2014 EFF Crypto Usability Prize (EFF CUP) Workshop

SCOPE AND FOCUS

The Electronic Frontier Foundation is evaluating the feasibility of offering a prize for the first secure, private end-to-end encrypted communication tool. There is currently tremendous interest in this area, with several dozen new projects trying to make encrypted email, instant messaging, text messaging, VOIP and video chat a reality. It is not yet clear which of these tools is best-suited to meet real-world usability challenges.

We believe a prize based on objective usability metrics might be an effective way to determine which project or projects are best delivering communication security to vulnerable user communities; to promote and energize those tools; and to encourage interaction between developers, interaction designers and academics interested in this space.

The EFF CUP workshop aims both to establish suitable metrics and criteria for the prize, and to introduce developers working on open source encryption tools (likely contestants) to the privacy and security research community. EFF CUP will be held in conjunction with the Symposium on Usable Privacy and Security (SOUPS) in July 2014 in Menlo Park, CA. We are seeking talk abstracts and position papers on the following topics:

USABILITY AND SECURITY METRICS: Holding an open competition for secure communication tools is a new undertaking and requires new thinking about measuring security and usability tools. We are seeking position papers on what metrics can be used to most objectively evaluate quality, including:

• Security metrics: Identifying the types of attacks that at-risk groups (journalists, activists, lawyers) are subject to, and how we can reliably measure the resistance which cryptographic communications tools provide.
• Indirect usability metrics: Metrics which can be evaluated analytically, such as backwards compatibility with existing tools, integration into existing tools, or demonstrated adoption by N million users.
• Direct usability metrics: Metrics which can be evaluated through user studies, such as the percentage of users who can quickly start using a tool and survive various classes of real-world attack.

CURRENT TOOL SUMMARIES: Developers of secure end-to-end communication tools are invited to submit a short (100-500 word) abstract describing their project. We aim to have a series of short presentations (followed by discussion) on the state of various projects, including a description of the project's security and usability goals, current development status, installed user base and supported platforms, known usability challenges and vulnerabilities, and experiences (if any) with user testing.

EXPERIENCE FROM PAST CONTESTS: Organizers or competitors from other technology contests, particularly but not exclusively in the areas of security and/or usability, are invited to submit a short (500 word) abstract describing lessons from those contests. We aim to have a series of short presentations including a brief overview of past contest's goals, setup and rules, and outcomes. Example competitions may include cryptographic primitive competitions (eg. AES, ESTREAM, SHA3, PHC), Darpa contests, Capture the Flag contests, Crack Me If You Can, VoComp or the Netflix Prize.

SUBMISSIONS

Submissions should be made in PDF format, with the topic clearly indicated, to effcup@eff.org

IMPORTANT DATES

Paper submission deadline - May 22, 2014, 5pm PDT
Notification of paper acceptance - May 30, 2014 5pm PDT

ORGANIZERS

Lorrie Faith Cranor,
Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, Director of the CyLab Usable Privacy and Security Laboratory (CUPS). Member, Electronic Frontier Foundation Board of Directors.

Peter Eckersley,
Technology Projects Director, Electronic Frontier Foundation.

Joseph Bonneau,
Postdoctoral Fellow, Center for Information Technology Policy, Princeton University

PROGRAM