2026 Posts | Kami Vaniea

Security and Human Behavior 2026 Day 2

Tue, 19 May 2026 12:18:48 -0400

Welcome to the 19th Security and Human Behavior. The write-up below is a live-blog of the workshop.

Contents:

Session 5: Organizational Security
- Speakers: Carolin Lämmle, Ryan Wright, David Reeves, Samantha Phillips, Tony Vance, Laura Arno
Session 6: Trust and Security Public Policy
- Speakers: Joseph Bonneau, Kami Vaniea, Serge Egelman, Jayati Dev, Michele Massberg, Ryan Shandler
Session 7: Public Policy and Privacy
- Speakers: David Sidi, Avinash Collis, Geoff Tomaino, Andrew Odlyzko, Tawfiq Alashoor, Blase Ur
Session 8: Where Do We Go From Here?
- Speakers: Sascha Romanosky, Susan Landau, Jean Camp, Matt Blaze, Alessandro Acquisti, Jeremy Epstein

Also see:

Session 5: Organizational Security

Speakers: Carolin Lämmle, Ryan Wright, David Reeves, Samantha Phillips, Tony Vance, Laura Arno

Carolin Lämmle

Title: System Administrators - Power, Gender, and Ethics

Systemadmins - interviews with 11 male administrators then later a study of 13 female system administrators.

Unsuprisingly female system adinistrators are not common on teams leading to many issues

Surveyed a larger set of system administrators (32 Women, 216 men, 7 other)

I am in a powerful position <- both genders agree they have power, are irreplaceable, respected by suepervisors, relied on for advice, and comfortable with with giving orders. They also were self-aware that they could do quite a bit of dammage.
Struggles with doing things “quick and dirty or the right way”
Honor code seen as important
Gender differences:
- Men more likely to say “I have skills no one else have”
- Women less likely to agree that they have special skills, are competent
“Technically speaking I’m at the top of the hierarchy”: How System Administrators Think About Power
“You’re not smart enough for it. You can’t do it anyway.” - Experiences and Coping Strategies of Female System Administrators

Ryan Wright

Title: Does compliance Actually Reduce Cyber Incidents: Two decades of acadiemic research. Seven CISOs.

How much did your organization spend on compliance training, awareness, and policy enforcement last year? Evidence?

Does compliance actually matter? Maybe it is the wrong construct.

Pre-registered study. Which is challenging to do.

When talking to CISOs about what is working and what is not working for them. Issues like influence, trust, shared goals, regular communication and genuine partnership. AKA Social Capital.

Findings

Compliance didn’t move the needle

Compliance does matter for smaller organizations, so having compliance does matter, but adding more maybe doesn’t

Shared social capital is big

If both cyber and business and social capital are high and balance - then less odds of a severe breach

Who benifits the most

Big organizations need more social capital
Top management doesn’t understand cybersecurity plan? It will probably fail.
Security teams that act as community members are more effective

“Security leadership increasingly resembles community stewardship”

Compliance is important to get security up to a certain level, but past that there are limited returns from just compliance.

David Reeves (Virginia Tech)

Both a PhD student and a CISO

Behavioral distortions in organizational cybersecurity decision-making

Impact of anticipatory feelings on organizations cybersecurity decision-making
Impact of cognitive biases on organizations downplay escalating security warning signs

What level of risk is acceptable? Having these conversations at the board-level is complex.

National Guard hacked by Chinese ‘Salt Typhoon’ campaignfor nearly a year, DHS memo says

Large data breach
State said that acceptable risk was at a certain level, but the on the ground decisions did not match that high level goals
Money saving was an aspect
Costs of breach were serious and not necessarily properly thought about before hand
- Loss of trust with partners - long term loss
- Reassigned employees from other projects to handle the situation
- High levels of burnout
- Admins took lots of blame, even though the risk decisions were taken by others
- Breach costs like having to pay for LiveLock for people who’s data was lost.

Core argument: Organizational leaders rely on cognitive biased interpretations that systematically distort cybersecurity risk perception.

Mixed method study: quantitative data such as financial, ceybrersecurity assessment results, incident informaiton, organizational environmental data. Qualitative data like grounded theory interviews of populations like CEOs, CFOs, CIO, and CISOs.

Samantha Phillips (The University of Tulsa)

Imagine two organizations A and B and the same security intervention is used at both, but the outcome is quite different. What about security culture is causing such a difference in how an intervention is recieved?

Used:

Hofstead’s Organizational Culture Dimensions
Schein’s Three-Level Model of Culture

Research study with survey study and follow-up interviews.

Employees did think that the company cared about security, but they were unsure if they would actually get any help if something happened
Leadership story
- Operations leader, deployed security cameras in a site, then security team found out. Security team didn’t approve, and opperations had to remove the cameras. Leading to frictions and tensions in the culture.
Another story
- Security team depoloyed MFA, so they sent it out to the rest of the company
- But…. many employees did not have phones, lots of worked sites had no cell service. So MFA caused bad security behaviors like everyone using the one account they could get logged in.

Take aways

Measuring the type of information security culture is important to target interventions
- Easy going culture may not match well with a strict security intervention
Assess culture from multiple dimensions/perspectives
Consider measuring pre/post to understand how an intervention is impacting a culture

Tony Vance (Virginia Tech)

Title: Rethinking security culture

Story: Microsoft compromised by Chinese hackers including gaining access to a private key - which is very not good

Enbled attackers to access email addresses of many organizations that use Microsoft email products
Review was done and publicly released
- Found that security culture needs to be improved at Microsoft
- But what is “securiyt culture”? Report did not define the term.

Risk management maybe this one

Measuring scales for culture

Security education and awareness - good overlap among scales
Many other constructs measure a range of things. 83 different constructs found in the review

Some constructs are correlates, some are determinants, and some outcomes. These are different aspects entirely.

Design of survey scales are not at the level of modern scale development. Issues like properly validating the scale to make sure it measures what the authors intended. It is important that participants answer questions in a way that matches the researcher understanding, if this is not tested then there may be a big issue.

A scale development cycle:

Conceptual definition
Dimensioality specification
Item generation
Content validity

Wants to improve how culture is measured so organizations can not only say they want to improve, but measure what their current state looks like.

Laura Arno

Talk: How security Policy Motivates Computer Abuse: Organizatoinal Technology Injustice

Overly tight security policies can lead to shadow IT, where users go around the security and setup their own IT which then results in overall lower security.

Insider threats

Mone going towards employee monitoring and surveillance as a way of mitigating threats.

Tensions between the IT and the non-IT employees. This an cause computer abuse.

Lots of research focuses on compliance as an outcome. But recent research is calling this into question. Measuring non-compliance is also becoming something to measure. But non-compliance is often conflated with negligence, cyberloafing, violation and computer abuse. But much of non-compliance is closer to work-arounds of overly strict security policies that make day-to-day work very challenging. We should consider measuring non-compliance as a metric of how badly a policy mismatches with employee needs and willingness.

Many employees are not aware of the policies. But they know what they think the policies are. They may only know that the policy is restricting them, that they have lost control, and that they do not like them.

Perceptions of the restrictons is driving their behavior.

