05-436 / 05-836 / 08-534 / 08-734 Usable Privacy and Security

Homework 1

Print your homework out and submit it in person at the start of class (3:00pm) on Monday, January 30. Homework will not be accepted after 3:05 pm on that day.

Part 1 (40 points): Pick a tool from Wikipedia's list of encryption tools (see blue box labelled "Cryptographic software" near the bottom). Download and install (or, if applicable, simply enable) the tool you chose. Inspired by the Johnny paper, perform an expert evaluation of the tool. You should turn in four paragraphs describing:

If you believe any of those paragraphs is not applicable (e.g., the tool has no usability flaws not described in the Johnny paper), instead briefly explain why you believe it is not applicable.

Part 2 (50 points): You should work with either one or two partners (groups of 2-3 people) for this part of the assignment. If you really want to, you are permitted to work alone, but you will have more fun and probably learn more if you do this with partners. With your partners, observe people in a public place using a computerized system. For example, you might observe people using a public transit ticket machine, a parking garage pay station, a hardware store self-checkout machine, a library self-checkout machine, or an airport self-check-in kiosk. Stay long enough to observe both experienced and inexperienced users using the system.

Alternatively, recruit a few people you know and observe them using a computer or computerized device (cell phone, microwave oven, etc.) to complete a task that you specify. Try to recruit someone who has used the device before and someone who has not.

What kinds of problems did people have using the system? What aspects of the system appeared to be easy to learn? What aspects of the system appeared to be difficult to learn? What aspects of the system seemed to frustrate experienced users? Most importantly, how might the design of the system be improved?

Write up a short report on your observations and recommendations to turn in. Include an appendix with photographs or sketches of key elements of the user interface you observed. The report should be 2-4 pages, plus the appendix. Turn in one report per group listing all members' names.

Part 3 (10 points): With the same partners from Part 2, create 2-6 powerpoint slides showing photographs or illustrations of the computerized system from Part 2 in action. Choose photos that make the usability aspects of the system clear. You may duplicate photos from your Part 2 appendix. Do not print out your slides. Instead, one member of the team should email them before class to the instructor.

Part 4 (9-unit students should not do this part. 12-unit students will receive up to 45 points for this part): Write a 3-7 sentence summary and short "highlight" for one optional reading assigned for each of the following classes (3 optional readings total): January 23, 25 and 30.

Part 5 (officially 0 points, but you cannot pass this course unless you do this): Complete the online IRB training by following the instructions at http://www.cmu.edu/research-compliance/human-subject-research/training.html. Once you get to the CITI page, click "Register" under "Create an account" and enter Carnegie Mellon University as your institution. Choose the "HSR Basics for Social and Behavioral Research" course under the Human Subjects Research (HSR) section. You do not need to take the additional courses in responsible conduct of research, animal welfare, or export controls. Note that this training will take a few hours. Please print out and attach your completion certificate to the homework.