Privacy and Security for Everyone, Anytime, Anywhere
8th Workshop on Inclusive Privacy and Security (WIPS)
Thursday, May 25, 2023, has been extended to June 1, 2023
Acceptance notification to authors:
Thursday, June 8, 2023
Camera ready papers due:
Thursday, June 22, 2023
Workshop date: July 30th, 2023 (agenda can be found below)
WIPS2023 is part of the SOUPS2023 conference
Registration is free.
Registration link is here WIPS 2023 Registration
Participants will submit their papers through HotCRP (Link to HotCRP, to be coordinated through SOUPS organizers, to be added)
You can also email the organizers with questions at firstname.lastname@example.org / email@example.com / firstname.lastname@example.org
Page limit: 4 pages (excluding references and/or appendix)
Formatting: please follow the USENIX formatting guideline (available here).
Scope and Focus
Security and privacy challenges confront all participants in modern society, but particular groups may experience unique or uneven privacy and security concerns. These groups may face distinctive obstacles to addressing issues, and their particular needs and concerns may not be well understood beyond those groups. Traditionally, inclusive design has addressed physical accessibility as well as needs arising from age, disability, or environment. While this work remains critical, our community also increasingly recognizes the importance of accounting for the needs of vulnerable users and marginalized groups. The workshop deliberately avoids any concrete definitions of what "vulnerable" means in this context. Instead, we encourage a diverse discussion of groups and situations without prejudice.
In this workshop, we explore the privacy and security experiences and needs of vulnerable user groups (and affected non-users). We are also interested in populations or roles in our society (e.g., lawyers, journalists, politicians, activists, medical providers) that support and/or affect the lives of vulnerable individuals. We will endeavor to uncover new ways of taking a more inclusive approach to appreciating and addressing privacy and security challenges. We also seek to identify the unintended harms resulting from privacy and security technology.
The objectives of our workshop are as follows:
i) To broaden participants' awareness of diverse privacy and security concerns.
ii) To map out fundamental research questions for the emerging field of inclusive privacy and security.
iii) To share and compile design guidelines and best practices that are relevant to inclusive design.
iv) To form collaborations among researchers in this space.
We expect participation from those who want technology to be respectful of society's diverse security and privacy needs, who seek to ensure that technology is accessible and appropriate for a broader user base, or who endeavor to improve the experience of vulnerable groups through responsible design. We encourage participation from those who are not yet actively working in inclusive privacy and security!
We enthusiastically encourage participation from those who require accessibility accommodations. If you require accommodations, you can tell us about those by emailing the organizers at email@example.com.
Talk Title: Security and Privacy Research with Vulnerable Populations
Biography: Dr. Rahul Chatterjee, Assistant Professor at the University of Wisconsin-Madison. His work focuses on making technology safe and secure for everyone to use. Current technologies are built with an average user in mind and therefore fail to recognize the needs of marginalized populations, such as survivors of interpersonal attacks. He is working towards designing next-generation authentication technologies and advanced attack detection to detect and prevent account compromise attacks. He also works on improving security and privacy risks of Smart Home IoT devices, especially in the context of interpersonal abuse. He founded Madison Tech Clinic in collaboration with local victim service providers to support survivors of domestic and intimate partner violence.
We are soliciting short papers ( <=4 pages, excluding references and/or appendix) related to inclusive privacy and security:
i) Previously published results
iii) Proposals of design principles, processes, methodologies and/or solutions for specific situations, or generalizable to support a wide range of groups or operational environments
As part of each submission, through the submission form, we will ask the authors to identify their participant population, the privacy or security issues studied, any design guidelines proposed, and methodologies used. Depending on the format of the submission, not all of these categories may be relevant.
Paper Format: Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be submitted as a PDF via the web submission system. Submissions must be no more than 4 pages (excluding acknowledgments, bibliography, and appendices).
Submissions may include as many additional pages as needed for references and for supplementary material in appendices. The paper should stand alone without the supplementary material. We encourage authors to use the appendices for content that is peripheral to the main contributions of the paper but that may interest some readers or that may facilitate replication. Note that members of the program committee are free to not read this material when reviewing the paper
Submissions should be made via HotCRP. Questions about the workshop, including submissions, should be sent to the organizers at firstname.lastname@example.org.
In place of traditional live paper presentations, authors of accepted papers will record a five-minute video presentation, which will be uploaded to and archived on YouTube by the WIPS organizers. These videos will be shared with workshop participants ahead of the workshop. In addition, authors will play an active role in workshop activities.
Zoom: Registered attendees will receive zoom link over email
Sunday, July 30th: (US Eastern Time)
9:00 AM - 9:15 AM: Introduction, discussion of goals, establishment of group norms - Sanchari Das, Roberto Hoyle
9:15 AM-9:35 AM: Keynote Speaker- Dr. Rahul Chatterjee - University of Wisconsin-Madison
9:35 AM-9:45 AM: Q&A and Discussion - Moderator: Sanchari Das
9:45 AM - 10 AM: 15 min break
10:00 AM - 10:25 AM: What does “inclusive”privacy and security research mean to you?
10:25 AM - 10:45 AM: Large Group Share Session; Chair: Roberto Hoyle
10:45 AM - 11:00 AM: 15 min break
11:00 AM - 11:30 AM: Privacy Session; Chair: Imani N. S. Munyaka
-- Paper 1: Towards Equitable Privacy Paper PDF
-- Paper 2: Peer Surveillance in Online Communities Paper PDF
-- Paper 3: Towards Perceived Security, Perceived Privacy, and the Universal Design of E-Payment Applications Paper PDF
Each Paper presentation is 5 minutes presentation and 5 minutes discussion and Q&A.
11:30 AM - 11:45 AM: 15 min break
11:45 AM - 12:15 PM: Understudied & Innovative Session; Chair: Tanusree Sharma
-- Paper 1: Work in Progress: Privacy Protection for Children 13+ in Virtual Worlds Paper PDF
-- Paper 2: Optimizing Shoulder-Surfing Resistance in Augmented and Virtual Reality: A Replication Study Proposal in the US Paper PDF
-- Paper 3: Understanding online harms and safety of vulnerable groups going through serious life transitions Paper PDF
12:15 PM to 2 PM: Group Lunch
2:00 PM - 2:15 PM: Re-Introduction, discussion of goals, re-establishment of group norms - Sanchari and Roberto Hoyle
2:15 PM - 2:45 PM: Card-Matching Game - Setup
2:45 PM- 3:00 PM: 15 min break
3:00 PM - 3:30 PM: Summary Phase. Every breakout room will have members of the organizing committee.
3:30 PM-3:45 PM: 15 minutes break
3:45 PM - 4:00 PM: Set-Up Phase for Jigsaw Activity. Every breakout room will have members of the organizing committee.
4:00pm - 4:30pm: Brainstorming and Summary for Jigsaw Activity - Taslima Akter, Yaxing Yao, Lucy Brown.
4:30 PM - 5:00 PM: Group Sharing and Reflection, Wrap up - Sanchari Das and Roberto Hoyle
Workshop ActivitiesResearch and Design Guideline Activity
When we conduct inclusive research, we often encounter problems specific to engaging our participant populations, minimizing risk and bias, or even getting started on a topic. In this activity, participants will discuss their experiences with inclusive privacy and security research, including but not limited to:
Participants: How have you recruited participants and established a trustworthy reputation in a community? What experiences have not been successful or have forced you to revise a study protocol, goals, expectations, etc., partway through?
Ethical research: What considerations have you made in order to ensure that your research was conducted ethically, especially with an awareness of the risks that might be specific to your topics? When have you failed, and how have you handled those failures?
Methodologies: Do you need to make any changes to methodologies to accommodate specific needs? How do you train or prepare those without experience to work with you?
Logistics: How much did you pay your participants? How is the rate decided?
Motivations: How do you get folks to care about the problems inclusive security research identifies? How have you been able to get your work seen and valued in other security communities?
Data dissemination: What difficulties do you face to disseminate your work or data for publication or collaboration? Do you inform your participants of the published work? If yes, what means have you used to contact your participants? What special considerations have you taken to anonymize the data for publications?
Lessons learned: Are there any (hard) lessons learned in your experience of conducting inclusive privacy/security research that other researchers/practitioners can avoid?
Resources: How and where do you get resources to conduct inclusive privacy/security research? Funding agencies, non-profit organizations, companies, university units, etc.
Participants should be prepared to talk in detail about their own research experiences and to learn from others.
After the first session, workshop participants will rejoin their groups and brainstorm research and design guidelines based on the shared experiences. Guidelines should be broad enough to help new researchers approaching inclusive research, and not a list of lessons learned from a specific study.
This will serve as an icebreaker for workshop participants as we transition to group-focused activities.
The organizers will share a collaborative document with subsections representing the following categories: population, privacy issue, guideline, and methodology. Each category will be partially pre-filled with the populations, privacy issues, guidelines, and methodologies from our paper authors. Participants will take five minutes to individually fill out the shared digital document with topics of interest to them and their relevance to WIPS.
Within Group Phase
The organizers will sort participants into groups and have participants compare their responses. The groups will begin to create scenarios using items from the four categories with each other, pairing populations with study methodologies that might be appropriate, privacy issues to design guidelines, and so on.
After participants finish matching cards, they will:
write one (or more) relevant guideline for inclusive privacy and security design in the document
describe one (or more) other population that could benefit from the guidelines they created, reflecting upon the issues that they see in their group’s scenarios
describe one (or more) potential adversary/threat for their scenario
Participants will be encouraged to take plentiful notes in the shared document.
Presentation Phase (if time available: 5 minutes)
One person from each group will briefly talk about their scenarios.
The document used for this activity will continue to be accessible and editable at the same link throughout the workshop, and we will post the link on our workshop homepage so that participants can view and add to it as the workshop develops
Jigsaw design activity
This activity will be a structured discussion of the ideas developed during card matching, using Google Jamboard as a platform to record to following:
- Participants will rejoin their card-matching groups and choose one set of matched cards to develop further
- Participants will expand upon the concept from their matched card set, developing the concept into a research plan, in small groups in a structured manner. This will create "experts" from each group in a sub-area of inclusive privacy and security
Groups will spread out to combine "experts" of different areas into "diverse" groups that can contrast, compare, and combine the different areas
- The "diverse" groups will present what common ground they found to all attendees
- Besides combining, workshop attendees could also look out for (1) trade-offs, where something that would be "better" for one population is "worse" for others, and (2) universal design, where the research identified can not only benefit people from diverse populations, but also people who do not belong in any of the populations listed.
Organizing Committee (alphabetical order)
Sanchari Das, University of Denver
Roberto Hoyle, Oberlin College
Imani N. S. Munyaka, UC San Diego, email@example.com
Smirity Kaushik, University of Illinois at Urbana-Champaign, firstname.lastname@example.org
Jacob Abbott, Indiana University Bloomington
Lynne Coventry, Northumbria University
Arup Kumar Ghosh, Jacksonville State University
Peter Mayer, University of Southern Denmark
Naheem Noah, University of Denver
Kentrell Owens, University of Washington
Pavithren V S Pakianathan, Ludwig Maximilians University of Munich
Sarah Radway, Tufts University
Tanusree Sharma, University of Illinois at Urbana-Champaign
Yaman Yu, University of Illinois at Urbana-Champaign
Taslima Akter, University of California Irvine, email@example.com
Kevin Butler, University of Florida, firstname.lastname@example.org
Joe Calandrino, Federal Trade Commission, email@example.com
Lynne Coventry, Northumbria University, firstname.lastname@example.org
Sanchari Das, University of Denver, Sanchari.Das@du.edu
Roberto Hoyle, Oberlin College, email@example.com
Smirity Kaushik, University of Illinois at Urbana-Champaign, firstname.lastname@example.org
Ada Lerner, Northeastern University, email@example.com
Abigail Marsh, Macalester College, firstname.lastname@example.org
Imani N. S. Munyaka, UC San Diego, email@example.com
Lucy Qin, Brown University, firstname.lastname@example.org
Shruti Sannon, University of Michigan, email@example.com
Yang Wang, University of Illinois at Urbana-Champaign, firstname.lastname@example.org
Noel Warford, University of Maryland, email@example.com
Yaxing Yao, University of Maryland, Baltimore County, firstname.lastname@example.org
Tanusree Sharma, University of Illinois at Urbana-Champaign
Organizer Bios (alphabetical order)
Taslima Akter is a Postdoctoral researcher in the department of Informatics at University of California Irvine. Her research is centered on gaining an understanding of the accessibility and privacy hurdles that individuals with disabilities face. In her work, she has delved into the privacy requirements of a variety of marginalized groups such as those with visual impairments, racial minorities, and ROTC students. Furthermore, she is currently engaged in designing systems that take privacy into account for these groups.
Kevin Butler Kevin Butler (he/him) is a Professor of Computer and Information Science and Engineering and Director of the Florida Institute for Cybersecurity Research at the University of Florida. He is also director of the NSF Center for Privacy and Security for Marginalized Populations. His research focuses on the security and trustworthiness of computer systems and data and the privacy of users accessing their computing resources, particularly with regards to emerging technologies.
Joe Calandrino Joe Calandrino is the research director of the Federal Trade Commission’s Office of Technology Research and Investigation. His office conducts technical research related to the FTC’s consumer protection mission, examining topics such as consumer fraud, online advertising, financial technologies, and connected devices. His agency seeks to ensure that its efforts benefit all consumers including older adults, military service members and veterans, non-English-speaking consumers, and a wide variety of other groups.
