1. 11th WATCH: Security, Privacy, and Usability: Better Together Lorrie Cranor Computer Science & Engineering Science Policy Carnegie Mellon University THURSDAY April 19, Noon, Room 110 W ashington A rea T rustworthy C omputing H our NSF Stafford I Room 110, Noon Public Invited Abstract Usable privacy and security research aims to consider security, privacy, and usability goals together in order to develop solutions in which these goals are not in conflict with each other. In this talk I will highlight some of our projects that illuminate the insights that can be gained through consideration of human behavior together with security and privacy. First, I will discuss our work exploring the usability of tools designed to help users control online behavioral advertising. Our empirical user studies are helping to inform the public policy debate about privacy regulation. Next I will discuss our work on usability and access control. We have explored the access-control needs of non-expert computer users and developed and tested approaches to make access control policy management more natural. We have also explored the ways that underlying access-control system models interact with user interface components and demonstrated that even seemingly small changes to a system's semantics can fundamentally affect the system's usability. Finally, I will discuss our research on the usability and security of text passwords. In a series of online studies, we have asked over 34,000 users to create passwords and return to our website several days later and try to recall their passwords. These studies allow us to compare password policies, for example, requiring long passwords or requiring passwords to include uppercase and lowercase letters, digits, and symbols. By examining usability and security properties together, we have identified several common misconceptions about the impact of password composition policies on user behavior. Throughout this talk I will argue that examining security/privacy and usability together is often critical for achieving either. Speaker Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS). She is also a co-founder of Wombat Security Technologies, Inc. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). About the WATCH series: Transforming today’s trusted but untrustworthy cyberinfrastructure into one that can meet society’s growing demands requires both technical advances and improved understanding of how people and organizations of many backgrounds perceive, decide to adopt, and actually use technology. WATCH aims to provide thought-provoking talks by innovative thinkers with ideas that illuminate these challenges and provide signposts toward solutions. The series is jointly organized by NSF’s Computer Science and Engineering (CISE) and Social, Behavioral, and Economic (SBE) Directorates and the Office of Cyberinfrastructure (OCI), and sponsored by the CISE Trustworthy Computing Program. Talks will be recorded and made available over the Internet. Questions/comments about WATCH? Contact Keith Marzullo kmarzull@nsf.govkmarzull@nsf.gov Thursday, April 19, 2012