Fariborz Farahmand received the Best Paper Award in the Big Data, Image Processing, and Multimedia Technology Track at the 2017 IEEE 8th Annual Ubiquitous Computing, Electronics, and Mobile Communications Conference. The conference was held October 19-21 at Columbia University in New York City, New York.

Farahmand is a research faculty member in the Georgia Tech School of Electrical and Computer Engineering (ECE). The title of his award-winning paper is entitled “Security and Privacy Risks in Electronic Communications: A User’s Assessment,” which was coauthored with Robin L. Dillon-Merrill, a professor in the McDonough School of Business at Georgetown University, and Mikhail Atallah, a professor in the Department of Computer Science at Purdue University. 

It is important to understand why online users indicate concern about security and privacy, but when given the opportunity, they act contrary to their stated intentions. Collecting data about 24 electronic activities, Farahmand and his colleagues find a significant inverse relationship between online users’ assessed risk and benefit, recognizing that the particular technology matters where some technologies are inherently perceived as more risky than others. This behavior is of interest because it violates the assumptions of the existing computational models in cybersecurity and privacy risk management–that are based on expected utility theory and the work of von Neumann and Morgenstern.

This team's results support dual process theory, and Kahneman’s distinction of System 1 and System 2 in security and privacy decision making: System 1 (affective) operates automatically and quickly, with little or no effort and no sense of voluntary control, and System 2 (cognitive) allocates attention to the effortful mental activities that demand it, including computations. The team's findings, and the formal description of the interplay between System 1 and System 2, can be used in developing more “realistic” computational models of cybersecurity and privacy decision-making in security and privacy enhancing technologies.