Sunday, November 29, 2015

World Economic Forum IdeasLab talk on Smartphones and Healthcare

Here is a YouTube video of my talk at the World Economic Forum on Smartphones, Personal Data, and Healthcare.

Article in Quartz Magazine about Usability and Cybersecurity

I recently wrote up an article on Quartz looking at why public officials are using personal email accounts for business, looking at it from a usability and security perspective.
Why are so many politicians turning to personal email in the first place?

This trend may justifiably raise concerns about transparency and legality. But why are so many politicians turning to personal email in the first place? It could be that usability issues are driving our public officials and their subordinates to use personal accounts.

Friday, July 31, 2015

Conflict Management and Negotiation

One thing we do in our Master's of Human-Computer Interaction program is to have our students participate in workshops about conflict management. Conflict is inevitable, but how you deal with it is not.

This year, we also sent our students some web resources about negotiation strategies. These are, for the most part, very positive ways of looking at negotiation, rather than making it something purely adversarial.

Thursday, July 02, 2015

Computer Science, Internet of Things, Privacy, and Advice for Students

I wrote up an article for my old high school's alumni magazine, about my work and advice for the students. Here's the article below.


In the near future, our smart homes, smart cars, and smartphones will essentially know everything about us. In many ways, this will be a good thing, as these devices can help us in terms of healthcare, sustainability, safety, and more. At the same time, these same systems pose many new kinds of privacy challenges. What kind of data is being sensed and collected? How is it used? How can we help people feel like they are in control? How can we create a connected world that we would all want to live in?

After graduating from SCGSSM in 1993, I majored in both computer science and mathematics at Georgia Tech, and then got my PhD at University of California at Berkeley. Since 2004, I’ve been a professor at Carnegie Mellon University, one of the top schools in the world in computer science. It’s a very fun place, with brilliant people looking at how to push the boundaries of what is possible with computing.

Computer science is a bit unusual when compared to natural sciences. In fields like astronomy or biochemistry, there are hard limits dictated by atomic structures or fundamental forces like gravity. In contrast, much of computer science is bounded by perceptual and cognitive psychology. We only need 24-bit color because that’s all the human eye can see. A lot of programming languages are structured to mitigate the limited working memory of our brains. Computer science is also bounded by our imaginations. Things like wearable computers, self-driving cars, and sensor networks only came out because someone dreamt new ways of using computers.

My specific subfield of computer science is known as human-computer interaction (HCI). HCI looks at people and computers together, drawing on ideas from traditional computer science, psychology, and design. The most immediate aspect of HCI is the user interfaces we use. Everyone has experienced some really terrible interfaces and can appreciate the need for good design. But HCI also looks at really big questions too. For example, how can we build intelligent tutoring systems that can adapt to individual students? How can we design robots that people can understand and feel safe around? How can we design better interfaces to help those with physical disabilities?

My particular area of research looks at emerging smart systems, sometimes called Internet of Things, sometimes Ubiquitous Computing. These kinds of sensor-based systems will let us understand human behavior at a fidelity and scale that previously was not possible, but we can only succeed if we can legitimately address people’s privacy concerns.

My current work focuses on privacy and smartphones. Smartphone apps can collect a great deal of sensitive information about people, including location, contact lists, and microphone data. How can we easily understand what these apps are doing? To address this problem, my team developed new ways to analyze and summarize the behaviors of apps, based on the notion of expectations. For example, most people don’t expect a Blackjack game to use location data, but some surprisingly do. In contrast, everybody already knows Google Maps uses location data. Using this approach, we have graded the privacy of a million apps, which you can see at We’ve gotten press coverage from CNN, New York Times, Forbes, BBC, as well as interest from the FTC, California Department of Justice, Google, and Consumer Reports.

Now, while this article was supposed to be about STEM (Science, Technology, Engineering, Mathematics), I’d like to close by reflecting on non-STEM lessons I’ve learned along the way, which I hope can help current students and younger alums. First, raw intellect only gets you so far. Even hard work isn’t enough. While these are pre-requisites for success, you’ll also need ambition, imagination, and some luck. I lucked out in getting admitted to Berkeley for my PhD, and was suddenly surrounded by people who were the best in the world at what they did. It only dawned on me then that I might be able to do the same.

