In-cooperation with USENIX, the Advanced Computing Systems Association
SOUPS 2016 will be co-located with the 2016 USENIX Annual Technical Conference, June 22–24, 2016.

For information about submitting posters, proposals for lightning talks and demos, workshops, tutorials, or panels, or to submit a suggestion for an invited speaker, please see the Call for Posters and Proposals.

Important Dates
Paper registration deadline: Tuesday, March 1, 2016, 5:00 p.m. PST
Paper submission deadline: Friday, March 4, 2016, 5:00 p.m. PST (hard deadline)
Rebuttal period: Friday, April 29– Tuesday, May 3, 2016, 5:00 p.m. PDT
Notification of paper acceptance: Wednesday, May 11, 2016
Camera ready papers due: Sunday, June 5 (authors must submit a consent form)

Overview
The 2016 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature:

technical papers
workshops and tutorials
a poster session
panels and invited talks
lightning talks

We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:

innovative security or privacy functionality and design
new applications of existing models or technology
field studies of security or privacy technology
usability evaluations of new or existing security or privacy features
security testing of new or existing usability features
longitudinal studies of deployed security or privacy features
studies of administrators or developers and support for security and privacy
the impact of organizational policy or procurement decisions
lessons learned from the deployment and use of usable privacy and security features
reports of replicating previously published studies and experiments
reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience

All submissions must relate to both human aspects and security or privacy. Papers on security or privacy that do not address usability or human factors will not be considered.

Papers need to describe the purpose and goals of the work, cite related work, show how the work effectively integrates usability or human factors with security or privacy, and clearly indicate the innovative aspects of the work or lessons learned as well as the contribution of the work to the field.

Submission Information
Papers must use the SOUPS formatting template (for MS Word or LaTeX, available here soon) and be up to 12 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of your paper, on which your work is to be evaluated. Reviewers are not required to read any appendices, so your paper should be self contained without them. Accepted papers will be published online with their supplementary appendices included. Submissions must be no more than 20 pages total including bibliography and appendices. For the body of your paper, brevity is appreciated, as evidenced by the fact that many papers in prior years have been well under this limit. All submissions must be in PDF format and should be blinded.

Submit your paper electronically at https://conference.pi.informatik.uni-bonn.de/SOUPS16/

Anonymization: Reviewing is double blind. No names or affiliations should appear on the title page, and papers should avoid revealing the authors' identities in the text. Any references to the authors' own work should be made in the third person. Contact the program chairs at soups16chairs@usenix.org if you have any questions.

Submissions that violate these requirements may be rejected without review.

Registering and submitting your paper: Technical papers must be registered and submitted by the deadlines listed above. These are hard deadlines! (Registering a paper in the submission system requires filling out all the fields that describe the submission but does not require uploading a PDF of the paper. Placeholder or incomplete titles and abstracts may be rejected without review.)

Rebuttals: This year, the rebuttal period will be held after the second round of reviews, so the authors will be given a chance to see and correct factual errors in all reviews. Due to time constraints, the rebuttal period is fairly short. Please ensure that you reserve enough time between Friday, April 29–Tuesday, May 3 for the rebuttal process. Late rebuttals will not be accepted.

Accepted papers will be published by the USENIX Association and will be freely available on the USENIX and SOUPS Web sites. Authors will retain copyright of their papers. Submitted papers must not significantly overlap papers that have been published or that are simultaneously submitted to a peer-reviewed venue or publication. Any overlap between your submitted paper and other work either under submission or previously published must be documented in a clearly marked explanatory note at the front of the paper. State precisely how the two works differ in their goals, any use of shared experiments or data sources, and the unique contributions. If the other work is under submission elsewhere, the program committee may ask to review that work to evaluate the overlap. Please note that program committees frequently share information about papers under review and reviewers usually work on multiple conferences simultaneously. Technical reports are exempt from this rule. If in doubt, please contact the program chairs at soups16chairs@usenix.org for advice. You may also release pre-prints of your accepted work to the public at your discretion.

Authors are encouraged to review: "Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them." Note that this paper addresses research work taking an experimental and quantitative approach with hypothesis testing and statistical inference. However, SOUPS welcomes submissions that take other approaches and recognizes that other methodological considerations will be appropriate.

User studies should follow the basic principles of ethical research, e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception. Authors are encouraged to include in their submissions an explanation of how ethical principles were followed and may be asked to provide such an explanation should questions arise during the review process.

Symposium Organizers
General Chair/Steering Committee Chair
Lorrie Cranor, Carnegie Mellon University
Steering Committee Chair Elect
Mary Ellen Zurko, Cisco
Technical Papers Co-Chairs
Sunny Consolvo, Google
Matthew Smith, University of Bonn
Technical Papers Committee
Lujo Bauer, Carnegie Mellon University
Richard Beckwith, Intel
Konstantin Beznosov, University of British Columbia
Sonia Chiasson, Carleton University
Alexander De Luca, Google
Serge Egelman, University of California, Berkeley, and International Computer Science Institute
Sascha Fahl, CISPA, Saarland University
Alain Forget, Carnegie Mellon University
Simson Garfinkel, National Institute of Standards and Technology (NIST)
Marian Harbach, International Computer Science Institute
Cormac Herley, Microsoft Research
Iulia Ion, Google
Mike Just, Heriot-Watt University
Apu Kapadia, Indiana University Bloomington
Janne Lindqvist, Rutgers University
Heather Lipford, University of North Carolina at Charlotte
Michelle Mazurek, University of Maryland, College Park
Heather Patterson, Intel Labs and NYU Information Law Institute
Emilee Rader, Michigan State University
Rob Reeder, Google
Frank Stajano, University of Cambridge
Janice Tsai, Microsoft
Emanuel von Zezschwitz, University of Munich (LMU)
Rick Wash, Michigan State University
Tara Whalen, Google
Allison Woodruff, Google
Mary Ellen Zurko, Cisco Systems
Invited Talks Chair
Yang Wang, Syracuse University
Lightning Talks and Demos Chair
Elizabeth Stobert, ETH Zürich
Panels Chair
Tim McKay, Kaiser Permanente
Posters Co-Chairs
Michelle Mazurek, University of Maryland, College Park
Florian Schaub, Carnegie Mellon University
Tutorials and Workshops Co-Chairs
Adam Aviv, US Naval Academy
Mohammad Khan, University of Connecticut
Publicity Chair
Patrick Gage Kelley, University of New Mexico
Steering Committee
Lujo Bauer, Carnegie Mellon University
Konstantin Beznosov, University of British Columbia
Robert Biddle, Carleton University
Sunny Consolvo, Google
Lorrie Cranor, Carnegie Mellon University
Simson Garfinkel, National Institute of Standards and Technology
Jason Hong, Carnegie Mellon University
Heather Richter Lipford, University of North Carolina at Charlotte
Andrew Patrick, Office of the Privacy Commissioner of Canada
Stuart Schechter, Microsoft Research
Matthew Smith, University of Bonn
Mary Ellen Zurko, Cisco Systems