Summit Program

While we haven't been able to quite kill the password (yet), there have been many advancements in both the type of technology that people routinely use and the penetration of that technology into new areas of the world. For example, while several years ago few users wore computers on their body, now many people have fitness bands with long life times and biometric sensors. In fact, biometrics themselves used to require non-standard hardware, but now almost every new smartphone has a fingerprint reader. While previously the Internet was limited to only first-world and second-world countries, it is now starting to heavily penetrate areas of the world which have never heard of passwords and have a different mindset around authentication altogether. Finally, in a recent trend, websites began to accept phone numbers as user identifiers instead of e-mail addresses. What does all of this mean for privacy, for security, for anonymity, and what type of research opportunities arise? Let's discuss all of this and more.

While machine learning is a powerful tool for data analysis and processing, traditional machine learning methods were not designed to operate in the presence of adversaries. They are based on statistical assumptions about the distribution of the input data, and they rely on training data derived from the input data to construct models for analyses. Adversaries may exploit these characteristics to disrupt analytics, cause analytics to fail, or engage in malicious activities that fail to be detected.

While these vulnerabilities pose a challenge to using machine learning for security applications, they may also pose opportunities to disrupt privacy invasive learning systems. We will discuss techniques, challenges, and future research directions for reverse engineering analytics, secure learning and learning-based security applications.

A new wave of Augmented Reality systems are starting to ship to developers and the public. These systems overlay computer-generated objects on a user’s senses to seamlessly blend the real and virtual worlds. Capabilities that once cost hundreds of thousands of dollars are becoming available for an order of magnitude less and the cost looks set to drop. With these new systems come new application models, new app stores, and new security challenges. Let’s talk about what we can build, what we can break, and what new techniques we need as a community to address these challenges.

Certain usable security problems—like password selection, or warning behavior—are well-studied and oft-discussed at conferences. What problems aren't we addressing as a community? Where is more research needed, and why aren't more researchers working on those problems? In this discussion, the audience will work together to brainstorm for new research topics in the area of usable security.

To kick off the discussion, I'll start by talking about the need for more research on global and underserved communities. Until recently, most research has focused on university students. I'll share previously unpublished Chrome data that illustrates how different groups of people use and experience the Internet very differently. How can we do better at capturing diverse perspectives in user research? Then, it'll be your turn to pitch questions as we open up the floor for discussion. Should we be focusing more on the Internet of Things, self-driving software, or something else altogether...?

This panel will feature one or more legal experts in privacy and national security ready to answer your questions about a range of issues relevant to information security, including constitutional, statutory, administrative, and common law. There will be no opening remarks so please bring lots of questions! Please note that the panelists will not dispense individual legal advice.