Privacy and Security for Everyone, Anytime, Anywhere
7th Workshop on Inclusive Privacy and Security (WIPS)
Workshop submission deadline: Thursday, May 26, 2022
Workshop submission acceptance notification to authors: Monday, June 20, 2022
Workshop camera-ready papers due: Monday, July 04, 2022
Workshop date: August 7th, 2022 (a tentative agenda can be found below)
Anonymization: Submissions are NOT to be anonymized
Page limit: 4 pages (excluding references and/or appendix)
Formatting: please follow the USENIX formatting guideline (available here).
Participants will submit their papers through HotCRP (Link to HotCRP, to be coordinated through SOUPS organizers, to be added) You can also email the organizers with questions at email@example.com
WIPS2022 is part of the SOUPS2022 conference
Registration is free.
Registration link is here SOUPS2022 Registration
Scope and Focus
Security and privacy challenges confront all participants in modern society, but particular groups may experience unique or uneven privacy and security concerns. These groups may face distinctive obstacles to addressing issues, and their particular needs and concerns may not be well understood beyond those groups. Traditionally, inclusive design has addressed physical accessibility as well as needs arising from age, disability, or environment. While this work remains critical, our community also increasingly recognizes the importance of accounting for the needs of vulnerable users and marginalized groups. The workshop deliberately avoids any concrete definitions of what "vulnerable" means in this context. We encourage a diverse discussion of groups and situations, without prejudice
In this workshop, we explore the privacy and security experiences and needs of vulnerable user groups (and affected non-users). We are also interested in populations or roles in our society (e.g., lawyers, journalists, politicians, activists, medical providers) that support and/or affect the lives of vulnerable individuals. We will endeavor to uncover new ways of taking a more inclusive approach to appreciating and addressing privacy and security challenges. We also seek to identify the unintended harms that can result from privacy and security technology.
The objectives of our workshop are as follows:
i) To broaden participants' awareness of diverse privacy and security concerns.
ii) To map out fundamental research questions for the emerging field of inclusive privacy and security.
iii) To share and compile design guidelines and best practices that are relevant to inclusive design.
iv) To form collaborations among researchers in this space.
We expect participation from those who want technology to be respectful of society's diverse security and privacy needs, who seek to ensure that technology is accessible and appropriate for a broader user base, or who endeavor to improve the experience of vulnerable groups through responsible design. We encourage participation from those who are not yet actively working in inclusive privacy and security!
We enthusiastically encourage participation from those who require accessibility accommodations. If you require accommodations, you can tell us about those by emailing the organizers at firstname.lastname@example.org.
We are soliciting short papers ( <=4 pages, excluding references and/or appendix) related to inclusive privacy and security:
i) Previously published results
iii) Proposals of design principles, processes, methodologies and/or solutions for specific situations, or generalizable to support a wide range of groups or operational environments
As part of each submission, through the submission form, we will ask the authors to identify their participant population, the privacy or security issues studied, any design guidelines proposed, and methodologies used. Depending on the format of the submission, not all of these categories may be relevant.
Paper Format: Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be submitted as a PDF via the web submission system. Submissions must be no more than 4 pages (excluding acknowledgments, bibliography, and appendices).
Submissions may include as many additional pages as needed for references and for supplementary material in appendices. The paper should stand alone without the supplementary material. We encourage authors to use the appendices for content that is peripheral to the main contributions of the paper but that may interest some readers or that may facilitate replication. Note that members of the program committee are free to not read this material when reviewing the paper
Submissions should be made via HotCRP. Questions about the workshop, including submissions, should be sent to the organizers at email@example.com.
In place of traditional live paper presentations, authors of accepted papers will record a five-minute video presentation, which will be uploaded to and archived on YouTube by the WIPS organizers. These videos will be shared with workshop participants ahead of the workshop. In addition, authors will play an active role in workshop activities.
Tentative Agenda (virtual)
Sunday, August 7th: (US Eastern Time)
9:00am - 9:15am: Introduction, discussion of goals, establishment of group norms
9:15am - 9:20am: 5 min break, sorting into breakout rooms
9:20am - 9:50am: What does it mean to do “inclusive” research?
