SOUPS 2017 Call for Papers

In cooperation with USENIX, the Advanced Computing Systems Association, SOUPS 2017 will be co-located with the 2017 USENIX Annual Technical Conference, July 12–14, 2017.

Important Dates

All dates are at 23:59 AoE (Anywhere on Earth) time.

  • Paper registration deadline: Wednesday, March 1, 2017
  • Paper submission deadline: Tuesday, March 7, 2017 (no extensions)
  • Rebuttal period: Tuesday, May 2–Tuesday, May 9, 2017
  • Notification of paper acceptance: Tuesday, May 23, 2017
  • Camera ready papers due: Thursday, June 15, 2017

Download Call for Papers PDF

Symposium Organizers

General Chair

Mary Ellen Zurko

Technical Papers Co-Chairs

Matthew Smith, University of Bonn
Sonia Chiasson, Carleton University

Technical Papers Committee

Yasemin Acar, CISPA, Saarland University
Lujo Bauer, Carnegie Mellon University
Konstantin (Kosta) Beznosov, University of British Columbia
Joe Calandrino, Federal Trade Commission
Lynne Coventry, Northumbria University
Heather Crawford, Florida Institute of Technology
Sergej Dechand, University of Bonn, Fraunhofer FKIE
Serge Egelman, University of California, Berkeley and International Computer Science Institute
Sascha Fahl, CISPA
Alain Forget, Google
Julien Freudiger, Apple
Simson Garfinkel, National Institute of Standards and Technology and Georgetown University
Nathan Good, Good Research
Apu Kapadia, Indiana University Bloomington
Hassan Khan, University of Waterloo
Katharina Krombholz, SBA Research
Ilaria Liccardi, Massachusetts Institute of Technology
Janne Lindqvist, Rutgers University
Michelle Mazurek, University of Maryland
Heather Patterson, Intel Labs and NYU Information Law Institute
Emilee Rader, Michigan State University
Robert Reeder, Google
Jessica Staddon, North Carolina State University
Elizabeth Stobert, ETH Zurich
Mary Theofanos, National Institute of Standards and Technology (NIST)
Janice Tsai, Microsoft
Blase Ur, University of Chicago
Yang Wang, Syracuse University
Rick Wash, Michigan State University
Tara Whalen, Google
Allison Woodruff, Google
Mary Ellen Zurko


The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature:

  • Technical papers, including replication papers
  • Workshops and tutorials
  • A poster session
  • Lightning talks

We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:

Technical Papers

  • Innovative security or privacy functionality and design
  • Field studies of security or privacy technology
  • Usability evaluations of new or existing security or privacy features
  • Security testing of new or existing usability features
  • Longitudinal studies of deployed security or privacy features
  • Studies of administrators or developers and support for security and privacy
  • The impact of organizational policy or procurement decisions
  • Lessons learned from the deployment and use of usable privacy and security features

Replication Papers (emphasized in 2017)

Reports of replicating previously published studies and experiments. There are several options within this category:

  • Full replication: Same study protocol, same type of sample.
  • Variation: One design variable is changed. For instance, re-running an MTurk study with a different sample; conducting a study with a sample from different countries, etc.
  • Triangulation: Same study goal but different design. For instance, conducting a field study instead of a self-reporting survey; using a different measurement instrument to measure a variable.

Authors should clearly state why they conducted a replication study, which type of replication study they conducted, and describe the methodological differences precisely as well as comparing their new results with the results being replicated. The abstracts of replication papers should contain a sentence summarizing their contribution to the field and literature. Replication papers do not necessarily need to offer new or unexpected findings. Papers confirming previous findings are considered contributions. Please prefix the title of these papers with the word "Replication:" for the review process. Since this is a new category please feel free to contact the PC chairs with any questions.

All submissions must relate to the human aspects of security or privacy. Papers on security or privacy that do not address usability or human factors will not be considered. Likewise, papers on usability or human factors that do not address security or privacy will not be considered. The determination of a paper’s scope will be solely at the discretion of the program committee chairs.

Papers need to describe the purpose and goals of the work, cite related work, show how the work effectively integrates usability or human factors with security or privacy, and clearly indicate the innovative aspects of the work or lessons learned, as well as the contribution of the work to the field.

Papers must use the SOUPS formatting template MS Word or LaTeX and be up to 12 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of your paper, on which your work is to be evaluated. Reviewers are not required to read any appendices, so your paper should be self contained without them. Accepted papers will be published online with their supplementary appendices included. Submissions must be no more than 12 pages in length and up to 20 pages total including bibliography and appendices. For the body of your paper, brevity is appreciated, as evidenced by the fact that many papers in prior years have been well under this limit. All submissions must be in PDF format and must be blinded.

Submit your paper electronically via the Web submission form.

Anonymization: Reviewing is double blind. No names or affiliations should appear on the title page, and papers should avoid revealing the authors' identities in the text. Any references to the authors' own work should be made in the third person. Contact the program chairs at if you have any questions.

Submissions that violate these requirements may be rejected without review.

Registering and submitting your paper: Technical papers must be registered and submitted by the deadlines listed above. These are hard deadlines! (Registering a paper in the submission system requires filling out all the fields that describe the submission, but does not require uploading a PDF of the paper. Placeholder or incomplete titles and abstracts may be rejected without review.)

Rebuttals: The rebuttal period will be held after all reviews have been submitted so that the authors have a chance to correct factual errors in the reviews before final decisions are made. Due to time constraints, the rebuttal period is fairly short. Please ensure that you reserve enough time between May 2 and May 9 for the rebuttal process. Late rebuttals will not be accepted.

Accepted papers will be published by the USENIX Association, and will be freely available on the USENIX and SOUPS Web sites. Authors will retain copyright of their papers. Submitted papers must not significantly overlap papers that have been published or that are simultaneously submitted to a peer-reviewed venue or publication. Any overlap between your submitted paper and other work either under submission or previously published must be documented in explanatory and sent to the chairs. State precisely how the two works differ in their goals, any use of shared experiments or data sources, and the unique contributions. If the other work is under submission elsewhere, the program committee may ask to review that work to evaluate the overlap. Please note that program committees frequently share information about papers under review and reviewers usually work on multiple conferences simultaneously. Technical reports (e.g., arXiv reports) are exempt from this rule. If in doubt, please contact the program chairs at for advice. You may also release pre-prints of your accepted work to the public at your discretion.

Authors are encouraged to review: "Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them." Note that this paper addresses research work taking an experimental and quantitative approach, with hypothesis testing and statistical inference. However, SOUPS welcomes submissions that take other approaches, and recognizes that other methodological considerations will be appropriate.

User studies should follow the basic principles of ethical research (e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception). Authors are encouraged to include in their submissions explanation of how ethical principles were followed, and may be asked to provide such an explanation should questions arise during the review process. If your organization or institution requires formal approval, your paper may be rejected if approval was not obtained. However, such an approval does not guarantee acceptance and the program committee may reject a paper on ethical grounds.