Davos Trip Report

I attended the World Economics Forum in Davos, Switzerland with a group of faculty from Carnegie Mellon. We were there to be the entertainment — we had earned our (otherwise very expensive) Davos badge by agreeing to present a panel session. I brought my camera (Fujifilm X-T1 with 18 mm lens) and took lots of photos. Here is a selection of photos and some thoughts on the whole Davos experience.

We arrived in Zurich and took the bus (provided by WEF) to Davos. It was about a 2.5 hour drive and the scenery got progressively snowier and more beautiful as we went along. We started meeting our fellow attendees on the bus, including McGill University principal, Suzanne Fortier, who was staying at our hotel, and later invited us to Montreal after return flights to the US were being cancelled.

landing in Zurich, hardly any snow at the airport World Economic Forum Davos bus arriving at the registration center in Davos

We stayed at Club Hotel, a comfortable ski hotel (at high-end luxury hotel prices) at the far end of Davos from the Congress Center. This was the hotel that many of the academic speakers had been assigned to stay at. Across the street was a building with a big sign that said “Bernina.” As an owner of a Bernina sewing machine, I got very excited when I saw it, but it was just an apartment building… no sign of sewing machines. There was a shuttle stop on the corner across from the hotel, and shuttles came by frequently. However, at least once each day I did the 20-minute walk between the Congress Center and the hotel. Most of the daytime events were in and around the Congress Center, but some were in surrounding buildings, and most of the evening events were at hotels around the city.

Club Hotel Davos at Night, WEF 2016DSCF5451Walk the talk sign at WEF 2016

The walk between the hotel and Congress Center took us past the storefronts and fancy hotels on the Promenade. Many companies (and even UC Berkeley) had rented out store fronts for the week. Some had been turned into Cafes where participants could stop in for a free lunch. Facebook had setup a house with a mini-museum that explained that it takes more energy to make a latte than it does to power one person’s Facebook usage for a year. There were police and security guards everywhere, but none seemed to be able to give directions. The best way to navigate was with Google maps, or looking for signposts along the way indicating the direction and walking distance between conference venues.

The Promenade at night, WEF 2016Berkeley storefront on Promenade, WEF 2016Facebook house at night, WEF 2016Facebook house, WEF 2016Signpost outside of the Loft, WEF 2016

The weather was fairly pleasant, all considering. The temperature stayed around the high twenties with no wind. It snowed about every other day. My tall, waterproof leather boots (ECCO Babett 45 GTX) were perfect for the snowy weather, and I could wear them inside all day and was able to avoid carrying shoes around to change into. I was glad I brought a long down coat. With insulated tights, I was able to wear dresses comfortably all week without freezing when I went outside. Inside most buildings it was quite warm. We quickly got used to the process of arriving at a building (on foot or by shuttle); having our badges inspected by armed (but very friendly) guards; loading our bags, laptops, and coats onto the conveyor belt for screening; walking through the metal detector; collecting our bags; sometimes heading outside and then back into another building; scanning our badges; checking our coats (or holding on to them to save time); and finally getting to our destination.

Congress Centre - transportation hub, WEF 2016Lorrie with boots and long coat at transportation hub, WEF 2016Davos WEF middle entryMiddle Entry, WEF 2016Inflated Tunnel into Congress Center Middle Entry, WEF 2016Middle Entry cloak room, WEF 2016Congress Centre with fresh snow, WEF 2016Lorrie at Congress Centre main entrance, WEF 2016

On the first evening I attended the opening ceremony with awards presentations and a concert by Yo-yo Ma and a multi-cultural ensemble. Will.I.Am talked about education and Leonardo DiCaprio discussed global climate change While not exactly an expert in climate change, DiCaprio has apparently contributed a lot of money to the cause, and encouraged others to do likewise. I was surprised to see DiCaprio read his remarks, rarely looking up at the audience (the photo here is the only one I took where he is looking at the audience). Yo-Yo Ma’s performance was amazing, and worth sitting through the speeches to hear.

Hilde Schwab presents Crystal Award to Will.I.Am at WEF 2016 Hilde Schwab presents Crystal Award to Leonardo DiCaprio at WEF 2016 Yo-yo Ma and ensemble performing at WEF 2016 opening session

Following the opening session I found the shuttle to the InterContinental Hotel for the expert reception. Having just arrived, I was still wearing jeans and suddenly felt under dressed. I did not wear jeans again until I left for the airport to go home. Besides learning about Davos fashion, the expert reception was also a good introduction to eating at Davos, where sit down meals are few and far between for those of us not on the VIP lists. Coffee and alcoholic beverages were plentiful, but food required some foraging. We all got very good at spotting and making a bee line for waiters passing tasty, but small, snacks in the Congress Center or at whatever receptions we were attending.

I joined my colleagues, who were talking to John Green, author of The Fault in Our Stars, and his wife. When I arrived they were having an entertaining conversation about educational videos and it took a while for me to catch on and figure out who he was. John posted a brief video about his Davos experience after he got home.

