-
Extended Version of Paper Presented at ICISSP, Porto 20-22 February, 2025 A Value-Driven Approach to the Online Consent Conundrum -- A Study with the Unemployed
Authors:
Paul van Schaik,
Karen Renaud
Abstract:
Online services are required to gain informed consent from users to collect, store and analyse their personal data, both intentionally divulged and derived during their use of the service. There are many issues with these forms: they are too long, too complex and demand the user's attention too frequently. Many users consent without reading so do not know what they are agreeing to. As such,granted…
▽ More
Online services are required to gain informed consent from users to collect, store and analyse their personal data, both intentionally divulged and derived during their use of the service. There are many issues with these forms: they are too long, too complex and demand the user's attention too frequently. Many users consent without reading so do not know what they are agreeing to. As such,granted consent is effectively uninformed. In this paper, we report on two studies we carried out to arrive at a value-driven approach to inform efforts to reduce the length of consent forms. The first study interviewed unemployed users to identify the values they want these forms to satisfy. The second survey study helped us to quantify the values and value creators. To ensure that we understood the particular valuation of the unemployed, we compared their responses to those of an employed demographic and observed no significant differences between their prioritisation on any of the values. However, we did find substantial differences between values and value creators, with effort minimisation being most valued by our participants.
△ Less
Submitted 18 February, 2025;
originally announced June 2025.
-
Nudging Using Autonomous Agents: Risks and Ethical Considerations
Authors:
Vivek Nallur,
Karen Renaud,
Aleksei Gudkov
Abstract:
This position paper briefly discusses nudging, its use by autonomous agents, potential risks and ethical considerations while creating such systems. Instead of taking a normative approach, which guides all situations, the paper proposes a risk-driven questions-and-answer approach. The paper takes the position that this is a pragmatic method, that is transparent about beneficial intentions, foresee…
▽ More
This position paper briefly discusses nudging, its use by autonomous agents, potential risks and ethical considerations while creating such systems. Instead of taking a normative approach, which guides all situations, the paper proposes a risk-driven questions-and-answer approach. The paper takes the position that this is a pragmatic method, that is transparent about beneficial intentions, foreseeable risks, and mitigations. Given the uncertainty in AI and autonomous agent capabilities, we believe that such pragmatic methods offer a plausibly safe path, without sacrificing flexibility in domain and technology.
△ Less
Submitted 23 July, 2024;
originally announced July 2024.
-
Caveat Venditor, Used USB Drive Owner
Authors:
James Conacher,
Karen Renaud,
Jacques Ophoff
Abstract:
USB drives are a great way of transferring and backing up files. The problem is that they are easily lost, and users do not understand how to secure or properly erase them. When used to store private and sensitive information, this constitutes a risk that users may be unaware of. Consider that people sell used USB drives online -- presumably either their own or drives others have lost. This raises…
▽ More
USB drives are a great way of transferring and backing up files. The problem is that they are easily lost, and users do not understand how to secure or properly erase them. When used to store private and sensitive information, this constitutes a risk that users may be unaware of. Consider that people sell used USB drives online -- presumably either their own or drives others have lost. This raises some interesting questions, such as whether sellers know how to ensure that private data is erased before they relinquish the drive to an unknown buyer, and whether sellers use these drives in an attempt to compromise an unwary buyer's device. Governments do indeed issue advice about the risks of used mobile media, but we do not yet know whether this advice is reaching, and being heeded by, the general public. To assess the situation, a sample of used USB drives were purchased from eBay sellers to determine, first hand, what was on the drives. This acts as an indicator of actual security-related behaviours to answer the questions posed above. Using forensic analysis, it was found that a great deal of private and sensitive information remained on many of the drives, but there was no trace of malicious software. More effective ways of enlightening the public are needed, so that private data is not unwittingly leaked via sold used media.
△ Less
Submitted 19 June, 2020;
originally announced June 2020.
-
2020 UK Lockdown Cyber Narratives: the Secure, the Insecure and the Worrying
Authors:
Karen Renaud,
Paul van Schaik,
Alastair Irons,
Sara Wilford
Abstract:
On the 23rd March 2020, the UK entered a period of lockdown in the face of a deadly pandemic. While some were unable to work from home, many organisations were forced to move their activities online. Here, we discuss the technologies they used, from a privacy and security perspective. We also mention the communication failures that have exacerbated uncertainty and anxiety during the crisis. An org…
▽ More
On the 23rd March 2020, the UK entered a period of lockdown in the face of a deadly pandemic. While some were unable to work from home, many organisations were forced to move their activities online. Here, we discuss the technologies they used, from a privacy and security perspective. We also mention the communication failures that have exacerbated uncertainty and anxiety during the crisis. An organisation could be driven to move their activities online by a range of disasters, of which a global pandemic is only one. We seek, in this paper, to highlight the need for organisations to have contingency plans in place for this kind of eventuality. The insecure usages and poor communications we highlight are a symptom of a lack of advance pre-pandemic planning. We hope that this paper will help organisations to plan more effectively for the future.
