July 9-11, 2014
Menlo Park, CA


Call for papers





Impact Award

Symposium On Usable Privacy and Security

In-cooperation with USENIX


[plain text]

The 2014 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. This year SOUPS will be held at Facebook in Menlo Park, CA.

See important dates below.


Paper Registration Deadline: February 28, 2014, 5 pm US Pacific time
Paper Submission Deadline: March 6, 2014, 5 pm US Pacific time
Rebuttal Deadline:April 8-12, 2014, 5 pm US Pacific time (New this year)
Anonymization: Papers MUST be anonymized (New this year)
Length: 12 pages excluding bibliography & non-essential appendices (20 pages max)
Formatting: Use SOUPS MS Word or LaTeX templates
Submission site:
More guidance: Read this CFP in detail and see the common pitfalls document

We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

  • innovative security or privacy functionality and design,
  • new applications of existing models or technology,
  • field studies of security or privacy technology,
  • usability evaluations of new or existing security or privacy features,
  • security testing of new or existing usability features,
  • longitudinal studies of deployed security or privacy features,
  • the impact of organizational policy or procurement decisions, and
  • lessons learned from the deployment and use of usable privacy and security features,
  • reports of replicating previously published studies and experiments,
  • reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience.

All submissions must relate to both usability and either security or privacy. Papers on security or privacy applications that do not address usability or human factors will not be considered.

Papers need to describe the purpose and goals of the work, cite related work, show how the work effectively integrates usability and security or privacy, and clearly indicate the innovative aspects of the work or lessons learned as well as the contribution of the work to the field.

Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be up to 12 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplemental appendices containing study materials (e.g. surveys) that would not otherwise fit within the body of the paper. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of your paper, on which your work is to be evaluated. Reviewers are not required to read any appendices so your paper should be self contained without them. Accepted papers will be published online with their supplemental appendices included. Submissions must be no more than 20 pages including bibliography and appendices. For the body of your paper, brevity is appreciated, as evidenced by the fact that many papers in prior years have been well under this limit. All submissions must be in PDF format and should not be blinded.

Submit your paper electronically at

New this year, reviewing is double blind: Author names and affiliations should not appear on the title page, and papers should avoid revealing the authors' identity in the text. Any references to own work should be made in the third person. Contact the program chairs if you have any questions. Submissions that violate these requirements may be rejected without review.

Clarification (7 April 2014): This year, authors of submitted SOUPS papers will be given a chance to see and correct factual errors in early-round reviews during the author response period, 8-12 April 2014.

Technical papers must be registered by 5pm, US Pacific time, Friday, Feb 28 and submitted by 5pm, US Pacific time, Thursday, Mar 6. This is a hard deadline! (Registering a paper in the submission system requires filling out all the fields that describe the submission, but does not require uploading a PDF of the paper.) Authors will be notified of technical paper acceptance by May 5, and camera-ready final versions of technical papers will be due May 30.

Accepted papers will be published by the USENIX Association, and will be freely available on the USENIX and SOUPS websites. Submitted papers must not significantly overlap papers that have been published or that are simultaneously submitted to a peer-reviewed venue or publication. Any overlap between your submitted paper and other work either under submission or previously published must be documented in a clearly-marked explanatory note at the front of the paper. State precisely how the two works differ in their goals, any use of shared experiments or data sources, and the unique contributions. If the other work is under submission elsewhere, the program committee may ask to review that work to evaluate the overlap. Please note that program committees frequently share information about papers under review and reviewers usually work on multiple conferences simultaneously. As technical reports are not peer reviewed they are exempt from this rule. You may also release pre-prints of your accepted work to the public at your discretion.

Authors are encouraged to review: Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them.

User experiments should follow the basic principles of ethical research, e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception. Authors are encouraged to include in their submissions explanation of how ethical principles were followed, and may be asked to provide such an explanation should questions arise during the review process.

