This is not about your ability to draw, in fact we will bring along readymade drawings that you can make use of, the aim is to formulate and describe the story that presents a common understanding of the problem, how it comes about, and how it might be solved.

Steps to developing a story:

- Develop the character and illustrate this through a persona. This means identifying their behaviours and expectations throughout the story. There may be more than one character to be developed, for instance the vulnerable user and a possible attacker.

- Describe the scene. This outlines the environment that the character finds themselves, where are they, what are they doing, who are they interacting with.

- Develop the plot. Create a structure to the story. As with all stories it should have a beginning, middle, and end. This should start with a specific trigger and end with either a benefit of the solution, or a problem that the character is left with. As you develop the plot, explore the different characters, their role, and what might happen and why.

- Annotate the scenes in the plot with questions, or design suggestions.

- Once you have finished exploring, document what you think needs done next: is this more research, is there a possible design solution, etc.

To translate the story into a storyboard, start with plain text outlining a series of steps. Below is an example:

- Tom is retired and lives alone. He seldom sees his family but keeps in regular email contact. He has an old computer that his son gave him. His son also set him up an email account and he has taught himself the basics.

- Tom receives an email from his grandson, Bill, saying that he has been robbed while on holiday and does not have his passport or any money. This makes Tom anxious.

- The email asks Tom to use Western Union to send him £1000 to go to the consulate to get things sorted and to get brought home. He promises to pay him back.

- Tom goes to the Western Union which he has seen advertised at the local shop and does what he is asked, emailing the details to his grandson. He is pleased he could afford to help.

- Tom sends an email to his son saying that he has sent the money and asking if everything was sorted. His son doesn’t know what he is talking about, Bill is at University.

storyboard

This storyboard is courtesy of Caroline Claisse, from the INTUIT project exploring privacy and security concerns of people living with HIV (intuitproject.org)

Organizer Bios (alphabetical order)

Tousif Ahmed is a post-doctoral researcher in the school of Informatics, Computer Science, and Engineering at Indiana University Bloomington. His research span various topics in usable security and privacy including accessible privacy and security, security and privacy of wearable devices, and social media privacy. His recent research investigates the ways to improve the privacy and security issues of people with visual impairments using wearable cameras.

Natã Barbosa is a third-year PhD student at the School of Information Studies (iSchool) of Syracuse University. His work has focused on how to make web authentication and web browsing in general more accessible and secure for people with visual impairments. His current research interests are in developing and evaluating data-driven privacy tools to increase transparency of data practices and inferences made from user activity.

Joe Calandrino is the research director of the Federal Trade Commission’s Office of Technology Research and Investigation. His office conducts technical research related to the FTC’s consumer protection mission, examining topics such as consumer fraud, online advertising, financial technologies, and connected devices. His agency seeks to ensure that its efforts benefit consumers including older adults, military service members and veterans, non-English-speaking consumers, and a wide variety of other groups.

Lynne Coventry is a research professor in the school of health and life sciences at Northumbria University, UK. She is director of PactLab – a research group exploring the role of technology in our everyday lives. Her research focuses on the interaction between psychology, design and security/privacy behaviours for a wide range of user types and contexts of use including children and cyberbullying, security compliance in the workplace, older adults, stigmatised groups including those living with HIV, and universal design of privacy and security to optimise inclusion and accessibility.

Ada Lerner is an Assistant Professor of Computer Science at Wellesley College, where their research program focuses on inclusive security and privacy. Their work seeks to understand and design technology, using a mix of qualitative, quantitative, design, and measurement methods, in order to enable technology and computation to support the needs of key actors and marginalized groups in our democratic free society. Examples of populations with whom they have worked include lawyers, journalists, resettled refugees, and transgender people.

Abigail Marsh is an Assistant Professor of Computer Science at Macalester College, where their research focuses on the usable privacy concerns of children, particularly within families with pre-adolescent and adolescent children. Their interests more generally include privacy and security considerations when multiple stakeholders have access to one account or device, including familial and romantic relationships, older adults and their caretakers, and many other groups.

Yang Wang is an Assistant Professor in the School of Information Studies (aka iSchool) at Syracuse University where he co-directs the Social Computing Systems (SALT) lab. His research is centered around usable privacy and security, and social computing. His recent research focuses on designing privacy mechanisms for underserved groups such as people with disabilities.

Yaxing Yao is a fourth year PhD candidate in the School of Information Studies at Syracuse University, advised by Dr. Yang Wang. His research focuses on understanding privacy risks and people’s privacy concerns in emerging technologies, and designing, implementing, and evaluating privacy mechanisms to protect people’s privacy. In his dissertation work, he is looking at the privacy expectations of different stakeholders in smart homes as well as their expected privacy mechanisms.