[cryptography] CFP by 24 Nov - Usable Security - San Diego 8th Feb
The Workshop on Usable Security (USEC) will be held in conjunction with NDSS on February 8, 2015. The deadline for USEC Workshop submissions is November 24, 2014. – In previous years, USEC has also been collocated with FC; for example in Okinawa, Bonaire, and Trinidad and Tobago. Additional information and paper submission instructions: http://www.internetsociety.org/events/ndss-symposium-2015/usec-workshop-call-papers ** The Workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security and privacy. USEC 2015 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence and theoretical computer science as well as researchers from other domains such as economics or psychology. We particularly encourage collaborative research from authors in multiple fields. Topics include, but are not limited to: * Evaluation of usability issues of existing security and privacy models or technology * Design and evaluation of new security and privacy models or technology * Impact of organizational policy or procurement decisions * Lessons learned from designing, deploying, managing or evaluating security and privacy technologies * Foundations of usable security and privacy * Methodology for usable security and privacy research * Ethical, psychological, sociological and economic aspects of security and privacy technologies USEC solicits short and full research papers. * Program Committee Jens Grossklags (The Pennsylvania State University) - Chair Rebecca Balebako (Carnegie Mellon University) Zinaida Benenson (University of Erlangen-Nuremberg) Sonia Chiasson (Carleton University) Emiliano DeCristofaro (University College London) Tamara Denning (University of Utah) Alain Forget (Carnegie Mellon University) Julien Freudiger (PARC) Vaibhav Garg (VISA) Cormac Herley (Microsoft Research) Mike Just (Glasgow Caledonian University) Bart Knijnenburg (University of California, Irvine) Janne Lindqvist (Rutgers University) Heather Lipford (University of North Carolina at Charlotte) Debin Liu (Paypal) Xinru Page (University of California, Irvine) Adrienne Porter Felt (Google) Franziska Roesner (University of Washington) Pamela Wisniewski (The Pennsylvania State University) Kami Vaniea (Indiana University) With best regards, Jens Grossklags Chair – USEC 2015 ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Define Privacy
Thank you, Maarten and others who responded off list. I have some new sources to consume and I appreciate your input. Jason On Tue, Oct 21, 2014 at 10:40 PM, Maarten Billemont lhun...@lyndir.com wrote: On Oct 21, 2014, at 22:22, Jason Iannone jason.iann...@gmail.com wrote: On a fundamental level I wonder why privacy is important and why we should care about it. Privacy advocates commonly cite pervasive surveillance by businesses and governments as a reason to change an individual's behavior. Discussions are stifled and joking references to The List are made. The most relevant and convincing issues are documented cases of chilled expression from authors, artists, activists, and average Andrews. Other concerns deal with abuse, ala LOVEINT, etc. Additional arguments tend to be obfuscated by nuance and lack any striking insight. The usual explanations, while appropriately concerning, don't do it for me. After scanning so many articles, journal papers, and NSA surveillance documents, fundamental questions remain: What is privacy? How is it useful? How am I harmed by pervasive surveillance? Why do I want privacy (to the extent that I'm willing to take operational measures to secure it)? I read a paper by Julie Cohen for the Harvard Law Review called What Privacy is For[1] that introduced concepts I hadn't previously seen on paper. She describes privacy as a nebulous space for growth. Cohen suggests that in private, we can make mistakes with impunity. We are self-determinate and define our own identities free of external subjective forces. For an example of what happens without the impunity and self-determination privacy provides, see what happens when popular politicians change their opinions in public. I think Cohen's is a novel approach and her description begins to soothe some of my agonizing over the topic. I'm still searching. [1]http://www.juliecohen.com/attachments/File/CohenWhatPrivacyIsFor.pdf ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography Without any reference, it is my understanding that privacy is very much a luxury right, not unlike education, which grants us the freedom to perform at our individual best when not alone and contemplate, experience and learn all the wrong paths away from the unforgiving blind judgement