Participatory threat modelling: exploring paths to reconfigure cybersecurity

Conference item

We present “participatory threat modelling” as a feminist cybersecurity practice which allows technology research to centre traditionally marginalized and excluded experiences. We facilitated a series of community workshops in which we invited participants to define their own cybersecurity threats, implement changes to defend themselves, and reflect on the role cybersecurity plays in their lives. In doing so, we contest both hierarchical approaches to users in cybersecurity—which seek to ‘solve’ the problems of human behavior—and a tendency in HCI to equate action research with the development of novel technology solutions. Our findings draw highlight barriers to engaging with cybersecurity, the role of personal experiences (for instance of gender, race or sexuality) in shaping this engagement, and the benefits of communal approaches to cybersecurity.

Authors: Slupska, J; Duckworth, SD; Ma, L; Neff, G

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Association for Computing Machinery
• Host title: CHI EA '21: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems
• Article number: 329
• Publication date: 2021-05-08
• Acceptance date: 2021-02-18
• Event title: 2021 ACM CHI Conference on Human Factors in Computing Systems
• Event location: Virtual event (Yokohama, Japan)
• Event website: https://chi2021.acm.org/
• Event start date: 2021-05-08
• Event end date: 2021-05-13
• DOI: 10.1145/3411763.3451731
• ISBN: 9781450380959
• Language: English
• Keywords: community engagement; feminism; cybersecurity; gender; sexuality; privacy; action research; FFR; race