My research has concentrated on three inter-related areas: privacy, security, and usability. Brief descriptions and selected papers are shown below, while a full list of papers can be found here.


Privacy Policy Development for Canada

One of my roles at the Office of the Privacy Commissioner of Canada (OPC) was to conduct research to support policy decisions, guidance, and enforcement of privacy laws. Here are some projects I have worked on:

Privacy-Protecting Software Agents

As part of the PISA consortium on Privacy Incorporated Software Agents, I reviewed the human factors issues of software agents and developed a privacy-enhanced agent interface.

Automatically Detecting Privacy Breaches

We developed some techniques for locating, tracking, and handling information within an organization. We also created specialized software (PrivWatch) to detect and monitor privacy breaches on the Gnutella Peer-to-Peer (P2P) network.



Human Factors and Security

I helped to develop early work on the human factors of security systems.

  • A workshop on HCI & Security took place at the CHI 2003 Conference
  • Patrick, A.S., Long, A.C., & Flinn, S. (2003). HCI and security systems. Paper in the CHI 2003 Conference Proceedings: Extended Abstracts (Workshops), April 5-10, Ft. Lauderdale, Florida.

Authentication Methods

Some of my research at Carleton University has focused on how to improve passwords.

  • C. Herley, P.C. van Oorschot, A.S. Patrick. (2009). Passwords: If We’re So Smart, Why Are We Still Using Them? Financial Cryptography and Data Security (FC 2009), 13th International Conference, Rockley, Christ Church, Barbados.
  • Wright, N., Patrick, A.S. & Biddle, R. (2012). Do you see your password?: Applying recognition to textual passwords. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ’12). ACM, New York, NY, USA.
  • Hlywa, M., Biddle, R., & Patrick, A.S. (2011). Facing the facts about image type in recognition-based graphical passwords. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC ’11). ACM, New York, NY, USA, 149-158.

Web Security

Screen Shot 2016-06-14 at 12.55.56 PMOther research at Carleton has focused on the security interfaces of web browsers.


I have done some research on biometric authentication systems.


Natural Language Conversational Interfaces

Thom Whalen and I developed software for conversational, question-answering systems. This technology was heavily researched and licensed to industry.

  • Patrick, A.S., Jacques-Locmelis, W., & Whalen, T. (1993). The role of previous questions and answers in natural-language dialogues with computers. International Journal of Human-Computer Interaction, 5, 129-145.
  • Patrick, A.S., & Whalen, T.E. (1992). Field testing a natural-language information system: Usage characteristics and users’ comments. Interacting with Computers, 4, 218-230.
  • Whalen, T.E., & Patrick, A.S. (1990). COMODA: A conversation model for database access. Behaviour & Information Technology, 9, 93-110.
  • Whalen, T.E, & Patrick, A.S. (1989). Conversational hypertext: Information access through natural language dialogues with computers. Paper presented at the SIGCHI Conference, April 30 – May 4, 1989, Austin Texas. Published in CHI ’89 Conference Proceedings, 289-292.

Personal Impacts of Going Online

Working with the National Capital FreeNet, I conducted research on the factors and services that make for successful and unsuccessful online systems, and what lessons can be applied when building commercial systems for the new “information highway”.

Quality of Experience for Internet Services

I am interested in the factors that determine user’s satisfaction with Internet services, particularly the parameters of delay, information loss, and media fidelity. While working at Nortel, I designed and conducted a series of experiments to assess users’ reactions to quality-of- experience (QoE) parameters of Internet networks.

Advanced Collaboration Environments

Collaborative environments have the potential of truly supporting distributed teams and we examined a number of barriers preventing seamless collaboration.


A key determinant of usability is trust. Not only must a system or service be trustworthy, but it also has to be trustable by the end-users. Work in this area has included:

  • Patrick, A.S., Briggs, P. & Marsh, S. (2005). Designing systems that people will trust. Book chapter in L. Cranor & S. Garfinkel (Eds.), Security and Usability: Designing Secure Systems That People Can Use, O’Reilly & Associates.
  • Patrick, A.S. (2002) Building trustworthy software agents. IEEE Internet Computing, 6(6), 46-53.