[Cryptography] Fwd: [messaging] Announcing the EFF Crypto Usability Prize (EFF CUP) Workshop, July 9

ianG iang at iang.org
Wed Apr 2 07:14:52 EDT 2014


Fantastic news!

If the t-shirt needs a logo, I'd suggest K6:

     "Finally, it is necessary, given the circumstances that command its
application, that the system be easy to use, requiring neither mental
strain nor the knowledge of a long series of rules to observe."

I find it is very nice to remind that K6 has been around since 1883.

In terms of awarding a prize, there needs to be a consensus of different
forces coming together.  There are many considerations.  I can see
these, so far.



1.  the commercial/user base success.  By this we mean hard numbers:
how many people signed up?  How many events per day
(messages/calls/...)?  How many people is each person bringing in, the
virility.

2.  Objective external metrics.  Things like average time for new user
to install on their platform, for different contexts.  Average time to
set up a new session.  Reliability of delivery.

How many clicks to find needed functions?  How many clicks to set the
thing up into full secure mode?  How long does it take average users to
turn it on to full secure?

3.  business purpose.  It is very hard to be objective about this, and
maybe this should just be a committee vote.  E.g., comparing (say)
snapchat's disappearing pictures to (say) anon uploading of strife
videos is a judgement call, only humans can make it.

How important is the traffic -- social, economic, democratic, life,
peace, etc.

Bring together successful / prominent people who most typify what it is
you are trying to make happen, and get make them a committee.

4. the security model.  this is difficult to assess from outside, and
probably needs to come last in consideration because only with the
relevance of the user base and purpose is there any (need for) security
model.  It will also need a committee voting approach, I suspect, as
although these things can be objectified, we haven't got a good theory
on that, better to stick with the judgement call of people who build and
ship these things.



So, if those are the forces, I would simply put 25% in each of those,
and award on the sum of the points.

I'd also suggest they be quite fierce and rank the contenders from 1 to
N.  It's useless to ask them to allocate a 1-5 range because most will
end up with 4.  You have to force the judges to make a call.


On 2/04/2014 02:48 am, Zooko Wilcox-OHearn wrote:
> ---------- Forwarded message ----------
> From: Joseph Bonneau <jbonneau at gmail.com>
> Date: Tue, Mar 11, 2014 at 9:30 PM
> Subject: [messaging] Announcing the EFF Crypto Usability Prize (EFF
> CUP) Workshop, July 9
> To: messaging <messaging at moderncrypto.org>
> 
> 
> Of possible interest to many on this list, the EFF is hoping to offer
> a prize for the most usable end-to-end encrypted communication tool
> this year. This is still in the early stage of planning but we have
> set aside a one-day workshop on July 9 in Menlo Park, CA to discuss
> and debate the process for awarding the prize. The workshop is
> attached to SOUPS, the biggest event for academic usability
> researchers interested in security, so for security-minded folks this
> is a great way to get in touch with UI experts.
> 
> As a co-organizer I'd be interested to hear ideas on the best
> structure to adopt for the workshop. I'd also encourage anybody
> interested in participating more to submit an abstract on a talk
> they'd like to give at the workshop (due date is May 15 so lots of
> time to think about ideas until then).
> 
> Full details below.
> 
> Cheers,
> 
> Joe
> 
> 
> ************************************************************
> 2014 EFF Crypto Usability Prize (EFF CUP) Workshop
> ************************************************************
> 
> CALL FOR PAPERS
> 
> Submission Deadline: May 15, 2014, 5pm PDT
> Notification Deadline: May 30, 2014 5pm PDT
> Anonymization: Papers are NOT to be anonymized
> Length: 500 words
> Formatting: PDF
> Submission site: email to effcup at eff.org
> Workshop Date: Wednesday, July 9, 2014
> 
> SCOPE AND FOCUS
> 
> The Electronic Frontier Foundation is evaluating the feasibility of
> offering a prize for the first secure, private end-to-end encrypted
> communication tool. There is currently tremendous interest in this
> area, with several dozen new projects trying to make encrypted email,
> instant messaging, text messaging, VOIP and video chat a reality. It
> is not yet clear which of these tools is best-suited to meet
> real-world usability challenges.
> 
> We believe a prize based on objective usability metrics might be an
> effective way to determine which project or projects are best
> delivering communication security to vulnerable user communities; to
> promote and energize those tools; and to encourage interaction between
> developers, interaction designers and academics interested in this
> space.
> 
> The EFF CUP workshop aims both to establish suitable metrics and
> criteria for the prize, and to introduce developers working on open
> source encryption tools (likely contestants) to the privacy and
> security research community. EFF CUP will be held in conjunction with
> the Symposium on Usable Privacy and Security (SOUPS) in July 2014 in
> Menlo Park, CA. We are seeking talk abstracts and position papers on
> the following topics:
> 
> USABILITY AND SECURITY METRICS: Holding an open competition for secure
> communication tools is a new undertaking and requires new thinking
> about measuring security and usability tools. We are seeking position
> papers on what metrics can be used to most objectively evaluate
> quality, including:
> 
> *Security metrics: Identifying the types of attacks that at-risk
> groups (journalists, activists, lawyers) are subject to, and how we
> can reliably measure the resistance which cryptographic communications
> tools provide.
> *Indirect usability metrics: Metrics which can be evaluated
> analytically, such as backwards compatibility with existing tools,
> integration into existing tools, or demonstrated adoption by N million
> users.
> *Direct usability metrics: Metrics which can be evaluated through user
> studies, such as the percentage of users who can quickly start using a
> tool and survive various classes of real-world attack.
> 
> CURRENT TOOL SUMMARIES: Developers of secure end-to-end communication
> tools are invited to submit a short (100-500 word) abstract describing
> their project. We aim to have a series of short presentations
> (followed by discussion) on the state of various projects, including a
> description of the project's security and usability goals, current
> development status, installed user base and supported platforms, known
> usability challenges and vulnerabilities, and experiences (if any)
> with user testing.
> 
> EXPERIENCE FROM PAST CONTESTS: Organizers or competitors from other
> technology contests, particularly but not exclusively in the areas of
> security and/or usability, are invited to submit a short (500 word)
> abstract describing lessons from those contests. We aim to have a
> series of short presentations including a brief overview of past
> contest's goals, setup and rules, and outcomes. Example competitions
> may include cryptographic primitive competitions (eg. AES, ESTREAM,
> SHA3, PHC), Darpa contests, Capture the Flag contests, Crack Me If You
> Can, VoComp or the Netflix Prize.
> 
> ORGANIZERS
> 
> Lorrie Faith Cranor,
> Associate Professor of Computer Science and of Engineering and Public
> Policy at Carnegie Mellon University, Director of the CyLab Usable
> Privacy and Security Laboratory (CUPS). Member, Electronic Frontier
> Foundation Board of Directors.
> 
> Peter Eckersley,
> Technology Projects Director, Electronic Frontier Foundation.
> 
> Joseph Bonneau,
> Postdoctoral Fellow, Center for Information Technology Policy,
> Princeton University
> 
> 
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
> 
> 
> 



More information about the cryptography mailing list