Q&A

If we talk about cognitive biases, are we suffering from them? Is phishing really the biggest risk? CISOs are doing training/compliance because NIST has said so. Are we the biased ones? Should be re-assessing good protections?
- Yes: having academic conversations where we have crazy conversations and then testing them is really great. It causes a slow building of understanding that is very valuable.
- It is hard to measure security culture, especially if it is a suplier that was hacked
- We spend all this time and energy on barriers. But we need better partnership with employees. Reporting and response are also super important. It isn’t all up-front protection.
For Laura - you mentioned shadow IT and that the policies are unjust
- Studying more than compliance is important. Shadow IT is very much a thing. It is possible to both be compliant (long password changed often) and not in compliance (password written on white board because no one can memorize it).
Social capital
- Ryan: in our study we had the two roles measure each other’s social capital. It was important to see not just how people see themselves, but also how other see them.
It is not that compliance does not work, the issue is that compliance is not done correctly. Box ticking vs finding underlying problem and addressing it. In lawsuits: a security report is often based on a CISO answering a questionare, not based on what was actually going on.
- We need to re-think what compliance actually is.
Relational governance - social capital. It was interesting in our case we saw that you cannot order people like tenured professors or members of parlement. So social capital is vital to get security actually done. How do CISOs navigate the changing roles
- Ryan: CISOs: they feel they need to empower users, empower business units, and they need a shared risk model
- David: It is imporant as a CISO is to weirdly not be a technologist. But in a CISO role the position is to be a collaborative leader, not a technologist. And to figure out how risks are applied to the company’s business function. Role is to think about what the organization risks are not the IT risks.
To Ryan: In political economy people focus quite a bit on trust because it can be measured and put in a model. Would it help to start with trust in these measures of social capital and collaboration within an organization.
When I think about security culture I think about “I know it when I see it”. How much cluture is based on the technology of the moment and how much is actually culture.
- Hopefully not the technology, because that is always changing. Culture also changes over time. So both are combined.
- They are quite independent. Even if a tech stack was swapped out the culture should persist, though it would need to adapt.
- At home I’m productive (no restrictions) at work I’m quite restricted so I’m less productive.

Session 6: Trust and Security Public Policy

Speakers: Joseph Bonneau, Kami Vaniea, Serge Egelman, Jayati Dev, Michele Massberg, Ryan Shandler

Notes in this session were done by my incredible student due to me being in the session.

Joseph Bonneau

Title: Cryptographically Verifiable Lotteries

Making lotteries verifiable for cryptography Lotteries are used for many purposes like moose hunt lottery for hunting permits, judge assignments, conscription, and security screening Case Studies: biased randomness US conscription lottery, 1969: those with later birth months were not selected Diversity visa program, 2011: results are void as it was biased

How can we achieve a verifiable lottery? Physical randomness ceremonies: the issue with this is that physical randomness can be faked: hot and cold balls used to aid cheats Randomness from natural phenomena or stock market from asset prices Levels of Verifiability: Using cryptography we can use multiparty randomness beacon protocol (i.e. League of Entropy) the trust model here is that if a majority of them is good the randomness will work well

Participatory protocols: Only 1 of n correct participants needed for security but no security downside to adding participants

Kami Vaniea

Many conferences this year are struggling with high submission rates and potentially AI generated content

What is SOUPS: Symposium on Usable Privacy and Security SOUPS is focused on human factors of security and privacy technologies and have started in 2005. Kami was technical paper chair for 2025 and 2026.

There has been a boom of paper submissions:

2024 was 156 submissions with 21% accepted
2025 was 157 submissions with 19% accepted
2026 was 251 submissions with 15.5% accepted

251 submissions and 15.5% (39 accepted submissions( and 3 main reasons for number of submissions)

AI may be a culprit here - its a common source of blame this year
CORE ranking- SOUPS was just raised to A-level in late 2025 (being A-level is a big deal)
Location being in Germany

Statistics: Kami asked reviewers to let us know about problematic AI and some issues identified included mangled references, fabricated references, citing text does not agree with cited paper, or poorly written text or text that does not match the rest of the paper

18 flagged by reviewers as possibly having problematic AI
12 rejected in round 1
3 rejected in round 2
3 accepted both were flagged for having potentially AI generated text Problem: we never looked this closely at references before

Step 11: SOUPS will be using student volunteers to review the output of reference checkers for all accepted papers!

Serge Egelman

Title: Is it time for software to put on its big boy pants?

Most engineering depends on complex supply chains: Apple doesn’t make glass, Toyota doesn’t make brake pads Airlines use chicken cannons to test airline parts. For engineering software, you should be using ⅙ of the time coding and most of the time in planning and validation. Products must list ingredients and/or share any hazardous ingredients but this doesn’t exist in software. Part of the problem is that “developers usually choose which corporates they incorporate and compliance / QA folks may be left in the dark”.

50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System - Submitted to FTC PrivacyC

Some developer SDKs take location Data and there is a paper on this

Awareness of app behaviours and some developers just did not know Data sent to measurelib.com and it was linked to a defense contractor and there is a book by Bryan Tau on this topic https://www.usenix.org/system/files/usenixsecurity23-lyons.pdf Physical products that cause harm when used as intended are subject to recalls yet we don’t have this for software

Methods for accountability exist: civil engineers are licensed Where do we go from here?

SBOMs
ONCD organized a working group to come up with a framework for software liability
Maybe engineers need to be professionally licensed

Jayati Dev

Title: Multistakeholder approach to open source policy

Open source software is everywhere and for maintainers the bigger is gets the harder it is to maintain and for users there is usage in insecure context and hard to get support

Can we add policy “rocks” for modern infrastructure/ open source software as many policy conversations happen in silos. What would a multi stakeholder policy approach look like for open source? At cybersecurity policy workshops they had breakout sessions with academic, industry, and government 20-25 participants

Initial Findings: a case study to understand the 3 way communication participation via a conservatorship model to fund critical open source, joint bug bounty programs, and support secure implementation of open source. Liabilities and how do we assign liability and who do we assign liability protections for researchers. Having IP and safe harbor protections for open source developers

Plan to convert this to a formal study, conduct more workshops, and collaborate on evidence based research

Michele Massberg

Title: Decrypting Covert Operations: Human Factors in Cryptographic Design

This study presents the first known decryption of Covert Operations panels and the problem:

In order to decrypt this: they transcribed the sculpture to string representation in Python 3.12.0 And then ran statistical analysis and computed annotation using leiden conventional sigla (Dow 1969). If a certain symbol was missing, they would use a different symbol.

Looking at these statistics, the arabic panel looked like it was plain text and english, cyrillic, and 3rd language looked like something else. After a bruteforce comparison, she used a ciphertext only key search and was able to decrypt this text and reconstructed and cracked it again.

For the 4th panel, a reconstruction of the plain text using key and line number. Through reconstruction of cyrillic panel, it was an executive order during the cold war.

This work provides the first complete technical resolution of the four Covert Operation panels. resolution of the four Covert Operations panels. Across both the English and Cyrillic reliefs, the ciphertexts were found to be consistent with periodic polyalphabetic substitutions, implemented as keyed Vigenère variants. The cipher design reflects the practical constraints of artistic design, manual inscription and a preference for mnemonic, thematically aligned keys.

Ryan Shandler

Title: Destabilizing Democracy: The Long term societal effects of cyber operations

When we think of the impact of cyber attacks and threats, computer scientists think of denial of service, degraded infra, data theft but Ryn thinks about societal divisions, distrust in government institutions, elevated perception of threat, and support for anti-democratic policies.

Phase 1: Attacks arouse psychological distress (increased anxiety levels) For individuals who are not technologically adept, they express significant anxiety

Phase 2: Emotional reaction triggers behavioural/political shifts Cyberattacks even when they don’t cause a lot of damage, for political feelings cause signficiant damage and impact

Weaponizing this phenomenon? DARPA shared that foreign entities could use this research to launch attacks against the US. This may be similar to a termite attack.

Behavioural Model of long term societal effects triggered by adversarial cyberattacks and there is always an effect that happen immediately afterwards.

