July 24-26, 2013
Newcastle, UK


Call for papers





Symposium On Usable Privacy and Security


[plain text]

The 2013 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. This year SOUPS will be held at Northumbria University in Newcastle, UK.

See important dates below.


Deadline: March 8, 2013, 5 pm US Pacific time
Anonymization: Papers are NOT to be anonymized
Length: 12 pages excluding bibliography & non-essential appendices (20 pages max)
Formatting: Use SOUPS MS Word or LaTeX templates
Submission site:
More guidance: Read this CFP in detail and see the common pitfalls document

We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

  • innovative security or privacy functionality and design,
  • new applications of existing models or technology,
  • field studies of security or privacy technology,
  • usability evaluations of new or existing security or privacy features,
  • security testing of new or existing usability features,
  • longitudinal studies of deployed security or privacy features,
  • the impact of organizational policy or procurement decisions, and
  • lessons learned from the deployment and use of usable privacy and security features,
  • reports of replicating previously published studies and experiments,
  • reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience.

All submissions must relate to both usability and either security or privacy. Papers on security or privacy applications that do not address usability or human factors will not be considered.

Papers need to describe the purpose and goals of the work, cite related work, show how the work effectively integrates usability and security or privacy, and clearly indicate the innovative aspects of the work or lessons learned as well as the contribution of the work to the field.

Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be up to 12 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplemental appendices containing study materials (e.g. surveys) that would not otherwise fit within the body of the paper. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of your paper, on which your work is to be evaluated. Reviewers are not required to read any appendices so your paper should be self contained without them. Accepted papers will be published online with their supplemental appendices included. Submissions must be no more than 20 pages including bibliography and appendices. For the body of your paper, brevity is appreciated, as evidenced by the fact that many papers in prior years have been well under this limit. All submissions must be in PDF format and should not be blinded.

Submit your paper electronically at

Technical paper submissions will close at 5 pm, US Pacific time, Friday, March 8. This is a hard deadline! Authors will be notified of technical paper acceptance by May 27, and camera-ready final versions of technical papers are due June 24.

Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series. They will also be freely available on the SOUPS website. Submitted papers must not significantly overlap papers that have been published or that are simultaneously submitted to a peer-reviewed venue or publication. Any overlap between your submitted paper and other work either under submission or previously published must be documented in a clearly-marked explanatory note at the front of the paper. State precisely how the two works differ in their goals, any use of shared experiments or data sources, and the unique contributions. If the other work is under submission elsewhere, the program committee may ask to review that work to evaluate the overlap. Please note that program committees frequently share information about papers under review and reviewers usually work on multiple conferences simultaneously. As technical reports are not peer reviewed they are exempt from this rule. You may also release pre-prints of your accepted work to the public at your discretion.

Authors are encouraged to review: Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them.

User experiments should follow the basic principles of ethical research, e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception. Authors are encouraged to include in their submissions explanation of how ethical principles were followed, and may be asked to provide such an explanation should questions arise during the review process.

Technical Papers Committee

Lujo Bauer, Carnegie Mellon University, USA (Co-chair)
Konstantin Beznosov, University of British Columbia, Canada (Co-chair)
Alessandro Acquisti, Carnegie Mellon University, USA
Dirk Balfanz, Google, USA
Robert Biddle, Carleton University, Canada
Sunny Consolvo, Google, USA
Rachna Dhamija, Usable Security Systems, USA
Serge Egelman, University of California, Berkeley, USA
David Evans, University of Virginia, USA
Cormac Herley, Microsoft Research, USA
Heinrich Hussmann, Technische Universität München, Germany
Apu Kapadia, Indiana University, USA
Sebastian Möller, Technische Universität Berlin and Telekom Innovation Laboratories, Germany
Paul Van Oorschot, Carleton University, Canada
Sameer Patil, Helsinki Institute for Information Technology, Finland, and Indiana University, USA
Emilee Rader, Michigan State University, USA
Robert W. Reeder, Microsoft, USA
Michael K. Reiter, University of North Carolina at Chapel Hill, USA
Stuart Schechter, Microsoft Research, USA
David Wagner, University of California, Berkeley, USA
Rick Wash, Michigan State University, USA


We seek poster abstracts describing recent or ongoing research or experience in all areas of usable privacy and security. Submissions should use the SOUPS poster template [MS Word] [LaTeX] and be at most two pages including bibliography. Submissions should not be blinded. Accepted poster abstracts will be distributed to symposium participants and made available on the symposium web site. Please follow the final submission formatting instructions when preparing your poster abstract to avoid the need to revise poster abstracts after acceptance decisions are made. In addition, SOUPS will include a poster session in which authors will exhibit their posters. Note, poster abstracts should be formatted like short papers, not like posters. Authors of accepted posters will be sent information about how to prepare and format posters for the conference.

