Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 1
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop 1 Overview of Security, Privacy, and Usability This overview briefly discusses computer system security and privacy, their relationship to usability, and research at their intersection. The chapter is drawn from remarks made at the National Research Council’s (NRC’s) July 2009 Workshop on Usability, Security, and Privacy of Computer Systems as well as recent reports from the NRC’s Computer Science and Telecommunications Board (CSTB) on security and privacy.1 SECURITY Society’s reliance on information technology (IT) has been increasing simultaneously with the ability of individuals, organizations, and state actors to conduct attacks on computer systems and networks. IT has become essential to the day-to-day operations of companies, organizations, and government. People’s personal lives also involve computing in areas ranging from communication with family and friends to online banking and other household and financial management activities. Companies large and small are ever more reliant on information systems to support diverse business processes, including payroll and accounting, the tracking of inventory, the operation of sales, manufacturing, and research 1 National Research Council, Toward a Safer and More Secure Cyberspace, Seymour E. Goodman and Herbert S. Lin, eds., The National Academies Press, Washington, D.C., 2007; and National Research Council, Engaging Privacy and Information Technology in a Digital Age, James Waldo, Herbert S. Lin, and Lynette I. Millett, eds., The National Academies Press, Washington, D.C., 2007.
OCR for page 2
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop and development—that is, computer systems are increasingly needed for organizations to be able to operate at all. Critical national infrastructures—such as those associated with energy, banking and finance, defense, law enforcement, transportation, water systems, and government and private emergency services—also depend on information systems and networks. The telecommunications system itself and the Internet running on top of it are critical infrastructure for the nation. Information systems play a critical role in many governmental functions, including national security and homeland and border security. The conventional definition of computer security relates to the following attributes of a computer system: confidentiality (the system prevents unauthorized access to information), integrity (information in the system cannot be altered without authorization), and availability (the system is available for authorized use). Authentication—the verification of identity using some combination of something that one knows (such as a password), something that one has (such as a hardware token), and something that one is (such as a fingerprint)—is often thought of as an additional essential security capability. Reliability is a closely related concept—a reliable system performs and maintains its functions even in hostile circumstances, including but not limited to threats from adversaries. Nearly all indications of the severity of the security threat to computer systems, whether associated with losses or damage, type of attack, or presence of vulnerability, indicate a continuously worsening problem.2 The potential consequences fall into three broad categories: Economic drag—To counter security problems, organizations are forced to spend in order to defend and strengthen insecure IT systems. Avoidance—Because of the perceived security risks of computing, individuals or organizations avoid using IT systems, thereby missing the potential benefit of their use. Catastrophe—Failure of an IT system causes major economic loss and perhaps even loss of life. A catastrophe could be the result of a cyberattack, a serious software design or implementation flaw, or system misuse. Despite advances that have been made in both practice and technology, cybersecurity will be a concern into the foreseeable future. More and more sensitive information will be stored in systems whose security does not necessarily increase in proportion to the value of the assets they contain. The threats will continue to evolve both on their own and as defenses against them are discovered and implemented. New vulnerabilities will emerge as previously unknown weaknesses are uncovered and as innova- 2 NRC, Toward a Safer and More Secure Cyberspace, 2007, p. 2.
