National Academies Press: OpenBook

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop (2010)

Chapter: 5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy

« Previous: 4 Some Potential Research Directions for Furthering the Usability, Security, and Privacy of Computer Systems
Suggested Citation:"5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

5
Overarching Challenges to Advancing Research in Usability, Security, and Privacy

Four overarching challenges facing researchers working in the field of usability, security, and privacy were apparent in the presentations and discussions at the workshop. Although these challenges apply to many emerging research areas, they are particularly relevant to research on usability, security, and privacy.

INCONSISTENT TERMINOLOGY AND DEFINITIONS

Participants in the breakout sessions devoted considerable time and attention to terminology and definitions. “Usable security” was the term frequently used to capture the notion of security measures developed with attention to usability considerations. Another commonly used term was “HCI-SEC” (human-computer interaction–security). Whatever the specific term used to describe the intersection of usability, security, and privacy, each participant tended to define the area in relation to his or her own background. Interestingly, usability practitioners tended to stress security issues, and security practitioners tended to stress usability issues.

Adding “privacy” to the mix complicated matters still further, as definitions of privacy were frequently based on personal philosophies and experience, perhaps reflecting the deeply personal way in which many individuals approach privacy issues. Moreover, some workshop participants noted that although some activities, such as the annual Symposium on Usable Privacy and Security mentioned above, explicitly call out both terms, neither “usable security” nor “HCI-SEC” explicitly invokes issues

Suggested Citation:"5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

related to privacy, despite the technical and policy links between the two concerns. Some may immediately associate privacy issues with the term “security,” but this is not universally true. Agreeing to a common definition or term that was inclusive of the concept of privacy proved challenging throughout the workshop.

LIMITED ACCESS TO DATA

Several workshop participants cited the need for more and better empirical data and commented on the difficulties that they faced in gaining access to such data. For example, data on industry or government computer system security breaches are generally unavailable—corporations are hesitant to disclose this information owing to the potential threat to reputation, stock price, and ongoing business; and information about breaches to government computer systems is frequently treated as sensitive or classified. Even data on matters less touchy than security breaches cannot be readily obtained. Participants noted, for example, the difficulty in obtaining data on the productivity impacts of security measures. Even when researchers are able to obtain data, nondisclosure agreements may restrict their ability to publish their results. If researchers do gain the ability to work with corporate data, an additional challenge is that of conducting research in a way that enables repeatability.

SCARCENESS OF EXPERTISE AND UNFAMILIARITY WITH EACH OTHER’S WORK AT THE INTERSECTION OF USABILITY, SECURITY, AND PRIVACY

Many of the workshop participants commented that working in the area of usability, security, and privacy is especially challenging because of the need for researchers who are familiar with both computer security and human-computer interaction. These were, at least until recently, considered distinct disciplines—most security researchers have traditionally ignored usability issues, and vice versa (and likewise for usability and privacy).

One consequence is unfamiliarity with each other’s work. Throughout the workshop, there were frequent instances in which either a computer security or a usability expert would identify a research question outside his or her area of expertise, only to receive immediate feedback from relevant experts that this particular question had already been addressed. “I did not know that that research existed” was a common lament heard at the workshop. Although this immediate feedback was useful to the workshop participants, it also suggests there may be a significant lack of knowledge about usability-related work among security researchers and

Suggested Citation:"5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

about security-related work among usability researchers (with a similar situation existing with respect to usability and privacy). Another consequence pointed out by workshop participants is that valuable resources may be spent re-researching questions that are already well understood.

Still another consequence is that although a few interdisciplinary research collaborations have emerged, there remain few individuals in either area with sufficient expertise to identify their counterparts on the other side—and fewer still with expertise in both areas. Research funding at the intersection would foster the development of such expertise by training graduate students and attracting young faculty.

Suggested Citation:"5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×

This page intentionally left blank.

Suggested Citation:"5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page 37
Suggested Citation:"5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page 38
Suggested Citation:"5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page 39
Suggested Citation:"5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." National Research Council. 2010. Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/12998.
×
Page 40
Next: Appendixes »
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop Get This Book
×
Buy Paperback | $29.00 Buy Ebook | $23.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had primary responsibility for security and privacy protections and in which the users tended to be sophisticated. Today, the user base is much wider--including the vast majority of employees in many organizations and a large fraction of households--but the basic models for security and privacy are essentially unchanged.

Security features can be clumsy and awkward to use and can present significant obstacles to getting work done. As a result, cybersecurity measures are all too often disabled or bypassed by the users they are intended to protect. Similarly, when security gets in the way of functionality, designers and administrators deemphasize it.

The result is that end users often engage in actions, knowingly or unknowingly, that compromise the security of computer systems or contribute to the unwanted release of personal or other confidential information. Toward Better Usability, Security, and Privacy of Information Technology discusses computer system security and privacy, their relationship to usability, and research at their intersection.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!