Submit your poster using the electronic submissions page.

We also welcome authors of recent papers (2012 to 2013) on usable privacy and security to present your work at the SOUPS poster session. Please submit in a PDF file: (1) the title and abstract of your conference paper, (2) full bibliographical citation, and (3) a link to the published (official) version, instead of the regular poster abstract.

Submissions will close at 5pm, US Pacific time, May 30.


A continuing feature of SOUPS is a session of 5-minute talks. These could include emerging hot topics, preliminary research results, practical problems encountered by end users or industry practitioners, a lesson learned, a research challenge that could benefit from feedback, a war story, ongoing research, a success, a failure, a future experiment, tips and tricks, a pitfall to avoid, etc. If you would like to participate in the lightning talk session, please email by June 14, with your name, affiliation, the title, and a brief abstract (up to 200 words) of your lightning talk. Confirmations of a lightning talk slot will be given by June 21. Additional proposals will be accepted after the deadline if there is still room on the program. You will need to deliver your slides for the 5-minute talk to the Interactive Sessions Chair via the same email address by July 9.

SOUPS is planning to include a demo session, in which participants will have the opportunity to interactively introduce to the full SOUPS audience their new, cool, and exciting visualization, user interface, or interaction paradigm related to security and privacy. Demo presentations will be 5 to 10 minutes in length, and should convey the main idea of the interface and one or more scenarios or use cases. To be considered for a presentation, a proposal describing the demonstration should be emailed to by June 14. Demo proposals should be no longer than two pages, and should use the formatting guidelines described above for poster abstracts. Confirmations of demo slots will be given by June 21.


We are soliciting proposals for a small number of in-depth sessions on usable security and privacy. These sessions could run either a half or full day, and could be lecture-oriented (tutorial) or a group-oriented session designed to widely share experience (workshop). To get a better idea, please see the following examples of previous workshop and tutorial descriptions:

Examples of Previous Workshops:

Examples of Previous Tutorials:

Proposals should include the following:

  • Title
  • Leader(s) (including pertinent biographical information)
  • Format (tutorial or workshop)
  • Description
  • Duration (half or full day)
  • Target audience
  • (Workshops only) Goals and highlights of the call for participation.

In-depth sessions will be open to all SOUPS attendees. They will generate materials that will be made available on the SOUPS website (tutorial notes, workshop presentations and a report/summary). Workshops will have their own CFP for presentations, abstracts, or short papers, which will be published by February 15.

Send in-depth session proposals to sessions AT cups DOT cs DOT cmu DOT edu by January 18.


SOUPS is seeking proposals for panels. A good panel focuses on an issue of current concern, and has a strong and clear point of contention in the topic, in the questions, and in the panelist points of view. Full proposals should contain a title, description of the topic, and suggested panelists (with pertinent biographical information). We encourage panels structured as debates rather than just a series of short talks. We are also interested in ideas for panels you would like to see on the program, even if you do not wish to be a panel organizer.

Send suggestions or proposals for panels to sessions AT cups DOT cs DOT cmu DOT edu by January 18.


We're looking for ideas for invited speakers. Please suggest a speaker you would like to hear from, or have heard recently with something provocative or visionary to say on the topic of usable security and privacy.

Send suggestions for invited speakers to sessions AT cups DOT cs DOT cmu DOT edu by January 18.


Early registration deadline - June 12
Conference - July 24-26

Technical papers
Submission deadline - March 8, 5 pm US Pacific time (hard deadline!)
Notification of paper acceptance - May 27
Camera ready papers due - June 24

Submission deadline - May 30, 5 pm US Pacific time
Notification of acceptance - June 10

Tutorials and workshops
In-depth session proposal submission deadline - January 18
Notification of in-depth session proposal acceptance - February 1
Workshop paper submission deadline - May 30
Notification of workshop paper acceptance - June 10
Camera ready papers due - June 24

Panels and invited talks
Panel proposal submission deadline - January 18
Speaker suggestion submission deadline - January 18

Lightning talks and demos
Early submission deadline - June 14
Early submission notification - June 21
Submissions received after June 14 will be considered until the program is full