Economics of security identified the concept of incentive misalignment in security and privacy technologies. Incentive misalignment suggests that sometimes people do not care about privacy or security, and are right given the products being offered. Resolving this problem requires incentive-aligned design. Risk communications suggest that people would invest and care about security, but are simply unaware of the risks. In this case, what is needed is effective risk communication. Security decisions follow the set of heuristics and incentive requirements documented in other risk domains; and design can recognize this. Finally, traditional usability suggests that technical solution are sometimes unusable, defeating those who seek secure computing. This requires not only improved interaction design, but also an understanding that interaction requirements are part of the cost of security investment. I argue that considering issues of economics, risk awareness, and usability are all appropriate goals of effective security design. Human and economic components must be treated in a comprehensive, theoretically-grounded manner. I propose a comprehensive approach called translucent security. Translucent security considers users as participants making complex risk decisions with limited budgets: limited time, limited cognitive budgets, and limited attention span. I will introduce the theoretical arguments for translucent security and enumerate the theories underlying the approach. My analysis is grounded in basic observations of why some systems fail (e.g., lemons markets, lack of incentive. stop points). After briefly listing the principles, a few high-level overviews of past and current projects shows how these theories in principle are highly applicable in practice.

Professor Camp is a Professor at the School of Informatics and Computing at Indiana University, Bloomington (IUB). She joined IUB from Harvard?s Kennedy School after a year as Senior Member of the Technical Staff at Sandia National Laboratories. She has a doctorate from Carnegie Mellon, and MSEE from UNC-Charlotte. She is the author two monographs and the editor of two other collections. She has authored more than one hundred peer-reviewed works. She has made scores of presentations across six continents. Her patents are in the area of privacy-enhancing technologies. Her professional service has included a year as a Congressional Fellow of the IEEE under the aegis of the IEEE.