SBE: Medium: Collaborative: Understanding and Exploiting Visceral Roots of Privacy and Security Concerns

SBE：媒介：协作：理解和利用隐私和安全问题的内在根源

• 批准号: 1514192
• 负责人: Alessandro Acquisti
• 金额: $ 59.52万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-15 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1514192&HistoricalAwards=false
• 关键词: SBE; Medium; Collaborative; Understanding; Exploiting

Human beings have evolved to detect and react to threats in their physical environment, and have developed perceptual systems selected to assess these physical stimuli for current, material risks. In cyberspace, the same stimuli are often absent, subdued, or deliberately manipulated by malicious third parties. Hence, security and privacy concerns that would normally be activated in the offline world may remain muted, and defense behaviors may be hampered. While it is not possible to directly test such conjecture, it is possible to test the impact that "visceral" stimuli in the physical world (that is, physical, sensorial cues processed non-consciously rather than with conscious awareness) have on security and privacy behavior in cyberspace. We use a stream of human subjects experiments to investigate the impact of three sets of stimuli over security behavior and privacy behavior in cyberspace: 1) sensorial stimuli (such as auditory, visual, or olfactory cues of the physical proximity of other human beings); 2) surveillance stimuli (such as cues that one is being observed); and 3) environmental stimuli (such as inherent characteristics of the physical environment in which a subject is located). Security behavior is operationalized in terms of individuals? ability to recognize and react to cyber attacks. Privacy behavior is operationalized in terms of individuals? propensity to disclose personal or sensitive information.The goals of the experiments are twofold. From a positive perspective, the goal is to understand whether privacy and security decision making online is made harder by the absence of sensorial stimuli that humans have evolved to use to detect and react to threats in the physical world. From a normative perspective, the goal is to examine whether physical stimuli can be used to ameliorate security and privacy behavior in cyberspace. For instance: Can stimuli indicating physical proximity to others trigger changes in security and privacy behavior in cyberspace? If so, can the same stimuli be leveraged and exploited to design privacy and security interventions aimed at helping end users? Findings from this research may inform the work of security and privacy technologists, providing insights that go beyond the technical security of hardware and software infrastructure, and that help revisit the strategies and assumptions underlying those systems. Finally, by exposing conditions under which technology alone may not guarantee cybersecurity, this research can actively inform the work of policy makers.

人类已经进化到能够检测并对其物理环境中的威胁做出反应，并且已经开发出感知系统，以评估当前的物质风险的这些物理刺激。在网络空间中，同样的刺激通常是不存在的，或者被恶意的第三方故意操纵。因此，通常会在线下世界激活的安全和隐私担忧可能会保持沉默，防御行为可能会受到阻碍。虽然不可能直接测试这种猜测，但可以测试物理世界中的“内脏”刺激(即无意识地处理的物理、感官线索，而不是有意识的)对网络空间安全和隐私行为的影响。我们使用一系列人类受试者实验来调查三组刺激对网络空间中的安全行为和隐私行为的影响：1)感官刺激(如其他人身体接近的听觉、视觉或嗅觉线索)；2)监视刺激(如有人被观察的线索)；以及3)环境刺激(如受试者所在物理环境的固有特征)。安全行为是以个人的角度进行操作的吗？识别和应对网络攻击的能力。隐私行为在个人方面是可操作的吗？倾向于泄露个人或敏感信息。实验的目的有两个。从积极的角度来看，目标是了解在线隐私和安全决策是否因为缺乏感官刺激而变得更加困难，人类已经进化到使用感官刺激来检测和应对物理世界中的威胁。从规范的角度来看，目标是检查物理刺激是否可以用来改善网络空间的安全和隐私行为。例如：表明与他人身体接近的刺激是否会引发网络空间安全和隐私行为的变化？如果是这样的话，能否利用和利用同样的刺激来设计旨在帮助最终用户的隐私和安全干预措施？这项研究的发现可能会为安全和隐私技术专家的工作提供参考，提供超越硬件和软件基础设施的技术安全的见解，并有助于重新审视这些系统背后的战略和假设。最后，通过揭示仅靠技术可能无法保证网络安全的条件，这项研究可以为政策制定者的工作提供积极的信息。