Important Dates

Submission deadline: Thursday, May 23, 2024, 23:59PM, Anywhere on Earth
Acceptance notification to authors: Thursday, June 6, 2024
Camera ready papers due: Thursday, June 20, 2024, 23:59PM, Anywhere on Earth

Workshop date: Friday, August 9th, 2024 (a tentative agenda can be found below)

Registration

WIPS2024 is part of the SOUPS2024 conference

Registration is free.

Registration link is here WIPS 2024 Registration

Submission Site

Participants will submit their papers through HotCRP (Link to HotCRP, to be coordinated through SOUPS organizers, to be added)
You can also email the organizers with questions at wips.soups@gmail.com / rhoyle@oberlin.edu / xinru@cs.byu.edu

Submission link

Anonymization: Submissions are NOT to be anonymized
Page limit: 4 pages (excluding references and/or appendix)
Formatting: please follow the USENIX formatting guideline (available here).

Scope and Focus

This workshop is a continuation of eight workshops which have focused on security and privacy in the contexts of disability, access, and the needs of people from vulnerable or marginalized groups or who are in vulnerable situations. Since these groups have traditionally been underrepresented in research efforts, we aim to continue building this community and expanding the body of work that is focused on these groups. While this research area is expanding, studies focused on inclusive privacy and security are often labor intensive, require access to difficult-to-find populations, and generate findings that may be heavily circumstance-dependent, including circumstances that may extend well outside the digital realm. Privacy and security challenges are accelerating at an incredible pace. We must work as a community to likewise accelerate the research in this space. We do this by building off of one another’s work, learning from one another, and bringing together the body of work in academia with insights from other sources to be able to detect larger trends, identify new vulnerable populations, privacy challenges, and design patterns that can help (or hinder) users.

In this year’s workshop, we take two approaches to work towards accelerating our research in this space. First, we bring the community together to cultivate mentorship and identify challenges they are having conducting research in this space (methodological, related to practical implementation, making the right connections with collaborators, field sites, participants, adapting methods for this context, etc.). We will bring junior and senior researchers together organized into small groups based on similar research interests & expertise. Participants will give one another detailed feedback on submitted workshop papers and trouble-shoot specific research challenges they are facing. The first half of the workshop will focus on such community building and mentorship.

Second, we open the discussion on how to accelerate our research as a community. Specifically, we challenge participants to envision and co-design a privacy research infrastructure that could help us better build on one another’s work and leverage additional data sources that could help us more effectively and efficiently identify privacy issues and vulnerable populations, as well as factors leading to such issues. Creating a more sustainable and cohesive approach to researching vulnerable populations can help us better serve the needs of these communities. In particular, participants will explore the research possibilities that would be enabled by having a database of privacy harms. We will explore the metadata, capabilities, data sources, and reporting mechanisms that would need to be in place for this to be a useful researcher resource. Another capability would be identifying both light and dark patterns of design - in particular, what would the database need to look like so that we can identify common design elements, processes, or contextual factors that contribute to or prevent privacy harms. After the workshop, several of the organizers plan to continue leading an effort to design and develop such an infrastructure to be made freely available to the research community, and welcome continued involvement from interested workshop participants.

To achieve these aims, the workshop will focus on i) providing assessment and feedback on existing research while exploring strategies to transition from one-off experiments to continuous, interconnected research efforts, ii) co-design a privacy infrastructure framework

The objectives of our workshop are as follows:

i) Provide feedback and community building for current research efforts.

ii) Elevate research continuity and relevance.

iii) Establish a privacy infrastructure framework for sustained impact.

We invite contributions from all researchers who are motivated to address society’s diverse security and privacy needs, and seek to improve the accessibility and usability for all users. We welcome both new and seasoned researchers in this space!

We enthusiastically encourage participation from those who require accessibility accommodations. If you require accommodations, you can tell us about those by emailing the organizers at wips.soups@gmail.com / rhoyle@oberlin.edu / xinru@cs.byu.edu.