The experiment that starts tomorrow will have 5000 participants experience the treatment/control and record short term, medium term, and long term effects over the next 5 years. Some attack source will be China or unknown source or damage to mobile networks (shutting down internet access) or US response = partisian divisions. This will be consumed via social media feeds and long term news sources. For individual effects it’s usually seen for 1-2 months but will see a long term observation of societal effects and multi country analysis. How do we mitigate democratic destabilization.

Results will be shared at SHB 2027!

Q&A:

Ryan was asked, “Do you think there will be something similar to the Baader-Meinhof phenomenon for cyberattacks: If you buy a car, you see the car continuously” there isn’t just one cyberattack it’s whats the effect of one cyberattack followup in your daily life and maximizing external control and impacts in the long term

Question for Kami, “NSF has banned from using AI to assess anything about them. What would you do for 50,000 proposals that are to decide to spend $0-50 billion dollars?” If it’s purely AI generated, it’s a lot easier to check them and be cruel in the punishment. The discussion sections suffered far more from AI and they used AI for the sections where it’s the hard part where you have to think about it. We need policies on this. There was discussion on requiring a DOI for each citation for paper submissions and avoid having to revoke any papers due to a hallucinated reference.

Ryan got asked, “With so many cyberattacks already in the news, why will this particular treatment have a great impact?”. Ryan says his expectation is that they are trying to create a larger scale of cyberattacks and be realistic that it will break through the media cycle. They are taking a real attack and amplifying it a bit to see if their anxiety will be amplified so participants can look it up later (and be asked about this).

Kami was asked, “One of the references was not real when they submitted a paper and when they used AI to edit the paper it changed the name of the paper.” Kami said this could be a good learning opportunity for students and researchers.

Kami was asked, “Should this be handled by a higher level?” Kami said it hasn’t bubbled up yet and everyone is trying to handle it this year frantically. Another question, “I’ve had an issue with AI generated reviews, is this an issue with SOUPs?” Kami said some reviewers will not be asked back and only 1 reviewer she had a suspicion used AI due to lack of content and constructive feedback. “Across Security and Privacy papers, the people who are writing the Discussions sections just don’t seem as developed?” Kami got another question, “At the end of the day, we shouldn’t hate those who use AI but at the end of the day we should care if a paper is using AI but care about the quality and be smart about evaluating quality”

Session 7: Public Policy and Privacy

Speakers: David Sidi, Avinash Collis, Geoff Tomaino, Andrew Odlyzko, Tawfiq Alashoor, Blase Ur

David Sidi

Access, Privacy, and Conviality with We Build Networks

Tech for advancing values > Broader Access to powerful tech > institutional support > participipator > enthusiastic

Working on making networking and networking tools more accessable to people. Workshops on topics like ToR node setup.

“We build networks” working with public groups to do educations.

Avinash Collis

The consumer welfare effects of Online Ads: Efvidence from a 9-year experiment

Ads

Positive for users - informational role, match buyers and sellers
Negative - higher prices, hyper focused

Facebook’s internal A/B testing platform has a small number of users who never see ads. They do this for experiment purposes. They recruit people from the ads and no ads. Do an incentivisation study by paying them to not use Facebook. In theory this will help determine how valuable ads are financially.

“Would you be willing to stop using Facebook for one month for $40?”

No significant differences between ads and no ads group. Both gropus value Facebook at about $31/month.

In the next project: how does this generalize across othe internet? How about other platforms. Also targeted vs non-targeted ads. This study looked at willingness to keep being in their condition. This experiment is mid-way.

Users in the ad blocking condition (where people have ad blockers) group want higher payments to keep using the system - this means that they are less willing to keep using the advertising blockers than put up with ads
Those who experience ad-blocking

Geoff Tomaino

Title: The role of preference ordering in consumer privacy violation perceptions

The value consumers get out of advertisement

First-order preference: What do you want?

When you went out for lunch, you wanted a sandwich. Second-order preference: What you want to want
They want to want things that they don’t actually want

People take the view that advertisements represent what the brand thinks my first-order preferences are?

For topics like news, food, people often want to want something other than what they really want.

Study 1:

We asked to imagne thy used an investing site named Finance
FinanceWise recommendation: Low-risk investments
Gave other recommendations that match first or second order preferences
Found mismatch condition makes people feel like a privacy invasion

Study 2:

Your recommendation for
First order: indulgent foods
Second order preference Healthy OR indulgent foods
How do people feel about
More of a violation when ad goes against second order preferences

Andrew Odlyzko

Title: Where is our society and economy going?

The modern erra might be named after Turing from Turing Pharmaceuticals who managed to massively marked up the drug. Amazingly the drug was a generic drug.

Government has sorta given up on anti-trust enforcement - not just current administration
Increasing volume of information - information in the eoconomy as well as private information
- Cartels
- Growing part of the economy is corperate profits

Lots of this has to do with the great enrichment of communities. The industrial revolution.

The market as you think about Adam Smith’s conception. market depends on a certain amount of capacity. Buyers and sellers come together where it is all about quantity and price.
But now with more information available. Now the incentive is to get as much info about your buyers as possible.

Price descrimination is becoming more of a thing. Most of it is done is hidden forms. But this is very unpopular with the public. So most of it is hidden.

Get credit card data on potential employees so they can decide who is desperate enough for a low paying job.

Tawfiq Alashoor

Title: Securing Digital Transformation in the Age of AI: Behavioral Privacy Penetration Testing

Long ago no one understood the value of salt. Then it became rare, and became a traded form of money. Solariam (salt) causing “salary”

I’ve heard that data is the new money. The value of personal data is raising like enver before.

We do allot of security penetration testing, but we don’t think about ethical ways to test the human brain to find vulnerabilities.

Passwords are very predictable

In cybersecurity we want to avoid a single point of failure. But our testing is focused on the technology, the firewalls. This single point of failue manifests through bad privacy decisions.

We asked 2k people a set of questions:

Subjects that were not primed to privacy and not nudged to privacy answer less questions than those who were primed and nudged
Even with small sample sizes we see the same thing

An online randomized field experiment on the importance of privacy education, training, and awareness (PETA)

When a robot violates privacy who is to blame

Consumers blame robot
Companies blame other companies

AI arms race

contact with AI is social media (attention)
contact with AI is GenAI (intimacy)

Privacy is Dead <- today’s myth

Blase Ur (University of Chicago)

Title: What could data subject access rights be?

Built a Tracking Transparency Tool

Oh, the places you’ve been! User reactions to longitudinal transparency about third-party web tracking and inferencing

US FTC’s FIPP’s

Notice - historical focus
Choice - historical focus
Access - interesting future focus by us
Integrity
Enforcement

When you download your Twitter data there is this targeting.js file explaining targeting ads. More data here than in the public user interface on why this ad.

What Twitter knows: Characterizing ad targeting practices, user perceptions, and ad explanations through users’ own Twitter data
Facinating targeting stats. Including things like race.
This is sorta public data, why are people not looking at it?

When you download data you get a huge zip file or a huge file. How do you parse.

Some files were millions of chars but no line breaks
Very hard to parse, hard to read
Unix timestamps simple example
There are no definitions for what some of the things be in the files.

Pursuing usable and useful data downloads under {GDPR/CCPA} access rights via {Co-Design}

how can we make some of this data more visible and actionable
Have users annotate the data and share with researchers
They wondered
- What data is stored
- How is it stored
- How is it used
- Takeaways from the data
Necessary features for a useful tool:
- Definitions and explanations in context
- Searching and filtering
- Data deletion and modification in context

Research on art and privacy

Privacyart.net

Q&A

How does first order or second order align with actual vs ideal self. You are being targeted based on your actual self. Is it because I have a “shady” preference. And that causes the privacy violation.
- Embarassement is coming from inability to connect first and second order preferences. It suggest a lack of control over self.
Is it more about the ads or about being targeted?
- Yes: you are highlighting something about myself that I feel negative about.
To Blase: How do these companies work with the incredibly messy data users download. The thing I realized is that companies have data about other users, which gives them context. Is this value common, good, bad?
- Tried having several people download data from the same companies and then we are building skemas. The researchers only really want certain data, not all the data from that company.

