Societal Computing Thesis Proposal
- Remote Access - Zoom
- Virtual Presentation
- PETER STORY
- PhD Student
- Ph.D. Program in Societal Computing
- Institute for Software Research, Carnegie Mellon University
Design and Evaluation of Security and Privacy Nudges: From Protection Motivation Theory to Implementation Intentions
Most Americans express a desire for digital security and privacy. Americans feel a lack of control over their data, and express interest in tools to protect their personal information. However, the limited adoption of security and privacy tools appears inconsistent with these preferences. The field of behavioral economics offers explanations for this apparent discrepancy, with concepts such as information asymmetry, bounded rationality, and various cognitive and behavioral biases. Thankfully, behavioral economics also suggests a potential solution to these challenges, in the form of nudging interventions. Nudges can take many forms, but what nudges have in common is that they should help people make decisions that align with their stated preferences.
The literature on nudging is rich and varied, so it should come as no surprise that some types of nudges have never before been tested in the field of computer security and privacy: my major contribution is the introduction of implementation intention nudges to this field. Implementation intentions are contextually activated plans which help people initiate behaviors and overcome obstacles. The effectiveness of implementation intentions has been demonstrated in many other contexts, but my work is the first to test them in the context of computer security and privacy. By studying implementation intentions in this context, I offer security and privacy advocates a greater understanding of how this type of nudge can help the public protect themselves from digital threats.
I have already completed two studies relating to the adoption of security and privacy tools. In my first study, I tested nudges designed to encourage adoption of secure mobile payment systems, like Apple Pay. Specifically, I compared an intervention including both implementation intentions and protection motivation theory (PMT) to a PMT-only intervention. I found that both my nudging interventions increased real-world adoption of Apple Pay, and I found some evidence that implementation intentions offered a small improvement over PMT alone. In my second study, I surveyed people about their use of and beliefs about browsing-related privacy tools. My goal was to identify technologies which might benefit from nudging interventions, and to inform the design of such nudges. Based on this study, I identified Tor Browser as a tool with relatively low adoption, but which provides privacy protections people expressed interested in. Therefore, I propose a study of nudges to encourage the adoption of Tor Browser. In particular, I will compare nudges based on protection motivation theory, action planning implementation intentions, and coping planning implementation intentions.
Norman Sadeh (Chair)
Lorrie Faith Cranor
Florian Schaub (University of Michigan)
Zoom Participation. See announcement.