Matt Blaze's
Science, Security, Curiosity
Security and Human Behavior Workshop
June 30 - July 1, 2008 at MIT.

I was lucky enough to be invited to the first Interdisciplinary Workshop on Security and Human Behavior at MIT this week. Organized by Alessandro Acquisti, Ross Anderson, George Lowenstein, and Bruce Schneier, the workshop brought together an aggressively diverse group of 42 researchers from perspectives across computing, psychology, economics, sociology, philosophy and even photography and skepticism. As someone long interested in security on the human scale [pdf], it was exciting to meet so many like minded people from outside my own field. And judging from the comments on Ross' and Bruce's blogs, there's a lot more interest in this subject than from just the attendees.

There wasn't a single climactic insight or big result from the workshop; the participants mainly gave overviews of their fields or talked about their previously published work. The point was to get people with similar interests but widely different backgrounds talking (and hopefully collaborating) with one another, and it succeeded amazingly well at that. I overheard someone (accurately) comment that many of the kinds of conversations that usually take place in the hallway or the bar at most conferences were taking place in the sessions here.

This was a small and informal event, with no published proceedings or other tangible record, but I made quick-and-dirty sound recordings of most of the sessions, which I'll put up here as I process them.

I apologize for the uneven sound quality (the Frank Gehry sculpture in which the workshop was held was clearly not designed with acoustics in mind, and the speakers weren't always standing near my recorder's microphone on the podium). Audience comments in particular may be inaudible. Keep in mind that these are all big 90 minute MP3 files, about 40MB each, so they are definitely not for the bandwidth-deprived. For concise summaries of the sessions, see Ross Anderson's excellent live-blogged notes here.

Update 7/1/08 8pm: I'm heading back home from the conference now, with all the sound from yesterday already online below. I should have today's files (except the last session) up by late tonight or early tomorrow.

Update 7/1/08 11pm: I've uploaded the rest of the conference audio (except for the final session), all of which is linked from the agenda below. Unfortunately, I had to leave just before the last session (Session 8), so there's no audio for that one; sorry.


Monday 6/30/08

  • Session 1 (0900-1030) – Deception
  • Detecting deception; social and psychological aspects; deception in sociotechnical systems; propaganda
    Bruce Schneier (introduction), Paul Ekman (audio omitted), Jean Camp, Uri Simonsohn, Mike Roe, James Randi
    [.mp3 audio]

  • Session 2 (1100-1230) – Online crime
  • Engineering, economics and psychology of online crime; crime prevention
    Matt Blaze, Ron Clarke, Eric Johnson, Charles Perrow, Alma Whitten (audio omitted)
    [.mp3 audio]

  • Session 3 (1400-1530) – Usability
  • Why security products are hard to use; how psychology can inform design; empowerment or learned helplessness
    Jon Callas, Luke Church, Markus Jakobsson, Bashar Nuseibeh, Angela Sasse
    [.mp3 audio]

  • Session 4 (1600-1730) – Methodology
  • What we need to learn about research technique from engineering, economics and psychology
    Bill Burns, Ralph Chatham, Lorrie Faith Cranor, Mark Frank, Stuart Schechter
    [.mp3 audio]

Tuesday 7/1/08

  • Session 5 (0900-1030) – Foundations
  • Social cognition; the Machiavellian brain; mortality salience; biases and heuristics
    Dave Clark, David Livingstone Smith, Tyler Moore, Carey Morewedge, George Loewenstein (audio omitted)
    [.mp3 audio]

  • Session 6 (1100-1230) – Terror
  • Risk and the perception of risk; its role in politics and culture; the culture of fear; how societies may be resilient or be damaged
    Bruce Schneier, Frank Furedi, Richard John, John Mueller, Paul Shambroom
    [.mp3 audio]

  • Session 7 (1400-1530) – Privacy
  • The privacy paradox; explanations from behavioural economics; coevolution of attitudes, technology and regulation
    Alessandro Acquisti, Andrew Adams, Peter Neumann, Andrew Odlyzko, Frank Stajano
    [.mp3 audio]

  • Session 8 (1600-1730) – How do we fix the world?
  • Or, at the very least, what are the interesting research questions on which we can hope to make progress?
    Ross Anderson, Ed Felten, Nick Humphrey, Hal Varian, Richard Zeckhauser
    Audio N/A.

Technical note: All sound was recorded on a Nagra ARES-M miniature digital recorder via an external Crown PZM boundary microphone, inside an almost completely anechoic teepee-shaped meeting room at the MIT Stata Center.