A small but growing research community has been working at the intersection of usability, security, and privacy—one that draws on expertise from multiple disciplines including computer security, human-computer interaction, and psychology. Participants noted that as an emerging and multidisciplinary discipline, it is sometimes viewed as too “soft” by some engineers and scientists and that it does not always have buy-in from those responsible for managing the development and operation of computer systems. There has, however, been growing interest in the field from the more traditional disciplines. Papers at the intersection have appeared occasionally at traditional security conferences for many years, but until recently there have been few sustained research efforts in this area. Exploratory workshops held in 2003 and 2004 led to the organization in 2005 of the first formal conference on this topic, the Symposium on Usable Privacy and Security (SOUPS), which has been held annually since then. Increasingly, usable security and privacy papers are also appearing at traditional security conferences and human-computer interaction conferences, more academic and industry researchers are focusing their research in this area, several universities now offer courses in this area,10 and the National Science Foundation’s Trustworthy Computing program highlights usability as an important research area.


For example, courses have been offered by Carnegie Mellon University (“Usable Privacy and Security”; see, and Harvard University (“Security and Privacy Usability”; see

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement