Visible to the public SaTC: NSF-BSF: CORE: Small: Increasing Users' Cyber-Security Compliance by Reducing Present BiasConflict Detection Enabled

Project Details

Lead PI

Performance Period

Sep 01, 2018 - Aug 31, 2021


International Computer Science Institute

Award Number

Despite advances in computer security, there are still situations in which users must manually perform computer security tasks (e.g., rebooting to apply updates). Although many people recognize that these tasks are important, they still procrastinate. Procrastination is often caused by the failure to properly weigh the long-term security benefits against short-term costs and the annoyance of interrupting the primary task. Researchers in decision-making and behavioral economics have studied this phenomenon of biased weighting for decades and yielded viable techniques for overcoming it in various domains, including health, savings, and charitable giving. Through this multidisciplinary research agenda, the investigators are empirically examining how these techniques can best be applied to computer security. The initial focus of this research is an investigation of how time commitments can encourage compliance with security tasks such as upgrades.

Various techniques to increase security compliance rates have been examined but none address a root cause of the problem: present bias. Present bias is the tendency to discount future risks and gains in favor of immediate gratifications. Based on insights from the field of behavioral economics, this project involves empirical studies to examine when and under what conditions commitment nudges, amongst other persuasion techniques aimed at countering present bias, can be used to improve security behaviors. Through the research team's joint expertise in computer security, human-computer interaction, decision-making, psychology, and behavioral economics, it is performing experiments to yield actionable insights on the design of future computer security user interfaces.

Serge Egelman is Research Director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI) and also holds an appointment in the Department of Electrical Engineering and Computer Sciences (EECS) at the University of California, Berkeley. He leads the Berkeley Laboratory for Usable and Experimental Security (BLUES), which is the amalgamation of his ICSI and UCB research groups. Serge's research focuses on the intersection of privacy, computer security, and human-computer interaction, with the specific aim of better understanding how people make decisions surrounding their privacy and security, and then creating data-driven improvements to systems and interfaces. This has included human subjects research on social networking privacy, access controls, authentication mechanisms, web browser security warnings, and privacy-enhancing technologies. His work has received multiple best paper awards, including seven ACM CHI Honorable Mentions, the 2012 Symposium on Usable Privacy and Security (SOUPS) Distinguished Paper Award for his work on smartphone application permissions, as well as the 2017 SOUPS Impact Award, and the 2012 Information Systems Research Best Published Paper Award for his work on consumers' willingness to pay for online privacy. He received his PhD from Carnegie Mellon University and prior to that was an undergraduate at the University of Virginia. He has also performed research at NIST, Brown University, Microsoft Research, and Xerox PARC.