July 9-11, 2014
Menlo Park


Call for papers





Workshop on Insecure Interfaces: Learning from User Interfaces that lead to Circumvention of Organizational Information Security Policies


We aim to bring together researchers and practitioners from different disciplines to create, explore, evaluate, and discuss cases for weaknesses in organizational security resulting from user interface and usability considerations. From these cases, we will derive anti-patterns, anti-guidelines, and anti-heuristics to apply the "learn from mistakes" approach, which can lead to better UI design practice in the area of corporate information security.

Submission Deadline: May 22, 2014, 5pm PDT
Notification Deadline: May 30, 2014 5pm PDT
Anonymization: Papers are NOT to be anonymized
Length: 2-4 pages
Formatting: Use SOUPS MS Word or LaTeX templates
Submission site: email to
More guidance: Read this CFP in detail and see the common pitfalls document
Workshop Date: Wednesday, July 9, 2014


Employee compliance with information security policies is critical for companies. Breaches of information security caused by employees can have a range of negative consequences. Critical and sensitive information may be compromised, potentially harming customers and employees, benefitting competitors, inviting legal and regulatory challenges, and damaging the reputation of the company.

In the realm of information security policies, it is typically advocated that all business information technology be designed in a way that enables and promotes employee compliance with the employer's information security policies. User Interfaces play a critical role in communicating security policies and ensuring employee compliance.

This workshop, however, turns this design practice around. Similar to the previous workshop "A Turn for the Worse: Trustbusters for User Interfaces" at SOUPS 2013, we aim to "learn from mistakes" and will explore examples of user interfaces in enterprise systems that lead employees to circumvent security policies and undermine the company's information security. A deeper understanding of factors that underlie circumvention and non-compliance with official security guidance can then be applied to "make interfaces better".


We invite original papers in PDF format describing/providing examples in which security is undermined by interface and usability aspects, including:

  • a position, research, or anecdotal paper on use of a design that leads to circumvention of corporate security policies,
  • screenshots of design(s) leading to circumvention of official security policies, or
  • videos or audio material that demonstrate how interface design and usability aspects could weaken corporate information security.

Papers should use the SOUPS formatting template (available here for MS Word or LaTeX ). Submissions should be 2 to 4 pages in length, excluding appendices. The paper should be self-contained without requiring readers to read the appendices. The appendices need not conform to the formatting template. Submissions should not be anonymized. Supplemental material such as screenshots and videos should be made available in downloadable format. Accepted submissions will not be considered archival. Authors may choose whether to include the full paper or only the abstract on the Workshop Web site.

Inquiries can be emailed to:

Please email submissions to: (Note: There is a 10MB size limit on email attachments; for larger submissions, please provide a link to downloadable content.)


Paper submission deadline - May 22, 2014, 5pm PDT
Notification of paper acceptance - May 30, 2014 5pm PDT


Marc Busch & Christina Hochleitner
CURE - Center for Usability Research and Engineering

Manfred Tscheligi
ICT&S Center, University of Salzburg,
AIT Austrian Institute of Technology GmbH,

Sameer Patil
Helsinki Institute for Information Technology HIIT / Aalto University

Jean Camp
School of Informatics and Computing, Indiana University