July 11-13, 2012
Washington, DC


Call for papers





Symposium On Usable Privacy and Security


[plain text] [PDF]

The 2012 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. This year SOUPS will be held in Washington, DC.

See important dates below.


Deadline: March 9, 2012, 5 pm US Pacific time
Anonymization: Papers are NOT to be anonymized
Length: 12 pages excluding bibliography & non-essential appendices (20 pages max)
Formatting: Use SOUPS MS Word or LaTeX templates
Submission site:
More guidance: Read this CFP in detail and see the common pitfalls document

We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

  • innovative security or privacy functionality and design,
  • new applications of existing models or technology,
  • field studies of security or privacy technology,
  • usability evaluations of new or existing security or privacy features,
  • security testing of new or existing usability features,
  • longitudinal studies of deployed security or privacy features,
  • the impact of organizational policy or procurement decisions, and
  • lessons learned from the deployment and use of usable privacy and security features,
  • reports of replicating previously published studies and experiments, (new this year!)
  • reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience (new this year!).

All submissions must relate to both usability and either security or privacy. Papers on security or privacy applications that do not address usability or human factors will not be considered.

Papers need to describe the purpose and goals of the work, cite related work, show how the work effectively integrates usability and security or privacy, and clearly indicate the innovative aspects of the work or lessons learned as well as the contribution of the work to the field.

Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be up to 12 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplemental appendices containing study materials (e.g. surveys) that would not otherwise fit within the body of the paper. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of your paper, on which your work is to be evaluated. Reviewers are not required to read any appendices so your paper should be self contained without them. Accepted papers will be published online with their supplemental appendices included. Submissions must be no more than 20 pages including bibliography and appendices. For the body of your paper, brevity is appreciated, as evidenced by the fact that many papers in prior years have been well under this limit. All submissions must be in PDF format and should not be blinded.

Submit your paper electronically at

Technical paper submissions will close at 5 pm, US Pacific time, Friday, March 9. This is a hard deadline! Authors will be notified of technical paper acceptance by May 16, and camera-ready final versions of technical papers are due June 16.

Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series. Submitted papers must not significantly overlap papers that have been published or that are simultaneously submitted to a peer-reviewed venue or publication. Any overlap between your submitted paper and other work either under submission or previously published must be documented in a clearly-marked explanatory note at the front of the paper. State precisely how the two works differ in their goals, any use of shared experiments or data sources, and the unique contributions. If the other work is under submission elsewhere, the program committee may ask to review that work to evaluate the overlap. Please note that program committees frequently share information about papers under review and reviewers usually work on multiple conferences simultaneously. As technical reports are not peer reviewed they are exempt from this rule. You may also release pre-prints of your accepted work to the public at your discretion.

Authors are encouraged to review: Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them.

User experiments should follow the basic principles of ethical research, e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception. New this year: Authors may be asked to include explanation of how ethical principles were followed in their final papers should questions arise during the review process.

Technical Papers Committee
Heather Lipford, University of North Carolina at Charlotte (Co-Chair)
Konstantin Beznosov, University of British Columbia (Co-Chair)
Alessandro Acquisti, Carnegie Mellon University
Lujo Bauer, Carnegie Mellon University
Robert Biddle, Carleton University
L. Jean Camp, Indiana University
Sonia Chiasson, Carleton University
Lynne Coventry, Northumbria University
Alexander De Luca, University of Munich
Rachna Dhamija, Usable Security Systems
Serge Egelman, University of California, Berkeley
Simson L. Garfinkel, Naval Postgraduate School
Cormac Herley, Microsoft Research
Apu Kapadia, Indiana University
Andrew Patrick, Office of the Privacy Commissioner of Canada
Rob Reeder, Microsoft
Michael Reiter, University of North Carolina at Chapel Hill
Stuart Schechter, Microsoft Research
Diana Smetters, Google
Rick Wash, Michigan State University
Melanie Volkammer, Center for Advanced Security Research Darmstadt
Mary Ellen Zurko, IBM


We seek poster abstracts describing recent or ongoing research or experience in all areas of usable privacy and security. Submissions should use the SOUPS poster template [MS Word] [LaTeX] and be at most two pages including bibliography. Submissions should not be blinded. Accepted poster abstracts will be distributed to symposium participants and made available on the symposium web site. Please follow the final submission formatting instructions when preparing your poster abstract to avoid the need to revise poster abstracts after acceptance decisions are made. In addition, SOUPS will include a poster session in which authors will exhibit their posters. Note, poster abstracts should be formatted like short papers, not like posters. Authors of accepted posters will be sent information about how to prepare and format posters for the conference.

