SBE: Medium: Collaborative: Understanding and Exploiting Visceral Roots of Privacy and Security Concerns

SBE：媒介：协作：理解和利用隐私和安全问题的内在根源

• 批准号: 1513702
• 负责人: Jeffrey Hancock
• 金额: $ 34.56万
• 依托单位: Stanford University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-15 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1513702&HistoricalAwards=false
• 关键词: SBE; Medium; Collaborative; Understanding; Exploiting

Human beings have evolved to detect and react to threats in their physical environment, and have developed perceptual systems selected to assess these physical stimuli for current, material risks. In cyberspace, the same stimuli are often absent, subdued, or deliberately manipulated by malicious third parties. Hence, security and privacy concerns that would normally be activated in the offline world may remain muted, and defense behaviors may be hampered. While it is not possible to directly test such conjecture, it is possible to test the impact that "visceral" stimuli in the physical world (that is, physical, sensorial cues processed non-consciously rather than with conscious awareness) have on security and privacy behavior in cyberspace. The PIs use a stream of human subjects experiments to investigate the impact of three sets of stimuli over security behavior and privacy behavior in cyberspace: 1) sensorial stimuli (such as auditory, visual, or olfactory cues of the physical proximity of other human beings); 2) surveillance stimuli (such as cues that one is being observed); and 3) environmental stimuli (such as inherent characteristics of the physical environment in which a subject is located). Security behavior is operationalized in terms of individuals' ability to recognize and react to cyber attacks. Privacy behavior is operationalized in terms of individuals' propensity to disclose personal or sensitive information.The goals of the experiments are twofold. From a positive perspective, the goal is to understand whether privacy and security decision making online is made harder by the absence of sensorial stimuli that humans have evolved to use to detect and react to threats in the physical world. From a normative perspective, the goal is to examine whether physical stimuli can be used to ameliorate security and privacy behavior in cyberspace. For instance: Can stimuli indicating physical proximity to others trigger changes in security and privacy behavior in cyberspace? If so, can the same stimuli be leveraged and exploited to design privacy and security interventions aimed at helping end users? Findings from this research may inform the work of security and privacy technologists, providing insights that go beyond the technical security of hardware and software infrastructure, and that help revisit the strategies and assumptions underlying those systems. Finally, by exposing conditions under which technology alone may not guarantee cybersecurity, this research can actively inform the work of policy makers.

人类已经发展为检测物理环境中的威胁并反应，并开发了选择评估这些物理刺激的感知系统。在网络空间中，通常没有恶意的第三方不存在，制服或故意操纵相同的刺激。因此，在离线世界中通常会激活通常会激活的安全和隐私问题可能会保持沉默，并且可能会受到防御行为。虽然不可能直接测试这种猜想，但可以测试“内脏”刺激在物理世界中的影响（即物理上的，有感觉提示非自觉而不是有意识的意识）对网络空间中的安全性和隐私行为具有。 PI使用人类受试者实验来研究三组刺激对安全性行为和隐私行为在网络空间中的影响：1）感官刺激（例如其他人类物理接近的听觉，视觉或嗅觉提示）； 2）监视刺激（例如正在观察到一个线索）； 3）环境刺激（例如受试者所在的物理环境的固有特征）。安全行为是根据个人识别和对网络攻击反应的能力而实施的。隐私行为是根据个人披露个人或敏感信息的倾向来运作的。实验的目标是双重的。从积极的角度来看，目的是了解人类已经进化用于检测和应对物理世界中威胁的感官刺激是否更难在线制定隐私和安全决策。从规范的角度来看，目标是检查是否可以使用物理刺激来缓解网络空间中的安全性和隐私行为。例如：表明与他人的物理接近的刺激可以触发网络空间中安全性和隐私行为的变化吗？如果是这样，是否可以利用和利用相同的刺激来设计旨在帮助最终用户的隐私干预措施？这项研究的发现可能会为安全和隐私技术人员的工作提供信息，提供超越硬件和软件基础架构的技术安全性的见解，并有助于重新审视这些系统基础的策略和假设。最后，通过揭露仅技术可能无法保证网络安全的条件，这项研究可以积极地告知政策制定者的工作。