Technical Papers Committee

Lujo Bauer, Carnegie Mellon University, USA (co-chair)
Konstantin Beznosov, University of British Columbia, Canada
Robert Biddle, Carleton University, Canada (co-chair)
Joseph Bonneau, Princeton University, USA
Sonia Chiasson, Carleton University, Canada
Sunny Consolvo, Google, USA
Alexander De Luca, University of Munich (LMU), Germany
Simson Garfinkel, Naval Postgraduate School, USA
Iulia Ion, Google, USA
Maritza Johnson, Facebook, USA
Apu Kapadia, Indiana University, USA
Wenke Lee, Georgia Tech, USA
Janne Lindqvist, Rutgers University, USA
Heather Lipford, UNC Charlotte, USA
Michael K. Reiter, UNC Chapel Hill, USA
Matthew Smith, University of Bonn, Germany
Melanie Volkamer, Technische Universität Darmstadt, Germany
Yang Wang, Syracuse University, USA
Tara Whalen, Carleton University, Canada
Mary Ellen Zurko, Cisco Systems, USA


We seek poster abstracts describing recent or ongoing research or experience in all areas of usable privacy and security. Submissions should use the SOUPS poster template [MS Word] [LaTeX] and be at most two pages including bibliography. Submissions should not be blinded. Accepted poster abstracts will be distributed to symposium participants and made available on the symposium web site. Please follow the final submission formatting instructions when preparing your poster abstract to avoid the need to revise poster abstracts after acceptance decisions are made. In addition, SOUPS will include a poster session in which authors will exhibit their posters. Note, poster abstracts should be formatted like short papers, not like posters. Authors of accepted posters will be sent information about how to prepare and format posters for the conference.

Submit your poster using the electronic submissions page.

We also welcome authors of recent papers (2013 to 2014) on usable privacy and security to present your work at the SOUPS poster session. Please submit in a PDF file: (1) the title and abstract of your conference paper, (2) full bibliographical citation, and (3) a link to the published (official) version, instead of the regular poster abstract.

Submissions will close at 5pm, US Pacific time, May 15.


A continuing feature of SOUPS is a session of 5-minute talks. These could include emerging hot topics, preliminary research results, practical problems encountered by end users or industry practitioners, a lesson learned, a research challenge that could benefit from feedback, a war story, ongoing research, a success, a failure, a future experiment, tips and tricks, a pitfall to avoid, etc. If you would like to participate in the lightning talk session, please email by May 15, with your name, affiliation, the title, and a brief abstract (up to 200 words) of your lightning talk. Confirmations of a lightning talk slot will be given by May 30. Additional proposals will be accepted after the deadline if there is still room on the program. You will need to deliver your slides for the 5-minute talk to the Interactive Sessions Chair via the same email address before July 9.

SOUPS is planning to include a demo session, in which participants will have the opportunity to interactively introduce to the full SOUPS audience their new, cool, and exciting visualization, user interface, or interaction paradigm related to security and privacy. Demo presentations will be 5 to 10 minutes in length, and should convey the main idea of the interface and one or more scenarios or use cases. To be considered for a presentation, a proposal describing the demonstration should be emailed to by May 15. Demo proposals should be no longer than two pages, and should use the formatting guidelines described above for poster abstracts. Confirmations of demo slots will be given by May 30.


SOUPS will feature four different workshops this year:

Workshop papers are due May 22.


SOUPS is seeking proposals for panels. A good panel focuses on an issue of current concern, and has a strong and clear point of contention in the topic, in the questions, and in the panelist points of view. Full proposals should contain a title, description of the topic, and suggested panelists (with pertinent biographical information). We encourage panels structured as debates rather than just a series of short talks. We are also interested in ideas for panels you would like to see on the program, even if you do not wish to be a panel organizer.

Send suggestions or proposals for panels to sessions AT cups DOT cs DOT cmu DOT edu by January 24.


We're looking for ideas for invited speakers. Please suggest a speaker you would like to hear from, or have heard recently with something provocative or visionary to say on the topic of usable security and privacy.

Send suggestions for invited speakers to sessions AT cups DOT cs DOT cmu DOT edu by January 24.


Early registration deadline - June 12
Conference - July 9-11

Technical papers
Paper registration deadline - February 28, 5 pm US Pacific time - papers must be registered!
Paper submission deadline - March 6, 5 pm US Pacific time (hard deadline!)
Rebuttal period - April 8-12, 5 pm US Pacific time
Notification of paper acceptance - May 5
Camera ready papers due - May 30 (authors must submit a
consent form)

Submission deadline - May 15, 5 pm US Pacific time
Notification of acceptance - May 30

Tutorials and workshops
Proposal submission deadline - January 24
Notification of proposal acceptance - February 14
Workshop paper submission deadline - May 22
Notification of workshop paper acceptance - May 30
Camera ready papers due - June 13

Panels and invited talks
Panel proposal submission deadline - January 24
Speaker suggestion submission deadline - January 24

Lightning talks and demos
Early submission deadline - May 15
Early submission notification - May 30
Submissions received after May 15 will be considered until the program is full