April 25, 2014

Spotlight on Tech Policy Lab Scholar Tamara Denning

This week marks the beginning of the International Conference on Human Factors in Computing Systems, better known as CHI, where Tech Policy Lab member Tamara Denning will be presenting her new paper on augmented reality glasses. In the video preview on YouTube, you can see an explanation of how they examined perspectives on bystander privacy and privacy-mediating technologies. Tamara is a senior PhD student in Lab Co-DirectorTadayoshi Kohno’s Security and Privacy Research Lab. Tamara’s research focuses on the human aspects of computer security and privacy, particularly concerning emerging technologies such as augmented reality or consumer technologies in the home.

We asked Tamara why she enjoys studying emerging technologies and why they’re important:

“Our technologies are increasingly interconnected and capable of sensing and controlling the environment around us. It’s very exciting because it’s creating new or more convenient applications for health, parenting, accessibility, travel—you name it! From a computer security and privacy standpoint, though, it means that there are new streams of data potentially available to adversaries and new ways for them to affect the world around us. It’s exciting and timely, as a researcher, to think how best to ensure the privacy and security properties of these kinds of technologies—without getting in the way of their functionality and the user experience.”

Below are some of Tamara’s recent works

What does the average person think about augmented reality glasses? In her most recent paper Tamara, and Zakariya Dehlawi and Tadayoshi Kohno, explore this concept through an in-person study. In Situ with Bystanders of Augmented Reality Glasses: Perspectives on Recording and Privacy-Mediating Technologies will be presented at the International Conference on Human Factors in Computing Systems (CHI ’14), 2014. The authors investigated the privacy perspectives of individuals when they are bystanders around AR devices. They conducted field sessions in cafés and interviewed bystanders regarding their reactions to a co-located AR device. They used the interview results to guide an exploration of design directions for privacy-mediating technologies.

Introducing high-level computer security concepts to the average person can be quite a challenge but the authors created a detailed card game to help the process. Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education (in Proceedings of ACM Conference on Computer and Communications Security (CCS ’13), 2013) describes the authors’ innovation. Tamara, Adam Lerner, Adam Shostack, and Tadayoshi Kohno scoped, designed, produced, and evaluated the effectiveness of a recreational tabletop card game to raise awareness of—and alter perceptions regarding—computer security. As of May 2013, they had shipped approximately 800 free copies to 150 educators. In this paper they analyze and report on feedback from 22 of these educators about their experiences using Control-Alt-Hack with over 450 students in classroom and non-classroom contexts. The responses from the 14 educators who reported on their use of the game in a classroom context variously indicated that: their students’ awareness of computer security as a complex and interesting field was increased (11/14); they would use the game again in their classroom (10/14); and they would recommend the game to others (13/14). Of note, 2 of the 14 classroom educators reported that they would not have otherwise covered the material.

Computation is embedded throughout our homes. Some devices are obvious: desktops, laptops, wireless routers, televisions, and gaming consoles. Increasingly, however, computational capabilities are appearing in our appliances, healthcare devices, children’s toys, and the home’s infrastructure. These devices are incorporating new sensors, actuators, and network capabilities: a Barbie with a video camera; a lock for your front door controlled by your cell phone; or a bathroom scale that reports readings over your wireless network. Many of these devices are also subject to control by servers external to the home, or are mobile technologies that regularly leave the home’s perimeter and interact with other networks. These trends, which we expect to accelerate in the coming years, create emergent threats to people’s possessions, well-being, and privacy. In Computer Security and the Modern Home (Communications of the ACM, 56 (1), January 2013, 94–103) Tamara, Tadayoshi Kohno, and Henry M. Levy survey the security and privacy landscape for devices in the home and provide a strategy for reasoning about their relative computer security needs.