My research has concentrated on three inter-related areas: privacy, security, and usability. Brief descriptions and selected papers are shown below, while a full list of papers can be found here.
Privacy
Privacy Policy Development for Canada
One of my roles at the Office of the Privacy Commissioner of Canada (OPC) was to conduct research to support policy decisions, guidance, and enforcement of privacy laws. Here are some projects I have worked on:
- Online Behavioural Advertising (OBA) Follow Up Research Project (2015)
- What an IP Address Can Reveal About You (2013)
- Popular Websites in Canada Disclosing Personal Information (2012)
- Data at Your Fingertips: Biometrics and the Challenges to Privacy (2011)
Privacy-Protecting Software Agents
As part of the PISA consortium on Privacy Incorporated Software Agents, I reviewed the human factors issues of software agents and developed a privacy-enhanced agent interface.
- Patrick, A.S., & Kenny, S. (2003). From Privacy Legislation to Interface Design: Implementing Information Privacy in Human- Computer Interfaces. In R. Dingledine (Ed.), Proceedings of Privacy Enhancing Technologies Workshop (PET2003), Dresden, Germany, 26-28 March, 2003. LNCS 2760, pp. 107-124.
- Patrick, A.S. (2005). Just-in-time click-through agreements: Interface widgets for confirming informed, unambiguous consent. Journal of Internet Law, 9(3), 17-19.
- Patrick, A.S. (2002) Building trustworthy software agents. IEEE Internet Computing, 6(6), 46-53.
Automatically Detecting Privacy Breaches
We developed some techniques for locating, tracking, and handling information within an organization. We also created specialized software (PrivWatch) to detect and monitor privacy breaches on the Gnutella Peer-to-Peer (P2P) network.
- Korba, L., Song, R., Yee, G., & Patrick, A. (2006). Automated social network analysis for collaborative work. Proceedings of the Third International Conference on Cooperative Design, Visualization and Engineering (CDVE 2006). Palma de Mallorca, Spain. September 17-20. LNCS 4101, pp. 1-8. (NRC 48732)
- Korba, L., Song, R., Yee, G., Patrick, A.S., Buffett, S., Wang, Y., & Geng, L. (2007). Private data management in collaborative environments. Proceedings of the Fourth International Conference on Cooperative Design, Visualization and Engineering (CDVE 2007). Shanghai, China. September 16-20. (NRC 49356)
- Patrick, A.S. (2008). Monitoring corporate password sharing using social network analysis. Paper presented at the International Sunbelt Social Network Conference, St. Pete Beach, Florida, Jan. 22-27.
- Patrick, A.S. & Marsh, S. (2009). Monitoring corporate security and privacy practices using social network analysis. Sunbelt Social Networks Conference, Mar. 10-15, San Diego.
Security
Human Factors and Security
I helped to develop early work on the human factors of security systems.
- A workshop on HCI & Security took place at the CHI 2003 Conference
- Patrick, A.S., Long, A.C., & Flinn, S. (2003). HCI and security systems. Paper in the CHI 2003 Conference Proceedings: Extended Abstracts (Workshops), April 5-10, Ft. Lauderdale, Florida.
Authentication Methods
Some of my research at Carleton University has focused on how to improve passwords.
- C. Herley, P.C. van Oorschot, A.S. Patrick. (2009). Passwords: If We’re So Smart, Why Are We Still Using Them? Financial Cryptography and Data Security (FC 2009), 13th International Conference, Rockley, Christ Church, Barbados.
- Wright, N., Patrick, A.S. & Biddle, R. (2012). Do you see your password?: Applying recognition to textual passwords. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ’12). ACM, New York, NY, USA.
- Hlywa, M., Biddle, R., & Patrick, A.S. (2011). Facing the facts about image type in recognition-based graphical passwords. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC ’11). ACM, New York, NY, USA, 149-158.
Web Security
Other research at Carleton has focused on the security interfaces of web browsers.
- Biddle, R., van Oorschot, P.C., Patrick, A.S., Sobey, J. & Whalen, T., (2009). Browser interfaces and extended validation SSL certificates: An empirical study. CCSW 2009: The ACM Cloud Computing Security Workshop (in conjunction with the 16th ACM CCS), November 13, Chicago
- Sobey, J., Biddle, R., Van Oorschot, P.C., & Patrick, A.S. (2008). Exploring user reactions to browser cues for extended validation certificates. 13th European Symposium on Research in Computer Security (ESORICS), Oct. 6-8, Malaga, Spain. Lecture Notes in Computer Science (LNCS), 5283, 411-427.
