What's the Problem: Searching for Insecurity

Monday, July 22, 2019, 11:00 am - 12:00 pm PDTiCal
1135 11th floor large conference room
This event is open to the public.
L Jean Camp University of Indiana

The solution to the lack of adoption of security (and the corresponding privacy paradox) depends upon research thread one follows. For a classic economist, privacy is a lack of information. Given that market efficiency is contingent on more information, individuals are rationally unconcerned; the value from information sharing outweighs the costs of privacy loss.  Security is a rational choice of selecting uncertain loss over certain expense. Thus, the solution is to ensure that the full value of the information being transacted is realized by the individual who controls it. From a behavioral perspective, the problem is perceived risk vs. perceived benefit of information sharing. Risk perceptions can then be informed by appropriate risk communication. A final explanation is that current security and privacy enhancing technologies (PETs) are not usable. The solution then is to design technology that is usable and aligns with user's needs, e.g. users must be provided risk mitigating options and not just informed of the risk. 

Is it that people don't care? Or people don't know? Is it a question of usability? Or is it a combination of all three? Individuals may rationally choose not to invest in security to benefit others, may underestimate their own risks, and may simultaneously find solutions to be unusable. In this presentation I examine these explanations and their relative merits, concluding that the emerging threat landscape of IoT and cyberphysical systems requires a comprehensive solution that addresses all three.  


Jean Camp is a Professor at the School of Informatics and Computing at Indiana University. She joined Indiana after eight years at Harvard’s Kennedy School where her courses were also listed in Harvard Law, Harvard Business, and the Engineering Systems Division of MIT.  She spent the year after earning her doctorate from Carnegie Mellon as a Senior Member of the Technical Staff at Sandia National Laboratories. She began her career as an engineer at Catawba Nuclear Station and with a MSEE at University of North Carolina at Charlotte.  Her research focuses on the intersection of human and technical trust, levering economic models and human-centered design to create safe, secure systems. She has authored more than two hundred publications. She has peer-reviewed publications on security and privacy at every layer of the OSI model.  She has alumni in the private, public, and nonprofit sectors. She is a Fellow of the Institute of Electrical and Electronic Engineers, as well as a Fellow of the American Association for the Advancement of Science. 

« Return to Upcoming Events