△ Less
Submitted 19 June, 2020; v1 submitted 11 June, 2020;
originally announced June 2020.
-
How to Make Privacy Policies both GDPR-Compliant and Usable
Authors:
Karen Renaud,
Lynsay A. Shepherd
Abstract:
It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.
We commenced by synthesising the GDPR…
▽ More
It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.
We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.
△ Less
Submitted 18 June, 2018;
originally announced June 2018.
-
How to design browser security and privacy alerts
Authors:
Lynsay A. Shepherd,
Karen Renaud
Abstract:
It is important to design browser security and privacy alerts so as to maximise their value to the end user, and their efficacy in terms of communicating risk. We derived a list of design guidelines from the research literature by carrying out a systematic review. We analysed the papers both quantitatively and qualitatively to arrive at a comprehensive set of guidelines. Our findings aim to to pro…
▽ More
It is important to design browser security and privacy alerts so as to maximise their value to the end user, and their efficacy in terms of communicating risk. We derived a list of design guidelines from the research literature by carrying out a systematic review. We analysed the papers both quantitatively and qualitatively to arrive at a comprehensive set of guidelines. Our findings aim to to provide designers and developers with guidance as to how to construct privacy and security alerts. We conclude by providing an alert template,highlighting its adherence to the derived guidelines.
△ Less
Submitted 14 June, 2018;
originally announced June 2018.
-
Privacy of the Internet of Things: A Systematic Literature Review (Extended Discussion)
Authors:
Noura Aleisa,
Karen Renaud
Abstract:
The Internet of Things' potential for major privacy invasion is a concern. This paper reports on a systematic literature review of privacy-preserving solutions appearing in the research literature and in the media. We analysed proposed solutions in terms of the techniques they deployed and the extent to which they satisfied core privacy principles. We found that very few solutions satisfied all co…
▽ More
The Internet of Things' potential for major privacy invasion is a concern. This paper reports on a systematic literature review of privacy-preserving solutions appearing in the research literature and in the media. We analysed proposed solutions in terms of the techniques they deployed and the extent to which they satisfied core privacy principles. We found that very few solutions satisfied all core privacy principles. We also identified a number of key knowledge gaps in the course of the analysis. In particular, we found that most solution providers assumed that end users would be willing to expend effort to preserve their privacy; that they would be motivated to act to preserve their privacy. The validity of this assumption needs to be proved, since it cannot simply be assumed that people would necessarily be willing to engage with these solutions. We suggest this as a topic for future research.
△ Less
Submitted 13 September, 2016;
originally announced November 2016.
-
Alternative Authentication in the Wild
Authors:
Joseph Maguire,
Karen Renaud
Abstract:
Alphanumeric authentication routinely fails to regulate access to resources with the required stringency, primarily due to usability issues. Initial deployment did not reveal the problems of passwords, deep and profound flaws only emerged once passwords were deployed in the wild. The need for a replacement is widely acknowledged yet despite over a decade of research into knowledge-based alternativ…
▽ More
Alphanumeric authentication routinely fails to regulate access to resources with the required stringency, primarily due to usability issues. Initial deployment did not reveal the problems of passwords, deep and profound flaws only emerged once passwords were deployed in the wild. The need for a replacement is widely acknowledged yet despite over a decade of research into knowledge-based alternatives, few, if any, have been adopted by industry. Alternatives are unconvincing for three primary reasons. The first is that alternatives are rarely investigated beyond the initial proposal, with only the results from a constrained lab test provided to convince adopters of their viability. The second is that alternatives are seldom tested realistically where the authenticator mediates access to something of value. The third is that the testing rarely varies the device or context beyond that initially targeted. In the modern world different devices are used across a variety of contexts. What works well in one context may easily fail in another. Consequently, the contribution of this paper is an "in the wild" evaluation of an alternative authentication mechanism that had demonstrated promise in its lab evaluation. In the field test the mechanism was deployed to actual users to regulate access to an application in a context beyond that initially proposed. The performance of the mechanism is reported and discussed. We conclude by reflecting on the value of field evaluations of alternative authentication mechanisms.
