MC2 Researchers Design First Comprehensive Framework for At-Risk Users

Published July 8, 2022

news story image

Anyone’s digital safety, security or privacy can be attacked, yet researchers refer to at-risk users as those who are more likely to be attacked or suffer disproportionate harm. For example, LGBTQIA+ individuals face an elevated risk of harassment on social media, and older adults are more likely to fall for phishing scams.

A growing body of research explores at-risk users whose digital safety needs go unmet because systems are typically designed for the average user. It’s common to recommend that extra consideration be taken into account for vulnerable users during the technology creation process. However, it can be difficult to apply in practice and bewildering to consider dozens of different at-risk populations, each with separate—and sometimes contradictory—digital-safety needs.

A new paper by researchers from the Maryland Cybersecurity Center (MC2) and Google presents the first comprehensive framework that can be used to reason about at-risk users’ needs during the technology creation process.

“We hope our framework will help researchers designing new studies and technologists building new systems,” says co-author and Associate Professor of Computer Science Michelle Mazurek, director of MC2. “Understanding individual at-risk populations is crucial, but finding commonalities can help us understand how solutions scale and whether helping one group hurts another.”

The project took almost two years to complete, and was supported by $500K in funding from the Defense Advanced Research Projects Agency (DARPA) through Mazurek’s Young Faculty Award.

She says that after her team realized they had friends at Google who were studying similar questions on at-risk users, they decided to join forces.

“It was great because they have a lot of knowledge and experience that really complements our team and makes the overall group stronger,” Mazurek says.

The researchers began by systematically narrowing down 6,000 papers on the digital-safety experiences of at-risk populations to 85 for their analysis. Then, within those papers, they identified 31 populations of at-risk users and 10 contextual risk factors—such as oppression or stigmatization—which can amplify digital-safety threats and their resulting harms.

Ultimately, the team identified several protective practices that users employ to prevent, mitigate or respond to digital safety attacks, such as reducing their digital footprint or seeking help from a trusted friend or organization. They also provide a guide for technology designers to use during the creation process.

The collaborative project was led by Noel Warford, a fifth-year computer science doctoral student advised by Mazurek, and Tara Matthews at Google.

“Noel drove a lot of this work, including narrowing down the dataset, doing much of the detailed analysis, writing big chunks of the paper, and helping to keep our large team moving forward,” says Mazurek. “This was a pretty huge undertaking and I really appreciate all the hard work and leadership that went into making it a reality.”

The paper’s other UMD authors are Kaitlyn Yang, who graduated this spring with her B.A. in computer science, fifth-year computer science doctoral student Omer Akgul, and postdoctoral researcher Nathan Malkin.

SoK: A Framework for Unifying At-Risk User Research” was presented earlier this year in San Francisco at the IEEE Symposium on Security and Privacy, the premier forum for developments in computer security and electronic privacy.

—Story by Maria Herd