by Rick Wash
The Department of Media and Information (MI) was well represented at the Symposium on Usable Privacy and Security (SOUPS) this July. Held this year at Facebook's headquarters in Palo Alto, California, SOUPS is one of the top academic conferences to discuss the human side of information security and privacy. Many people in the BITLab have been working to better understand how people think about information security and privacy decisions, and presented their findings at this annual conference.
I presented a paper looking at Windows software updates—when Windows pops up a notice asking you to install updates. Software updates are important because they often fix vulnerabilities that hackers are using to break into computers. We found that many people have trouble understanding what their computer is doing and when it is installing updates. More importantly, most people also were unable to configure the computer to work how they wanted it to work; about half of these misconfigurations led to greater security (good!) and half actually led to less security. This paper 'Out of the Loop: How Automated Software Updates Cause Unintended Security Consequences' was co-authored by PostDoc Kami Vaniea, Assistant Professor Emilee Rader, and undergraduate student Michelle Rizor.
Assistant Professor Emilee Rader presented a paper looking at what concerns people have about information privacy on Facebook and Google. A number of modern technologies used by companies like Facebook and Google have serious and largely hidden privacy implications -- specifically about privacy from those very companies. Emilee found that most people were aware of data collection, and that greater awareness was actually associated with less privacy concern. Few people, however, were aware that data collected about them could be aggregated from different source and across multiple people to make even more inferences. People who were aware of this aggregation, though, showed greater concern for data collection. Her paper was titled 'Awareness of Behavioral Tracking and Information Privacy Concern in Facebook and Google.'
PhD student Yumi Jung presented a poster about her work looking at privacy concerns on Facebook. She found that people reading a Facebook post usually express more concern about privacy for that post than the person who originally wrote the post. This suggests that people reading posts are likely to be more protective of privacy than the original author would be. She also found that privacy concern increased as information spread further from the original author to friends-of-friends and beyond. This poster was titled 'Transitive Privacy Concern in Social Networks' and was co-authored by Assistant Professor Emilee Rader.
BITLab Undergraduate student Katie Hoban won a Distinguished Poster Award for her work looking at how people learn about information security. She found that many people are very concerned about hackers, and that this concern appears in both stories told among friends and in the news, but very rarely did computer security professionals even mention hackers or describe ways to defend against them. She also found that viruses, malware, phishing, and spam are frequent topics of inter-personal stories and formal education, but rarely appear in the news, suggesting that these topics have become mundane concerns. Her poster 'Computer security information in stories, news articles, and education documents' was co-authored by Assistant Professor Emilee Rader, PostDoc Kami Vaniea, and myself.