that is inevitable in a society of men. To unpack that slightly, privacy is very much a low-priority benefit, one that comes far behind keeping fed and physically healthy. It is often first out the door when sacrifices are being made with only minor short-term damage to the society. Privacy's benefits are very much long-term, and mainly favour individualism in the sense that it allows the individual to develop their own self, their own views, and their own solutions to societal and other problems. These benefits are highly praised in individualistic societies but hardly a necessity for any society to operate. Privacy is optional in a society geared toward pushing values; such as those strictly governed by religious principles (eg. Roman Catholic), economic or militaristic goals (eg. Total War), and desirable in societies open to exploration, the sciences and new understandings. In the absence of privacy, people tend to fall in line. Dreams and their many benefits are in my opinion proof that the human psyche needs and thrives on privacy. I've read others defining privacy as a withdrawal for the sake of making life with others bearable, in the sense that privacy is truly necessary only when the only alternative would be a personal conflict[1]. [1]http://www.jstor.org/discover/10.2307/2775779(The Social Psychology of Privacy, Barry Schwartz) — Maarten Billemont (lhunath) — me: http://www.lhunath.com – business: http://www.lyndir.com – http://masterpasswordapp.com ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Define Privacy
The US Privacy and Civil Liberties Oversight Board will be having a public all-day meeting on November 12th on exactly this: Defining Privacy. http://www.pclob.gov/newsroom/20141020/ I've been to their meetings before, in person here in DC, and I find some (not all) of the board members to be in sync with many (not all) of the norms of the privacy and security community. They've also hosted a number of guests from civil society, on panels and to submit oral/written questions, that I've been glad to see have a prominent voice in the process. -- Eric On Wed, Oct 22, 2014 at 12:20 PM, Jason Iannone jason.iann...@gmail.com wrote: Thank you, Maarten and others who responded off list. I have some new sources to consume and I appreciate your input. Jason On Tue, Oct 21, 2014 at 10:40 PM, Maarten Billemont lhun...@lyndir.com wrote: On Oct 21, 2014, at 22:22, Jason Iannone jason.iann...@gmail.com wrote: On a fundamental level I wonder why privacy is important and why we should care about it. Privacy advocates commonly cite pervasive surveillance by businesses and governments as a reason to change an individual's behavior. Discussions are stifled and joking references to The List are made. The most relevant and convincing issues are documented cases of chilled expression from authors, artists, activists, and average Andrews. Other concerns deal with abuse, ala LOVEINT, etc. Additional arguments tend to be obfuscated by nuance and lack any striking insight. The usual explanations, while appropriately concerning, don't do it for me. After scanning so many articles, journal papers, and NSA surveillance documents, fundamental questions remain: What is privacy? How is it useful? How am I harmed by pervasive surveillance? Why do I want privacy (to the extent that I'm willing to take operational measures to secure it)? I read a paper by Julie Cohen for the Harvard Law Review called What Privacy is For[1] that introduced concepts I hadn't previously seen on paper. She describes privacy as a nebulous space for growth. Cohen suggests that in private, we can make mistakes with impunity. We are self-determinate and define our own identities free of external subjective forces. For an example of what happens without the impunity and self-determination privacy provides, see what happens when popular politicians change their opinions in public. I think Cohen's is a novel approach and her description begins to soothe some of my agonizing over the topic. I'm still searching. [1]http://www.juliecohen.com/attachments/File/CohenWhatPrivacyIsFor.pdf ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography Without any reference, it is my understanding that privacy is very much a luxury right, not unlike education, which grants us the freedom to perform at our individual best when not alone and contemplate, experience and learn all the wrong paths away from the unforgiving blind judgement that is inevitable in a society of men. To unpack that slightly, privacy is very much a low-priority benefit, one that comes far behind keeping fed and physically healthy. It is often first out the door