Entries Tagged "psychology of security"

Page 4 of 26

Another Scandal Resulting from E-mails Gone Public

A lot of Pennsylvania government officials are being hurt as a result of e-mails being made public. This is all the result of a political pressure to release the e-mails, and not an organizational doxing attack, but the effects are the same.

Our psychology of e-mail doesn’t match the reality. We treat it as ephemeral, even though it’s not. And the archival nature of e-mail—or text messages, or Twitter chats, or Facebook conversations—isn’t salient.

Posted on December 30, 2015 at 6:29 AMView Comments

Tracking the Psychological Effects of the 9/11 Attacks

Interesting research from 2012: “The Dynamics of Evolving Beliefs, Concerns, Emotions, and Behavioral Avoidance Following 9/11: A Longitudinal Analysis of Representative Archival Samples“:

Abstract: September 11 created a natural experiment that enables us to track the psychological effects of a large-scale terror event over time. The archival data came from 8,070 participants of 10 ABC and CBS News polls collected from September 2001 until September 2006. Six questions investigated emotional, behavioral, and cognitive responses to the events of September 11 over a five-year period. We found that heightened responses after September 11 dissipated and reached a plateau at various points in time over a five-year period. We also found that emotional, cognitive, and behavioral reactions were moderated by age, sex, political affiliation, and proximity to the attack. Both emotional and behavioral responses returned to a normal state after one year, whereas cognitively-based perceptions of risk were still diminishing as late as September 2006. These results provide insight into how individuals will perceive and respond to future similar attacks.

Posted on June 30, 2015 at 6:27 AMView Comments

Other GCHQ News from Snowden

There are two other Snowden stories this week about GCHQ: one about its hacking practices, and the other about its propaganda and psychology research. The second is particularly disturbing:

While some of the unit’s activities are focused on the claimed areas, JTRIG also appears to be intimately involved in traditional law enforcement areas and U.K.-specific activity, as previously unpublished documents demonstrate. An August 2009 JTRIG memo entitled “Operational Highlights” boasts of “GCHQ’s first serious crime effects operation” against a website that was identifying police informants and members of a witness protection program. Another operation investigated an Internet forum allegedly “used to facilitate and execute online fraud.” The document also describes GCHQ advice provided :to assist the UK negotiating team on climate change.”

Particularly revealing is a fascinating 42-page document from 2011 detailing JTRIG’s activities. It provides the most comprehensive and sweeping insight to date into the scope of this unit’s extreme methods. Entitled “Behavioral Science Support for JTRIG’s Effects and Online HUMINT [Human Intelligence] Operations,” it describes the types of targets on which the unit focuses, the psychological and behavioral research it commissions and exploits, and its future organizational aspirations. It is authored by a psychologist, Mandeep K. Dhami.

Among other things, the document lays out the tactics the agency uses to manipulate public opinion, its scientific and psychological research into how human thinking and behavior can be influenced, and the broad range of targets that are traditionally the province of law enforcement rather than intelligence agencies.

Posted on June 26, 2015 at 12:12 PMView Comments

Security and Human Behavior (SHB 2015)

Earlier this week, I was at the eighth Workshop on Security and Human Behavior.

This is a small invitational gathering of people studying various aspects of the human side of security. The fifty people in the room include psychologists, computer security researchers, sociologists, behavioral economists, philosophers, political scientists, lawyers, biologists, anthropologists, business school professors, neuroscientists, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

I call this the most intellectually stimulating two days of my year. The goal is discussion amongst the group. We do that by putting everyone on panels, but only letting each person talk for 10 minutes. The rest of the 90-minute panel is left for discussion.

Ross Anderson liveblogged the talks. Bob Sullivan wrote a piece on some of the presentations on family surveillance.

Here are my posts on the first, second, third, fourth, fifth, sixth, and seventh SHB workshops. Follow those links to find summaries, papers, and audio recordings of the workshops.

Posted on June 11, 2015 at 1:24 PMView Comments

How We Become Habituated to Security Warnings on Computers

New research: “How Polymorphic Warnings Reduce Habituation in the Brain ­- Insights from an fMRI Study.”