I spent much of the next day practicing for and being nervous about my own talk. Three colleagues and I had been invited to Davos to do an “Ideas Lab” session, which uses the fun-to-watch but awful to prepare for Pecha Kucha format. We each had five minutes to give a talk with 15 slides (all images, no words), which advanced automatically every 20 seconds. We wrote out scripts weeks in advance and spent hours memorizing the scripts and checking the timing. I give talks and teach classes all the time, so public speaking comes pretty easily to me, but I don’t think I have memorized anything word-for-word since high school. Even the TEDx talk on passwords I gave a couple of years ago was easier to prepare. For my Davos, I made notecards, recorded myself reading my script and listened to myself over and over again, and practiced my talk repeatedly on the plane. The group of us did three rehearsals together before finally doing our session at Davos on Thursday, and again on Saturday. Our session was the Promise and Perils of the Connected Sensors. Two of my colleagues presented upbeat promise talks, one introduced security perils, and I finished out the panel with privacy perils. The talks were recorded and available here. (As you may notice in the video, I had two wireless mics attached to my sleeveless dress. The AV crew was used to putting mics on guys wearing suits, and wasn’t really sure how to attach the mics to me. They didn’t have surgical tape to tape the transmitter to my back so you’ll see one of the transmitters attached to the back of my dress with an antenna sticking up. The other one is in my boot with the wire running up my leg and under my dress.) There was also a scribe who made cool drawings while we talked.

The Ideas Lab session went very well, and we received a lot of positive feedback from attendees. Attendees at our session included a nobel laureate, a Microsoft executive, and Kofi Annan (yes, that’s him in the bottom right photo below). Connected sensors and the Internet of Things were topics that seemed to resonate with a lot of Davos people. Indeed, the toilets near the plenary hall in the Congress Center featured water sprays and dryers that could be controlled wirelessly through tablets mounted on the wall of each stall.

Amy and Lorrie at CMU ideas Lab, WEF 2016Scribe's board at CMU ideas lab, WEF 2016 CMU Ideas Lab session in the Loft, World Economic Forum, Davos 2016 CMU Ideas Lab session in the Loft, World Economic Forum, Davos 2016 CMU Ideas Lab session in the Loft, World Economic Forum, Davos 2016 DSCF5719Congress Centre toilet with remote control, WEF 2016

The CMU President, Subra Suresh, introduced our panel, and the dean of our School of Computer Science, Andrew Moore, participated in another Ideas Lab session that was moderated by NPR correspondent, Joe Palca. Some of our colleagues, including Justine Cassell, got to speak on the big stage in the plenary hall.

Andrew Moore at Nature Ideas Lab session, World Economic Forum, Davos 2016 Andrew Moore at Nature Ideas Lab session, World Economic Forum, Davos 2016Justine, Anthony, Lorrie Amy, Chris, and Andrew after CMU Ideas Lab, WEF 2016Justine Cassell on Staying Human panel at WEF 2016

I attended a lot of sessions in the plenary hall of the Congress Center. This is where most of the heads of state spoke. In four days I saw the following government leaders speak: the Presidents of Switzerland, Cyprus and Mexico; Prime Ministers of Turkey, UK, Israel, and Canada; as well as John Kerry and Joe Biden (who was interesting, but went on much too long). UK Prime Minister David Cameron was the only head of state I saw speak standing in the middle of the stage with no notes, podium, or teleprompter. Benjamin Netanyahu had the funniest comments when he talked about Israel innovation and explained that Jewish Israeli cows make more milk per cow than any other cows and “every moo is computerized.”

DSCF5268 Joe Biden speaking t WEF 2016 DSCF5346 DSCF5349 David Cameron, UK Prime Minister, WEF 2016 DSCF5412 John Kerry, WEF 2016 Enrique Peña Nieto, President of Mexico, WEF 2016

Most thrilling, perhaps, was attending an interactive lunch with Canadian Prime Minister Justin Trudeau and several members of his cabinet. You could sign-up online for interactive lunches and dinners, but many of these events were full by the time academic attendees were allowed to sign up. After seeing that the lunch session I wanted to attend was full I noticed that the Canada lunch still had room so I signed myself up. Lunch was setup at banquet tables for a total of about 60 guests. A member of the cabinet was assigned to each table. When I came into the room I spotted a table that nobody was sitting at, with the name card Trudeau, so I sat down. Prime Minister Trudeau arrived late and when he came in he shook hands with  Naheed Nenshi, the Mayor of Calgary, who was also seated at my table, and then took the microphone and began speaking. Trudeau gave his whole speech standing next to where I was sitting at the table. I snapped several good photos of him against the hotel’s butterfly wallpaper from where I was sitting 2 feet away. He finished his speech and left before I could get a selfie. (I did manage to get a selfie with Nenshi the next day when I ran into him at the Congress Center.) Nenshi was quite entertaining as he MCed the event, inviting the other cabinet members to make brief remarks and asking some pointed questions. I was quite impressed with Trudeau and the other cabinet members, who exhibited an energy and youthfulness that you usually don’t see in American politics. And they are incredibly diverse. Other than Trudeau, the cabinet members joked, they hadn’t brought with them any straight white guys.

DSCF5485 DSCF5497 Lorrie with Calgary Mayor Naheed Nenshi at WEF 2016

My favorite session all week was a panel on “Progress towards Parity” with Melinda Gates,  Sheryl Sandberg, and Justin Trudeau, along with SOHO CEO Zhang Xin and ManpowerGroup CEO Jonas Prising, When asked whether it was difficult to find enough qualified women to make his cabinet 50% women, Trudeau said the only thing difficult was choosing among all the great qualified candidates.