Session 8: Where Do We Go From Here?

Speakers: Sascha Romanosky, Susan Landau, Jean Camp, Matt Blaze, Alessandro Acquisti, Jeremy Epstein

Sascha Romanosky

Studing software vulnerabilities -

Regular Softare vulnerabilities

CVE-ID, CWE, CPE, CVSS, EPSS AI Vulnerabilities
Bias
Discrimination

Attacks against AI systems:

Evasion
Extraction
- Solicit or extract information about the model. Or about training data.
Poisoning attacks
- Poison the data
Misalignment
- Exploiting (without necessarily causing) incorrect or deceptive outputs

Built a model of GenAI components, for each thought through the vulnerability space for that component.

Tokenizer: use some interesting characters and it might react unexpectedly
Fine Tuning
And more…

Susan Landau

Title: Tussle in the Home IoT

Why has adoption of IoT or “smart homes” been so slow?

In an appartment building who gets the data from smart things. For example ring cameras. There is also an issue of controllability: who decides who gets control and visibility.

All this is a tussle bettween different groups including issues over privacy and security.

Tussle in Cyberspace: Defining Tomorrow’s Internet

Trusted Computing Group report this one?

Human-building ineraction

they think about users, visitors, and the buildings themselves.
HCI stakeholders: occupants, visitors, companies
HBI view: includes contractors and building-related groups

If home IoT is going to become a thing, these tussles must be resolved

Safety first: you cannot put up a smart smoke detector unless it is at least as safe as a “dumb” one

All homes are local:

Example: English row houses - their design impacts how they are heated and cooled
Design must include variation and resident autonomy
Even if not capable of doing settings on devices, they should be able to decide who does the configuraiton for them.

The idea that we can resolve all the tussles is nonsense

Jean Camp

Title: Currrent and predicted market impact of the US cyber trust mark

Rational choice
Usability
Market failure

It is challenging to create labels that help people differentiate products. They compared proposed labels at the time of the experiment.

Ask users to judge:

which device is the most secure - participants could use them to identify the most secure products
Privacy was ranked as more important than security

Will people pay for privacy?

We gave participants $15 and said to buy a lightbulb - simple version
Asked why did you decide?
- Price!
- Brand
- Security - these people did pay more, and picked the most secure label
Unexpected questions:
- Most secure watch made in China - but no one would trust the label.
- yay another study
  - Country of origin did matter to consumers

What to users mean when they say “security”, “privacy”, and “IoT”

Our fellow Americans are so lost
- The energy company came and put this thing in
- My garage door opener?
- My car connects to the Interent - so I have an IoT
- Poor understanding of where the boundaries of IoT are
Quality is more important than “security”

Cyber Trust Mark might have impact on security-aware consumers. Even identifying which devices are IoT devices.

People will pay for security
People are very lost

Matt Blaze (Georgetown University)

Title: Misplaced Pessimism and Unwaranted Optimism in US Election Integrity

Election security has been a long-term research topic. Everyone was ignoring it, now too many people are looking at it but in the wrong areas.

Problem is which do we want/need

Making elections more trustworty
Making Elections more trusted

Two unsastisfying relaities

Serious technical vulnerabilities in US election infrastructure
There is no credible evidence that these technical vulnerabilities have actually been explited to the alter the outcome of a US election

Three problems:

hard: improving reality - making elections more trustworthy
harder: Misplaced pessimism - mistrust of (imperfect but improving) elections
Hardest: Unwarrented optimism - demand for horribly untrustworthy election technology

Misplaced Pessimism: Voter Skepticism & Disinformation

As securtiy improves, trust seems to be decreasing to an all time low
Common theme: election technology is horribly complex and is being manipulated by third parties
These views are moving into the mainstream

A common theme is taking the work of experts and conflating the existence of vulnerabilities (true) with them being exploited (no current credible evidence). Just because a vulnerability exists does not mean that it has been used. This attributes enormous power to adversaries, far beyond what they actually hold. Most of this comes down to the assumption that there is no way that the (opposing view) group could have won, therefore the system is fraudulent.

We worked hard as technologists to convince people that elections are insecure. Then people started believing us too much.

The general public thinks: I can bank on my phone, why can’t I vote on my phone. This is a bad idea. People both think that technology is terrible for elections and they want more of it.

Alessandro Acquisti (MIT)

Title: The Internet Behavior Experiment (IBE): An experimental platform to study the impact of tracking, targeting, and advertising on consumer behavior

Economists see behavioral advertising as a win, it helps consumers by showing them what they want/need to see, and helps potentially smmall groups reach the right users without spending impossible amounts.

Is this true? Finding out is not easy.

The Internet Behavior Experiment (IBE)

Multi-component client-server platform for digital experiments
Collects participants rich micro-level actions
This system is designed for experiments, not necessarily natural behavior
Extensions
- Chrome extension
- Thunderbird Extension
Extensions send only needed back
Live dashboard

Participants

In experiment for 3 months
Three treatments
1. Targeted ads
2. Ad-blocking
3. ???

Status

Still recruiting, have about 550 participants
1TB per week

Sample data Users

This sample size is too low, more an example of what can be collected
Can track what one user is doing. Can see what is being typed on various pages and how tabs are being switched.
System is trying to identify things like “Hello Kami” and strip the data client-side

Looking at how people reaching merchant website. For example via an ad, a search, ChatGPT

Seeing pathways people take to get to high or low quality websites

Jeremy Epstein

Brain computer interfaces

Lots of things go through our brains, think about dreams. Imagine that a computer was capturing my neuro data. What all can it capture?

There are many uses for Brain computer interfaces

Enabling people who have physical disabilities
Moving mouse for games
Deciding your optional fragarence for perfume

Focusing on external devices.

There are many potential privacy risks here

Unclear how far into the future this is
There are existing patents for some of these technologies
Some companies sell devices that do this sort of thing.

What do current companies gather from you about these devices:

Study looked at 30 companies
Many of these companies are very small and may not understand the privacy questions or what is in their own policies
Small companies may not be prepared to protect your data

The Battle for your Brain by Nita A. Farahany

Safeguarding Brain Data: Assessing the Privacy Practices of Consumer Neurotechnology Companies

Q&A

For Susan: for some products, you cannot buy them not smart.
Appartment complex: they have a video camera and it is recording everyone, children, people, dogs.
- Focus on the tussles - thought would be straight forward, but the furthist we can go is say who needs to be in the room for the design/setup. But the issue is so localized, that we cannot create broad standards that work for such a wide range.
Brain-computer interfaces: have you considered things like sleep pillows
- We need to think what is being measured. We might want to know if say a truck driver is alert and awake. But maybe we don’t want to know what they are considering eating for lunch. That level of extraction is not not currently possible. But we need to think about consequences now.
For Sascha: expanding the considered set of threats to includ Cuda runtime. Might be helpful to think about Cuda and hardware layers. Hardware bugs are perminent. But Cuda is a huge lever for an attacker.
- Happy to look into it
For Matt: Do you see a future where we can reduce the issues happening around trust.
- Everyone agrees that paper ballots is the gold standard. The problem is how are they tabbulated. US elections is one of the longest and most complex due to the number of things that need to be voted on.
- Fortunately we have auditing approaches that let us do statstical sampling of ballots that can be used to verify the automation.
- Lack of trust in elections has very little to do with how secure they are. More far-fetched theories.
- Threats are quite different in different countries.

