Evolutionary Approaches to Privacy and Information Security
ABSTRACT
The PIs propose to explore the influence that offline cues and stimuli, indicating the presence of other human beings in the physical world, and often processed unconsciously by our brains, can have over security and privacy behavior in cyberspace. The PIs’ goal is to address the question: are there evolutionary roots for privacy and information security concerns?
The proposal is predicated around an evolutionary conjecture: Human beings have evolved to detect and react to threats in their physical environment, and have developed perceptual systems selected to assess these “physical” stimuli for current, material risks. In cyberspace, the same stimuli often are absent, subdued, or intentionally manipulated by third parties. Hence, security and privacy concerns that would normally be activated in the offline world are restrained, and defense behaviors are hampered.
While it is currently impossible to test such conjecture directly, the PIs plan to address the research question by investigating the impact that external stimuli in the physical world have on security and privacy behavior in cyberspace. The proposed research consists in a stream of human subjects experiments, investigating the impact of various sets of stimuli, or cues. They include: 1) sensorial stimuli (such as auditory, visual, or olfactory cues of the physical proximity of other human beings); 2) environmental stimuli (such as inherent characteristics of the physical environment in which a subject is located); and 3) observability stimuli (such as cues that one is being surveilled) over security behavior and privacy behavior in cyberspace. Security behavior is operationalized in terms of individuals’ ability to recognize and react to cyberattacks. Privacy behavior is operationalized in terms of individuals’ propensity to disclose personal or sensitive information.
This significance of this research is two-fold. First, it attempts to advance the scientific understanding of what makes security and privacy decision making in cyberspace uniquely different from, and sometimes more difficult than, in the physical world, by introducing a novel approach to cybersecurity that takes into account the evolutionary roots of defender (and attacker) behavior in cyberspace. Second, by investigating a factor that may significantly disrupt user behavior in cyberspace, the research findings could later inspire how to construct systems that induce more secure behavior.
Submitted by Katie Dey
on
ABSTRACT
The PIs propose to explore the influence that offline cues and stimuli, indicating the presence of other human beings in the physical world, and often processed unconsciously by our brains, can have over security and privacy behavior in cyberspace. The PIs’ goal is to address the question: are there evolutionary roots for privacy and information security concerns?
The proposal is predicated around an evolutionary conjecture: Human beings have evolved to detect and react to threats in their physical environment, and have developed perceptual systems selected to assess these “physical” stimuli for current, material risks. In cyberspace, the same stimuli often are absent, subdued, or intentionally manipulated by third parties. Hence, security and privacy concerns that would normally be activated in the offline world are restrained, and defense behaviors are hampered.
While it is currently impossible to test such conjecture directly, the PIs plan to address the research question by investigating the impact that external stimuli in the physical world have on security and privacy behavior in cyberspace. The proposed research consists in a stream of human subjects experiments, investigating the impact of various sets of stimuli, or cues. They include: 1) sensorial stimuli (such as auditory, visual, or olfactory cues of the physical proximity of other human beings); 2) environmental stimuli (such as inherent characteristics of the physical environment in which a subject is located); and 3) observability stimuli (such as cues that one is being surveilled) over security behavior and privacy behavior in cyberspace. Security behavior is operationalized in terms of individuals’ ability to recognize and react to cyberattacks. Privacy behavior is operationalized in terms of individuals’ propensity to disclose personal or sensitive information.
This significance of this research is two-fold. First, it attempts to advance the scientific understanding of what makes security and privacy decision making in cyberspace uniquely different from, and sometimes more difficult than, in the physical world, by introducing a novel approach to cybersecurity that takes into account the evolutionary roots of defender (and attacker) behavior in cyberspace. Second, by investigating a factor that may significantly disrupt user behavior in cyberspace, the research findings could later inspire how to construct systems that induce more secure behavior.