DSCF5550

Other highlights included hearing US Secretary of Commerce Penny Pritzker talk about Safe Harbor on a panel with Microsoft President Brad Smith and others, watching Harvard Law Professor Jonathan Zittrain moderate a panel on the digital economy, and an interactive dinner for women in science. I took some pictures during Zittrain’s session and went up to talk with him afterwards. One of his panelists, YouTube CEO Susan Wojcicki, was eager to get a photo of herself on the WEF stage, so I told her I would send her the photos I had just taken. At the dinner I chatted with Joe Palca and his wife NIH Deputy Director Kathy Hudson, along with danah boyd.

DSCF5261DSCF5426 DSCF5305

There was a lot of discussion of refugees at Davos, and I attended an interesting simulation session called “A day in the life of a refugee.” As we entered the room, women were handed headscarves and we were told that for the next half an hour we were to obey the guards. A sound track of machine gun fire played, the lights went out, and we were eventually ushered into small, crowded tents. As we lined up for bread and water, guards took our jewelry and cell phones. It was an interesting simulation, but I think some of the power of the experience was lost as I was crawling around in tents with business executives wearing expensive suits. After the simulation concluded, we heard personal stories  from people who had been refugees themselves or had worked at refugee camps. I found that to be the most compelling part of the session. As they returned our phones and jewelry. the session leader handed us postcards for feedback and asked us to list actions we could take to address the refugee problem. However, there had not been much discussion about what we could actually do.

A Day in the Life of a Refugee, WEF 2016A Day in the Life of aRefugee, WEF 2016 - refugee speaking

I was interviewed for the Swiss public radio in a studio in the local public library, which had been turned into a media house.

Reuters house takes over the Davos library + police stand, WEF 2016  Inside Reuters House (Davos Library), WEF 2016DSCF5333

There were not a lot of sessions related to my research interests. I attended an interactive session in which they talked about the growing number of people who were using ad blockers online. They broke us up into small groups, and I joined the group on “trust and user empowerment.” I was amused at this because I was giving talks on this topic as far back as 1997. When the moderator asked us what companies should do to build trust I suggested that companies should actually be trustworthy and actually empower users. This comment did not go over well with the corporate participates in my group. Later I attended a session on privacy that included a lively discussion by panelists who had  somewhat limited expertise in privacy. A number of questions came up that the panelists didn’t have good answers for. During the audience Q&A I answered some of these questions and received a more positive reception. One of the panelists remarked that I should have been on the panel. I noted that most sessions seemed to follow an unwritten rule that there could be at most one woman or one academic on any panel, so this session was already at quota.

DSCF5256

Between sessions we explored the Congress Center and the nearby Promenade. We discovered that the Microsoft Cafe served lunch. The lounges were good places for people watching, but it was sometimes difficult to find a seat. A few times I went into the plenary hall just so I could sit down and check my email. You never knew who you would run into in the Congress Center. If there were a lot of people with cameras, there was probably someone famous. Following the cameras led me to the Prime Minister of France, and IMF director Christine Lagarde.

Congress Centre with fresh snow, WEF 2016Anthony having lunch at Microsoft Lounge, WEF 2016Central Lounge, WEF 2016IMG_20160121_082519View of the Congress Centre Plenary Bar and Earth Space, WEF 2016  media scrum surrounding Manuel Valls, Prime Minister of France, WEF 2016

The most unexpected celebrity encounter was meeting Yo-Yo Ma and his wife in the hallway of the Congress Center. I was introduced to them, shook hands, and mumbled something about being a computer science professor and having enjoyed his concert. Maybe I pointed to my password dress and said something about passwords. I only regret that I didn’t tell him I co-founded a company called Wombat Security and ask him about the time he was photographed on the floor with a wombat. Yo-Yo Ma was super friendly, and seemed to actually enjoy meeting all the people who were eager to shake his hand.

Mary Suresh with Yo-yo Ma and his wife in Congress Centre, WEF 2016

No Davos experience would be complete without Bono. I didn’t get to meet him, but I did see him on stage from the third row when he appeared briefly to celebrate the 10-year anniversary of the (RED) campaign.

Bono  at 10th Anniversary of (RED) campaign, WEF 2016 Bono  at 10th Anniversary of (RED) campaign, WEF 2016

Davos is not a great place for eating or sleeping. Before we arrived we had already received dozens of invitations to evening receptions at hotels around Davos. However, once we arrived we realized that our invitations were to only a small fraction of the parties that were taking place. We were able to talk our way into some of these parties, but many had fairly tight security. There were some interesting breakfast events every day but neither I nor any of my colleagues were able to get up early enough to attend them. CMU sponsored a small party at a local chocolate shop, but big companies and even countries sponsored enormous parties with open bars, food, swag, live music, and robots serving beer. Some hotels had so many parties going on that they posted electronic directories to help people find the parties they were looking for.  Friday night I skipped most of the partying to attend the annual (and somewhat hard to get an invite to) Davos shabbat dinner. Sadly, the celebrities were no shows this year, but I did have an enjoyable evening.

