More Related Content Similar to Social Cybersecurity, or, A Computer Scientist's View of HCI and Theory, at HCIC 2015 (20) Social Cybersecurity, or, A Computer Scientist's View of HCI and Theory, at HCIC 20153. ©2015CarnegieMellonUniversity:3
Introduction
• This is the most unusual talk
I’ve ever given
• Got lots of funny looks from people
You’re going to talk
about theory??
You’re going to talk
about theory??
You’re going to talk
about theory??
Ed Chi Leila Takayama James Landay
6. ©2015CarnegieMellonUniversity:6
But It’s Not Just Me
Technical HCI work
doesn’t seem to build
a lot on top of each
other’s work. There
doesn’t seem to be a
lot of theory either.*
*not an exact quote
Bob Kraut
(Jedi Master, CMU)
8. ©2015CarnegieMellonUniversity:8
Why Little Theory Building in
Tech HCI?
• Is it because it’s engineering?
– I would say no
– Civil Eng has traffic modeling, materials
– MechE has heat transfer, mass transfer
– EE has AC theory, circuit models, signal
9. ©2015CarnegieMellonUniversity:9
Why Little Theory Building in
Tech HCI?
• Science of the artificial
– Outside of speed of light, few limits
to computing
– We make a lot of the rules, and mostly
limited by our imagination and market
• Compare to natural science
– Only one way DNA works
– Only one way brain circuit works
– (And only one research team can win)
10. ©2015CarnegieMellonUniversity:10
Why Little Theory Building in
Tech HCI?
• No clear natural objective function
• Instead, goal of Tech HCI is to:
– Expand frontiers of what’s possible
(expand our imagination)
– Sweep parameter space to understand
principles and tradeoffs
• And while Tech HCI doesn’t build
theory, it will occasionally use it
11. ©2015CarnegieMellonUniversity:11
Themes in This Talk
• Role of theory for Tech HCI?
• Kinds of theories useful for Tech HCI?
– Some theories more useful than others
• Will describe our work on cybersec
– Social Psych / Diffusion of Innovations
• My perspectives:
– Tech HCI research
– (Successful?) startup
– Helped run Master’s of HCI program
12. ©2015CarnegieMellonUniversity:12
Cybersecurity Research Today
• Most research focused on computers
– Protocols, detection, static analysis
• Some research on individuals
– Mostly usability of tools
• But cybersec faces deep problems
– How do people learn cybersecurity?
– How can we fix misconceptions?
– How to change people’s behaviors?
20. ©2015CarnegieMellonUniversity:20
• “showing each user pictures of friends who
said they had already voted, generated
340,000 additional votes nationwide”
• “they also discovered that about 4 percent of
those who claimed they had voted were not
telling the truth”
27. ©2015CarnegieMellonUniversity:27
Semi-Structured Interviews
• Interviewed 19 people
– Mobile authentication
– App installation / uninstallation
– Online privacy settings
• What caused the change?
• Hear about incident thru a friend?
• Talk to others about the change?
Das, S., H.J. Kim, L. Dabbish, and J.I. Hong. The Effect of Social
Influence on Security Sensitivity. SOUPS 2014.
29. ©2015CarnegieMellonUniversity:29
Insight #1 - Observability
• One person stopped in coffee shop
and asked about the Android 9-dot:
“We were just sitting in a
coffee shop and I wanted
to show somebody
something and [they said], ‘
My phone does not have
that,’ and I was like, ‘I
believe it probably does.’”
33. ©2015CarnegieMellonUniversity:33
Insight #2 – Social Factors
Might Work Against Adoption
• A lot of early adopters tend to be:
– Security experts
– People with clear reason (e.g. job)
– Viewed as “Nutty” or paranoid [Gaw et al 06]
• Brand disenfranchisement
– Illusory correlation between something
(use of security tools) and attributes of
users
36. ©2015CarnegieMellonUniversity:36
Social Proof + Make
Cybersecurity Observable
• Variants
– Control
– Over # / %
– Only # / %
– Raw # / %
– Some
Das, S., A. Kramer, L. Dabbish, J.I. Hong. Increasing Security Sensitivity
With Social Proof: A Large-Scale Experimental Confirmation. CCS 2014.
