Important Dates

Submission deadline: Thursday, May 25, 2023, has been extended to June 1, 2023
Acceptance notification to authors: Thursday, June 8, 2023
Camera ready papers due: Thursday, June 22, 2023

Workshop date: July 30th, 2023 (agenda can be found below)

Registration

WIPS2023 is part of the SOUPS2023 conference

Registration is free.

Registration link is here WIPS 2023 Registration

Submission Site

Participants will submit their papers through HotCRP (Link to HotCRP, to be coordinated through SOUPS organizers, to be added)
You can also email the organizers with questions at wips.soups@gmail.com / sanchari.das@du.edu / rhoyle@oberlin.edu

Submission link

Anonymization: Submissions are NOT to be anonymized
Page limit: 4 pages (excluding references and/or appendix)
Formatting: please follow the USENIX formatting guideline (available here).

Scope and Focus

Security and privacy challenges confront all participants in modern society, but particular groups may experience unique or uneven privacy and security concerns. These groups may face distinctive obstacles to addressing issues, and their particular needs and concerns may not be well understood beyond those groups. Traditionally, inclusive design has addressed physical accessibility as well as needs arising from age, disability, or environment. While this work remains critical, our community also increasingly recognizes the importance of accounting for the needs of vulnerable users and marginalized groups. The workshop deliberately avoids any concrete definitions of what "vulnerable" means in this context. Instead, we encourage a diverse discussion of groups and situations without prejudice.

In this workshop, we explore the privacy and security experiences and needs of vulnerable user groups (and affected non-users). We are also interested in populations or roles in our society (e.g., lawyers, journalists, politicians, activists, medical providers) that support and/or affect the lives of vulnerable individuals. We will endeavor to uncover new ways of taking a more inclusive approach to appreciating and addressing privacy and security challenges. We also seek to identify the unintended harms resulting from privacy and security technology.

The objectives of our workshop are as follows:

i) To broaden participants' awareness of diverse privacy and security concerns.

ii) To map out fundamental research questions for the emerging field of inclusive privacy and security.

iii) To share and compile design guidelines and best practices that are relevant to inclusive design.

iv) To form collaborations among researchers in this space.

We expect participation from those who want technology to be respectful of society's diverse security and privacy needs, who seek to ensure that technology is accessible and appropriate for a broader user base, or who endeavor to improve the experience of vulnerable groups through responsible design. We encourage participation from those who are not yet actively working in inclusive privacy and security!

We enthusiastically encourage participation from those who require accessibility accommodations. If you require accommodations, you can tell us about those by emailing the organizers at wips.soups@gmail.com.

Keynote Speaker

Talk Title: Security and Privacy Research with Vulnerable Populations

Biography: Dr. Rahul Chatterjee, Assistant Professor at the University of Wisconsin-Madison. His work focuses on making technology safe and secure for everyone to use. Current technologies are built with an average user in mind and therefore fail to recognize the needs of marginalized populations, such as survivors of interpersonal attacks. He is working towards designing next-generation authentication technologies and advanced attack detection to detect and prevent account compromise attacks. He also works on improving security and privacy risks of Smart Home IoT devices, especially in the context of interpersonal abuse. He founded Madison Tech Clinic in collaboration with local victim service providers to support survivors of domestic and intimate partner violence.

Submission

We are soliciting short papers ( <=4 pages, excluding references and/or appendix) related to inclusive privacy and security:

i) Previously published results

ii) Works-in-progress

iii) Proposals of design principles, processes, methodologies and/or solutions for specific situations, or generalizable to support a wide range of groups or operational environments

As part of each submission, through the submission form, we will ask the authors to identify their participant population, the privacy or security issues studied, any design guidelines proposed, and methodologies used. Depending on the format of the submission, not all of these categories may be relevant.

Paper Format: Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be submitted as a PDF via the web submission system. Submissions must be no more than 4 pages (excluding acknowledgments, bibliography, and appendices).

Submissions may include as many additional pages as needed for references and for supplementary material in appendices. The paper should stand alone without the supplementary material. We encourage authors to use the appendices for content that is peripheral to the main contributions of the paper but that may interest some readers or that may facilitate replication. Note that members of the program committee are free to not read this material when reviewing the paper

Submissions should be made via HotCRP. Questions about the workshop, including submissions, should be sent to the organizers at wips.soups@gmail.com.

In place of traditional live paper presentations, authors of accepted papers will record a five-minute video presentation, which will be uploaded to and archived on YouTube by the WIPS organizers. These videos will be shared with workshop participants ahead of the workshop. In addition, authors will play an active role in workshop activities.

Agenda (Virtual)

Zoom: Registered attendees will receive zoom link over email

Sunday, July 30th: (US Eastern Time)

9:00 AM - 9:15 AM: Introduction, discussion of goals, establishment of group norms - Sanchari Das, Roberto Hoyle

9:15 AM-9:35 AM: Keynote Speaker- Dr. Rahul Chatterjee - University of Wisconsin-Madison

9:35 AM-9:45 AM: Q&A and Discussion - Moderator: Sanchari Das

9:45 AM - 10 AM: 15 min break

10:00 AM - 10:25 AM: What does “inclusive”privacy and security research mean to you?

10:25 AM - 10:45 AM: Large Group Share Session; Chair: Roberto Hoyle

10:45 AM - 11:00 AM: 15 min break

11:00 AM - 11:30 AM: Privacy Session; Chair: Imani N. S. Munyaka

-- Paper 1: Towards Equitable Privacy Paper PDF

-- Paper 2: Peer Surveillance in Online Communities Paper PDF

-- Paper 3: Towards Perceived Security, Perceived Privacy, and the Universal Design of E-Payment Applications Paper PDF

Each Paper presentation is 5 minutes presentation and 5 minutes discussion and Q&A.

11:30 AM - 11:45 AM: 15 min break

11:45 AM - 12:15 PM: Understudied & Innovative Session; Chair: Tanusree Sharma

-- Paper 1: Work in Progress: Privacy Protection for Children 13+ in Virtual Worlds Paper PDF

-- Paper 2: Optimizing Shoulder-Surfing Resistance in Augmented and Virtual Reality: A Replication Study Proposal in the US Paper PDF

-- Paper 3: Understanding online harms and safety of vulnerable groups going through serious life transitions Paper PDF

12:15 PM to 2 PM: Group Lunch

2:00 PM - 2:15 PM: Re-Introduction, discussion of goals, re-establishment of group norms - Sanchari and Roberto Hoyle

2:15 PM - 2:45 PM: Card-Matching Game - Setup

2:45 PM- 3:00 PM: 15 min break

3:00 PM - 3:30 PM: Summary Phase. Every breakout room will have members of the organizing committee.

3:30 PM-3:45 PM: 15 minutes break

3:45 PM - 4:00 PM: Set-Up Phase for Jigsaw Activity. Every breakout room will have members of the organizing committee.

4:00pm - 4:30pm: Brainstorming and Summary for Jigsaw Activity - Taslima Akter, Yaxing Yao, Lucy Brown.

4:30 PM - 5:00 PM: Group Sharing and Reflection, Wrap up - Sanchari Das and Roberto Hoyle

Workshop Activities

Research and Design Guideline Activity

When we conduct inclusive research, we often encounter problems specific to engaging our participant populations, minimizing risk and bias, or even getting started on a topic. In this activity, participants will discuss their experiences with inclusive privacy and security research, including but not limited to:

1. Participants: How have you recruited participants and established a trustworthy reputation in a community? What experiences have not been successful or have forced you to revise a study protocol, goals, expectations, etc., partway through?

2. Ethical research: What considerations have you made in order to ensure that your research was conducted ethically, especially with an awareness of the risks that might be specific to your topics? When have you failed, and how have you handled those failures?

3. Methodologies: Do you need to make any changes to methodologies to accommodate specific needs? How do you train or prepare those without experience to work with you?

4. Logistics: How much did you pay your participants? How is the rate decided?

5. Motivations: How do you get folks to care about the problems inclusive security research identifies? How have you been able to get your work seen and valued in other security communities?

6. Data dissemination: What difficulties do you face to disseminate your work or data for publication or collaboration? Do you inform your participants of the published work? If yes, what means have you used to contact your participants? What special considerations have you taken to anonymize the data for publications?

7. Lessons learned: Are there any (hard) lessons learned in your experience of conducting inclusive privacy/security research that other researchers/practitioners can avoid?

8. Resources: How and where do you get resources to conduct inclusive privacy/security research? Funding agencies, non-profit organizations, companies, university units, etc.

Participants should be prepared to talk in detail about their own research experiences and to learn from others.

After the first session, workshop participants will rejoin their groups and brainstorm research and design guidelines based on the shared experiences. Guidelines should be broad enough to help new researchers approaching inclusive research, and not a list of lessons learned from a specific study.

Card-matching game

This will serve as an icebreaker for workshop participants as we transition to group-focused activities.

Set-up Phase

The organizers will share a collaborative document with subsections representing the following categories: population, privacy issue, guideline, and methodology. Each category will be partially pre-filled with the populations, privacy issues, guidelines, and methodologies from our paper authors. Participants will take five minutes to individually fill out the shared digital document with topics of interest to them and their relevance to WIPS.

Within Group Phase

The organizers will sort participants into groups and have participants compare their responses. The groups will begin to create scenarios using items from the four categories with each other, pairing populations with study methodologies that might be appropriate, privacy issues to design guidelines, and so on.

Summary Phase

After participants finish matching cards, they will:

1. write one (or more) relevant guideline for inclusive privacy and security design in the document

2. describe one (or more) other population that could benefit from the guidelines they created, reflecting upon the issues that they see in their group’s scenarios

3. describe one (or more) potential adversary/threat for their scenario

Participants will be encouraged to take plentiful notes in the shared document.

Presentation Phase (if time available: 5 minutes)

One person from each group will briefly talk about their scenarios.

Continued Visibility

The document used for this activity will continue to be accessible and editable at the same link throughout the workshop, and we will post the link on our workshop homepage so that participants can view and add to it as the workshop develops

Jigsaw design activity

This activity will be a structured discussion of the ideas developed during card matching, using Google Jamboard as a platform to record to following:

- Participants will rejoin their card-matching groups and choose one set of matched cards to develop further

- Participants will expand upon the concept from their matched card set, developing the concept into a research plan, in small groups in a structured manner. This will create "experts" from each group in a sub-area of inclusive privacy and security

Groups will spread out to combine "experts" of different areas into "diverse" groups that can contrast, compare, and combine the different areas

- The "diverse" groups will present what common ground they found to all attendees

- Besides combining, workshop attendees could also look out for (1) trade-offs, where something that would be "better" for one population is "worse" for others, and (2) universal design, where the research identified can not only benefit people from diverse populations, but also people who do not belong in any of the populations listed.