when sacrifices are being made with only minor short-term damage to the society. Privacy's benefits are very much long-term, and mainly favour individualism in the sense that it allows the individual to develop their own self, their own views, and their own solutions to societal and other problems. These benefits are highly praised in individualistic societies but hardly a necessity for any society to operate. Privacy is optional in a society geared toward pushing values; such as those strictly governed by religious principles (eg. Roman Catholic), economic or militaristic goals (eg. Total War), and desirable in societies open to exploration, the sciences and new understandings. In the absence of privacy, people tend to fall in line. Dreams and their many benefits are in my opinion proof that the human psyche needs and thrives on privacy. I've read others defining privacy as a withdrawal for the sake of making life with others bearable, in the sense that privacy is truly necessary only when the only alternative would be a personal conflict[1]. [1]http://www.jstor.org/discover/10.2307/2775779(The Social Psychology of Privacy, Barry Schwartz) — Maarten Billemont (lhunath) — me: http://www.lhunath.com – business: http://www.lyndir.com – http://masterpasswordapp.com ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -- konklone.com | @konklone https://twitter.com/konklone ___ cryptography mailing list
Re: [cryptography] Define Privacy
Their bios are here: http://www.pclob.gov/about-us/leadership And a bit more info on Wikipedia: http://en.wikipedia.org/wiki/Privacy_and_Civil_Liberties_Oversight_Board#Nominations The PCLOB issued two major reports this year. The first, civil liberties folks loved, on Section 215 of the Patriot Act, where PCLOB analyzed it and found it both illegal and unconstitutional: https://www.techdirt.com/articles/20140123/11362425968/civil-liberties-board-completely-destroys-arguments-bulk-metadata-collection-program-is-both-illegal-unconstitutional.shtml The second, people were less excited about, on Section 702 of the FISA, where the PCLOB raised concerns and suggested reforms, but basically said it was legal and effective: http://www.pclob.gov/All%20Documents/Report%20on%20the%20Section%20702%20Program/PCLOB-Section-702-Report-PRE-RELEASE.pdf Section 702 is upstream collection, which includes taking traffic off of the Internet backbones. The Board declined to consider this bulk collection because it always involved a targeted selector, and (in my personal opinion) totally missed the point of what bulk collection means. The EFF did an outstanding infographic on what is happening, that I wish the PCLOB was more aligned with: https://www.eff.org/files/2014/07/24/backbone-3c-color.jpg Those two reports consumed the PCLOB for a long, long time, and they're now working on a bunch of things, including Executive Order 12333. http://www.washingtonpost.com/opinions/meet-executive-order-12333-the-reagan-rule-that-lets-the-nsa-spy-on-americans/2014/07/18/93d2ac22-0b93-11e4-b8e5-d0de80767fc2_story.html I don't want to go into too much detail about the people, and in part because I don't want to reduce a set of 5 complicated people to something like partisan lines, but it feels like the board's power dynamic is something like: 2 more establishment-friendly people, 2 people who are more critical of power, and 1 person who seems capable of leaning either way. I encourage you to read the two primary reports they published -- some individual board members include additional statements and recommendations not endorsed by the entire board, that can help shed light on their internal debates. -- Eric On Wed, Oct 22, 2014 at 5:40 PM, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 22, 2014 at 5:22 PM, Eric Mill e...@konklone.com wrote: The US Privacy and Civil Liberties Oversight Board will be having a public all-day meeting on November 12th on exactly this: Defining Privacy. http://www.pclob.gov/newsroom/20141020/ I've been to their meetings before, in person here in DC, and I find some (not all) of the board members to be in sync with many (not all) of the norms of the privacy and security community. Out of curiosity, who are the board members? It would be a real drag if the organization was setup like Citizens for Fire Safety. The action committee campaigned to continue use of toxic chemicals as a fire retardant at the expense of resident's and firefighters' lives. Later, it was learned the two or three members of Citizens for Fire Safety were chemical companies. -- konklone.com | @konklone https://twitter.com/konklone ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography