Seminar: Improving People’s Security and Privacy Behaviors
University of Michigan School of Information
Tuesday, March 29, 2022
1100 Torgersen Hall
Experts recommend a plethora of advice for staying safe online, yet people still use weak passwords, fall for scams, or ignore software updates. Such inconsistent adoption of protective behaviors is understandable given the need to navigate other priorities and constraints in everyday life. Yet when the actions taken are insufficient to mitigate potential risks, it leaves people – especially those already marginalized – vulnerable to dire consequences from financial loss to abuse and harassment.
In this talk, I share my research on improving people’s security and privacy behaviors in three contexts: understanding consumer reactions to data breaches, designing icons that convey privacy controls, and supporting survivors of tech-enabled abuse. (1) Data breaches are affecting millions of consumers. I empirically show consumers’ low awareness of data breaches, rational justifications and biases behind inaction, and implications for improving breach notifications to better motivate action. (2) Public policy is essential in incentivizing companies to implement better data practices, but policymaking needs to be informed by evidence from research. I co-led a series of user studies that resulted in a user-tested icon for conveying the “do not sell my personal information” opt-out, now part of the California Consumer Privacy Act (CCPA). (3) Different populations face different challenges and constraints, requiring special considerations in developing and deploying interventions. Drawing on findings from focus groups, I discuss guidelines for computer security support agents to help survivors of tech-enabled abuse with care and caution. Altogether, I highlight the impact of my research on technology, public policy, and educational efforts. I end by discussing how my interdisciplinary, human-centered approach in solving security and privacy challenges applies to future work such as improving expert advice and developing trauma-informed computing systems.
Yixin Zou (she/her) is a Ph.D. Candidate at the University of Michigan School of Information. Her research interests span human-computer interaction, cybersecurity, and privacy, with an emphasis on improving people’s adoption of protective behaviors and supporting the digital safety of at-risk populations (e.g., survivors of intimate partner violence and older adults). Her research has received a Best Paper Award at the Symposium on Usable Privacy and Security (SOUPS) and two Honorable Mentions at the ACM Conference on Human Factors in Computing Systems (CHI). She has been an invited speaker at the US Federal Trade Commission's PrivacyCon, and she co-led the research effort that produced the opt-out icon in the California Consumer Privacy Act (CCPA). She has also collaborated with industry partners at NortonLifeLock and Mozilla, and her research at Mozilla has directly influenced the product development of Firefox Monitor. Before joining the University of Michigan, she received a Bachelor’s degree in Advertising from the University of Illinois at Urbana-Champaign.