This framework gives structure to what is known in the literature and the SIGCHI community about the social-psychological drivers of security and privacy adoption.
Pleased to be getting a publication out from my thesis work! This short paper and poster recaps the initial work to synthesize a framework that provides structure to the growing literature on social cybersecurity.
Many usable security solutions exist (such as using password managers or reporting phishing scams), but people often are not fully aware of what they do or use them regularly. A conceptual model of the adoption process will help us to identify where people get stuck and how to leverage social influences to encourage secure behaviors. We will be able to form and test hypotheses and improve our designs.
Toward this goal, we have developed a framework that synthesizes our design ideation, expertise, prior work, and new interview data (N=17) into a six-step adoption process with path relationships, associated social influences, and obstacles.
This work contributes a prototype framework that accounts for social influences by step. It adds to what is known in the literature and the SIGCHI community about the social-psychological drivers of security adoption.
Future work (from my lab, but hopefully others’ too) should establish whether this process is the same regardless of culture, demographic variation, or work vs. home context, and whether it is a reliable theoretical basis and method for designing experiments and focusing efforts where they are likely to be most productive.
Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2024. A Framework for Reasoning about Social Influences on Security and Privacy Adoption. In Extended Abstracts of the ACM Conference on Human Factors in Computing Systems (CHI EA 2024), May 11-16, 2024, Honolulu, HI, USA. ACM, New York, NY, USA, 13 pages. Available at: https://corifaklaris.com/files/framework_chi2024.pdf
In Spring and Fall 2023, my students had some successes in using generative AI such as ChatGPT for coursework (without crossing the line into a stated integrity violation). Some of these uses were:
Creating a prototype image of a “Quantified Toilet” in situ, as part of a privacy design project (based on a thought experiment at CHI 2014, but a real-life possibilitytoo).
Writing quick research summaries for a shared Google Slides deck in my Collaborative and Social Computing graduate seminar.
Testing out whether commercially available Large Language Models (LLMs) can reliably and validly answer questions about dealing with security and privacy concerns.
But they also ran into a few obstacles. One, they did not know how to effectively prompt these models or to generate versions or new iterations of the first idea. This semester, I will provide them with more guidance.
Two, students did not know enough to be on alert for errors generated by the models. With images, that can be as simple as a missing flush valve on the toilet tank drawing. With text, the errors can be harder to notice if you are not knowledgeable about the topic. I had to correct students on a few occasions that the papers or author names that ChatGPT generated, based on an existing research paper, simply did not exist!
Georgia Tech’s Amy Bruckman has provided her draft of an AI policy that puts students on notice of potential harms. She notes that her courses are writing-heavy, so she discourages the use of genAI, noting that it has the strong potential to reduce their learning. Other potential harms noted in her policy: factual errors, bias, fake references, and poor style.
With this in mind, I have revised my Version 1.0 policy to use the following text (italics show emphasis in the syllabus given to students):
“In this course, students are permitted to use tools such as Stable Diffusion, DALL-E, ChatGPT, Bard Gemini, and Bing Copilot. In general, permitted use of such tools is consistent with permitted use of non-AI assistants such as Grammarly, templating tools such as Canva, or images or text sourced from the internet or others’ files. No student may submit an assignment or work on an exam as their own that is entirely generated by means of an AI tool. If students use an AI tool or other creative tool to generate, draft, create, or compose any portion of any assignment, they must (a) credit the tool, and (b) identify what part of the work is from the AI tool and what is from themselves. Students are responsible for identifying and removing any factual errors, biases, and/or fake references that are introduced into their work through use of the AI tool.“
I give a syllabus quiz at the start of every semester. I now have written a question to reinforce to students what they should retain about this policy. In future class sessions, I aim to follow up with a discussion in class about how to identify problems in generative AI output, and how to remedy these problems.
I spent this weekend talking over email and in person with students who (for very valid life-issue reasons) have completed – or want to complete – a flexible-time, low-cost, online-only path to breaking into a new career in tech.
Bluntly: Unless your last name is Gates or Zuckerberg, that’s not going to work. Experience as both a student and teacher has shown me two reasons why in-person classes are so vitally important:
Social skills and networking. Most students do not realize what a precious gift these are at the college level. You’ll learn a tremendous amount by simply talking with classmates and staff in passing, developing relationships, and supporting each other. Doors will open that you never knew existed.
Time discipline! Very very few students can function at the level needed without the built-in structure forcing you to set aside FOCUSED time blocks for the commute and the class and group meetings. Logging in at home is simply not a sufficient substitute. You won’t absorb enough. You won’t keep up.
Social interactions and time discipline help you shape your competitive advantage. What will set you apart from the 100, 500, 1,000 resumes that flood in for one open position? Will it be that you showed competency (still important) or that you excelled in some fashion (what employers really want to see)? What’s your “special sauce”? Does an acquaintance who already works for the employer (maybe alumni, or a former colleague on a group project, or someone who worked with you in a club) have a reason to believe in your potential? Do you have external references whom the employer will trust and know by name, and who have recently spent time working with you? Did you prove your persistence and drive by achieving something not everyone can do, such as complete an accredited college degree with a 3.5 GPA or higher? Do you walk into an interview with the confidence that comes from setting such a difficult goal and achieving it?
Teachers can only help so much
I try to make it easy for students to work around life issues – maybe their car breaks down, or they are sick and don’t want to infect anyone, or a sibling is getting married in a foreign country. For these students, I offer makeups for in-class activities, and I post audio and video recordings of my lectures, so that they can watch while sniffling in bed or listen to my voice on commutes.
But I have also learned that students who enroll and never show up are, essentially, planning to fail — in the course, and afterward. It’s not only because they miss so many in-class points, such as presentations and exams. It’s really not that no one knows them, because colleges build in enough online interaction through our learning management software, Discord, Slack, and email communications to make others aware of their presence. No, these students have demonstrated to others that they do not show up, and they do not keep up. No one trusts them. No one wants to pick them for a group project. No one has a reason to go out of their way to help them. They have no peer to explain an assignment to them, or to help them study, or commiserate over a difficult concept. There’s no one to go to the trouble of Zooming them into a group discussion. Definitely, there’s no one reminding them that TOMORROW is the midterm or final, when 20% or more of their grade is up for grabs.
Make a conscious effort to show up
Plan to succeed. Car-pool to campus. Arrange a babysitter. Talk with your boss about time off for attending class. Switch work shifts. Go to the club meetings. Go the extra mile in group projects. Don’t overload yourself – take only 1-2 classes per semester if you work full-time. Take out that loan – it’s an investment in yourself and relieves your money worries. Cancel streaming. Study on Saturdays. Cut back on drinking and drugs. Save as much as you can in a 529, 401(k), IRA, or other tax-advantaged account for the day when you can attend college full-time.