Security and Human Behavior (SHB) 2019

Today is the second day of the twelfth Workshop on Security and Human Behavior, which I am hosting at Harvard University.

SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

The goal is to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to 7-10 minutes. The rest of the time is left to open discussion. Four hour-and-a-half panels per day over two days equals eight panels; six people per panel means that 48 people get to speak. We also have lunches, dinners, and receptions—all designed so people from different disciplines talk to each other.

I invariably find this to be the most intellectually stimulating two days of my professional year. It influences my thinking in many different, and sometimes surprising, ways.

This year’s program is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is liveblogging the talks—remotely, because he was denied a visa earlier this year.

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, and eleventh SHB workshops. Follow those links to find summaries, papers, and occasionally audio recordings of the various workshops. Ross also maintains a good webpage of psychology and security resources.

Posted on June 6, 2019 at 2:16 PM14 Comments


kiwano June 6, 2019 3:51 PM

I wonder if there are getting to be issues about the distinction between B-1 and O visas, and which of them the notable cryptographers are supposed to be entering on for a particular event.

(requeried) June 6, 2019 10:19 PM

Just call yourself a model and get a “genius” visa waiver. Be best, be easy!

Mark June 6, 2019 11:17 PM

The participant list reads as a bunch of out-of-touch academic types. Given the nonsense that comes out of many universities these days, I’m hardly impressed.

Has anyone on the participant list ever dealt with people outside the academic echo chamber?

No One June 7, 2019 6:12 AM

That Ross Anderson was denied a visa makes one wonder. As the years go by, I cannot help but notice that free speech is being curtailed in the United States, in one way or another. This is very disturbing.

Last year I was not impressed by the list of speakers. When we talk about security, we must be clear about exactly whose security we mean: Thai netizens? Pakistani villagers in the NWFP? British MPs? People in the U.S. IC? Jane and Jim Doe in Nebraska? Blue-state academics? Chinese businessmen who travel overseas?

What then does security mean if it is the same thing for all these people? Does one group’s security necessarily mean a lack of security for another group? Example: If the Palestinians enjoy good security, then does that threaten Israel? Is water wet?

If we acknowledge that it is not a happy, happy world, and that one group’s security and prosperity is a direct threat to that of another group, will that ruin the amuse-bouche at Harvard that day?

I daresay the truth of the matter is too ugly to talk about in such polite society.

Alan G Yoder June 7, 2019 9:26 AM

I don’t mind the academic focus, personally.

It merely comes with the caveat that theory may blaze the trail, but it can’t pave the road.

Joe June 8, 2019 9:30 PM

British Citizens do not, in general, need a visa to attend conferences in the USA. There must be more to this.

David Rudling June 9, 2019 4:50 AM

Irrespective of Ross Anderson being denied entry to the US, which is deplorable, I am very glad that you are free to enter the UK for your lecture at Oxford University on June 17th. Whilst the topic is not cryptography per se, I hope that the UK will remain welcoming for academic debate on such subjects – we certainly need enlightened input to discussions over here.

vas pup June 12, 2019 2:44 PM

Music festival lighting ‘can trigger epileptic fits’:

“Around 3% of people with epilepsy are photosensitive, which means their seizures are triggered by flashing or flickering lights, or patterns.

The Health and Safety Executive recommends strobe lighting should be kept to a maximum of four hertz (four flashes per second) in clubs and at public events.”

How about seven hertz – I guess everybody will respond in same way as ultrasound of the same frequency. Research could prove utilization for riot control and/o security denial of access settings.

Clive Robinson June 12, 2019 8:47 PM

@ Vas Pup,

How about seven hertz – I guess everybody will respond in same way as ultrasound of the same frequency.

The bandwidth to the brain is different and it ends up in different places and carries the signals in different ways. Which is just one of the reasons “visual prosthesis” by direct electrical stimulation[1] is taking longer than similar technology that has given us “audio prosthesis” via cochlear implants.

Direct electrical stimulation of nerves going into the brain has started to build up a fair amount of scientific data. Amoungst which is information about what went wrong and caused seizures in not just test animals but actual humans.

Such information has been used by those doing other research –such as brain stimulation by magnetic pulse from outside the human head– to reduce the likelyhood of seizures. Thus if you have access to such data working out what is more likely to cause seizures will be somewhat less difficult.

Broadly however if you can find frequencies that are similar to those of the brain at those entry points then you can modulate in a way that can lead to injection locking. From there you can induce various changes in frequency etc.

But a note of caution should be sounded. When someone has an epileptic episode it happens because of what would be considered “cross over” if talking about electrical circuits. Importantly crossover is more prevelent as insulation thickness decreases. In nerves the insulation is in effect the myelin sheath. Thus in individuals where it is thiner they are more likely to be susceptible to crossover. This has for instance been partly demonstrated by the use of plastic surgery and migraine sufferers[2].

But similar issues exist with epilepsy sufferers and there is ongoing research[3] into this.

Of note is that epilepsy is considered by many to in effect be degenerative. That is each seizure will make the next more likely. This accumulator effect my also happen in people with normal myelin around the nerves.

Thus inducing seizures in people is as they oh so politely put it “contra indicated”.

From what I can tell a lot of electrostimulation research is carried out in China, and they may well be the lrading experts. What I do know is that the money to be made in electronic prosthesis is mind boggling. You only have to look at the price of a modern “bluetooth enabled” hearing aid at over two thousand dollars for what in essence is a one dollar area of silicon realestate and the associated MEMS transducers to realise this is going to be a major growth area and way beyond highly profitable.

Thus “doing business” with China is likely to become increasingly necessary for “Health Care” in the USA. Something those of an age where electronic prosthesis is becoming important to being able to function in society should consider somewhat thoughtfully. We talk of “locked in syndrome” (pseudocoma) where a person is aware but only capable of communicating with others by small vertical eye movments or partial blinking. Due to the way the first world has shifted to be reliant on electronic communications through Smart Devices and the like we have to ask ourselves what would happen if we were aware and rather than not being able to send communications out, could not receive incoming communications… Personally I think limitations in communications in either direction is not something people would want.

After all it’s not difficult to imagine being incapable of moving in the middle of a vast corn field in the pitch dark. Where no matter how hard you shout you don’t even hear an echo, just the static like noise caused by dry stalks in a gental breaze. It’s a kind of stock meme for horror films, but imagine it for real as your senses age, what price would you pay to not be in that place?

But then again there is a flip side, as with most technology it’s “dual use” and “agnostic to use”. We’ve seen virtual world artifacts overlay the real world, and work with games on mobile phones where Nintendo charecters can be hunted.

But consider what price would you pay to have virtual reality overlay it’s self on the real world inside your head?

That’s where the real money is going to be in a few more years as electronic stimulation of nerves in prosthetics improves. And sadly almost the first use for it will be as it was with mobile phones “Girls, Gambling and Games”, then of course “kitten videos” with 24Hour direct to mind advertising to follow. Such is the human condition, we always bite the apple and get thrown out the garden.

[1] This article gives you some background on “visual prosthesis” and similar areas of research,



vas pup June 14, 2019 12:36 PM

@Clive Thank you!
Disorientation of driver by kind of stroboscopic lights could cause fatal accident. Looks like when Princess Diane was victim – just my humble assumption.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.