Abstract: Research on security warnings consistently points to habituation as a key reason why users ignore security warnings. However, because habituation as a mental state is difficult to observe, previous research has examined habituation indirectly by observing its influence on security behaviors. This study addresses this gap by using functional magnetic resonance imaging (fMRI) to open the “black box” of the brain to observe habituation as it develops in response to security warnings. Our results show a dramatic drop in the visual processing centers of the brain after only the second exposure to a warning, with further decreases with subsequent exposures. To combat the problem of habituation, we designed a polymorphic warning that changes its appearance. We show in two separate experiments using fMRI and mouse cursor tracking that our polymorphic warning is substantially more resistant to habituation than conventional warnings. Together, our neurophysiological findings illustrate the considerable influence of human biology on users’ habituation to security warnings.

Webpage.

EDITED TO ADD (3/21): News article.

Posted on March 18, 2015 at 6:48 AMView Comments

Survey on What Americans Fear

Interesting data:

Turning to the crime section of the Chapman Survey on American Fears, the team discovered findings that not only surprised them, but also those who work in fields pertaining to crime.

“What we found when we asked a series of questions pertaining to fears of various crimes is that a majority of Americans not only fear crimes such as, child abduction, gang violence, sexual assaults and others; but they also believe these crimes (and others) have increased over the past 20 years,” said Dr. Edward Day who led this portion of the research and analysis. “When we looked at statistical data from police and FBI records, it showed crime has actually decreased in America in the past 20 years. Criminologists often get angry responses when we try to tell people the crime rate has gone down.”

Despite evidence to the contrary, Americans do not feel like the United States is becoming a safer place. The Chapman Survey on American Fears asked how they think prevalence of several crimes today compare with 20 years ago. In all cases, the clear majority of respondents were pessimistic; and in all cases Americans believe crime has at least remained steady. Crimes specifically asked about were: child abduction, gang violence, human trafficking, mass riots, pedophilia, school shootings, serial killing and sexual assault.

EDITED TO ADD (11/13): Direct link to the data as well as the survey methodology.

Posted on October 28, 2014 at 1:03 PMView Comments

Security and Human Behavior (SHB 2014)

I’m at SHB 2014: the Seventh Annual Interdisciplinary Workshop on Security and Human Behavior. This is a small invitational gathering of people studying various aspects of the human side of security. The fifty people in the room include psychologists, computer security researchers, sociologists, behavioral economists, philosophers, political scientists, lawyers, anthropologists, business school professors, neuroscientists, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

I call this the most intellectually stimulating two days of my years. The goal is discussion amongst the group. We do that by putting everyone on panels, but only letting each person talk for 5-7 minutes The rest of the 90-minute panel is left for discussion.

The conference is organized by Alessandro Acquisti, Ross Anderson, and me. This year we’re at Cambridge University, in the UK.

The conference website contains a schedule and a list of participants, which includes links to writings by each of them. Ross Anderson is liveblogging the event. It’s also being recorded; I’ll post the link when it goes live.

Here are my posts on the first, second, third, fourth, fifth, and sixth SHB workshops. Follow those links to find summaries, papers, and audio recordings of the workshops. It’s hard to believe we’ve been doing this for seven years.

Posted on June 9, 2014 at 4:50 AMView Comments

Peter Watts on the Harms of Surveillance

Biologist Peter Watts makes some good points:

Mammals don’t respond well to surveillance. We consider it a threat. It makes us paranoid, and aggressive and vengeful.

[…]

“Natural selection favors the paranoid,” Watts said. Those who run away. In the earliest days of man on the savannah, when we roamed among the predatory, wild animals, someone realized pretty quickly that lions stalked their prey from behind the tall, untamed grass. And so anyone hoping to keep on breathing developed a healthy fear of the lions in the grass and listened for the rustling in the brush in order to avoid becoming lunch for an animal more powerful than themselves. It was instinct. If the rustling, the perceived surveillance, turns out to just be the wind? Well, no harm done.