Anthony watching beer robot at Infosys reception, WEF 2016 Chris at PWC party in Belvedere hotel, WEF 2016 Indonesia night, WEF 2016 DSCF5439 DSCF5434 directions to lounges at Belvedere hotel, WEF 2016 KPMG reception, WEF 2016 Shabbat dinner, WEF 2016

The last evening in Davos was a formal soiree with music, a large buffet, and lots of swiss cheese. I wore a floor-length gown and 3-inch heels because I don’t have too many excuses to dress up, and how often do you get to wear a ball gown and pose with two St. Bernards? Unfortunately, we had to leave the ball early to rebook our cancelled flights due to East Coast US snow storm.

Davos Soirée: Jazz and African Rhythms at the InterContinental, WEF 2016 Davos Soirée: Jazz and African Rhythms at the InterContinental, WEF 2016 DSCF5813 BKKL5532

So how was Davos? The event is crazy and amazing, and not like anything I have ever been to before. The closest comparison I can make is South By Southwest. Only Davos is colder and had fewer artists, musicians, hipsters, and free tee shirts. And Southby is a festival and Davos is a place where heads of state go to talk to each other and everyone seems to have an agenda. I didn’t go with an agenda, other than to make it through my talk, take it all in, and help promote Carnegie Mellon. I met some interesting people, heard some interesting talks, saw lots of celebrities, and made a few contacts that may be useful for my research or my career.

My quilt in Science magazine

IMG_6002I’m really excited that my Security Blanket quilt won honorable mention in the International Science & Engineering Visualization Challenge and is featured in an article in the February 7 issue of Science magazine. No, they don’t have a category for quilts, but that didn’t stop me from entering (and winning).

The quilt is currently on loan to Carnegie Mellon University, and is being displayed in the home of our university president. My daughters and I stopped by a couple of weeks ago to check it out.

Science also did a little profile of me in their Career Magazine.

badpasswordAnd for those of you who want to make your own security blankets, pillow, ties, curtains, or dresses, I now have a few different versions of purple “bad password” fabric available by the yard at Spoonflower.com (update: you can get ties made from this fabric too!). You can order it on wrapping paper or wall paper too. I have small and large versions of the print, with and without the naughty words. (The quilt includes all the naughty words for authenticity.)

Security Blanket, machine quilted, digitally printed cotton fabric, 63.5"x39"

Security Blanket, machine quilted, digitally printed cotton fabric, 63.5″x39″

 

Password dress

IMG_5014This is old news, but just now getting around to posting it. I made a password dress to go with the password quilt. I wore it to the opening of the Computers, Quilts & Privacy show and to give my artist’s talk.  I also wore it to a faculty meeting and disrupted the meeting.

As with the Security Blanket quilt, I generated a Wordle from the RockYou password set, and then edited it in Adobe Illustrator. I selected brighter colors for the dress and had it printed at spoonflower.com on performance knit polyester fabric (UPDATE: You can purchase similar fabric on spoon flower that I created and ties made from this fabric on Easy…. and read about lots of other passwords stuff made by me and other people) I made my own pattern by tracing a store-bought dress I own that fits me well. It is just two pieces of fabric. The only tricky part was finishing the neckline and arm holes. I bought a double needle and used it to do the hem. This was my first foray into sewing with knit fabric.

And here are some more photos from the Computers, Quilts & Privacy show at the Frame. There is also a video of my talk that I will post after it is edited.

Computers, Quilts & Privacy

Quilts from my staybatical will be on exhibit at the Frame Gallery on the Carnegie Mellon campus October 24-November 3, 2013. The Frame Gallery is at 5200 Forbes Ave., Pittsburgh, PA 15213, on the corner of Forbes and Margaret Morrison.

Artist’s talk
Friday, November 1, 12:30-1:30 pm
STUDIO for Creative Inquiry, College of Fine Arts Room 111
Lunch provided, please RSVP to studio-info@andrew.cmu.edu.

Join us for a talk by quilt artist Lorrie Faith Cranor. Lorrie is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. During the 2012-2013 academic year she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at CMU where she worked on fiber arts projects that combine her interests in privacy and security, quilting, and computers. In this talk she will discuss these interests and how she combined them during her sabbatical. For directions or more information contact Marge Myers at 412-268-3451.

Opening Reception
Friday, October 25, 2-5:30 pm

Gallery Hours
Thursdays: Oct. 24 + 31, 5-9 pm
Fridays: Oct. 25 + Nov. 1, 2-7 pm
Saturdays: Oct. 26 + Nov. 2, Noon to 5 pm
Sundays: Oct. 27 + Nov. 3, Noon to 5 pm

Exhibit flier
Exhibit poster

Security Blanket

As I’ve been thinking about quilt ideas related to security and privacy during my staybatical at the STUDIO for Creative Inquiry all year, the title for this quilt was obvious: Security Blanket. Less obvious was the design of a quilt that would fit this title. Ultimately, I took inspiration from the research on the security and usability of text passwords that I’ve been working on with my students and colleagues. While this quilt started out as an art project inspired by my research, what I learned from creating it will likely influence my future password research.

Security Blanket, machine quilted, digitally printed cotton fabric, 63.5″x39″

Our research group has collected tens of thousands of passwords created under controlled conditions as part of our research. Among other things, we have compared these passwords with the archives of stolen passwords that have been made public over the past few years. Perhaps the largest such archive consists of 32 million passwords stolen from social gaming website RockYou and made public in December 2009. These passwords are notably weak, having been created without the requirement to include digits or symbols or even avoid dictionary words. Security firm Imperva published an analysis of these passwords. More recent analyses of stolen passwords have found that passwords stolen in 2012 are pretty similar to those stolen in 2009.