Submit your poster using the electronic submissions page.

We also welcome authors of recent papers (2011 to 2012) on usable privacy and security to present your work at the SOUPS poster session. Please submit in a PDF file: (1) the title and abstract of your conference paper, (2) full bibliographical citation, and (3) a link to the published (official) version, instead of the regular poster abstract.

Submissions will close at 5pm, US Pacific time, May 23.


A continuing feature of SOUPS is a session of 5-minute talks. These could include emerging hot topics, preliminary research results, practical problems encountered by end users or industry practitioners, a lesson learned, a research challenge that could benefit from feedback, a war story, ongoing research, a success, a failure, a future experiment, tips and tricks, a pitfall to avoid, etc. If you would like to participate in the lightning talk session, please email by June 29, with your name, affiliation, the title, and a brief abstract (up to 200 words) of your lightning talk. Confirmations of a lightning talk slot will be given by July 6. You will need to deliver your slides for the 5-minute talk to the Interactive Sessions Chair via the same email address by Monday, July 9.

New this year: SOUPS is planning to include a demo session, in which participants will have the opportunity to interactively introduce to the full SOUPS audience their new, cool, and exciting visualization, user interface, or interaction paradigm related to security and privacy. Demo presentations will be 5 to 10 minutes in length, and should convey the main idea of the interface and one or more scenarios or use cases. To be considered for a presentation, a proposal describing the demonstration should be emailed to by May 23. Demo proposals should be no longer than two pages, and should use the formatting guidelines described above for poster abstracts. Confirmations of demo slots will be given by June 6.


We are soliciting proposals for a small number of in-depth sessions on usable security and privacy. These sessions could run either a half or full day, and could be lecture-oriented (tutorial) or a group-oriented session designed to widely share experience (workshop). To get a better idea, please see the following examples of previous workshop and tutorial descriptions:

Examples of Previous Workshops:

Examples of Previous Tutorials:

Proposals should include the following:

  • Title
  • Leader(s) (including pertinent biographical information)
  • Format (tutorial or workshop)
  • Description
  • Duration (half or full day)
  • Target audience
  • (Workshops only) Goals and highlights of the call for participation.

In-depth sessions will be open to all SOUPS attendees. They will generate materials that will be made available on the SOUPS website (tutorial notes, workshop presentations and a report/summary). Workshops will have their own CFP for presentations, abstracts, or short papers, which will be published by February 15.

Send in-depth session proposals to sessions AT cups DOT cs DOT cmu DOT edu by January 13.


SOUPS is seeking proposals for panels. A good panel focuses on an issue of current concern, and has a strong and clear point of contention in the topic, in the questions, and in the panelist points of view. Full proposals should contain a title, description of the topic, and suggested panelists (with pertinent biographical information). We encourage panels structured as debates rather than just a series of short talks. We are also interested in ideas for panels you would like to see on the program, even if you do not wish to be a panel organizer.

Send suggestions or proposals for panels to sessions AT cups DOT cs DOT cmu DOT edu by January 13.


We're looking for ideas for invited speakers. Please suggest a speaker you would like to hear from, or have heard recently with something provocative or visionary to say on the topic of usable security and privacy.

Send suggestions for invited speakers to sessions AT cups DOT cs DOT cmu DOT edu by January 13.


Early registration deadline - June 8
Conference - July 11-13

Technical papers
Submission deadline - March 9, 5 pm US Pacific time (hard deadline!)
Notification of paper acceptance - May 16
Camera ready papers due - June 16

Posters and demos
Submission deadline - May 23, 5 pm US Pacific time
Notification of acceptance - June 6

Tutorials and workshops
In-depth session proposal submission deadline - January 13
Notification of in-depth session proposal acceptance - January 27
Workshop paper submission deadline - May 8
Notification of workshop paper acceptance - June 6
Camera ready papers due - June 16

Panels and invited talks
Panel proposal submission deadline - January 13
Speaker suggestion submission deadline - January 13

Lightning talks
Submission deadline - June 29
Notification of acceptance - July 6


SOUPS 2012 is sponsored by Carnegie Mellon CyLab.