Security and Human Behavior 2026 Day 1

Tue, 19 May 2026 05:12:00 -0400

Welcome to the 19th Security and Human Behavior. The write-up below is a live-blog of the workshop. The below summaries are my interpretation and should not be seen as a litteral quotes from the presenters.

Contents:

Session 1: Abuse and wickedness
- Burcu Bulgurcu, Sarah Chun, Miranda Wei, Marie Vasek, Stuart Schechter, Ali Ahmed
Session 2: AI
- Speakers: Sameer Patil, Laura Brandimarte, Judith Donath, James Mickens, Bruce Schneier, Arun Vishwanath
Session 3: Privacy
- Speakers: Emilee Rader, Maschio Fernando, Tesary Lin, Florian Schaub, Christina Fong, Melissa Hathaway
Session 4: Individual Security Behaviors
- Speakers: Richard John, Norman Sadeh, Nathan Malkin, Kent Seamons, John D’Arcy, Rick Wash]

Also see:

Sesson 1: Abuse and Wickedness

Burcu Bulgurcu, Sarah Chun, Miranda Wei, Marie Vasek, Stuart Schechter, Ali Ahmed

Burcu Bulgurcu

Deepfake related phishing and fake doctored images/videos used for persuasion. These types of attacks are very effective. The discussion in this space is shifting from accuracy. Trust is becoming more important including trust of sources. Research study finding a surprising number of participants (students) deceived by deepfakes.

The line between strong persuasion and deception is hard to differentiate sometime. Need to study this more. Disclaimers have promise, but how might they look in different situations is an ongoing challenge.

Sarah Chun

Removing Child Sexual Abuse Materials from online media companies. Or: “Looking for what you never want to find.”

The amount of child sexual abuse material online is truly staggering and terrible. Sarah is working on a project to better understand the dynamics of the space, how social media companies are interacting with non-government agencies like NECMEC. These interactions cause frictions that lead to less identification of this content then might normally exist.

Four main tensions:

Legal
- In US this content must be reported the moment that media companies become aware of the content.
- Challenge in balancing removing content and possibly blocking good users
Automation
- Automation is great, but once turned on you cannot unsee what was found. Remember the law is around awareness running automation makes groups aware.
Data Accuracy
- The data is less accurate than might be expected.
Human costs
- Viewing of this content by moderators is costly in terms of mental health.

Miranda Wei

Title: Harm is not an anomaly nor a reason to despair.

Research on IBSA: Image-based sexual abuse

Its easy to think of IBSA as an anomaly. That is rare, not something most people experience. And that most people need specialized help.

Studies found that most people need general advice. Also most of the perpetrators are people to victims know. Also there is a mix of severity of harms.

It matters that these harms are not an anomaly because if it is rare we handle it one way, but if it is a common event then we might need to do more society-level interventions.

Harm is a reason to despair…. “your research is depressing”. But the real issue is general despair “how can computer scientists even do something here” or “bad things have always happened”.

The worst outcome is to give up. Our role as scientists is to solve hard problems.

There is no such thing as perfect security, there is only threat modeling. Threat modeling is one of the most appliciable approaches in the situation of ISBA. It accepts that perfect security may not happen, but security can be improved. Frictions can be added to reduce issues.

Combating AI-enabled sexual abuse material. Addressing this space is quite challenging. AI makes it super easy to generate CSAM, and it means that hash matching does not work. It is very hard for well meaning organizations to build solutions when having this content is highly illegal. CSAM laws are inhibiting progress on building some types of solutions. Researchers also cannot test these systems again because the content is highly illegal. A possible solution is to consider building an IBSA or CSAM safe harbor for researchers.

Marie Vasek

Title: Interaction Scams

Analyzed over 1.3 million text messages in the UK that had been reported.

186k spam
- overwhelmingly gambling messages
- Do contain links
213k scams
- Uncommon to include links
- Lots of interactive scams that clearly trying to cause another action like texting back, calling a number

But how do we know that these are scams/spam?

Tried responding to a good number of messages. Particularly “hi mom, I dropped my phone”

Most pig butchering sams were a “female” scammer targeting a “male” victim.

Stuart Schechter

Title: Cultural norms

South Korea - Stuart was there for 5 years.

Resume’s in South Korea includes the image of the person, they tried to stop this, but now you cannot ask someone’s weight.

Privacy around sexual identity and how relationships are managed is an interesting topic. Such privacy is negotiated as a group because a statement by one partner impacts the privacy of the other partner, and possibly the whole family.

Books:

Different: Gender through the eyes of a primatologist by Frans de Waal

Ali Ahmed

Bug bounty programs exist so that people can report bugs to organizations and also get compensated. The goal here is to get bugs fixed, possibly cheaply. The question is: is this an effective approach? Does it increase the number of attacks on a system? Organizations tend to be very secretive about the number of attacks they get.

In 2020 CISA ordered every federal agency to have a vulderability disclosure program. This is an opportunity for study, a natural experiment.

Through FOIA request Ali got incident reports. Turning on VDP on average increased attacks on the web by 24%. But impact on other types of incidents like improper usage is minimal to none.

Good hackers need attention to have a Vunerability Reporting System have a positive effect. Attention here means things like getting the reported bugs fixed.

Q&A

Work on CSAM by Sarah and Miranda - you are awesome for doing work in this space.
- Tatiana Ringernberger does some interesting work in this space.
Laura Draper from Stanford did a excellent report on not only CSAM but also on child exploitation
To Ali Ahmed - Have you also studied Hacker 1 because you can get paid in blockchain - so it is possible for employees to submit and companies to not know.
- Actually submission by employees is generally allowed, just not the security team.

Session 2: AI

Speakers: Sameer Patil, Laura Brandimarte, Judith Donath, James Mickens, Bruce Schneier, Arun Vishwanath

Sameer Patil

Universities who are using Duo for two factor authentication: most of the audience is from a University that is using Duo.

Do people think the user experience of two factor authentication, such as Duo, to be easy? Most of the audience has hands down.

Starting to study the usability of two factor authentication in Universities. Have been collecting configurations of Duo security accross many Universities across the US. Some let you stay logged in for 1 day and some for more than a month. There is also quite a range of options for how two factor can be done including SMS push, codes, and app.

The intersting part here is around incentivisations. How are Universities incetivised to setup these types of tools?

A priority at Universities is starting to be cyber insurance. To get cheaper insurance there are a pile of requirements like turning on two factor authentication. The question is who takes the liability. How do we address these pressures. Human factors do not seem to be taken into account well. Universities are also just different structurally. A corperate laptop is different from a Professor laptop that might have sensitive data protected under ethics rules.

The yellow banner of “you are emailing someone outside your University” is an example. The banner is wrong in several cases, like emails from subdomains. How do we bring the user experience back in?

Laura Brandimarte

Title: When suspicion Fails: Understanding and preventing financial fraud against older adults

Trying to establish why the elderly fall for scams like tech support scams. Collected data from elderly facilities: interviews about all kinds of fraud the eldery suffer from.

64% raised suspicion during the encounter, 41% of suspicious victims still lost money. When no suspicion at all, then ~80% fall victim. A participant that had an issue, used Google to find help, and called the phone number they found: “I kept telling myself, this is Apple. This dooes not feel right, but this is Apple support.”

Most recommendations are based on a premis that if people were aware, that would fix the problem. But our data shows that in about 50% of cases, awareness is not enough.

Why do people who are suspicious not act on those suspicions.

Socioemotional Selectivity - Older adults pritorize emotinal meaning over information
Routine Activity Theory - Capable guardians prevent exploitation
Persuasion Research - Authority, urgency, commitment escalation drive compliance

Created Suspicion-override model with four pathways:

Trust Anchoring
Goal-State Momentum
Adversarial Counter-response
Guardian Abscence

Judith Donath

Title: Provable images

Fake images are a thing and a big problem that can impact global issues. The other issue is that real images are now under suspicion. So both problems are real: real images are no longer persuasive, and fake images can look real.