The media had fun publishing the most common passwords from the RockYou breach. As with other breaches, password and 123456 figured prominently. But after you get past the obvious lazy choices, I find it fascinating to see what else people choose as passwords. These stolen passwords, personal secrets, offer glimpses into the collective consciousness of Internet users.

I asked my students to extract the 1000 most popular passwords from the RockYou data set and provide a list to me with frequency counts.  I then went through the list and sorted them into a number of thematic groups. I assigned a color to each group and entered the passwords with weights and colors into the Wordle online word cloud generator. I then saved the output as a PDF and edited it in Adobe Illustrator to rearrange them in a shape that I liked, with some pairs of words purposefully place in close proximity. I designed a border, and had the whole thing printed on one large sheet of fabric by Spoonflower. When the fabric arrived, I layered it with batting and quilted it. I bound it with matching fabric from Spoonflower that I designed.

Sorting 1000 passwords into thematic categories took a while. While a number of themes quickly emerged, many passwords could plausibly fall into multiple categories. I tried to put myself in the mindset of a RockYou user and imagine why they selected a password. Is justin the name of the user? Their significant other? Their son? Or are they a Justin Bieber fan? Is princess a nickname for their spouse or daughter? The name of their cat? Their dog? (It shows up frequently on lists of popular pet names and a recent surveyfound that the most common way of selecting a passord is using the name of a pet.) Is sexygirl self referential? What about daddysgirl? dreamergenius?

When I didn’t recognize a password I Googled it. Most of these unknown passwords turned out to be ways to express your love in different languages. For example, I learned that mahalkita means I love you in Tagalong. Love was a strong theme in any language; there seems to be something about creating a password that inspires people to declare their love.

Not surprisingly, the top 1000 passwords list includes a fair share of swear words, insults, and adult language. However, impolite passwords are much less prevalent than the more tender love-related words, appropriate for all audiences.

There are a couple dozen food-related words in the top 1000 passwords. The most popular is chocolate and most of the others are also sweets (and potentially nicknames for a significant other), but a few fruits and vegetables, and even chicken make their way to the top as well. Among fruits, banana appears in both singular and plural.

Animals are also popular. While felines appear on the password list in a number of forms and languages, monkey is by far the most popular animal, and the fourteenth most popular password. I can’t quite figure out why, and I don’t know whether or not this is related to the popularity of “banana.”

Fictional characters are also popular, especially cartoon characters. The twenty-fifth most popular password is tigger (which might also be on the list because it is a popular name for a cat). A number of super heroes and Disney princesses also make the list, as well as another cartoon cat, hellokitty. Real life celebrities also make the list, including several actors and singers. While at first I thought booboo might refer to the reality TV star Honey Boo Boo, I realized that the date of the password breach predates the launch of that TV show.

A number of passwords relate to the names of sports, sports teams, or athletes. Soccer-related passwords are particularly popular. There are several cities on the list that I’m guessing were selected as passwords because of their sports teams, especially soccer teams.

Besides the obvious lazy password password, and also PASSWORD, password1, and password2, some more clever (but nonetheless unoriginal) variations included secret and letmein. And I love that the 84th most popular password is whatever.

Some passwords puzzled me. Why would anyone select “lipgloss” as their password. Why not “lipstick” or “mascara”? Perhaps it refers to a 2007 song by Lil Mamma?  Why “moomoo”? Why “freedom”?

Even more popular than the word password were the numbers 123456, 12345, 123456789. Other numbers and keyboard patterns also appear frequently. When I laid out the 1000 passwords on the quilt, I scaled them all according to their popularity. The most popular number sequence was chosen by more than three times as many people as the next most common password and was so large that I decided to place it in the background behind the other passwords so that it wouldn’t overwhelm the composition.

I made a few mistakes when designing the quilt that I didn’t notice until I was quilting it (quilting this quilt provided an opportunity to reflect on all the passwords yet again as I stitched past them). One problem was that when I transferred the top 1000 password list to Microsoft Excel while categorizing the passwords, the spreadsheet program removed all the zeros at the beginning of passwords. As a result there are three passwords that are actually strings of zeros (5, 6, and 8 zeros) that are printed simply as 0. In addition there are three number strings that start with a 0 followed by other digits are printed without the leading 0. Another problem was that the color I selected for jesus, christian, angel, and a number of other religious words blended in with the background numbers when printed on fabric, making those words almost invisible (even though they showed up fine on my computer screen). I had carefully checked most of the colors I used against a Spoonflower color guide printed on fabric, but had inadvertently forgotten to check this particular color. I reprinted about half a dozen of these words in a darker color and sewed them onto the quilt like patches that one might add to repair a well-worn spot.

There are also some passwords that I colored according to one category, and upon further reflection I am convinced more likely were selected for a different reason and should be in a different category, but we’ll never know for sure. I invite viewers to discover the common themes represented by my color-coded categories and to speculate themselves about what users were thinking when they created these passwords. Zoom in on the thumbnail images above to see all of the smaller passwords in detail.

The colors, size, and format of this quilt were designed to be reminiscent of a baby quilt, which I imagine might become a security blanket. Like the passwords included in this piece, a security blanket offers comfort, but ultimately no real security.

