[messaging] Announcing the EFF Crypto Usability Prize (EFF CUP) Workshop, July 9

Joseph Bonneau jbonneau at gmail.com
Tue Mar 11 14:30:52 PDT 2014

Of possible interest to many on this list, the EFF is hoping to offer a
prize for the most usable end-to-end encrypted communication tool this
year. This is still in the early stage of planning but we have set aside a
one-day workshop on July 9 in Menlo Park, CA to discuss and debate the
process for awarding the prize. The workshop is attached to SOUPS, the
biggest event for academic usability researchers interested in security, so
for security-minded folks this is a great way to get in touch with UI

As a co-organizer I'd be interested to hear ideas on the best structure to
adopt for the workshop. I'd also encourage anybody interested in
participating more to submit an abstract on a talk they'd like to give at
the workshop (due date is May 15 so lots of time to think about ideas until

Full details below.



2014 EFF Crypto Usability Prize (EFF CUP) Workshop


Submission Deadline: May 15, 2014, 5pm PDT
Notification Deadline: May 30, 2014 5pm PDT
Anonymization: Papers are NOT to be anonymized
Length: 500 words
Formatting: PDF
Submission site: email to effcup at eff.org
Workshop Date: Wednesday, July 9, 2014


The Electronic Frontier Foundation is evaluating the feasibility of
offering a prize for the first secure, private end-to-end encrypted
communication tool. There is currently tremendous interest in this area,
with several dozen new projects trying to make encrypted email, instant
messaging, text messaging, VOIP and video chat a reality. It is not yet
clear which of these tools is best-suited to meet real-world usability

We believe a prize based on objective usability metrics might be an
effective way to determine which project or projects are best delivering
communication security to vulnerable user communities; to promote and
energize those tools; and to encourage interaction between developers,
interaction designers and academics interested in this space.

The EFF CUP workshop aims both to establish suitable metrics and criteria
for the prize, and to introduce developers working on open source
encryption tools (likely contestants) to the privacy and security research
community. EFF CUP will be held in conjunction with the Symposium on Usable
Privacy and Security (SOUPS) in July 2014 in Menlo Park, CA. We are seeking
talk abstracts and position papers on the following topics:

USABILITY AND SECURITY METRICS: Holding an open competition for secure
communication tools is a new undertaking and requires new thinking about
measuring security and usability tools. We are seeking position papers on
what metrics can be used to most objectively evaluate quality, including:

*Security metrics: Identifying the types of attacks that at-risk groups
(journalists, activists, lawyers) are subject to, and how we can reliably
measure the resistance which cryptographic communications tools provide.
*Indirect usability metrics: Metrics which can be evaluated analytically,
such as backwards compatibility with existing tools, integration into
existing tools, or demonstrated adoption by N million users.
*Direct usability metrics: Metrics which can be evaluated through user
studies, such as the percentage of users who can quickly start using a tool
and survive various classes of real-world attack.

CURRENT TOOL SUMMARIES: Developers of secure end-to-end communication tools
are invited to submit a short (100-500 word) abstract describing their
project. We aim to have a series of short presentations (followed by
discussion) on the state of various projects, including a description of
the project's security and usability goals, current development status,
installed user base and supported platforms, known usability challenges and
vulnerabilities, and experiences (if any) with user testing.

EXPERIENCE FROM PAST CONTESTS: Organizers or competitors from other
technology contests, particularly but not exclusively in the areas of
security and/or usability, are invited to submit a short (500 word)
abstract describing lessons from those contests. We aim to have a series of
short presentations including a brief overview of past contest's goals,
setup and rules, and outcomes. Example competitions may include
cryptographic primitive competitions (eg. AES, ESTREAM, SHA3, PHC), Darpa
contests, Capture the Flag contests, Crack Me If You Can, VoComp or the
Netflix Prize.


Lorrie Faith Cranor,
Associate Professor of Computer Science and of Engineering and Public
Policy at Carnegie Mellon University, Director of the CyLab Usable Privacy
and Security Laboratory (CUPS). Member, Electronic Frontier Foundation
Board of Directors.

Peter Eckersley,
Technology Projects Director, Electronic Frontier Foundation.

Joseph Bonneau,
Postdoctoral Fellow, Center for Information Technology Policy, Princeton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140311/85911d5e/attachment.html>

More information about the Messaging mailing list