Disinformation and Reflections From Usable Security

By 2019, a number of security professionals in my sphere were questioning whether combatting misinformation was part of security or if it was entirely outside of our core area. Perhaps it was best treated as a potential application domain for security when computers happened to be involved, much as politics, health, or finance are. I lean toward security as a big tent, where many disciplines form key parts of the expansive area of cybersecurity. This philosophy led me to define the area of human-centered security in 19961 as very much a part of the core of creating secure systems. Today, disinformation is moving beyond usability and social media conferences, like the Association for Computing Machinery (ACM) CHI, ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW), and Association for the Advancement of Artificial Intelligence International Conference on Web and Social Media (ICWSM), and starting to appear in security conferences such as the IEEE Symposium on Security and Privacy,2 signaling broader agreement that disinformation research is part of cybersecurity research.