OCR for page 3
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop tion leads to the use of IT in new applications and the deployment of new technologies. The growing complexity of IT systems and the fast-growing importance of network access and network-intermediated computing are likely to increase the emergence of new vulnerabilities. PRIVACY Information privacy concerns the protection of information about individuals and other entities. The environment for privacy is dynamic, reflecting societal shifts (e.g., increases in electronic communication), varying and evolving attitudes (e.g., across generations or cultures), and discontinuities (e.g., events and emerging conditions that rapidly transform the national debate, such as the September 11, 2001, attacks and the global response to them) as well as technological change. The decreasing cost of storage combined with the increase in communications devices, including, and especially, mobile ones, has led to remarkable impacts on personal privacy within a very short period of time. Private information can be compromised by attacking networks and computers directly or by tricking users into revealing the information or the credentials required to access it.3 Protecting privacy often occurs in the face of competing interests in the collection or use of particular information, and addressing privacy issues thus involves understanding and balancing these interests. USABILITY Usability may be thought of narrowly in terms of the quality of a system’s interfaces, but the concept applies more broadly to how well a system supports user needs and expectations. The International Organization for Standardization (ISO) 9241-11 standard defines usability as “the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use.”4 A framework attributed to both Nielsen5 and Shneiderman6 describes usability in terms of learnability, efficiency of use, memorability, few and noncatastrophic errors, and subjective satisfaction. Usability relates not only to understanding what taking a particular action means in 3 One example of the latter is phishing, which refers to attempts to acquire sensitive information such as passwords by pretending in an e-mail or other communication to be a trustworthy entity. 4 International Organization for Standardization (ISO), Ergonomics of Human System Interactions: Guidance on Usability (Part 11), ISO, Geneva, 1998. 5 Jakob Nielsen, Usability Engineering, Academic Press, San Diego, Calif., 1993, p. 26. 6 Ben Shneiderman, Designing the User Interface: Strategies for Effective Human-Computer-Interaction, Addison-Wesley, Reading, Mass., 1992.
OCR for page 4
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop the context of a particular interaction, but also to whether the user understands the implications of his or her choices in a broader context. Information system design and development inevitably embed assumptions and values, both implicit and explicit, that have impacts on a system’s users; these considerations may be thought of as another aspect of usability. USABILITY, SECURITY, AND PRIVACY Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had primary responsibility for security and privacy protections and in which the users tended to be sophisticated. Today, the user base is much wider—including the vast majority of employees in many organizations and a large fraction of households—but the basic models for security and privacy are essentially unchanged. Security features can be clumsy and awkward to use and can present significant obstacles to getting work done. As a result, cybersecurity measures are all too often disabled or bypassed by the users they are intended to protect.7 Similarly, when security gets in the way of functionality, designers and administrators deemphasize it. Workshop participant Don Norman quipped, “The more secure a system, the less secure the system”—that is, when users find that security gets in their way, they figure out ways to bypass it.8 Indeed, some participants suggested, it may be the dedicated workers who are most highly motivated to defeat security measures. The result is that end users often engage in actions, knowingly or unknowingly, that compromise the security of computer systems or contribute to the unwanted release of personal or other confidential information. For example, industry reports, such as the one issued in 2008 by the 7 A recent paper by Herley explains that “security advice is a daily burden, applied to the whole population, while an upper bound on the benefit is the harm suffered by the fraction that become victims annually.” C. Herley, “So Long, and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users,” New Security Paradigms Workshop 2009, Oxford. 8 This observation was published following the workshop in D.A. Norman, “When Security Gets in the Way,” Interactions 16(6): 60-63, 2009; a similar observation (“More onerous security requirements can lead to less secure situations”) appears in D.A. Norman, Living with Complexity, MIT Press, Cambridge, Mass., 2010, Chapter 3, in press.
OCR for page 5
OCR for page 6
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop USABILITY, SECURITY, AND PRIVACY: AN EMERGING DISCIPLINE A small but growing research community has been working at the intersection of usability, security, and privacy—one that draws on expertise from multiple disciplines including computer security, human-computer interaction, and psychology. Participants noted that as an emerging and multidisciplinary discipline, it is sometimes viewed as too “soft” by some engineers and scientists and that it does not always have buy-in from those responsible for managing the development and operation of computer systems. There has, however, been growing interest in the field from the more traditional disciplines. Papers at the intersection have appeared occasionally at traditional security conferences for many years, but until recently there have been few sustained research efforts in this area. Exploratory workshops held in 2003 and 2004 led to the organization in 2005 of the first formal conference on this topic, the Symposium on Usable Privacy and Security (SOUPS), which has been held annually since then. Increasingly, usable security and privacy papers are also appearing at traditional security conferences and human-computer interaction conferences, more academic and industry researchers are focusing their research in this area, several universities now offer courses in this area,10 and the National Science Foundation’s Trustworthy Computing program highlights usability as an important research area. 10 For example, courses have been offered by Carnegie Mellon University (“Usable Privacy and Security”; see http://cups.cs.cmu.edu/courses/ups.html), and Harvard University (“Security and Privacy Usability”; see http://www.seas.harvard.edu/courses/cs279/syllabus.html).