iSchool expands research on cybersecurity and data privacy, creating opportunities for PhD students

Photo by Brian Huynh /UW-Madison

Consider three everyday acts: driving a car, making a purchase, and working a job. They all involve technologies that collect personal data—data about driving tendencies, buying patterns, and work habits. The collection of this information is not necessarily harmful in itself. But as data-gathering technologies increasingly pervade everyday life, opportunities to exploit individuals’ personal information, and to violate people’s privacy, are increasing as well.

In response, research at the iSchool, led by Associate Professors Emilee Rader and Rick Wash, is exploring how to protect the security of users and their data in a world shaped by digital technologies. The two faculty members, influential scholars in their fields, are seeking PhD students to join their research efforts and help create a future in which ordinary people are empowered to safeguard their data, privacy, and autonomy.

“Almost everything that we do, from driving cars to applying for jobs, involves sitting in front of computers or devices and using them to do all kinds of complicated and important things in our life,” Wash said. He added that his work is focused on moving toward a world in which “we can trust this technology and rely on it going forward without having to spend all of our time thinking about the consequences.”

Protecting people online

Rader and Wash investigate people’s experiences online from different angles. Rader’s realm is human-centered data privacy, which she defines as “helping people figure out how to manage all of the data that’s collected about them.”

“People really have no idea what kinds of data are collected about them and how those data are being sold, shared, and used.”

Emilee Rader, associate professor

Currently, Rader is working on a project exploring how to help people visualize the data collected about them when they drive their cars. Cars, she said, have more sensors than cell phones do, and car companies can infer sensitive personal data, such as how much a driver weighs, from the sensors in a vehicle. Rader’s project involved three months of collecting driving data from participants, then showing them a data visualization illustrating the wealth of information their cars could collect about them, including information about potentially dangerous driving habits. 

However, Rader found, people had a hard time perceiving how data about their driving habits could allow companies to infer other information about them or predict their future behaviors. This, to her, showed “how challenging it is to help people anticipate ways that their data could be used against them.”

Wash, meanwhile, investigates cybersecurity, especially the ways in which bad actors can use everyday technologies to cause harm online. His recent work on phishing—the practice of sending fraudulent emails that try to trick people into revealing personal data—has been widely cited and was featured in the Wall Street Journal

Because phishing emails can be difficult to detect, Wash wanted to understand how other experts identified them. To his surprise, these experts “didn’t actually use their technical expertise at first,” he said. “Most of them noticed things that they felt were just weird about the email. Once they felt that an email was weird, then they became suspicious and started using their technical expertise.”

To Wash, this finding suggested hopeful possibilities: that technical expertise was not the most important part of phishing detection, and that non-experts could potentially become skilled phishing detectors themselves.

Opportunities for graduate students

The research Wash and Rader conduct draws on numerous disciplines, incorporating methods from the social sciences in addition to more technical fields. And it is taking place in a larger ecosystem of cybersecurity and data privacy research, spanning multiple departments within the School of Computer, Data & Information Sciences and the university more broadly. As a result, there are plentiful opportunities for graduate students from diverse backgrounds—especially aspiring PhDs—to get involved in this research, including by working directly with Wash and Rader.

“One of the great things about coming to an iSchool is that we do a good job helping people understand both the technical challenges and the social and human challenges,” Wash said. He calls this a “sociotechnical” approach, which he said aims to understand how “people and technology work together.”

Wash added that this involves “pulling things from computer science, from data science, from psychology, anthropology.” Rader picked up where Wash left off, adding, “economics, law.”

Rader added, “iSchools in particular look at PhD education as though it’s kind of an apprenticeship. Students are doing research from essentially day one.” She explained that PhD students are treated as junior colleagues, involved in “solving problems from the very beginning.”

And the problems Rader hints at run deeper than risks to data privacy. She contends that complex algorithms that use data to predict behavior can threaten basic human agency, because they “[make] decisions for us that might not be the same decisions that we would want to make on our own.”

“This really does remove some of people’s autonomy and freedom to make their own choices in the world.”

Written by: Thomas Jilk, marketing & communications specialist

iSchool PhD Students conduct original research in collaboration with faculty members, receive five years of full funding, including tuition, stipend and health insurance. Explore more about the iSchool’s PhD program by visiting its webpage.