Biometrics
I have done some research on biometric authentication systems.
- I conducted an early review of the usability of some biometric security devices.
- Heckle, R.R., Patrick, A.S., & Ozok, A. (2007). Perception and acceptance of fingerprint biometric technology. Proceedings of the Symposium On Usable Privacy and Security (SOUPS). Pittsburgh, PA, USA, July 18-20.
Usability
Natural Language Conversational Interfaces
Thom Whalen and I developed software for conversational, question-answering systems. This technology was heavily researched and licensed to industry.
- Patrick, A.S., Jacques-Locmelis, W., & Whalen, T. (1993). The role of previous questions and answers in natural-language dialogues with computers. International Journal of Human-Computer Interaction, 5, 129-145.
- Patrick, A.S., & Whalen, T.E. (1992). Field testing a natural-language information system: Usage characteristics and users’ comments. Interacting with Computers, 4, 218-230.
- Whalen, T.E., & Patrick, A.S. (1990). COMODA: A conversation model for database access. Behaviour & Information Technology, 9, 93-110.
- Whalen, T.E, & Patrick, A.S. (1989). Conversational hypertext: Information access through natural language dialogues with computers. Paper presented at the SIGCHI Conference, April 30 – May 4, 1989, Austin Texas. Published in CHI ’89 Conference Proceedings, 289-292.
Personal Impacts of Going Online
Working with the National Capital FreeNet, I conducted research on the factors and services that make for successful and unsuccessful online systems, and what lessons can be applied when building commercial systems for the new “information highway”.
- Patrick, A.S., & Black, A. (1997). Who is going online? Results from the National Capital FreeNet. Internet Research, 7(4), 305-319.
- Patrick, A.S. (1997). Media lessons from the National Capital FreeNet. Communications of the ACM, 40(7), 74-80.
- Patrick, A.S., Black, A., & Whalen, T.E. (1995). Rich, young, male, dissatisfied computer geeks? Demographics and satisfaction from the National Capital FreeNet. In D. Godfrey & M. Levy (Eds.), Proceedings of Telecommunities 95: The International Community Networking Conference (pp. 83-107). Victoria, British Columbia, Canada: Telecommunities Canada.
Quality of Experience for Internet Services
I am interested in the factors that determine user’s satisfaction with Internet services, particularly the parameters of delay, information loss, and media fidelity. While working at Nortel, I designed and conducted a series of experiments to assess users’ reactions to quality-of- experience (QoE) parameters of Internet networks.
- Bauer, B., & Patrick, A.S. (2004). A Human Factors Extension to the Seven-Layer OSI Reference Model. Self-published discussion paper, January, 2004.
Advanced Collaboration Environments
Collaborative environments have the potential of truly supporting distributed teams and we examined a number of barriers preventing seamless collaboration.
- Corrie, B., Wong, H., Zimmerman, T., Marsh, S., Patrick, A.S., Singer, J., Emond, B., & Noel, S. (2003). Towards quality of experience in advanced collaborative environments. Paper presented at the Third Annual Workshop on Advanced Collaborative Environments, June 22, Seattle.
- Patrick, A.S. (1999). The human factors of MBone videoconferences: Recommendations for improving sessions and software. Journal of Computer-Mediated Communication, 4(3).
- Patrick, A.S., Singer, J., Corrie, B., Noël, S., El Khatib, K., Emond, B., Zimmerman, T., & Marsh, S. (2004). A QoE Sensitive Architecture for Advanced Collaborative Environments. Paper presented at the First International Conference on Quality of Service in Heterogeneous Wired/Wireless Networks (QSHINE 2004), Oct. 18-20, Dallas, TX.
Trust
A key determinant of usability is trust. Not only must a system or service be trustworthy, but it also has to be trustable by the end-users. Work in this area has included:
- Patrick, A.S., Briggs, P. & Marsh, S. (2005). Designing systems that people will trust. Book chapter in L. Cranor & S. Garfinkel (Eds.), Security and Usability: Designing Secure Systems That People Can Use, O’Reilly & Associates.
- Patrick, A.S. (2002) Building trustworthy software agents. IEEE Internet Computing, 6(6), 46-53.