Second, don’t underestimate the social dimension of success. My two years at SCGSSM were harder than my first two years at Georgia Tech, and it only struck me years later why. At SCGSSM, there were so many smart and hard-working people that it forced me to up my game. At Georgia Tech, it wasn’t until my junior year that I found a similar group of people.

Third, it’s not about what you yourself can do, but what you can get a group of people to do. Most big things that are worth doing can’t be done by individuals. So if you want to succeed, you really need to understand how to motivate people, how to work in a team, how to manage conflict, and how to mentor people and help them grow.

Last, there’s a big world stage out there, and it’s waiting for brilliant young people to get up there. The problems we as humanity are facing today are bigger and harder than any we’ve ever faced, and we need all the help we can get. And besides, it will be fun as we help invent the future. 

Monday, March 02, 2015

Visualizations of Phishing Emails

I've been collecting all phishing emails that have come into my inbox since 2010. I thought it would be fun to create some simple visualizations, to look for interesting patterns.

Below is a wordle of 95 different Nigerian email scams. These are the scams where the sender of the email has a business proposition for you, with millions of dollars in a bank or secret fund, and they need your help getting it out. You can see several prominent words, like bank, money, contact, and fund. You can also see that these scammers are quite polite, with please being a common word too.

Surprisingly, I only got 16 reply-to phishing emails. These are the ones where the scammer asks you to fill out your account information in the email, like your account name and password. Nothing too surprising here.  

The largest set was 160 general phishing attacks, ones where the scammer tries to trick you into clicking a link or opening an attachment. You can see that these scammers are quite polite, with please being pretty prominent. Like the reply-to phishing attacks above, you can see that an email that mentions your account or wants you to click on a link is a good signal that it may be a phishing attack.  

Below is a wordle that combines all of the above emails, if you want to share with others or print out.

I also created a word tree visualization using the service on Jason Davies' site. You can see the interactive version of all of the phishing emails here. You can see the most common opening for these phishing emails, and again, scammers are quite polite.

Saturday, February 21, 2015

Notes on Running the Mobisys 2015 Program Committee

Marco Gruteser and I recently finished co-chairing the Mobisys 2015 technical program committee. Some of the TPC members said that it was the best run, least stressful program committee that they had been on, and were amazed that we were able to discuss over 60 papers.

I thought it would be good to share what tools and processes we used to keep things running smoothly, to help other program committees.
  • We allocated NNN minutes of discussion per paper (this will vary depending on PC size and #papers to discuss). Basically, take the total amount of time and divide by #papers to discuss, subtracting 1-2 minutes per paper as slack time.
  • We used the iPad app Lightning Talk to keep track of time (thanks to Jenna Date for pointing me to this app)
  • On the projector, we displayed what paper we were discussing and who the conflicts were. This helped speed up conflicts getting out of the room. Here is a shortened version of the slides. (Thanks to Morley Mao and Landon Cox for this idea)
  • Conveniently, if you print these slides 6 to a page, they are roughly post-it size. We taped each slide to a post-it, making it easier to see what the decisions were for each paper. See the picture below to see how we used these post-its (note that we blurred out information about most papers in the picture). We had 4 categories: Accept, Weak Accept, Maybe Accept, and Reject. 
  • We started the TPC by discussing the strongest papers and then the weakest papers, to help the PC with calibration of the other papers.
  • We assigned a discussion lead for each paper, typically the most positive reviewer. Each lead was asked to start with 2min summary, and then we moved on to discussion from the other reviewers.
  • We asked committee members to be decisive about making decisions within the NNN minute period. Earlier, several days before the meeting, we also asked TPC members to discuss online papers for which there was not a clear consensus. This approach helped with faster decision making. 
  • If a paper was a clear accept or reject after a few minutes, we cut off discussion to keep moving forward. This let us have more time for more papers that needed more discussion time.