“For a very long time, people who don’t see agency have a disproportionate tendency to get eaten,” Watts noted.

And so, we’ve developed those protective instincts. “We see faces in the clouds; we hear ghosts and monsters in the stairs at night,” Watts said. “The link between surveillance and fear is a lot deeper than the average privacy advocate is willing to admit.”

[…]

“A lot of critics say blanket surveillance treats us like criminals, but it’s deeper than that,” he said. “It makes us feel like prey. We’re seeing stalking behavior in the illogical sense,” he said.

This is interesting. People accept government surveillance out of fear: fear of the terrorists, fear of the criminals. If Watts is right, then there’s a conflict of fears. Because terrorists and criminals—kidnappers, child pornographers, drug dealers, whatever—is more evocative than the nebulous fear of being stalked, it wins.

EDITED TO ADD (5/23): His own post is better than the write-up.

EDITED TO ADD (5/24): Peter Watts has responded to this post, complaining about the misquotes in the article I quoted. He will post a transcript of his talk, so we can see what he actually said. My guess is that I will still agree with it.

He also recommended this post of his, which is well worth reading.

EDITED TO ADD (5/27): Here is the transcript.

Posted on May 23, 2014 at 6:42 AMView Comments

Retelling of Stories Increases Bias

Interesting experiment shows that the retelling of stories increases conflict and bias.

For their study, which featured 196 undergraduates, the researchers created a narrative about a dispute between two groups of young people. It described four specific points of tension, but left purposely ambiguous the issue of which party was the aggressor, and “depicted the groups as equally blameworthy.”

Half of the participants read a version of the story in which the two hostile groups were from two Maryland cities. The other half read a version in which one group was from the city of Gaithersburg, but the other was identified as “your friends.”

Participants were assigned a position between one and four. Those in the first position read the initial version of the story, and then “re-told” it in their own words by writing their version of the events. This was passed on to the person in the second position, who did the same.

The procedure was repeated until all four people had created their own versions of the story. Each new version was then examined for subtle shifts in emphasis, blame, and wording.

The results: Each “partisan communicator”—that is, each student who wrote about the incident involving his or her “friends”—”contributed small distortions that, when accumulated, produced a highly biased, inaccurate representation of the original dispute,” the researchers write.

Standard disclaimer—that American undergraduates might not be the best representatives of our species—applies. But the results are not surprising. We tend to play up the us vs. them narrative when we tell stories. The result is particularly interesting in light of the echo chamber that Internet-based politics has become.

The actual paper is behind a paywall.

EDITED TO ADD (5/14): The paper.

Posted on May 8, 2014 at 7:32 AMView Comments

Consumer Manipulation

Tim Harford talks about consumer manipulation:

Consider, first, confusion by design: Las Vegas casinos are mazes, carefully crafted to draw players to the slot machines and to keep them there. Casino designers warn against the “yellow brick road” effect of having a clear route through the casino. (One side effect: it takes paramedics a long time to find gamblers in cardiac arrest; as Ms Schüll also documents, it can be tough to get the slot-machine players to assist, or even to make room for, the medical team.)

Most mazes in our economy are metaphorical: the confusion of multi-part tariffs for mobile phones, cable television or electricity. My phone company regularly contacts me to assure me that I am on the cheapest possible plan given my patterns of usage. No doubt this claim can be justified on some narrow technicality but it seems calculated to deceive. Every time I have put it to the test it has proved false.

I recently cancelled a contract with a different provider after some gizmo broke. The company first told me the whole thing was my problem, then at the last moment offered me hundreds of pounds to stay. When your phone company starts using the playbook of an emotionally abusive spouse, this is not a market in good working order.

This is a security story: manipulation vs. manipulation defense. One of my worries about our modern market system is that the manipulators have gotten too good. We need better security—either technical defenses or legal prohibitions—against this manipulation.

EDITED TO ADD (1/23): More about how cellphone companies rip you off.

Posted on January 23, 2014 at 7:03 AMView Comments

1 2 3 4 5 6 26

Sidebar photo of Bruce Schneier by Joe MacInnis.