9:50am - 10:00am: Large Group Share
10:00am - 10:05am: 5 min break, sorting into breakout rooms
10:05am - 10:35am: Who are our participant populations and what are our contexts?
10:35am - 10:45am: Large Group Share
10:45am - 11:00am: 15 min break, resuming breakout rooms
11:00am - 11:30am: Where do we go next?
11:30am - 12:00am: Large Group Sharing and Reflection
12pm to 2pm: Group lunch
2:00pm - 2:15pm: Introduction, discussion of goals, establishment of group norms
2:15pm - 3:00pm: Card activity
3:00pm - 3:05pm: 5 min break, sorting into breakout rooms
3:05pm - 3:30pm: Set-Up Phase for Jigsaw Activity
3:30pm - 3:45pm: End breakout rooms, group address, break and reading time, new breakout rooms formed
3:45pm - 4:30pm: Brainstorming and Summary for Jigsaw Activity
4:30pm - 5:00pm: Group Sharing and Reflection
The camera-ready version of these papers can be found here.
Social Media Affordances for the Autistic Community Kirsten Chapman, Xinru Page, Brigham Young University
Inclusive Privacy Design for Older Adults Living in Ambient Assisted Living Nyteisha Bookert, May Almousa, and Mohd Anwar, Department of Computer Science , College of Engineering, North Carolina A&T State University
Digital Privacy Education Interventions for Rural and Urban Older Adults Heba Aly, Yizhou Liu, Reza Ghaiumy Anaraky, Sushmita Khan, Kaileigh Byrne, Bart P. Knijnenburg, Clemson University.
Exploring and Improving the Accessibility of Data Privacy-related Information for People Who Are Blind or Low-vision Yuanyuan Feng, Abhilasha Ravichander, Yaxing Yao, Shikun Zhang, Norman Sadeh. University of Vermont, Carnegie Mellon University, University of Maryland Baltimore County.
An Investigation of Teenager Safety and Harassment in Social VR Elmira Deldari, Diana Freed, Yaxing Yao. University of Maryland, Cornell University.
Usability Assessment of the OnlyKey Hardware Two-Factor Authentication Key Aziz Zeidieh, Filipo Sharevski. DePaul University
A Proposal for Understanding Professional Needs to Create Privacy-Preserving and Secure Emergent Digital Artworks Sanchari Das, Kate Hollenbach. University of Denver
SoK: A Framework for Unifying At-Risk User Research Noel Warford, Tara Matthews, Kaitlyn Yang, Omer Akgul, Sunny Consolvo, Patrick Gage Kelley, Nathan Malkin, Michelle L. Mazurek, Manya Sleeper, Kurt Thomas. University of Maryland, Google
A Meta-Analysis on the Diversity of Security and Privacy Research Raima Mathew, Mutmaina Adebayo, and Camille Cobb. University of Illinois at Urbana-Champaign
Workshop ActivitiesResearch and Design Guideline Activity
When we conduct inclusive research, we often run into problems specific to engaging our participant populations, minimizing risk and bias, or even getting started in a topic. In this activity, participants will discuss their experiences with inclusive privacy and security research, including but not limited to:
- Participants: How have you recruited participants and established a trustworthy reputation in a community? What experiences have not been successful, or have forced you to revise a study protocol, goals, expectations, etc. partway through?
- Logistics: How much did you pay your participants? How is the rate decided?
- Motivations: How do you get folks to care about the problems inclusive security research identifies? How have you been able to get your work seen and valued in other security communities?
- Data dissemination: What difficulties do you face to disseminate your work or data for publication or collaboration? Do you inform your participants of the published work? If yes, what means have you used to contact your participants? What special considerations have you taken to anonymize the data for publications?
- Lessons learned: Are there any (hard) lessons learned in your experience of conducting inclusive privacy/security research that other researchers/practitioners can avoid?
- Resources: How and where do you get resources to conduct inclusive privacy/security research? Funding agencies, non-profit organizations, companies, university units, etc.
Participants should be prepared to talk in detail about their own research experiences and to learn from others.
After the first session, workshop participants will rejoin their groups and brainstorm research and design guidelines based on the shared experiences. Guidelines should be broad enough to help new researchers approaching inclusive research, and not a list of lessons learned from a specific study.