Self Portrait

As part of my sabbatical project, I  have been continuing to contemplate ways to visualize privacy. My De-identificaiton quilt featured digitally-printed photos de-identified by their extreme magnification and by splicing them together with other fabric. Another approach to visual de-identification is pixelation. To pixelate an image, we superimpose a grid on the image and replace each cell with a color representing the average of all the pixels in that grid cell. Although pixelation has been shown to be highly vulnerable to automated re-identification, it is a widely used method of obscuring images to make them more difficult for humans to recognize.

I have long been intrigued by the Salvador Dali paintings, Lincoln in Dalivision (1977) and Gala Contemplating the Mediterranean Sea which at Twenty Meters Becomes the Portrait of Abraham Lincoln (Homage to Rothko) (1976), which in turn were inspired by Leon Harmon’s grey photomoasic of Abraham Lincoln (1973).

Recently, Ray J released the single “I Hit it First” with a pixelated photo on the album cover. The photo was quickly recognized as a 2010 photo of bikini-clad Kim Kardashian.

Original portrait

While working on my Big Bright Pixels quilt, people kept asking me whether there was a hidden picture or message. There wasn’t. But that did get me thinking about doing a pixel quilt with a hidden image. But what image should I pixelate? I had recently used a pixelated face in the logo I designed for the Privacy Engineering masters program, and a face seemed a natural choice given that faces are commonly pixelated to protect privacy in news photos. (Other body parts are also frequently pixelated, and I love the censorship towel, but I digress.) I settled on pixelating a face, and briefly considered using a face of a famous person before deciding to use my own face. I selected a blue-haired portrait, photographed by Chuck Cranor.

Pixelated portrait

Pixelated portrait

Pixelation can be done trivially with a computer using standard image processing software packages or by rolling your own. I started working on my pixelated quilt before I started programing in Processing, so I used Photoshop to pixelate a headshot of myself. The initial pixelation was nice, but I wanted something more colorful and also higher contrast so that the differences between colors would show up better when printed on fabric (digital printing on fabric tends to dull colors). I experimented with adjusting the contrast, brightness, and color settings in Photoshop until I came up with a brighter and more colorful pixelated image. This was the image I sent to Spoonflower for digital printing.

Pixelated portrait with high contrast and color manipulation

Pixelated portrait with high contrast and color manipulation

By the time the fabric arrived I had gotten busy with other quilts, and I was also a little disappointed in how the printed fabric looked, so I left the fabric sitting out on my table in the STUDIO for a while. I decided that the dulled digital print needed some more punch, so periodically I cut a fabric square to match a pixel in the fabric and pinned it in place. I cut some of these squares from translucent polyester organza, adding some vibrancy and shimmer to the pixels over which I layered them. I cut other squares from lace, commercial batiks, and printed fabrics that were more intense versions of the hues in the digital print. I ended up covering about 20% of the pixels with other fabric.

Back of quilt top with vertical lines sewed

Back of quilt top with vertical lines sewed

After a few months of staring at the pixels I finally decided to sew the quilt together. I used a shortcut technique to sew the quilt together without actually cutting apart the squares in the digital print. I folded the fabric along one of the vertical lines, catching the pinned squares in the fold, and stitched along the line with a quarter-inch seam allowance. I repeated this approach to sew all the vertical lines and pressed all the seam allowances to the side. Then I folded the fabric along one of the horizontal lines and repeated this process. The end result was a pieced quilt top that appeared to have been pieced out of 130 2.25″ squares (2.75″ with seam allowances). Theoretically this approach should have resulted in precisely pieced seams; however, some of the lines are actually slightly off and the rows and columns did not come out quite as square as I had hoped they would.

Pieced quilt top

Pieced quilt top

I layered the quilt top over batting and backing and used a spiral free-motion machine quilting pattern to quilt the whole thing free hand. I did the quilting in several sessions as I had time, doodling spirals until my hands got tired. I used several different thread colors to roughly match the color of the thread with the pixels I was quilting. I decided not to bind this quilt, and instead made an envelope and quilted all the way to the edge. There is a little bit of stippled hand quilting done with perl cotton surrounding my signature in the lower right corner.

So now the quilt is done and I’m pretty happy with this self portrait. Most people who have seen it do not recognize it as a self portrait, which is ok, and sort of the point. On the other hand, Golan said the blue and purple hair was a dead give away for him. I had not actually started out with the intention to make a self portrait, but ultimately I think the piece works better for me as a self portrait than any more accurate likeness would.

 

Self Portrait, machine pieced and quilted 23×30.75″

 

P3P is dead, long live P3P!

I didn’t attend the W3C’s Do Not Track and Beyond Workshop last week, but I heard reports from several attendees that instead of looking forward, participants spent a lot of time looking backwards at last decade’s W3C web privacy standard, the Platform for Privacy Preferences (P3P). P3P is a computer-readable language for privacy policies. The idea was that websites would post their privacy policies in P3P format and web browsers would download them automatically and compare them with each user’s privacy settings. In the event that a privacy policy did not match the user’s settings, the browser could alert the user, block cookies, or take other actions automatically. Unlike the proposals for Do Not Track being discussed by the W3C, P3P offers a rich vocabulary with which websites can describe their privacy practices. The machine-readable code can then be parsed automatically to display a privacy “nutrition label” or icons that summarize a site’s privacy practices.