Judith works on Signaling Theory.

Long ago photographs of ghosts were very possible. Its one of the things that made photography popular. But in mondern terms these would be fake images.

No one is good at identifying fake images. AI generators are improving faster than the AI detectors. The real issue is that we need to know before showing people if an image is or is not fake.

Idea: lets get a camera to cryptographically sign photos it takes. If it does on-camrea modifications, then it can sign what they were. Assuming that works correctly: it would help professional photographers that want to prove that they took it.

But what does the technology solve:

Image that is taken in a diffefrent place or context than what claimed
Low demand for the truth - sometimes we don’t care if it is fake or not

That still leaves a big space of people who would rather not be sending out or forwarding fake images. This is a usability problem. How do we tell people that an image is or is not true. Want to avoid saying that other images are “fake”. Because “fake” may be intentionally a form of communication that has a real message even if the image itself is created rather than the initial literal photograph.

We need to start thinking about

James Mickens

AI, AI, AI, everywhere.

“Who wouldn’t want all our interactions to be mediated by a large number of floating point numbers.”

The computer scientist, legal, and policy groups need to start talking about AI. Models are increasingly connected to societally inportant infrastructure. The military is adopting it. Models are also increasingly complex. Models are also perfectly fine with lieing. Models will try and engage in self preservation.

“This is not good.”

What about AI safty research? Many models lack secure mechanisms for inference-time enforcement. Where is the trusted hardware and software that will enforce these policies.

How do we protect the software and hardware that monitor and protect us from the models.

Guillotine is a Hypervisor for Potentially Malicious AI. Building control infrastructure to deal with AI-specific threats.

But we need to link these protections to the law. The problem is that solutions like Guillotine do slow the models down, even if it is by a very small amount. So without some pressure building them is not a priority.

We need the hypervisor CPUs to be able to inspect the model, but not the other way around.

Bruce Schneier

Title: Cybersecurity in a World of Instant Software

Anthropic announced Claud Mythos Preview - so wonderful, magical, that it cannot be released to the general public. Pure marketing genious. Press happily repeating piles of unverified claims about how wonderful this model is. No information on things like false positives. One of the reasons they haven’t released the model is how expensive it is to run, they just don’t have enough compute.

OpenAI shortly later: our model is so awesome we are not going to release it either.

There is some reality here: Mozilla uses Mytos to find many flaws in the browser. Similarly Apple patched a serious vulnerability found by AI. Other groups have worked to reproduce Mythos’ results using a much cheaper model.

How do we handle the huge number of vulnerabilities that will be found.

The main topic though is how are we going to handle the age of Instant Software. Software is getting cheaper to write. AI writes code it uses, then just throws away. Some software is just instantly created, used and removed. But other instant software sticks around.

Discovery of vulnerabilities is becoming easy. The newer fancy models are not necessarily better, they are better in that less complex prompts are needed to do it.

Open source software is the most vulnerable here. Simlarly libraries that are being pulled into propriotoriy software.

Unknowns:

AI will transform what a vulnerability researcher does.
How good will it become? Right now finding is easier for an AI than finding and patching. If it can do both the situation changes drastically. There is a world where finding and fixing vulns becomes part of the normal software development process.
Patching itself. Private individuals should turn on patching. But large organizations do not turn on auto patching, because of the risks.
How good are AI at finding obscure vulnerabilities? We are starting to see AI chaining vulnerabilities. You can imagine a self-healing system where an AI is finding and patching systems in real time.
Are these AIs trustworthy? The attacker is not going away. The attacker’s new goal is to hack the AI so that it does not find the vulnerability.

Arun Vishwanath

Title: A Paradign for Preserving Human Interrupt Capacity in Automation-Rich AI Systems: A Suspicion Reflex Framework

My group has worked on how people think about scams, why they fall for them, lots of understanding of people. At some point decided to switch to influencing policy. Then realized that policy makers don’t understand how policy is implemented at companies. There are many people doing nothing but trying to implement the policies that are being created by multiple nations.

What is really going on at organizations?

Common Threads

Synthetic News Amplification
Automation Bias
Fake ransom calls
AI hallucination acceptance
Deepfake executive request

Came up with the Suspicion Reflex Theory (SRT) model as a state. What is it that doesn’t cause suspicion? Is there a framework for how we design technology. We have temporal constraints. Constraints around congnition. Perceptual similarity.

People have mental “scripts” that they run.

Stage 1: automation layer
Stage 2: Anomaly Detectoin
Stage 3: suspicion reflex (interrupt)

Bypasses happen. For example a scrpit opperating in your mind before you run any type of meaningful detection.

Fluency - humans are good at short-cutting cognitive tasks. Drive a long distance, and try to remember the trip.

We need Anti-Fluency: nonlinear tradefoff between efficiency/fluency and oversign/safety. Systems should not optimize seamlessness beyond the threshold where human interruption collapses.

Session 3: Privacy

Speakers: Emilee Rader, Maschio Fernando, Tesary Lin, Florian Schaub, Christina Fong, Melissa Hathaway

Emilee Rader (The Information School, UW-Madison)

Privacy policie spromise anonymity….

People believe that anonymity protects them. Yet they do things like making a new account and then share identifying information.

What do people think anonymity is?

Survey with 291 survey respondents on Prolific. Elicitated descriptions of “online or offline situation in the past where you felt anonymous or where you were trying to be anonymous”. Two of the close ended questions:

Motivations
- Answers matched the existing literature. Many people feeling safe from retalitation or unwanted attention. Avoiding being tracked or profiled. Sharing true thoughts, feelings, or opinions.
- The motivations are all very different, even the most common ones.
Approaches
- Trying to be unidentifyable (79%), trying to be unreachable or untraceable (68%)
- Less common answers are interesting: trying to be indistinguishable from others (51%)

Some participants are trying to do things like not overshare with people they know (questions on forums about potty training) and wanting to not be bothered (seating in a restarant in a low-visibility area).

Goal of the research is to look at the goals of anonymity and the mental models people have. Anonymity does have a range of meanings to different people.

Maschio Fernando

Title: Privacy vs Persuasion: The consequences of LLM design

LLMs are designed to be very engaging to use. They exhibit emotion, nonjudgement replies. One of the top use cases for LLMs is companionship.

How do conversation cues by LLMs impact users. Sycophancy can overly impact people by agreeing with them. Inter-entity validation may impact what they feel comfortable disclosing.

Agreeableness vs sycophancy in LLM chatbots

Agreeableness - helpful, genuine, cooperativeness, warmth
Sycophancy - extreme opinion alignment, flattery, excessive validation

Sycophancy has been shown to increase users trust. Shift decisions toward suboptinal choices.

Study was run using US Social Security Knowledge. Participants completed a Social Security knowledge questions, and then were asked sensitive financial questions. A chatbot was used to interview participants.

Survey - no chatbot
Neutral chatbot
Sycophant chatbot
Disagreement chatbot

Participant using sycophant chatbot: “The chatbot made me feel more confident in my responses”. Participants assigned to any chatbot disclosed less information than in the survey condition.

Tesary Lin (Boston University)

Title :Regulating Consent Choice Architecture: A consumer welfare perspective

Two approaches to regulating consent choice architecture:

Targeted restrictions - ban certain types. For example banning “pre-ticked boxes” (GDPR - Recital 32). Or “It shal be as easy to withdraw as to give consent” (GDPR Article 7(3). )

Problem is that companies can A/B test and find an alternative approach that will work just as well. Develop new dark patterns.

