- back to home page -
[The aim: To communicate the essentials of sociological thinking in 5 minutes; along with a reminder indicating the importance of being aware, thorough, and consistent when working on cultural change, keeping in mind that optimizing user culture is a subject of this conference; and using our own activity of registering for this security conference as an immediate example where our own awareness and consistency can be reviewed.]
------Title Page:
I am interested in the culture and thinking of cybersecurity.
For non-native speakers of English, I will mention the meaning of a couple
of words in my title:
"phenomenology" refers to internal mental processing and its objects; and
"preach" means some people telling other people what to do.
You can think of this Lightning Talk as a contribution to what Edward Felten was talking about in the keynote address this morning when he said it was important to do things in a way that "shows you are on the ball".
------Slide 2:
I take "usable" to be about usability for humans. I also take that "privacy"
and "security" are of concern in so far as they relate to, or are an aspect
of, human attributes, possessions, and activity.
Society is constituted of humans interacting with each other. The concept is usually restricted to cases where the interacting is well ordered or systematic. So for example the chaos of war or other disaster could be a possible case of a null state of society.
Culture—about which sociologists and anthropologists can do endless arguing if they choose—provides the rules, explicit or not, which, being followed, result in the orderliness of society.
Social-psychology is where we look to understand how, to what extent, and so on, culture is internalized in individual human beings. Activities such as writing software for users, defining user policy, etc are activities which create culture to be internalized in people's social-psychology.
The key word in this is people, which includes us here now because we are people.
Note by the way, since we are at CMU where a lot of robotics work is done, that a lot of the discussion back and forth about the significance of "robots" and so on may be summarized as being about understanding whether or to what extent artificially constructed machines can properly be viewed in social-psychological terms.
------Slide 3:
But just how do we do such looking at social-psychology?
Well, introspection plays a big part. It is a significant tool, noting that a tool need not be perfect to be useful.
------Slide 4:
So let me ask all of us usable-security, social-psychological people here at
SOUPS 2011: What notable difference is there between these two
partially-shown web pages?
Right—http versus https. We should notice this. After all we are supposed to be Security & Privacy people, to be alert, and to care, unlike how ordinary users might be.
Which brings me to an important point. The social-psychological experience each of us had responding to the SOUPS web registration offered by our truly fine CMU hosts is worthwhile data in the work for usable privacy and security. We have such experiences often enough—do we still pay attention and think things through? Surprisingly, there may not be consistent demand for https by people like us in cases like this. The CCNY NorthEast Security Day conference this past May is the only https registration I have encountered. And further, as far as I can tell, I have been the only attendee at any of the conferences I have gone to in the past several years who has tried to avoid the plain http by phoning and asking for offline registration.
Three years ago, when SOUPS was previously here at CMU and had only http registration, they let me register and pay by phone. This year the online http registration was required, though they let me pay by paper mail. Anyone else ever ask for offline registration? [No one spoke up during my talk in reply to this question, though I gave time for audience response. Afterward one recent PhD of the CMU secure computing program told me he had noticed the insecure, plain http, but despite some discomfort had used it without raising any question.]
Your Mileage May Vary, but what thinking do we want to be habitual in the culture we are trying to create?
In any case, I hope this small "heads up" contribution by me today helps.
------Slide 5:
Any questions?
- back to home page -