This will serve as an icebreaker for workshop participants as we transition to group-focused activities.
Set-up Phase (5 minutes)
The organizers will share a collaborative document with subsections representing the following categories: population, privacy issue, guideline, and methodology. Each category will be partially pre-filled with the populations, privacy issues, guidelines, and methodologies from our paper authors. Participants will take five minutes to individually fill out the shared digital document with topics of interest to them and their relevance to WIPS.
Within Group Phase (10 minutes)
The organizers will sort participants into groups and have participants compare their responses. The groups will begin to create scenarios using items from the four categories with each other, pairing populations with study methodologies that might be appropriate, privacy issues to design guidelines, and so on.
Summary Phase (10 minutes)
After participants finish matching cards, they will:
- write one (or more) relevant guideline for inclusive privacy and security design in the document
- describe one (or more) other population that could benefit from the guidelines they created, reflecting upon the issues that they see in their group’s scenarios
- describe one (or more) potential adversary/threat for their scenario
Participants will be encouraged to take plentiful notes in the shared document.
Presentation Phase (optional, if time available: 5 minutes)
One person from each group will briefly talk about their scenarios.
The document used for this activity will continue to be accessible and editable at the same link throughout the workshop, and we will post the link on our workshop homepage so that participants can view and add to it as the workshop develops
Jigsaw design activity
This activity will be a structured discussion of the ideas developed during card matching, using Google Jamboard as a platform to record to following:
- Participants will rejoin their card-matching groups and choose one set of matched cards to develop further
- Participants will expand upon the concept from their matched card set, developing the concept into a research plan, in small groups in a structured manner. This will create "experts" from each group in a sub-area of inclusive privacy and security
Groups will spread out to combine "experts" of different areas into "diverse" groups that can contrast, compare, and combine the different areas
- The "diverse" groups will present what common ground they found to all attendees
- Besides combining, workshop attendees could also look out for (1) trade-offs, where something that would be "better" for one population is "worse" for others, and (2) universal design, where the research identified can not only benefit people from diverse populations, but also people who do not belong in any of the populations listed.
Organizing Committee (alphabetical order)
Yaxing Yao, University of Maryland, Baltimore County
Sanchari Das, University of Denver
Taslima Akter, Indiana University Bloomington
Smirity Kaushik, University of Illinois at Urbana-Champaign
Kentrell Owens, University of Washington
Naheem Noah, University of Denver
Mary Anne Smart, UC San Diego
Jacob Abbott, Indiana University
Prashanth Rajivan, University of Washington
Syed Ishtiaque Ahmed, University of Toronto
Philipp Markert, Ruhr University Bochum
Norbert Nthala, Privacy Engineer-Google
Arup Kumar Ghosh, Jacksonville State University
Imani N. S. Munyaka, UC San Diego
Joseph Calandrino, Federal Trade Commission
Lynne Coventry, Northumbria University
Sanchari Das, University of Denver
Roberto Hoyle, Oberlin College
Ada Lerner, Wellesley College
Abigail Marsh, Macalester College
Shruti Sannon, University of Michigan
Imani Munyaka, University of California, San Diego
Kentrell Owens, University of Washington
Lucy Qin, Brown University
Tanusree Sharma, University of Illinois at Urbana-Champaign
Yang Wang, University of Illinois at Urbana-Champaign
Yaxing Yao, University of Maryland, Baltimore County
Organizer Bios (alphabetical order)
Taslima Akter is a PhD candidate in the School of Informatics, Computing, and Engineering at Indiana University Bloomington, advised by Dr. Apu Kapadia. Her research focuses on understanding the privacy risks and concerns of people with visual impairments and bystanders with camera-based assistive technology designed for people with visual impairments. In her dissertation, she is working towards designing privacy-aware assistive systems for people with visual impairments.
Joe Calandrino is the research director of the Federal Trade Commission’s Office of Technology Research and Investigation. His office conducts technical research related to the FTC’s consumer protection mission, examining topics such as consumer fraud, online advertising, financial technologies, and connected devices. His agency seeks to ensure that its efforts benefit all consumers including older adults, military service members and veterans, non-English-speaking consumers, and a wide variety of other groups.
Lynne Coventry is a research professor in the school of health and life sciences at Northumbria University, UK. She is director of PactLab – a research group exploring the role of technology in our everyday lives and the interdisciplinary Academic Centre of Excellence in Cybersecurity Research. Her research focuses on the interaction between psychology, design and security/privacy behaviours for a wide range of user types and contexts of use including children and cyberbullying, security compliance in the workplace, older adults, stigmatised groups including those living with HIV, and universal design of privacy and security to optimise inclusion and accessibility
Sanchari Das is an Assistant Professor at the Computer Science department in the Ritchie School of Engineering and Computer Science at the University of Denver. Her research lab focuses on computer security, privacy, education, human-computer interaction, social computing, accessibility, inclusivity, and digital technologies sustainability. Her research interest extends to explore the impact of digital breaches on everyday life, especially for the group, including children, older adults, the disabled community, and others.
Roberto Hoyle is an Assistant Professor of Computer Science at Oberlin College. His research focuses on extending the benefits of security and privacy to underserved populations that may not benefit from the same privacy protection settings as the general population. He has investigated privacy needs and preferences of children in foster care, transgender activists, and people with a visual impairment, and how current technology, such as egocentric cameras, could be used to protect privacy.
Abigail Marsh is an Assistant Professor of Computer Science at Macalester College, where their research focuses on the usable privacy concerns of situations where multiple stakeholders have access to one account or device, including familial and romantic relationships, older adults and their caretakers, and many other groups. They additionally research privacy and security concerns introduced by assistive technology.
Lucy Qin is a Ph.D. candidate at Brown University in the Encrypted Systems Lab. Her work focuses on designing usable cryptographic solutions to address privacy issues encountered by specific user groups. She has previously worked on designing and implementing cryptographic capabilities for supporting a pay equity initiative in Boston, detecting serial perpetrators of sexual assault on college campuses, and a privacy-centered national gun registry.
Shruti Sannonis a Computing Innovation Fellow and postdoctoral researcher at the University of Michigan School of Information. Shruti’s research examines how power asymmetries in sociotechnical systems impact users, particularly those from marginalized groups. Her recent work focuses on economically precarious workers and workers with disabilities in the gig economy. The goal of her research is to inform how technologies can be designed to be more inclusive and privacy-protective for users with diverse needs and experiences.
Imani Munyaka is an Assistant Professor at the University of California, San Diego. She received her PhD in Human-Centered Computing from the University of Florida, Master of Science in Computer Science from Kentucky State University, and a Bachelor of Science in Electrical Engineering from the University of Dayton. Her research focuses on improving the security and privacy-related experiences of underrepresented, historically-excluded, and often ignored populations so that all people can begin to have secure, private, and self-directed interactions with various technologies.
Tanusree Sharma is a third-year Ph.D. student in the Informatics program at the University of Illinois at Urbana Champaign, advised by Dr. Yang Wang. Her research focuses on usable privacy and security, accessible design to resolve socio-technical challenges. Her recent focus is on designing accessible mechanisms in Blockchain and AI technology for broader adoption and to empower underserved communities.
Smirity Kaushik is a second-year Ph.D. student in the Information Sciences program at the University of Illinois at Urbana-Champaign (UIUC) where she is advised by Dr. Yang Wang. She received a Master of Science in Information Management from Syracuse University and a Bachelor of Law from the University of Delhi. Her research is centered around usable privacy and security and social computing. She is interested in exploring user-centered privacy research ideas to resolve socio-technical challenges at the intersection of privacy, policy, and HCI.
Yang Wang is an associate professor of information science, and by courtesy, computer science, in the University of Illinois at Urbana-Champaign (UIUC) where he co-directs the Social Computing Systems (SALT) Lab. His research is centered around usable privacy and security, and social computing. His recent research focuses on designing privacy mechanisms for underserved groups such as people with disabilities.
Yaxing Yao is an Assistant Professor in the Department of Information Systems at the University of Maryland, Baltimore County. His research focuses on understanding privacy risks and people’s privacy concerns in emerging technologies and designing, implementing, and evaluating privacy mechanisms to protect people’s privacy. In his dissertation work, he looked at the privacy expectations of different stakeholders in smart homes as well as their expected privacy mechanisms.