Having personally spent a good part of seven years working on the P3P 1.0 specification, I can’t help but perk up my ears whenever I hear P3P mentioned. I still believe that P3P was, and still is, a really good idea. In hindsight, there are all sorts of technical details that should have been worked out differently, but the key ideas remain as compelling today as they were when first discussed in the mid 1990s. Indeed, with increasing frequency I have discussion with people who are trying to invent a new privacy solution that actually looks an awful lot like P3P.

Sadly, the P3P standard is all but dead and practically useless to end users. While P3P functionality has been built into the Microsoft Internet Explorer (IE) web browsers for the past decade, today thousands of websites, including some of the web’s most popular sites, post bogus P3P “compact policies” that circumvent the default P3P-based cookie-blocking system in Internet Explorer. For example, Google transmits the following compact policy, which tricks IE into believing that Google’s privacy policy is consistent with the default IE privacy setting and therefore its cookies should not be blocked.

P3P:CP="This is not a P3P policy! See 
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=15165 for more info."

Ceci n'est pas une pipeGoogle’s approach is both clever and (with apologies to Magritte) surreal. The website transmits the code that means, “I am about to send you a P3P compact policy.” And yet the content of the policy says “This is not a P3P policy!” Thus, to IE this is a P3P policy, and yet to a human reader it is not. As P3P is computer-readable code, not designed for human readers, I argue that it is a P3P policy, and a deceptive one at that. The issue got a flurry of media attention last February, and then was quickly forgotten. The United States Federal Trade Commission and any of the 50 state attorney generals (or even a privacy commissioner in one of the many countries that now has privacy commissioners to enforce privacy laws) could go after Google or one of the the thousands of other websites that have posted deceptive P3P policies. However, to date, no regulators have announced that they are investigating any website for a deceptive P3P policy. For their part, a number of companies and industry groups have said that circumventing IE’s privacy controls is an acceptable thing to do because they consider the P3P standard to be dead (even though Microsoft still makes active use of it in the latest version of their browser and W3C has not retired it).

The problem with self-regulatory privacy standards seems to be that the industry considers them entirely optional, and no regulator has yet stepped in to say otherwise. Perhaps because no regulators have challenged those who contend that circumventing P3P is acceptable, some companies have already announced that they are going to bypass the Do Not Track controls in IE because they do not like Microsoft’s approach to default settings (see also my blog post about why I think the industry’s position on ignoring DNT in IE is wrong).

Until we see enforcement actions to back up voluntary privacy standards such as P3P and  (perhaps someday) Do Not Track, users will not be able to rely on them. Incentives for adoption and mechanisms for enforcement are essential. We are unlikely to see widespread adoption of a privacy policy standard if we do not address the most significant barrier to adoption: lack of incentives. If a new protocol were built into web browsers, search engines, mobile application platforms, and other tools in a meaningful way such that there was an advantage to adopting the protocol, we would see wider adoption. However, in such a scenario, there would also be significant incentives for companies to game the system and misrepresent their policies, so enforcement would be critical. Incentives could also come in the form of regulations that require adoption or provide a safe harbor to companies that adopt the protocol. Before we go too far down the road of developing new machine-readable privacy notices (whether comprehensive website notices like P3P, icon sets, notices for mobile applications, Do Not Track, or other anything else), it is essential to make sure adequate incentives will be put in place for them to be adopted, and that adequate enforcement mechanisms exist.

I have a lot more to say about the design decision made in the development of P3P, where some of the problems are, why P3P is ultimately failing users, and why future privacy standards are also unlikely to succeed unless they are enforced. In fact I wrote a 35-page paper on this topic that will published soon in the Journal on Telecommunications and High Technology Law. Some of what I wrote above was excerpted from this paper, and I’ve also posted a preprint of the whole paper for your reading enjoyment. If you are contemplating a new privacy policy/label/icon/tool effort, please read some history first. Here is the abstract:

Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice

For several decades, “notice and choice” have been key principles of information privacy protection. Conceptions of privacy that involve the notion of individual control require a mechanism for individuals to understand where and under what conditions their personal information may flow and to exercise control over that flow.  Thus, the various sets of fair information practice principles and the privacy laws based on these principles include requirements for providing notice about data practices and allowing individuals to exercise control over those practices. Privacy policies and opt-out mechanisms have become the predominant tools of notice and choice. However, a consensus has emerged that privacy policies are poor mechanisms for communicating with individuals about privacy. With growing recognition that website privacy policies are failing consumers, numerous suggestions are emerging for technical mechanisms that would provide privacy notices in machine-readable form, allowing web browsers, mobile devices, and other tools to act on them automatically and distill them into simple icons for end users. Other proposals are focused on allowing users to signal to websites, through their web browsers, that they do not wish to be tracked. These proposals may at first seem like fresh ideas that allow us to move beyond impenetrable privacy policies as the primary mechanisms of notice and choice. However, in many ways, the conversations around these new proposals are reminiscent of those that took place in the 1990s that led to the development of the Platform for Privacy Preferences (“P3P”) standard and several privacy seal programs.

