SOUPS

Welcome to the Symposium On Usable Privacy and Security! This inaugural event brings together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. While papers on usable privacy and security have appeared periodically in privacy, security, and human-computer interaction conferences and workshops for many years, until recently there had been no event focusing specifically on this area. Because of the inherently interdisciplinary nature of this area, there are benefits to researchers from these communities meeting together to discuss their work. Successful workshops at CHI 2003 and DIMACS in 2004, and a number of recent journal special issues on related topics demonstrated that there was sufficient interest to organize a symposium featuring refereed papers. We organized a program that provides both a forum for refereed papers as well as opportunities for informal interactions and small group discussions.The program features 10 refereed papers, two tutorials, 22 posters, two panels, four discussion sessions, and an invited talk. We received 39 paper submissions. Each paper was refereed by at least three members of the refereed papers committee, and through an online discussion process the committee selected 10 papers for presentation and publication. The committee also selected the paper "Developing Privacy Guidelines for Social Location Disclosure Applications and Services" by Giovanni Iachello (Georgia Institute of Technology), Ian Smith, Sunny Consolvo, Mike Chen (Intel Research ), and Gregory D. Abowd (Georgia Institute of Technology) to receive the best paper award.Our two tutorials are intended to help attendees who have a primary background in either security/privacy or HCI/usability to get up to speed in the other area. Jason I. Hong (Carnegie Mellon University) developed a tutorial on "User Interface Design, Prototyping, and Evaluation," covering the key concepts and techniques in these areas. Simson Garfinkel (MIT) developed a tutorial on "Introduction to Computer Security and Privacy," providing a primer on security and privacy for those with a background in usability. While there is much more to learn in these areas than can be covered in a half-day tutorial, we hope our tutorials provide a good overview of these areas, allowing participants to gain an appreciation for the important issues and techniques.We have lined up two interesting panels. The first panel, organized by Konstantin Beznosov (University of British Columbia), explores, "Usability of Security Administration vs. Usability of End-user Security." The second panel, organized by Robert Miller (MIT), examines what happens "When User Studies Attack: Evaluating Security By Intentionally Attacking Users."The program also features an invited talk by Bill Cheswick on "My Dad's Computer, Microsoft, and the Future of Internet Security." Cheswick uses his father's computer to illustrate why millions of people routinely run dangerous software on badly-infected computers. He discusses the prospects for improved security for home users, and for corporate and government intranets.Finally, the SOUPS 2005 program includes four parallel "discussion" sessions, featuring moderated discussion on a topic of interest to attendees. Discussion sessions have been organized around the following topics: "Usability and Acceptance of Biometrics," "Valuation and Context," "When User Studies Attack: Evaluating Security By Intentionally Attacking Users," and "Usable Interfaces for Anonymous Communication." We hope the small group format will lead to lively and productive interactions.