Submission

We are soliciting short papers ( <=4 pages, excluding references and/or appendix) related to inclusive privacy and security:

i) Previously published results

ii) Works-in-progress

iii) Proposals of design principles, processes, methodologies and/or solutions for specific situations, or generalizable to support a wide range of groups or operational environments

As part of each submission, through the submission form, we will ask the authors to identify their participant population, the privacy or security issues studied, any design guidelines proposed, and methodologies used. Depending on the format of the submission, not all of these categories may be relevant.

Paper Format: Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be submitted as a PDF via the web submission system. Submissions must be no more than 4 pages (excluding acknowledgments, bibliography, and appendices).

Submissions may include as many additional pages as needed for references and for supplementary material in appendices. The paper should stand alone without the supplementary material. We encourage authors to use the appendices for content that is peripheral to the main contributions of the paper but that may interest some readers or that may facilitate replication. Note that members of the program committee are free to not read this material when reviewing the paper

Submissions should be made via HotCRP. Questions about the workshop, including submissions, should be sent to the organizers at wips.soups@gmail.com.

In place of traditional live paper presentations, authors of accepted papers will record a five-minute video presentation, which will be uploaded to and archived on YouTube by the WIPS organizers. These videos will be shared with workshop participants ahead of the workshop. In addition, authors will play an active role in workshop activities.

Agenda (Virtual)

Zoom: Registered attendees will receive zoom link over email

Sunday, July 30th: (US Eastern Time)

9:00 AM - 9:15 AM: Introduction, discussion of goals, establishment of group norms - Sanchari Das, Roberto Hoyle

9:15 AM-9:35 AM: Keynote Speaker- Dr. Rahul Chatterjee - University of Wisconsin-Madison

9:35 AM-9:45 AM: Q&A and Discussion - Moderator: Sanchari Das

9:45 AM - 10 AM: 15 min break

10:00 AM - 10:25 AM: What does “inclusive”privacy and security research mean to you?

10:25 AM - 10:45 AM: Large Group Share Session; Chair: Roberto Hoyle

10:45 AM - 11:00 AM: 15 min break

11:00 AM - 11:30 AM: Privacy Session; Chair: Imani N. S. Munyaka

-- Paper 1: Towards Equitable Privacy Paper PDF

-- Paper 2: Peer Surveillance in Online Communities Paper PDF

-- Paper 3: Towards Perceived Security, Perceived Privacy, and the Universal Design of E-Payment Applications Paper PDF

Each Paper presentation is 5 minutes presentation and 5 minutes discussion and Q&A.

11:30 AM - 11:45 AM: 15 min break

11:45 AM - 12:15 PM: Understudied & Innovative Session; Chair: Tanusree Sharma

-- Paper 1: Work in Progress: Privacy Protection for Children 13+ in Virtual Worlds Paper PDF

-- Paper 2: Optimizing Shoulder-Surfing Resistance in Augmented and Virtual Reality: A Replication Study Proposal in the US Paper PDF

-- Paper 3: Understanding online harms and safety of vulnerable groups going through serious life transitions Paper PDF

12:15 PM to 2 PM: Group Lunch

2:00 PM - 2:15 PM: Re-Introduction, discussion of goals, re-establishment of group norms - Sanchari and Roberto Hoyle

2:15 PM - 2:45 PM: Card-Matching Game - Setup

2:45 PM- 3:00 PM: 15 min break

3:00 PM - 3:30 PM: Summary Phase. Every breakout room will have members of the organizing committee.

3:30 PM-3:45 PM: 15 minutes break

3:45 PM - 4:00 PM: Set-Up Phase for Jigsaw Activity. Every breakout room will have members of the organizing committee.

4:00pm - 4:30pm: Brainstorming and Summary for Jigsaw Activity - Taslima Akter, Yaxing Yao, Lucy Brown.

4:30 PM - 5:00 PM: Group Sharing and Reflection, Wrap up - Sanchari Das and Roberto Hoyle

Workshop Activities

Research and Design Guideline Activity

When we conduct inclusive research, we often encounter problems specific to engaging our participant populations, minimizing risk and bias, or even getting started on a topic. In this activity, participants will discuss their experiences with inclusive privacy and security research, including but not limited to:

1. Participants: How have you recruited participants and established a trustworthy reputation in a community? What experiences have not been successful or have forced you to revise a study protocol, goals, expectations, etc., partway through?

2. Ethical research: What considerations have you made in order to ensure that your research was conducted ethically, especially with an awareness of the risks that might be specific to your topics? When have you failed, and how have you handled those failures?

3. Methodologies: Do you need to make any changes to methodologies to accommodate specific needs? How do you train or prepare those without experience to work with you?

4. Logistics: How much did you pay your participants? How is the rate decided?

5. Motivations: How do you get folks to care about the problems inclusive security research identifies? How have you been able to get your work seen and valued in other security communities?

6. Data dissemination: What difficulties do you face to disseminate your work or data for publication or collaboration? Do you inform your participants of the published work? If yes, what means have you used to contact your participants? What special considerations have you taken to anonymize the data for publications?

7. Lessons learned: Are there any (hard) lessons learned in your experience of conducting inclusive privacy/security research that other researchers/practitioners can avoid?

8. Resources: How and where do you get resources to conduct inclusive privacy/security research? Funding agencies, non-profit organizations, companies, university units, etc.

Participants should be prepared to talk in detail about their own research experiences and to learn from others.

After the first session, workshop participants will rejoin their groups and brainstorm research and design guidelines based on the shared experiences. Guidelines should be broad enough to help new researchers approaching inclusive research, and not a list of lessons learned from a specific study.

Card-matching game

This will serve as an icebreaker for workshop participants as we transition to group-focused activities.

Set-up Phase

The organizers will share a collaborative document with subsections representing the following categories: population, privacy issue, guideline, and methodology. Each category will be partially pre-filled with the populations, privacy issues, guidelines, and methodologies from our paper authors. Participants will take five minutes to individually fill out the shared digital document with topics of interest to them and their relevance to WIPS.

Within Group Phase

The organizers will sort participants into groups and have participants compare their responses. The groups will begin to create scenarios using items from the four categories with each other, pairing populations with study methodologies that might be appropriate, privacy issues to design guidelines, and so on.

Summary Phase

After participants finish matching cards, they will:

1. write one (or more) relevant guideline for inclusive privacy and security design in the document

2. describe one (or more) other population that could benefit from the guidelines they created, reflecting upon the issues that they see in their group’s scenarios

3. describe one (or more) potential adversary/threat for their scenario

Participants will be encouraged to take plentiful notes in the shared document.

Presentation Phase (if time available: 5 minutes)

One person from each group will briefly talk about their scenarios.

Continued Visibility

The document used for this activity will continue to be accessible and editable at the same link throughout the workshop, and we will post the link on our workshop homepage so that participants can view and add to it as the workshop develops

Jigsaw design activity

This activity will be a structured discussion of the ideas developed during card matching, using Google Jamboard as a platform to record to following:

- Participants will rejoin their card-matching groups and choose one set of matched cards to develop further

- Participants will expand upon the concept from their matched card set, developing the concept into a research plan, in small groups in a structured manner. This will create "experts" from each group in a sub-area of inclusive privacy and security

Groups will spread out to combine "experts" of different areas into "diverse" groups that can contrast, compare, and combine the different areas

- The "diverse" groups will present what common ground they found to all attendees

- Besides combining, workshop attendees could also look out for (1) trade-offs, where something that would be "better" for one population is "worse" for others, and (2) universal design, where the research identified can not only benefit people from diverse populations, but also people who do not belong in any of the populations listed.