Reducsing exposure Opportunities

“A business shal not develop or maintain a browser that does not include functionality … that enables the browser to send an opt-out preference signal.” (California - opt me out act, 2025)
Reduces the exposure to consumers - if consent banners become rare consumers will pay attention to them more
But there is no free lunch because if we do browser-level consent, we loose grainularity.

Research Question: site-specific consent vs Browser level consent

Leverage a browser-enabled plugin.

7 day experiment
Choice architecture tested
Deliberate obstruction (hiding “reject all”)
Reordering option s
Greying out options

Choice frictions such as hiding options reduce users opting out. Policies that target such frictions would have the best improvement.

Takeway:

Choice friction matters
Browser-level choice maximizes consumer welfare

Florian Schaub

Title: Layered, Overlapping, and Inconsistent

Most people do not read privacy policies: long, you cannot do anything anyway

In financial industry privacy policies are dictated by the GRAMM–LEACH–BLILEY ACT - these are shorter, more comparable, and you do have choices. But…. that is not the only notice banks offer: mobile notice, website notice, Californian notice.

Studied largest banks by asset value. Compared policies.

GLBA notice, general, mobile CCPA, and ???

GLBA notices are nice and easy to auto extract. The other ones require lots of manual effort.

Findings

Half of the banks had at least one policy beyond GLBA notice, some had 5
The bigger the bank, the more words there are and the harder they are to read (Flesh Kinkade Score)
Of banks that say in GLBA notice “we do not share for marketing purpose” but in other policies they are sharing for marketing purposes
GLBA might also say that they are sharing, but other notices say they are not sharing

Takeaways

GLBA has lost meanings because you also need to read all the other notices.
These policies might not be legally inconsistent. GLBA only covers financial data. It may be that an app is tracking non-financial and sharing that. But that is confusing to end-users.

Christina Fong (Carnegie Mellon University)

Title: An experiment in hiring discrimination via online social networks

Interested in inter-personal decision making. For example: who should I hire, but I can only hire one person… so am I worried about not hiring at all or worried about hiring the wrong person.

Psychology has deep information about how we process new additional data in our brains. When we hear a name we pull on our own memory to build a more full mental understanding of who that person is, and that constructed mental understanding is then used in decision making.

Do US employers actually search candidates online?

Does what they find impact their decisions

Study manipulated online social network profiles. Then applied for >4000 jobs and measured callbacks. This was a real world experiment.

Did see a strong reaction in certain states where the religion which was only disclosed on social media had an impact on who was ultimately given a callback.

Melissa Hathaway

Title: Privacy

What keeps me up at night?

Over the last 17 months we have had an unprecidented shift in Privacy in the US. The department of government efficiency run by a technology person: Elon Musk. All the data was accessed, data that was never meant to be co-mingled. We still do not know how many copies of that data still exist. The IRS gave access to all the tax refund. Treasury made an information sharing agreement with ICE to “enhance” enforcement. CBP bought access to ClearviewAI to get biometrics. Federal government is trying to get access to state voting records. Most of this requested data was not encrypted. Data was sent to Palantir who is “enhancing” it with social media knowledge. All of that is now being used as part of the surveliance state.

Violation of the Privacy Act of 1974.

Privacy in the age of AI

Lawsuit against Perplexity - they have a privacy mode, they have an opt-out. They have an agreeable prompt, that is trying to be more agreeable and get more data. The terms and opt-out was not honored.

So what is privacy in the age of AI?

Is consent linked to a conversation. Consent for recording of conversations is different legally. Is chatbot consent more conversation like? or more Terms of Service like?

Are we back to “I’ve got a free service and I’m the comodity” but AI is for pay. So is it now “I’m paying and I’m still the commodity”.

Q&A

For Florian - what level did you find that LLMs were helpful in summarizing Privacy Policies. Getting an AI to read a privacy policy for us sounds great? Is it possible?
- Answer: we didn’t use LLMs for interpretation. In other work we have found it to work so so. The challenge is that privacy policies are ambiguous by design. They are designed that way so that every time an engineer makes a change they do not break their own privacy policy.
- Privacy policies are useful for regulators, but not really for consumers
The goal of the companies is for their model to be the single point of interaction for users. So interactions come in through the funnel of LLMs.
- We are moving more into a surveillance state.
- We worry about LLM providers gaining too much market power. Right now there is competition, but we worry that this will not last. If there is too much market power, that is bad for consumer privacy.
- Depends on if the AI is an agent, or if the AI a double agent.
WeChat in China is already an economic model for a central point of market weight.
Story: we think about consumer choices and then we think about policy. But there is a middle layer of the service provider. A few years ago searching for a consent provider. Most companies in this space are new. We were trying to get a system, but the issue was the cookie banner. We wanted consumers to have certain choices. I learned from the experience is the consent provider is trying to teach clients how to get consumers to agree to more tracking.
- Consent providers are not neutral parties. They represent the interests of the individual websites. Because the websites pay for them.
- Consent providers are fighting against browser-based consent. Because it would undermine their financial model.
Mozilla review of the automotive policies turned up some fascinating things. Like how passengers are agreeing to give away their medical data by riding in a car. The research concluded that the above statement was likely caused by copy/paste from other policies.
- At no point in the purchase of an automobile are you ever told about the policies or walked thorugh them.
- Even worse if you get in an Uber
AI can also change privacy for the better. There has been extensive research into automated reading of privacy policies (Usable Privacy Policy Project). Humans do not read the policies. AI is less accurate, but that is still better than not engaging at all due to being overwhelmed. Maybe we should be measuring regret rather than up-front understanding. How might AI be used to improve privacy for users?
- The policies are vague. There is only so much AI can do if the information is not there.
- But do we have local models that can do that? Are they the user’s agent or are they a double agent.
Why is privacy strictly consumer. Because if they are stealing $4 a day of your time, $2 of that time is probably work time. So why don’t companies take employee privacy and employee data more seriously?

Session 4: Individual Security Behaviors

Speakers: Richard John, Norman Sadeh, Nathan Malkin, Kent Seamons, John D’Arcy, Rick Wash

Richard John (Georgetown University)

The Cognitive Mechanics of Normalcy ias in High Consequence Environments

Does research on cognitive modeling

Thinking about situations where military (or similar groups) have an incident and after the incident we worry “we should have been able to predict this”. But the incident does actually look like non-issues.

Normalcy Bias might be the cause.

SDT Decision Thresholds - there are two distribution of signals, one where we have an issue and one where we do not.

When we look at decision making more broadly. Its necessary to decide if a signal is positive, null, or a problem.

The penalty function is asymetric. It is far more expensive to send someone out to check on a detected signal than it is to decide it is not real. This feeds into Normalcy Bias.

Norman Sadeh (Carnegie Mellon University)

A large percentage of security incidents can be traced in some way or another to human error. Someone either doing the wrong thing, or failing to the right thing.

The other way is to let users ask questions. Users used to search online. Now GenAI is an option, but their accuracy is not the greatest. One of thie issues is that security is a secondary task, so there is no guarentee that people will act on advice. So we have been looking at how to best motivate people: nudging.

“Your Location has been Shared 5,398 Times!” this motivates users to look. But these are canned answers and they can be tested for efficacy. But with AI you don’t know what the question is going to be and similarly the answers will be dynamically generated.

H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L.F. Cranor, Y. Agarwal, “Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging”, Conference on Human Factors in Computing Systems (CHI 2015), Apr 2015

Built Chrome plugins - what does it take to get people to act on advice being given to them? Started in the lab asking for people to give feedback.

Early work used Protection Motivation Theory (PMT) to help build prompts that are intended to be motivating.

Study with chat-style Chrome extension. Asked users to ask at least 2 questions a day, which they did and some asked more. Did a daily mini-survey at end of each day. Controled for PMT-style prompt or not.