△ Less
Submitted 20 January, 2016;
originally announced January 2016.
-
You Only Live Twice or "The Years We Wasted Caring about Shoulder-Surfing"
Authors:
Joseph Maguire,
Karen Renaud
Abstract:
Passwords are a good idea, in theory. They have the potential to act as a fairly strong gateway. In practice though, passwords are plagued with problems. They are (1) easily shared, (2) trivial to observe and (3) maddeningly elusive when forgotten. While alternatives to passwords have been proposed, none, as yet, have been adopted widely. There seems to be a reluctance to switch from tried and tes…
▽ More
Passwords are a good idea, in theory. They have the potential to act as a fairly strong gateway. In practice though, passwords are plagued with problems. They are (1) easily shared, (2) trivial to observe and (3) maddeningly elusive when forgotten. While alternatives to passwords have been proposed, none, as yet, have been adopted widely. There seems to be a reluctance to switch from tried and tested passwords to novel alternatives, even if the most glaring flaws of passwords can be mitigated. One argument is that there is not enough investigation into the feasibility of many password alternatives. Graphical authentication mechanisms are a case in point. Therefore, in this paper, we detail the design of two prototype applications that utilise graphical authentication mechanisms. However, when forced to consider the design of such prototypes, we find that pertinent password problems eg. observation of entry, are just that: password problems. We conclude that effective, alternative authentication mechanisms should target authentication scenarios rather than the well-known problems of passwords. This is the only route to wide-spread adoption of alternatives.
△ Less
Submitted 23 August, 2015;
originally announced August 2015.
-
How Helpful is Colour-Cueing of PIN Entry?
Authors:
Karen Renaud,
Judith Ramsay
Abstract:
21st Century citizens are faced with the need to remember numbers of PINs (Personal Identification Numbers) in order to do their daily business, and they often have difficulties due to human memory limitations. One way of helping them could be by providing cues during the PIN entry process. The provision of cues that would only be helpful to the PIN owner is challenging because the cue should only…
▽ More
21st Century citizens are faced with the need to remember numbers of PINs (Personal Identification Numbers) in order to do their daily business, and they often have difficulties due to human memory limitations. One way of helping them could be by providing cues during the PIN entry process. The provision of cues that would only be helpful to the PIN owner is challenging because the cue should only make sense to the legitimate user, and not to a random observer. In this paper we report on an empirical study where we added colour to the PINpad to provide an implicit memory cue to PINpad users. We compared the impact of colour PINpads as opposed to grey ones. As expected, the ability to recall a PIN deteriorated significantly over time irrespective of the type of PINpad used. However, there was ultimately no improvement in the ability to recall PINs when using colour PINpads.
△ Less
Submitted 30 July, 2014;
originally announced July 2014.
-
An Investigation into the use of Images as Password Cues
Authors:
Tony McBryan,
Karen Renaud,
J. Paul Siebert
Abstract:
Computer users are generally authenticated by means of a password. Unfortunately passwords are often forgotten and replacement is expensive and inconvenient. Some people write their passwords down but these records can easily be lost or stolen. The option we explore is to find a way to cue passwords securely. The specific cueing technique we report on in this paper employs images as cues. The idea…
▽ More
Computer users are generally authenticated by means of a password. Unfortunately passwords are often forgotten and replacement is expensive and inconvenient. Some people write their passwords down but these records can easily be lost or stolen. The option we explore is to find a way to cue passwords securely. The specific cueing technique we report on in this paper employs images as cues. The idea is to elicit textual descriptions of the images, which can then be used as passwords. We have defined a set of metrics for the kind of image that could function effectively as a password cue. We identified five candidate image types and ran an experiment to identify the image class with the best performance in terms of the defined metrics.
The first experiment identified inkblot-type images as being superior. We tested this image, called a cueblot, in a real-life environment. We allowed users to tailor their cueblot until they felt they could describe it, and they then entered a description of the cueblot as their password. The cueblot was displayed at each subsequent authentication attempt to cue the password. Unfortunately, we found that users did not exploit the cueing potential of the cueblot, and while there were a few differences between textual descriptions of cueblots and non-cued passwords, they were not compelling. Hence our attempts to alleviate the difficulties people experience with passwords, by giving them access to a tailored cue, did not have the desired effect. We have to conclude that the password mechanism might well be unable to benefit from bolstering activities such as this one.
△ Less
Submitted 9 August, 2014; v1 submitted 30 July, 2014;
originally announced July 2014.
