[abbreviated -- see web site for full CFP]


We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

innovative security or privacy functionality and design,
new applications of existing models or technology,
field studies of security or privacy technology,
usability evaluations of new or existing security or privacy features,
security testing of new or existing usability features,
longitudinal studies of deployed security or privacy features,
the impact of organizational policy or procurement decisions, and
lessons learned from the deployment and use of usable privacy and security features,
reports of replicating previously published studies and experiments, (new this year!)
reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience (new this year!).
All submissions must relate to both usability and either security or privacy. Papers on security or privacy applications that do not address usability or human factors will not be considered.

Papers need to describe the purpose and goals of the work, cite related work, show how the work effectively integrates usability and security or privacy, and clearly indicate the innovative aspects of the work or lessons learned as well as the contribution of the work to the field.

Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be up to 12 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplemental appendices containing study materials (e.g. surveys) that would not otherwise fit within the body of the paper. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of your paper, on which your work is to be evaluated. Reviewers are not required to read any appendices so your paper should be self contained without them. Accepted papers will be published online with their supplemental appendices included. Submissions must be no more than 20 pages including bibliography and appendices. For the body of your paper, brevity is appreciated, as evidenced by the fact that many papers in prior years have been well under this limit. All submissions must be in PDF format and should not be blinded.

Submit your paper electronically at http://cups.cs.cmu.edu/crp/soups/.

Technical paper submissions will close at 5 pm, US Pacific time, Friday, March 9. This is a hard deadline! Authors will be notified of technical paper acceptance by May 16, and camera-ready final versions of technical papers are due June 16.

Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series. Submitted papers must not significantly overlap papers that have been published or that are simultaneously submitted to a peer-reviewed venue or publication. Any overlap between your submitted paper and other work either under submission or previously published must be documented in a clearly-marked explanatory note at the front of the paper. State precisely how the two works differ in their goals, any use of shared experiments or data sources, and the unique contributions. If the other work is under submission elsewhere, the program committee may ask to review that work to evaluate the overlap. Please note that program committees frequently share information about papers under review and reviewers usually work on multiple conferences simultaneously. As technical reports are not peer reviewed they are exempt from this rule. You may also release pre-prints of your accepted work to the public at your discretion.

Authors are encouraged to review: Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them.

User experiments should follow the basic principles of ethical research, e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception. New this year: Authors may be asked to include explanation of how ethical principles were followed in their final papers should questions arise during the review process.

Technical Papers Committee
Heather Lipford, University of North Carolina at Charlotte (Co-Chair)
Konstantin Beznosov, University of British Columbia (Co-Chair)
Alessandro Acquisti, Carnegie Mellon University
Lujo Bauer, Carnegie Mellon University
Robert Biddle, Carleton University
L. Jean Camp, Indiana University
Sonia Chiasson, Carleton University
Lynne Coventry, Northumbria University
Alexander De Luca, University of Munich
Rachna Dhamija, Usable Security Systems
Serge Egelman, University of California, Berkeley
Simson L. Garfinkel, Naval Postgraduate School
Cormac Herley, Microsoft Research
Apu Kapadia, Indiana University
Andrew Patrick, Office of the Privacy Commissioner of Canada
Rob Reeder, Micrsosoft
Michael Reiter, University of North Carolina at Chapel Hill
Stuart Schechter, Microsoft Research
Diana Smetters, Google
Rick Wash, Michigan State University
Melanie Volkammer, Center for Advanced Security Research Darmstadt
Mary Ellen Zurko, IBM