PMT did make a big difference.
Participants were more likely to follow answers generated with prompt engineering
Some participants kept using the tool after the study

There are many ways to improve the effectivenss of answers generated by LLMs.

Nathan Malkin (NJIT)

One way to improve usable security and privacy is to remove security decisions from users. Skeptical of security education. It is the opposite of automated security. The security decision is so hard that we have to teach them, and of course once we teach them they will never mess up in the future. Where is all this learning supposed to be happening? Do everyone take classes in it?

Actually it turns out that K-12 schools are teaching cybersecurity. Have been researching what teachers are teaching to kids:

Most security-related instruction happening in computer science courses - almost always electives
They are still learning from tech teachers, homeroom teachers. “Education” happening a range of ways from unstructured interactions all the way to capture the flag.
Less common though than messaging like “don’t talk to strangers”.

Looked at Teaching Standards published by states - what teachers should be teaching at different grade levels.

About a third are related to cybersecurity (ethics, biases, what is malware, digital citizenship, encryption)
Standards don’t seem to be clear on who is being educated: everyone? future tech professionals?

What is it that schools should be teaching to students?

Interviewed security experts.
Experts like the teaching standards that exist.
- Education should emphasize a different kind of thinking.

Security as a habit

Not so simple…
So many stimuli - habits are repeated reactions to stimuli
- But what are the stimuli we want to condition in security? Stimuli are everywhere and anything can be a threat. Very hard for people to do.

Security as a mindset

Suspiciousness - The role of human operators’ suspicion in the Detection of cyber attacks
Curiosity
How do we teach these? Suspiciousness and Curiosity are very hard to teach.

Kent Seamons (Brigham Young University)

Title: Deniability ois more than Protocol Feature

Secure Messaging Authentication Ceremonies are Broken - but most of the time these ceremonies succeed so users may see it as a waste of time.

What is Cryptographic Deniability?

Millions of users now use tools that have cryptographic deniability - what is users understanding?

Looked at both what users think and what we are seeing in court cases. There needs to be in-app support, legal acceptance and societal acceptance. All three are needed or it does not work.

Found 228 court cases involving WhatsApp, a third had WhatsApp as major source of evidence. But 0 cases when cryptographic deniability was used in the argument.

Users were alarmed by deniability - they felt that only bad people would need this. Most expected non-repudiation from their chat tools. The need for deniability is dependent on lots of context like who is being chatted with or over what medium.

Users would trust more if there was a screenshot of a conversation, even more if someone pulled up their app and showed it to them.

So tried modifying Signal to allow users to edit messages sent by others. Gave uesrs an example of conflicting transcripts (phone 1 != phone 2). Seeing these edit ability in apps helped people understand deniability much better.

Idea: giving users a tool to let them try it out and experience security concepts. Would like to explore this idea more.

John D’Arcy (University of Deleware)

Title: An Idiographic Approach to Behavioral Cybersecurity Research

Time will tell the case for idiographic approach to behavioral Cybersecurity research

Deterance Theory - if you increase the costs of engaging in a behavior then in theory the behavior should reduce

Nomothetic Approach

Idiographic approach - person specific approach

Looked at a large number of papers looking at computing behavior - predicting behavior?

An idiographic approach allows researchers to consider a single user across time. Employees for example are not equally vulnerable at all points in time. (Have they had their coffee yet?) Provide distinct theoretical insights on behavioral data within a user.

Users often rationalize actions: “no real harm”, “I had no choice”.

This study looked over the course of a work week.

Ego depletion - your ability to self-regulate are diminished over the course of the work week. So more self-rationalize may increase.
Had people take surveys MWF.
Measures Neutralization to compliance - as I neutralize more my compliance goes down. Neutralization becomes more influential later in the workweek.
Outcome highlights that considering the impact of time is important in analysis.

Rick Wash (UW-Madison)

How people think about making security decisions.

What are some of the phylisophical aspects to decision making.

We ask people to be careful and not click on dangerious or fraudulent links.
We ask people to use specific technologies like two factor.
If you see something say something

We make many requests of people to do security. Doing security requires the people on the ground helping.

Some requests are reasonable: don’t post your SSN online
Some are impossible: memorize a password so long/complex that a computer cannot guess it

We make requests all the time. Technology design is all about making requests of people. Policy design (organization policy) makes requests of people.

What are reasonable requests to make, and what are unreasonable. We normally talk about this in terms of usability. How hard is the request - how difficult/easy is it.

Usability is not a great framework for understanding security requests. It is a good start, but not enough on its own.

Why is it that we do security? Someone should be benifit from doing security to make it worth it for everyone to be involved in it. What do those benefits look like? In theory if employees are more security they can get more done. For example the recent Canvas attack means that teachers could not get grading done on time.

Users want to keep control over their things. Having control over those things is valuable, a security incident causes the loss of that control. Security also gives stability. It enables us to plan for the future. The ability to plan is also important for autonomy - for feeling like we have control over our own lives.

Connect the benefits of security back to the concepts of security requests. Reasonable security requests should provide benefits for the people who are fulfilling the requests. In cybersecurity we normally ask users to do tasks that should benefit from those actions through having security.

Started with a simple framework from bioethics. Think about how we train doctors: autonomy, minimize harm, and justice & and fairness. Starting to use this framework to think about how to think about requests. Usability does not handle autonomy and the fairness aspects. A command: “do this or get fired” is different from autonomy.

Requests like “don’t click on links” is unreasonable because of the restriction on autonomy.

Fairness is an interesting because it depends on who the request is being made of. Power relations.

Q&A

To Kent: how much is the issue around putting users in the drivers seat to help them understand, or is it more around visibility.
- You only get the benefits of security if you know you have security.
- There are many different facets of security and in different contexts. Making things harder to give confidence is also possibly seen as manipulative.
To Rick: Nothing to hide, nothing to fear. Justifications of security and how that relates to justifications of security requests.
- In the national security space we often talk about social contract theory to gain a collective benefit of national security. How does that map into the cybersecurity relm.
There is this visibility thing and this social contract thing. Now we have PassKeys. Password managers are very transparent, you can see the random generated email. PassKeys are “better” than passwords - you cannot see it, you cannot modify it, but trust us that its safe. PassKeys have missed the visibility. We need to stop equating non-compliance with the user being wrong.
- PassKeys - is there anything we can do to make visible. This is a hard space to work in in terms of explaining what is happening.
- What it means to be transparent for people in this room is likely different from being transparent for an average person on the street.
There is an imbalance in terms of signal interpretation. The costs of not sending out someone to check on a (potentially false) signal are born by the ship that may be in distress. How can we flip that computation.
- There are very few false negatives, many false positives. So the operator is always thinking about if it is a false positive. But there is serious negative outcomes in cases where a real signal is ignored. So it is less an incentivization issue. The costs of sending someone out to check is just more immediate and expensive.
To Nathan - the schools have locked down devices. The schools are punting the problem to the parents. The parents are assuming that the school will handle. And the kids are doing whatever they want.
- Many of the behaviors they are responding to are happening outside of schools when they are not supervised.
Thinking of cognitive depletion as an explanation of why secure behavior is not followed. But in some situations the secure vs insecure behavior have similar effort.
- Our perspective is that security is an add on to employee tasks. Most people do not think: “yipee! I get to do security.” There are possibly boundary conditions.
To Rick: What are we giving away now that 30 years in the future will be considered sensitive.
- Phone numbers are like that. We used to publish them in phone books. Now it is how we access some apps.
- Hopefully deletion will become more of a thing.
- We have already talked about deepfakes. People may become more pretective of voice/video recordings.
- The future is very scary. Our ability identify people based on seemingly simple data is quite good.