39. ©2015CarnegieMellonUniversity:39
Social Influences on Adoption
• Analyzed 1.5M people on Facebook
– No interventions, existing behaviors
– More adopters a person can see,
more likely to adopt (but J-curve)
– More social circles, stronger effects
– More observable and social feature
(trusted contacts), stronger effects
Das, S., A.D.I. Kramer, L. Dabbish, J.I.Hong. The Role of Social Influence
In Security Feature Adoption. CSCW 2015.
40. ©2015CarnegieMellonUniversity:40
Ongoing Work
• Are there other ways to make
security more observable (+ safe)?
– Note that this is counter to
conventional wisdom of security
• Other social techniques to influence
people’s awareness, knowledge,
motivation?
41. ©2015CarnegieMellonUniversity:41
Reflection 3
Good Theory Should Offer Guidance
• We could have done mass A/B tests
of interventions without theory
– (This is essentially what industry does)
– Instead, Social psych and Diffusion of
Innovations gave us direction
• Blind searches unsatisfying
– Dan Russell’s talk at HCIC 2009
– Eric Brill’s talk at HCIC 2013
48. ©2015CarnegieMellonUniversity:48
Reflection 4
Good Theory Should Offer Insight
“For instance, when Appel and Haken completed a
proof of the 4-color map theorem using a massive
automatic computation, it evoked much
controversy.
I interpret the controversy as having little to do
with doubt people had as to the veracity of the
theorem or the correctness of the proof. Rather, it
reflected a continuing desire for human
understanding of a proof, in addition to knowledge
that the theorem is true.”
- William Thurston, On Proof and Progress in Mathematics
49. ©2015CarnegieMellonUniversity:49
Reflection 4
Good Theory Should Offer Insight
• Alternative formulation by Tim Gowers
The Two Cultures of Mathematics
– (i) The point of solving problems is to
understand mathematics better.
– (ii) The point of understanding mathematics is
to become better able to solve problems.
– Mathematicians lie on spectrum
51. ©2015CarnegieMellonUniversity:51
• Situated Action
• Activity Theory
• Distributed Cognition
• Embodied Interaction
• Ethnography
• Fitts’ Law
• Learning science
• Visual Perception
• Social Psych
• Motivation
Advice for Theory Builders
Consider Insight + Guidance
Guidance (What to Build / How to Build it Better)
Insight
• Heuristic Evaluation
• Contextual Inquiry
• 41 Shades of Blue (A/B)
• Iterative Design
• Agile / Lean
52. ©2015CarnegieMellonUniversity:52
• Situated Action
• Activity Theory
• Distributed Cognition
• Embodied Interaction
• Ethnography
• Fitts’ Law
• Learning science
• Visual Perception
• Social Psych
• Motivation
Advice for Theory Builders
Consider Repackaging Too
Guidance (What to Build / How to Build it Better)
Insight
• Heuristic Evaluation
• Contextual Inquiry
• 41 Shades of Blue
• Iterative Design
• Agile / Lean
53. ©2015CarnegieMellonUniversity:53
Wishlist for Tech HCI and
for Master’s Students
• Design Theory
– Service design
– Engagement, stickiness
• Emotional Attachment
• Innovation Theory
– What’s more likely to have impact?
– Product lifecycles
– Feature / Product / Business
60. ©2015CarnegieMellonUniversity:60
Conjecture: These Can Help
Tech HCI Research
• Can focus research on the phase
your company is in
– More useful to help industry research
for connecting research to product
– A/B tests only useful in later phases
• Can look forward to next fluid phase
– We already do this
– More useful for academic