July 14-16, 2010
Redmond, WA


Call for participation





Security & Privacy Usability Technology Transfer: Emerging Research (SPUTTER) Workshop

July 14, 2010, Micrsoft Commons, Montlake Room


9 - 10:30 Paper session, Chair: Diana Smetters

10:30 am Break

11 - 12:30 am Panel: There and Back Again: A Feature’s Tale

This panel will feature experts with experience in driving (or attempting to drive) usable security features into products or deployment projects. They will each tell the tale of a feature, with a lesson learned on its success or failure. Panel discussion will cover what research can do to enable technology transfer of usable security, and what product and deployment people can do to support research in usable security that can make a difference in real use.

  • Moderator: Adam Shostack, Microsoft
  • Chenxi Wang, Forrester Research
  • Matthew Glaherty, IBM
  • Jeb Haber, Microsoft
  • Tim Mckay, Kaiser Permanente [slides]

12:45 - 2 pm Lunch

2 - 3 pm Lightning Talks

If you would like to participate, please email with your name and the tentative title

3 - 3:30 pm Shout Out!

We wrap up with a summary of the tips and pitfalls raised, with audience participation


[plain text]


How do we fix the sorry state of usable security and privacy today? Simple -- it's just a matter of inventing a few clever UI techniques and protocols, running user studies to show they work, and then it's problem solved, right?

Unfortunately, no -- there's another hurdle to clear. Even the best usable security solutions need to be deployed on a massive scale if they are actually to improve life in the online ecosystem. And too often great ideas sputter out on their way to the market. Getting great ideas to the market requires effective tech transfer. That means explaining your idea to a LOT of people and convincing them not only that your solution is technically great, but also that it is worth the cost and effort of building, deploying, and maintaining. You'll have to make the case for your technology to engineers, business people, policy makers, privacy advocates, and, of course, customers. You'll have to balance the technical elegance of your solution against entrenched practices, existing policy, business considerations, and development and operational costs. Tech transfer introduces problems that many experts in industry, let alone grad students who have never been exposed to these problems, don't know how to deal with.

This workshop will provide a chance for those who have encountered, are interested in, or have solved the problems that come with usable security and privacy tech transfer to share ideas -- stories, tips & tricks, and lessons learned -- for what works and what doesn't. The workshop should be of interest to anyone in industry or public policy who wants to share tech transfer experiences or to anyone in academia who sees tech transfer in their future.

Those interested in presenting should submit a position, research, or anecdotal paper on a relevant topic. Relevant topics include, but are not limited to:

  • tech transfer war stories (successes and failures both welcome);
  • lessons learned from tech transfer attempts;
  • tips and tricks for successful tech transfer;
  • pitfalls to avoid;
  • methods for disseminating usable security and privacy research to business and government decision makers.

Authors of accepted papers will be invited to present their ideas at the workshop. Accepted workshop papers will be available on the SOUPS website, but will not be included in the ACM Digital library.


We invite authors to submit original papers in PDF format. Papers should use the SOUPS formatting template (LaTeX or MS Word). Submissions should be 2 to 6 pages in length, not counting appendices. The paper should be self-contained without requiring that readers also read the appendices. The appendices need not conform to the formatting template. Submissions should not be blinded. Email inquiries and submissions to:

(Note: There is a 10MB size limit on email attachments to this address; for larger submissions, email to make alternate arrangements.)


Workshop paper submission deadline:

May 17, 2010, 5:00 pm PST

Notification of workshop paper acceptance:

June 3, 2010

Final papers for website due:

June 12, 2010, 5:00pm PST


Mary Ellen Zurko

Rob Reeder