In a recent CACM Viewpoint, Susan Landau (2009) calls for an understanding of the complexity of human behavior underlying IT-security and proposes a multidimensional approach with contributions from areas such as business, anthropology and engineering. Butler Lampson (2009) discusses how the relationship between IT systems and users is all about rules, regulations and policies. While he is critical towards existing models of security, he still calls for better conceptual models of IT-security. In this, he concords with Don Norman (2009), who takes his starting point in how even security experts work around security mechanisms to get work done. While both authors question the idea that we should strive for perfection and complete models of IT-security, they argue that the conceptual model of security mechanisms that users have, or should be provided with, is the key to better security. This is particularly problematic if we extend from IT literate people to the wider population from young children to the silver surfers using social networking for the first time and not fully conversant with the issues of privacy, security and trust.

We are puzzled about the optimism around conceptual models in the IT-security area as represented by the above authors. It seems as if part of the area of IT-security does not embrace the insights from the past decades of HCI research: human-centeredness, participatory design, experience design, value-based design, etc. The workshop is set up to address how some of these more recent approaches embrace IT-security. We organized a workshop on user-centered security at the 2008 NordiCHI conference, and this new workshop will follow up on, and refine some of the experiences from that workshop.

For further information, please refer to the workshop website.

Submission deadline: 23rd of July. Response: 30th of August

The organisers have previously organized many scientific workshops, including workshops at NordiCHI and CSCW conferences. Part of the team co-arranged the NordiCHI 2008 workshop together. They have also been keynotes and invited speakers at many workshops on this theme.

Susanne Bødker, Ph.d. Professor, Department of Computer Science, University of Aarhus. Susanne has a background in participatory design, HCI theory and works with user-centred security from the perspective of citizen’s interaction with public information systems.

Niels Mathiassen Ph.d.-student, Department of Computer Science, University of Aarhus. Niels works with new perspectives on usable security and security sensible use situations.

Dr. Lynne Coventry: Lynne is the co-director of PaCTLab. She is an applied researcher with fifteen years of industrial experience.

Linda Little: Dr Linda Little is a Senior Lecturer within the Division of Psychology and a member of the PaCT Lab. Linda’s main research areas are privacy, trust, technology use in public places and the impact of age and disability on technology use.

Pam Briggs: Professor Pam Briggs is Co-Director of the Psychology and Communication Technology Lab (PaCTLab) at Northumbria University.  Pam has over twenty years experience of working with designers of usable and accessible systems and developing new techniques for understanding user behavior

Aad van Moorsel: Director of the Centre for Cybercrime and Computer Security. School of Computing Science, Newcastle University, UK. Within the Centre for Cybercrime and Computer Security, Internet safety for families is an important topic.  We conduct research on usable security and the perception of trust of Internet users.  We also run Internet safety workshops and classes for families, educating and reaching out to children, parents and grandparents.

Janet Read: Dr Janet C Read is a Reader in Child Computer Interaction at the University of central Lancashire, Preston, UK.  She is the Director of the Child Computer Interaction (ChiCI) research group that has as its remit 'research that contributes to the better design and evaluation of interactive technologies for children'.  The CHiCI group, under Dr Read's direction, have successfully completed research projects in several areas including a recent project, UMSIC, in which they were specifically charged with looking at privacy, security and trust in systems for children.

Karen Renauld: Karen is a researcher in the at Glasgow university. She is particularly interested in the design and evaluation of novel authentication mechanisms an has published widely.

Marianne Graves Pedersen, Ph.d. Associate professor, Department of Computer Science, University of Aarhus: Marianne specializes in interaction design for everyday technology and works with user-centred security from an experience-perspective.

Mike Just, School of Informatics, University of Edinburgh: Mike Just is a Lecturer in the School of Informatics at the University of Edinburgh. His research interests include applied  cryptography, human-computer interaction, network security, and social informatics. During his 10 years of public and private sector experience, he led numerous projects that balanced the demands of security, privacy, and usability. In 2003, he designed the system currently used by the Canadian government to authenticate approximately 6 million citizens.

Andrew Patrick: Andrew is an Information Technology Research Analyst at the Office of the Privacy Commissioner of Canada and an Adjunct Professor, Psychology & Computer Science, Carleton University. He has been involved with privacy and security research for a number of years and has published widely on this topic.

Stephen Marsh: Steve is a pioneering trust researcher with a deep interest in the workings of trust in social settings, particularly with regard to mobile technologies and agent-based technologies for the support of communications. He is a research scientist at Communications Research Centre, Canada, and investigates network security through trust, location-based trust, mobile device comfort, and social trust.