Serge Egelman, a researcher in the EECS Department at UC Berkeley, will also be working at ICSI on his new NSF-funded project, "Designing Individualized Privacy and Security Systems." The goal is, as the name implies, to design security and privacy systems that respond to individual users' preferences, taking advantage of cognitive psychology data gathered through crowd-sourcing.

Serge has always been interested in human factors in computer security. After receiving his undergraduate degree from the University of Virginia, he went on to Carnegie Mellon University, where his doctoral research focused on user-friendly security warnings and privacy policies at Carnegie Mellon University. He found that users see security warnings when visiting so many benign Web sites that they often ignore them when the security warning is pointing out a real danger - a phishing website, for example. He helped design warnings that looked different for different levels of danger, running experiments to see how people reacted to different designs. He also built a search engine that annotated search results with information from each Web site's privacy policy. In a series of studies, he monitored how people behaved when using the engine and found that the presence of privacy information influenced behavior; when visiting shopping websites, some participants were willing to spend more money out of pocket to visit a Web site with stronger privacy protections.

After receiving his PhD in 2009, he spent a year at Brown University working with access controls on social networking, particularly Facebook, and another year at the National Institute of Standards and Technology. Two years ago, he joined Berkeley EECS, where he has worked on permission systems for mobile devices and ways to ensure users of mobile apps know how the apps use personal information.

His new project at ICSI, his first here, focuses on whether certain personality traits correlate with privacy preferences or security behaviors or both. He will work with cognitive psychologist Eyal Pe'er, who will soon join the faculty at Bar-Ilan University, Israel, to conduct experiments on both laboratory and online participants. Serge says that the work builds on and goes beyond previous work to personalize and customize computer security and privacy. "Over the last ten years, we've improved system security by leaps and bounds through the realization that many problems come from failures to understand human factors," he said. "However, current research has focused on designing systems for the average user, and therefore results in satisfying no one because no individual perfectly fits this persona.  I believe that by individualizing systems, we can move closer toward optimal solutions."

Serge has already begun gathering responses to surveys posted on Amazon's Mechanical Turk crowd-sourcing platform. Workers complete a series of tests, including a personality test, surveys on privacy preferences, and tests that measure willingness to disclose personal information. To control for these last two tests, workers also answer a series of questions to reveal their social desirability bias, which is the tendency for people to answer questions in a way that makes them look good to others. In this part of the survey, workers must say whether they have engaged in behaviors that are either common but undesirable or rare but desirable.

These surveys will help the researchers correlate certain personality traits, such as introvert and extrovert, with both stated privacy preferences and observed privacy behaviors. The ultimate goal is a system that infers a user's preferences from the way she interacts with machines - for example, by how clean her desktop is or how much she posts on Facebook. This could help guide both default privacy settings and the design of certain security mitigations on an individual basis.

Serge is an avid scuba diver and frequently visits Monterey (for lack of nearby warmer waters). He also brews beer (his favorite is a strong IPA) and cures salami.