Monthly Archives: November 2012

Job opening: post-doctoral researcher in usable security

(post UPDATED with new job opening)

I am delighted to announce a job opening in the Cambridge Security Group. Thanks to generous funding from the European Research Council I am in a position to recruit several post-doc research associates to work with me on the Pico project, whose ambitious aim is ultimately to liberate the world from the annoyance and insecurity of passwords, which everyone hates.

In previous posts I hinted at why it’s going to be quite difficult (Oakland paper) and what my vision for Pico is (SPW paper, USENIX invited talk). What I want to do, now that I have the investment to back my idea, is to assemble an interdisciplinary team of the best possible people, with backgrounds not just in security and software but crucially in psychology, interaction design and embedded hardware. We’ll design and build a prototype, build a batch of them and then have real people (not geeks) try them out and tell us why they’re all wrong. And then design and build a better one and try it out again. And iterate as necessary, always driven by what works for real humans, not technologists. I expect that the final Pico will be rather different, and a lot better, than the one I envisaged in 2011. Oh, and by the way, to encourage universal uptake, I already promised I won’t patent any of it.

As I wrote in the papers above, I don’t expect we’ll see the end of passwords anytime soon, nor that Pico will displace passwords as soon as it exists. But I do want to be ready with a fully worked out solution for when we finally collectively decide that we’ve had enough.

Imagine we could restart from zero and do things right. Have you got a relevant PhD or are about to get one? Are you keen to use it to change the world for the better? Are you best of the best, and have the track record to prove it? Are you willing to the first member of my brilliant interdisciplinary team? Are you ready for the intellectually challenging and stimulating environment of one of the top research universities in the world? Are you ready to be given your own real challenges and responsibilities, and the authority to be in charge of your work? Then great, I want to hear from you and here’s what you need to do to apply (post UPDATED with new opening).

(By the way: I’m off to Norway next week for passwords^12, a lively 3-day conference organized by Per Thorsheim and totally devoted to nothing else than passwords.)

Since I was passing…

When you register an Internet domain name in “.com” (and some other top level domains) you have the choice of using a “privacy” or “proxy” service rather than having your name and contact details recorded within the “whois” systems that provide a public record of domain name ownership.

A privacy service will record that you are the owner of the domain name but your contact details will be hidden. A proxy service will hide your identity as well.

The privacy-conscious use these services to avoid disclosing information about themselves (and to avoid the trivial amount of spam sent to contact email addresses). The cyber criminals use these services as well — so that it is hard for the Good Guys to link domains into groups and hard for them to argue (in an Al Capone tax evading manner) that “you may not understand this criminality or be convinced this evidence, but just take a look at the invalid details given when registering the domain“.

I’m currently working on a project for ICANN that will measure the prevalance of privacy/proxy usage by different types of cybercriminals… of which more at another time — because at present I’m having a holiday! I went to Palm Cove (just north of Cairns) to see the recent total solar eclipse… and my holiday involves a short(ish) drive south to Melbourne

… and since I was passing Nobby Beach (just south of Brisbane) I took the opportunity to peek at the home of the larger Internet domain name proxy services:
Richard points at's PO Box
whose details appear in whois records like this:
Domain Admin (
ID#10760, PO Box 16
Note - All Postal Mails Rejected, visit
Nobby Beach
null,QLD 4218
Tel. +45.36946676

There are at present (according to some 2,584,758 domains associated with You can see why they don’t want any postal mail, because their PO box is merely a standard size:
Close-up of PO Box #16
The reality of course is that you should contact Privacy Protection by email or their website… but then you’d miss out on getting to look at some of the nearby beaches!
View of beach at Surfer's Paradise

Will the Information Commissioner be consistent?

This afternoon, the Information Commissioner will unveil a code of practice for data anonymisation. His office is under pressure; as I described back in August, Big Pharma wants all our medical records and has persuaded the Prime Minister it should have access so long as our names and addresses are removed. The theory is that a scientist doing research into cardiology (for example) could have access to the anonymised records of all heart patients.

The ICO’s blog suggests that he will consider data to be anonymous and thus no longer private if they cannot be reidentified by reference to any other data already in the public domain. But this is trickier than you might think. For example, Tim Gowers just revealed on his excellent blog that he had an ablation procedure for atrial fibrillation a couple of weeks ago. So if our researcher can search for all males aged 45-54 who had such a procedure on November 6th 2012 he can pull Tim’s record, including everything that Tim intended to keep private. Even with a central cardiology register, it’s hard to think of a practical mechanism could block Tim’s record as soon as he made that blog post. But now researchers are starting to carry round millions of people’s records on their laptops, protecting privacy is getting really hard.

In his role as data protection regulator, the Commissioner has been eager to disregard the risk of re-identification from private information. Yet Maurice Frankel of the Campaign for Freedom of Information has pointed out to me that he regularly applies a very different rule in Freedom of Information cases, including one involving the University of Cambridge. There, he refused a freedom of information request about university dismissals on the grounds that “friends, former colleagues, or acquaintances of a dismissed person may, through their contact with that person, know something of the circumstances of that person’s departure” (see para 30).

So I will be curious to see this afternoon whether the Commissioner places greater value on the consistency of his legal rulings, or their convenience to the powerful.