social cybersecurity, or, a computer scientist's view of hci and theory, at hcic 2015
TRANSCRIPT
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
1
Social CybersecurityApplying Social Psychology to Cybersecurity
Jason HongLaura Dabbish
Sauvik DasHyun-Jin Kim
HCICJune 30, 2015
ComputerHumanInteraction:MobilityPrivacySecurity
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
2
or, A Computer Scientist’s View of HCI and Theory
Jason HongLaura Dabbish
Sauvik DasHyun-Jin Kim
HCICJune 30, 2015
ComputerHumanInteraction:MobilityPrivacySecurity
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
3
Introduction
• This is the most unusual talk I’ve ever given
• Got lots of funny looks from people
You’re going to talk about theory??
You’re going to talk about theory??
You’re going to talk about theory??
Ed Chi Leila Takayama James Landay
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
4Who am I? What am I doing here?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
5
Most of My Work is Athereotical
• I do work in privacy, cybersecurity, ubicomp
• But little of it grounded in theory
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
6
But It’s Not Just Me
Technical HCI work doesn’t seem to build a lot on top of each other’s work. There doesn’t seem to be a lot of theory either.*
*not an exact quote
Bob Kraut (Jedi Master, CMU)
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
7
Examples of Tech HCI
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
8
Why Little Theory Building in Tech HCI?
• Is it because it’s engineering?– I would say no– Civil Eng has traffic modeling, materials– MechE has heat transfer, mass transfer– EE has AC theory, circuit models, signal
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
9
Why Little Theory Building in Tech HCI?
• Science of the artificial– Outside of speed of light, few limits
to computing– We make a lot of the rules, and mostly
limited by our imagination and market
• Compare to natural science– Only one way DNA works– Only one way brain circuit works– (And only one research team can win)
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
10
Why Little Theory Building in Tech HCI?
• No clear natural objective function• Instead, goal of Tech HCI is to:
– Expand frontiers of what’s possible (expand our imagination)
– Sweep parameter space to understand principles and tradeoffs
• And while Tech HCI doesn’t build theory, it will occasionally use it
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
11
Themes in This Talk
• Role of theory for Tech HCI?• Kinds of theories useful for Tech HCI?
– Some theories more useful than others
• Will describe our work on cybersec– Social Psych / Diffusion of Innovations
• My perspectives:– Tech HCI research– (Successful?) startup– Helped run Master’s of HCI program
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
12
Cybersecurity Research Today
• Most research focused on computers– Protocols, detection, static analysis
• Some research on individuals– Mostly usability of tools
• But cybersec faces deep problems– How do people learn cybersecurity?– How can we fix misconceptions?– How to change people’s behaviors?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
13
A True Story
Did you hear what happened to Moe? He slipped on ice and damaged his laptop. Now he can’t get his data.
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
14
A True Story
Did you hear what happened to Moe? He slipped on ice and damaged his laptop. Now he can’t get his data.
I’m going to back up my data right now!
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
15
Light Bulb Moment
• Hung around behavioral scientists for many years– Learned about basics of social psych
thru osmosis
• Realized that this simple interaction led to desirable action
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
16
How can we use social influences to help improve cybersecurity?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
17
Social Proof
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
18
• Baseline effectiveness is 35%
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
19
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
20
• “showing each user pictures of friends who said they had already voted, generated 340,000 additional votes nationwide”
• “they also discovered that about 4 percent of those who claimed they had voted were not telling the truth”
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
21
Energy Consumption
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
22
Energy Consumption
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
23
Social Cybersecurity
• Focus on usability has gotten us far, but security features rarely adopted
• Pop Quiz: How many of you have heard of / use these features?– Two-factor authentication– Login notifications on Facebook– Trusted contacts on Facebook
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
24
Social Cybersecurity
• Adoption rate typically single digits [Das et al 2015]
• Why develop new tools if we can’t get people to adopt existing ones?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
25
Reflection 1Good Theory Can Offer Inspiration
• Cybersecurity research somewhat stuck in its approaches
• Diminishing returns after exploring, need new ideas and perspectives– See Lakhani08 paper on Innocentive
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
26
Social CybersecurityOur Team’s Work to Date
• Interviews about why people changed behaviors and what they talk about with others [SOUPS 2014]
• Study w/ Facebook evaluating social interventions [CCS 2014]
• Analysis of who does and doesn’t adopt features [CSCW 2015]
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
27
Semi-Structured Interviews
• Interviewed 19 people– Mobile authentication– App installation / uninstallation– Online privacy settings
• What caused the change?• Hear about incident thru a friend?• Talk to others about the change?
Das, S., H.J. Kim, L. Dabbish, and J.I. Hong. The Effect of Social Influence on Security Sensitivity. SOUPS 2014.
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
28
Cybersec Behavior Changes
• 114 behavior changes coded• 48 had social influences (42%)
– Observing friends (14 of 48)– Social sensemaking (9 of 48)– Pranks and demonstrations (8)– Experiencing security breach (6)– Sharing access (3)
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
29
Insight #1 - Observability
• One person stopped in coffee shop and asked about the Android 9-dot:
“We were just sitting in a coffee shop and I wanted to show somebody something and [they said], ‘My phone does not have that,’ and I was like, ‘I believe it probably does.’”
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
30
Diffusion of Innovations
• Five major factorsfor successful innovations:– Relative Advantage– Trialability– Complexity– Compatibility– Observability
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
31
Most Cybersecurity not very Observable
• How strong are Gary’s passwords?• What privacy settings does Leysia
have for Facebook?• What does Jofish look for to avoid
phishing attacks?