Lynne Coventry is a research professor in the School of Design and Informatics at Abertay University, UK. She is director of Abertay cyberQuarter – a interdisciplinary centre focused on bringing public sector, business and academia closer together to work on local, national and global cybersecurity problems. Her personal research focuses on the interaction between psychology, design and security/privacy behaviors for a wide range of user types and contexts of use including children and cyberbullying, security compliance in the workplace, older adults, stigmatized groups, and universal design of privacy and security to optimize inclusion and accessibility.
Sanchari Das (She/Her/Hers) is an Assistant Professor in the Computer Science department at the Ritchie School of Engineering and Computer Science at the University of Denver. Her research lab focuses on computer security, privacy, education, human-computer interaction, social computing, accessibility, inclusivity, and digital technologies sustainability. In addition, her research interest extends to exploring the impact of digital breaches on everyday life, especially for the group, including children, older adults, the disabled community, and others.
Roberto Hoyle is an Associate Professor of Computer Science at Oberlin College. His research focuses on extending the benefits of security and privacy to underserved populations that may not benefit from the same privacy protection settings as the general population. He has investigated privacy needs and preferences of children in foster care, transgender activists, and people with a visual impairment, and how current technology, such as egocentric cameras, could be used to protect privacy.
Smirity Kaushik is a third-year Ph.D. student in the Information Sciences program at the University of Illinois at Urbana-Champaign (UIUC) where she is advised by Dr. Yang Wang. She received a Master of Science in Information Management from Syracuse University and a Bachelor of Law from the University of Delhi. Her research is centered around usable privacy and security and social computing. She is interested in exploring user-centered privacy research ideas to resolve socio-technical challenges at the intersection of privacy, policy, and HCI.
Ada Lerner is an Assistant Professor of Computer Science at Northeastern University, where their research focuses on the security and privacy concerns, expertise, and norms of marginalized populations, the role of systemic factors such as law and policy in outcomes for these groups, and other interdisciplinary approaches to enabling all people to benefit from technology's potential.
Abigail Marsh is an Assistant Professor of Computer Science at Macalester College, where their research focuses on the usable privacy concerns of situations where multiple stakeholders have access to one account or device, including familial and romantic relationships, older adults and their caretakers, and many other groups. They additionally research privacy and security concerns introduced by assistive technology.
Imani N. S. Munyaka is an Assistant Professor at the University of California, San Diego. She received her PhD in Human-Centered Computing from the University of Florida, Master of Science in Computer Science from Kentucky State University, and a Bachelor of Science in Electrical Engineering from the University of Dayton. Her research focuses on improving the security and privacy-related experiences of underrepresented, historically-excluded, and often ignored populations so that all people can begin to have secure, private, and self-directed interactions with various technologies.
Lucy Qin is a Ph.D. candidate at Brown University in the Encrypted Systems Lab. Her work focuses on designing usable cryptographic solutions to address privacy issues encountered by specific user groups. She has previously worked on designing and implementing cryptographic capabilities for supporting a pay equity initiative in Boston, detecting serial perpetrators of sexual assault on college campuses, and a privacy-centered national gun registry.
Shruti Sannon is a Computing Innovation Fellow and postdoctoral researcher at the University of Michigan School of Information. Shruti’s research examines labor and privacy in digitally-mediated settings, particularly in the context of marginalized groups. Her recent work focuses on low-income and disabled workers in the gig economy. The goal of her research is to inform how technologies can be designed to be more inclusive and privacy-protective for users with diverse needs and experiences.
Tanusree Sharma is a fourth-year Ph.D. student in the Informatics program at the University of Illinois at Urbana Champaign, advised by Dr. Yang Wang. Her research focuses on usable privacy and security, accessible design to resolve socio-technical challenges. Her recent focus is on designing accessible mechanisms in Blockchain and AI technology for broader adoption and to empower underserved communities.
Yang Wang is an associate professor of information science, and by courtesy, computer science, in the University of Illinois at Urbana-Champaign (UIUC) where he co-directs the Social Computing Systems (SALT) Lab. His research is centered around usable privacy and security, and social computing. His recent research focuses on designing privacy mechanisms for underserved groups such as people with disabilities.
Noel Warford is a Ph.D candidate at University of Maryland College Park, advised by Dr. Michelle Mazurek. His research focuses broadly on digital safety (security, privacy, and abuse/harassment prevention) for users who, by context or circumstance, face elevated risk. Recently, he has focused on the security and privacy needs of IT staff in libraries and journalists’ strategies for managing online harassment.
Yaxing Yao is an Assistant Professor in the Department of Information Systems at the University of Maryland, Baltimore County. His research focuses on understanding privacy risks and people’s privacy concerns in emerging technologies and designing, implementing, and evaluating privacy mechanisms to protect people’s privacy. In his dissertation work, he looked at the privacy expectations of different stakeholders in smart homes as well as their expected privacy mechanisms.