In this paper I first review the idea behind notice and choice and user empowerment as privacy protection mechanisms. Next I review lessons from the development and deployment of P3P as well as other efforts to empower users to protect their privacy. I begin with a brief introduction to P3P, and then discuss the privacy taxonomy associated with P3P. Next I discuss the notion of privacy nutrition labels and privacy icons and describe our demonstration of how P3P policies can be used to generate privacy nutrition labels automatically. I also discuss studies that examined the impact of salient privacy information on user behavior.  Next I look at the problem of P3P policy adoption and enforcement. Then I discuss problems with recent self-regulatory programs and privacy tools in the online behavioral advertising space.  Finally, I argue that while standardized notice mechanisms may be necessary to move beyond impenetrable privacy policies, to date they have failed users and they will continue to fail users unless they are accompanied by usable mechanisms for exercising meaningful choice and appropriate means of enforcement.

De-identification

When I applied for my sabbatical, I proposed to explore visualizing privacy concepts through art. It sounded like a plausible way to tie my research interests to my sabbatical plan, but I wasn’t entirely sure how I was going to do that. Well, I have now finished my second sabbatical quilt, and it is actually about privacy. And there is a long story to go with it.

When I was at SXSW last spring, I saw a Japanese startup at the trade show that was handing out 30x lenses you could stick on your smartphone. They wanted people to use the lenses to take close-up photos of their skin problems and upload them to a social network called Beautécam. I was somewhat horrified by the concept, but happily accepted a 30x lens and hurried off to another booth. When I got home I stuck the lens on my Android phone and started taking photos. Once I got the hang of using it (it has a very short focal length) I was amazed at the detailed photos it took. I took a bunch of photos of fabrics and flowers with very nice results.

Using the lens made me think a lot about privacy. Given my research area, I think a lot about privacy anyway, but this creepy skin-care lens seemed well suited for visualizing privacy concepts. I tried to understand why the intended use of this lens had such a high “yuck” factor for me. For one thing, 30x closeup photos of skin are actually not very attractive, even if your skin is flawless, which mine certainly is not. But most of us don’t get really close-up views of very many other peoples’ skin, because that usually requires being in uncomfortably close proximity to those people. We all learn to keep a certain distance away from people out of respect for their personal space. Just how far that distance is seems to vary somewhat by culture.

In order to be in focus, an object must be within about a millimeter of the end of the 30x lens. So using this lens to photograph skin requires pressing the lens against the skin. Taking pictures of flowers with the lens requires shoving the cone-shaped lens into the center of the flower, and in some cases, gently prodding the flower into the center of the lens. So, there is no way to use the lens without invading the personal space of the person or object you are photographing. Of course, flowers don’t care, but I like the metaphor.

The flower images and the privacy metaphor especially intrigued me, and I started thinking about how I might use them in a quilt. I assembled a panel of some of my favorite flower images in Photoshop and uploaded them to Spoonflower, a company that prints digital images on fabric. About a week later Spoonflower delivered a yard of Kona cotton fabric with my images printed on it. The images looked soft and lovely on the fabric, although the colors were not as intense as in the original. After I machine washed the fabric a little more intensity was lost. Clearly the images would need embellishment to regain some of the vibrancy of the originals.

After pondering the images on the fabric for a while I decided to take advantage of the lossy images and use the fabric for a study of visual de-identification. I selected nine of the images and set out to create a 12-inch block featuring each one. I went to my fabric stash and pulled out a large stack of fabrics (mostly batiks) that blended with the colors in the flower images. Each block has these ready-made commercial fabrics spliced together with my custom-printed fabric. On some of the blocks I overlaid polyester organza, a shimmery, translucent fabric. In some blocks, I retained large areas of the flower image, with small strips of fabrics spliced between. In other blocks the flower images are chopped into small pieces and interspersed among the commercial fabrics. I put each block together improvisationally, as a mini-quilt unto itself.

I assembled nine blocks and then sewed the blocks together into a very colorful 3×3 square. I pondered what color to use to bind the quilt, and eventually decided it would look better without binding. So I decided to try the envelope method of binding in which the front and back of the quilt are layered facing each other (with the batting layered on top), sewn around the edges, and turned right-side out through a slit in the backing fabric. The slit gets covered over in the end by the hanging sleeve. The result is a nice clean, modern-looking edge to the quilt, rather than a picture frame.

The next decision, was how to quilt the piece. I decided to use a mix of techniques — free-motion machine quilting, straight-line machine quilting, hand quilting, and embroidery –and use the quilting to both add color intensity and to further de-identify the flower images. Each block has its own quilting pattern that spills out into neighboring blocks. There are fun spirals, circles, petals, and stipples free-motion quilted in bright colors. There are yellow, red, and lavender French knots, liberally sprinkled throughout. And lots of hand and machine quilted lines.

Looking at the finished piece, I see a lot going on. There are nine separate compositions that are loosely tied together (not as well as I had hoped, actually, but perhaps that’s part of the point). There are flower images rendered difficult-to-identify by the unusual close vantage point from which they were taken. These images are further obfuscated by slicing and reassembly, overlays, and stitching. The edges of images are mixed with their neighbors so it isn’t always clear what pieces belong with which images. But if you saw the original flowers, you could probably eventually re-identify most of the images. (Perhaps I will do another quilt on “re-identification.”) It is a lot like personal data de-identification, in which data is removed and digital noise is introduced, but in the end the de-identified data might be re-identified given sufficient contextual information.