• Low observability -> hard to diffuse
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
32
Reflection 2Good Theory Offers Vocabulary
• If we weren’t aware of Diffusion of Innovations, might have overlooked the comments about Observability
• Act of having a name focuses
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
33
Insight #2 – Social Factors Might Work Against Adoption
• A lot of early adopters tend to be:– Security experts– People with clear reason (e.g. job)– Viewed as “Nutty” or paranoid [Gaw et al 06]
• Brand disenfranchisement– Illusory correlation between something
(use of security tools) and attributes of users
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
34
Who Uses What Computer?
• “These people aren’t like me”– (Regardless of whether true or not)
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
35
What are Professors Like?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
36
Social Proof + Make Cybersecurity Observable
• Variants– Control– Over # / %– Only # / %– Raw # / %– Some
Das, S., A. Kramer, L. Dabbish, J.I. Hong. Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation. CCS 2014.
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
37
Method
• Controlled, randomized study with 50k active Facebook users– 8 conditions, so N=6250
• Part of annual security awareness campaign Facebook was going to run anyway
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
38
Results of Experiment
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
39
Social Influences on Adoption
• Analyzed 1.5M people on Facebook– No interventions, existing behaviors– More adopters a person can see,
more likely to adopt (but J-curve)– More social circles, stronger effects– More observable and social feature
(trusted contacts), stronger effects
Das, S., A.D.I. Kramer, L. Dabbish, J.I.Hong. The Role of Social Influence In Security Feature Adoption. CSCW 2015.
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
40
Ongoing Work
• Are there other ways to make security more observable (+ safe)?– Note that this is counter to
conventional wisdom of security
• Other social techniques to influence people’s awareness, knowledge, motivation?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
41
Reflection 3Good Theory Should Offer Guidance
• We could have done mass A/B tests of interventions without theory– (This is essentially what industry does)– Instead, Social psych and Diffusion of
Innovations gave us direction
• Blind searches unsatisfying– Dan Russell’s talk at HCIC 2009– Eric Brill’s talk at HCIC 2013
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
42
42
Dan Russell’s HCIC 2009 Slides
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
43
43
Dan Russell’s HCIC 2009 Slides
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
44
44
Dan Russell’s HCIC 2009 Slides
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
45
What to Name Buttons?
Dan Russell’s HCIC 2009 Slides
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
46
Why Unsatisfying?
• What’s generalizable?• What did we as a community learn?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
47
Reflection 4Good Theory Should Offer Insight
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
48
Reflection 4Good Theory Should Offer Insight
“For instance, when Appel and Haken completed a proof of the 4-color map theorem using a massive automatic computation, it evoked much controversy. I interpret the controversy as having little to do with doubt people had as to the veracity of the theorem or the correctness of the proof. Rather, it reflected a continuing desire for human understanding of a proof, in addition to knowledge that the theorem is true.” - William Thurston, On Proof and Progress in Mathematics
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
49
Reflection 4Good Theory Should Offer Insight
• Alternative formulation by Tim Gowers The Two Cultures of Mathematics– (i) The point of solving problems is to
understand mathematics better.– (ii) The point of understanding mathematics is to
become better able to solve problems.– Mathematicians lie on spectrum
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
50
Pasteur’s QuadrantGood Science + Good Applications
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
51
• Situated Action• Activity Theory• Distributed Cognition• Embodied Interaction• Ethnography
• Fitts’ Law• Learning science• Visual Perception• Social Psych• Motivation
Advice for Theory BuildersConsider Insight + Guidance
Guidance (What to Build / How to Build it Better)
Insi
ght
• Heuristic Evaluation• Contextual Inquiry• 41 Shades of Blue (A/B)• Iterative Design• Agile / Lean
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
52
• Situated Action• Activity Theory• Distributed Cognition• Embodied Interaction• Ethnography
• Fitts’ Law• Learning science• Visual Perception• Social Psych• Motivation
Advice for Theory BuildersConsider Repackaging Too
Guidance (What to Build / How to Build it Better)
Insi
ght
• Heuristic Evaluation• Contextual Inquiry• 41 Shades of Blue• Iterative Design• Agile / Lean
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
53
Wishlist for Tech HCI and for Master’s Students
• Design Theory– Service design– Engagement, stickiness
• Emotional Attachment• Innovation Theory
– What’s more likely to have impact?– Product lifecycles– Feature / Product / Business
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
54
Example for InnovationChristensen’s Disruption Model
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
55
Lifecycle of Product
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
56• New product starts out with
lots of chaos• Eventually dominant design
appears, right combination of existing features / ideas
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
57• Less innovation in features,
few changes to dominant design
• More innovation in process of production
• Dominant design only obvious in retrospect too
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
58
• Extreme focus on cost, volume, capacity
• Very little innovation
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
59• Cycle starts anew
• But winner of last cycle rarely winner of next
• Formed network, doesn’t want to anger them
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
60
Conjecture: These Can Help Tech HCI Research
• Can focus research on the phase your company is in– More useful to help industry research
for connecting research to product– A/B tests only useful in later phases
• Can look forward to next fluid phase– We already do this– More useful for academic
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
61
Other Advice For Theory Builders
• Five major factors:– Relative Advantage– Trialability– Complexity– Compatibility– Observability
• How might you applythese to your work?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
62
Summary
• Reflections: Good Theory…– Can Offer Inspiration– Offers Vocabulary– Should Offer Guidance– Should Offer Insight
• For theory builders: Consider…– Insight + Building Apps– Diffusion of Innovations
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
63
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
64
Reflection NBe Prepared to Invest a lot of Time
• This work only came about b/c of hanging around behavioral folks
• And because cross-trained students• Big open question: how to train PhD
students, given breadth of HCI?
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
65
Technical HCI Rarely Uses or Builds Theory
• Mostly uses low-level perception and interaction– Ex. Fitts’ law, psychoacoustics,
visual perception, reaction times– (Often built into toolkits)