This page is historic. I am currently a senior research fellow at the Institute for the Study of Science, Technology and Innovation at the University of Edinburgh.

From 2006 - 2011, I was a post-doctoral research fellow here in the The Information Security Research Group in the Department of Computer Science at UCL, specialising in human aspects of information security.

I worked on a project called Trust Economics. This project was enhancing understanding of the attitudes and responses of employees to organisational security policies. This was a collaboration with researchers at the Universities of Bath, Aberdeen, and Newcastle, HP Labs, and a utilities sector partner. The project was modelling the behavioural consequences of policy interventions. This will enable systems designers, implementers, and managers to make choices to promote more effective security cultures.

The Trust Economics project was based around a number of case studies. Following an initial study of the impact of which might follow from a policy which enforces the encryption of USB memory sticks for transport of data between organisational sites and elsewhere, we have conducted a large diary-based study into the impacts of password use. We are currently investigating the economic implications of trust vs. assurance (or enforcement) in implementing security policies. There is also a study of the implications of enterprise-DRM.

In June 2009, we organised a very successful Workshop around the issues of Trust Economics, in conjunction with WEIS 2009

Previously, I worked on an EPSRC funded project in Grid security, Easy Expression of Authorisation Policies This is part of the PERMIS Project, an integrated infrastructure for Grid security.. The principal investigators on this project were David Chadwick at the University of Kent (PI) and Angela Sasse here in Computer Science at UCL (CoI). Through interviews with e-scientists with varying roles in different application areas, this project identified the complex security needs of Grid users and the terms they use to describe them. This understanding formed the basis for the design of an OWL ontology which can be expressed in controlled natural language and output as PERMIS XML or, potentially, XACML. This provides a controlled natural language enhancement to the existing PERMIS policy editor. The HCI interest is in understanding how this controlled natural language enables target users to express complete and accurate PERMIS authorizations policies, without requiring them to have a full understanding of the underlying access control model.

I completed my PhD studies here at UCL in June, 2007. My thesis investigated the relationships between public policy and lived experience in HCI, using case studies from e-government as applied to transport, with a focus on London. You can find my thesis "Public Policy, Technology and Lived Experience: Three Case Studies of Technology in Support of Urban Transport Policies in London" here. My supervisor was Angela Sasse and my second supervisor was Helen Margetts who is now at the Oxford Internet Institute and is an Honorary Senior Research Fellow at the UCL School of Public Policy.

Before that I did an MSc in New Media, Information and Society at the London School of Economics. I did my MSc. part-time while working for an Internet Service Provider, Direct Connection, which became part of Netscalibur, now part of Claranet.

Before that I worked with GreenNet, a collective dedicated to supporting NGOs, groups and individuals through the use of Information and Communication Technologies. Before GreenNet, I worked with Poptel, the Internet Cooperative. Before that I had a career in commercial computing.

My first degree was in Mathematics at the University of Exeter.

My overarching research interest is in the relationships between technology and society. It is from this basis that I approach the Trust Economics project and human related aspects of computer security.

This interest is built on my thesis work in e-government. I am grounding this in the usability research tradition in Human Computer Interaction, and specifically in the realisation that decisions by policy-makers have repercussions on the usability of e-government systems. Conversely, the usability of e-government systems enhances or detracts from public acceptance of the systems, and so has implications for the achievement of policy objectives.

My thesis research centred on three case studies. To provide a focus for my research, these case studies are all in the area of urban transport. This is a major policy concern for cities and also builds on my interest in urbanism, and the Internet in the urban context, which I developed while studying for my MSc.

A secondary research interest, which forms the basis for the methodology of my research, is in qualitative methods, especially Grounded Theory and Discourse Analysis

The Oyster transport smartcard: The Transport for London (TfL) Oyster card is a transport smartcard that can hold period tickets and/or stored value ("Prepay").

A "smart" card, as well as being quicker and easier to use because it is touched onto the card reader in a ticket gate or on a bus without removing it from the user's wallet, also makes possible new ticketing options such as the ability to mix a season ticket with pre-paid value on a single card, or to cap daily fares at a maximum cost.

The Central London Congestion Charge: The Central London Congestion Charge was introduced in February, 2003. It is the largest congestion charging scheme in the world according to its implementers, but not unique. The introduction followed several years of discussion and research; enabling legislation was and implemented as part of the Greater London Authority Act 1999.

Unlike many other congestion charging and road pricing schemes in the world, the system does not work using electronic tags or other vehicle modification, but on the basis of camera recording of number plates. It is up to the driver to ensure that they pay before midnight on the day of travel; failure to do so leads to a penalty.

The TfL Journey Planner: The TfL Journey Planner goes beyond most other journey planners in that it is multi-modal and real-time. It is available over a number of channels - WAP, PDA with WiFi, SMS text - as well as the Web. However, most of our research subjects have used only the web interface

The London Journey Planner aims to encourage the use of sustainable modes of transport by providing route-planning on public transport, walking, and cycling. A related policy aim is to support "socially inclusive empowerment" of service users.

2011

Philip Inglesant and M. Angela Sasse: Information Security as Organizational Power: A framework for re-thinking security policies. Proceedings of 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST 2011), 8th September, 2011, Milan, Italy

Ravi Jhawar, Philip Inglesant, M. Angela Sasse, and Nicolas Curtois: Make Mine a Quadruple: Strengthening the Security of Graphical One-Time PIN authentication. Proceedings of 5th International Conference on Network and System Security (NSS 2011), 6th-8th September, 2011, Milan, Italy

2010

Philip Inglesant and M. Angela Sasse: The true cost of unusable password policies: password use in the wild Proceedings of the 28th international conference on Human factors in computing systems (CHI 2010), Atlanta, GA, USA, April 2010 This paper was awarded an Honorable Mention by SIGCHI

Philip Inglesant and M. Angela Sasse: Studying Password Use in the Wild: Practical Problems and Possible Solutions Usable Security Experiment Reports (USER) Workshop at Symposium On Usable Privacy and Security (SOUPS 2010), Redmond, WA, USA, July 2010

Simon Parkin, Aad van Moorsel, Philip Inglesant, and M. Angela Sasse: A Stealth Approach to Usable Security: Helping IT Security Managers to Identify Workable Security Solutions. Workshop on New Security Paradigms (NSPW 2010), Colonial Inn, Concord, MA, USA September 21-23, 2010

2009

Ross Anderson, Ian Brown, Terri Dowty, William Heath, and Philip Inglesant: Database State: A Report Commissioned by the Joseph Rowntree Reform Trust Ltd.

Konstantin Beznosov, Philip Inglesant, Jorge Lobo, Rob Reeder, and Mary Ellen Zurko: Usability meets access control: challenges and research opportunities: Invited Panel Session Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT), Stresa, Italy, June 2009

Aad van Moorsel, Simon Parkin, Maciej Machulak, Julian Williams, and Philip Inglesant (Eds.): Proceedings of the First Trust Economics Workshop (co-editor)

2008

Philip Inglesant, M. Angela Sasse, David Chadwick, and Lei Lei Shi: Expressions of Expertness: The Virtuous Circle of Natural Language for Access Control Policy Specification" Symposium On Usable Privacy and Security (SOUPS), Carnegie Mellon University in Pittsburgh, PA, USA, July 2008 This paper was awarded the Best Paper award at SOUPS 2008

David Chadwick, Lei Lei Shi, M. Angela Sasse, and Philip Inglesant: Interface Intelligence Public Service Review: Home Affairs: Issue 17: March 2008

2007

Philip Inglesant and M. Angela Sasse: Usability is the Best Policy: Public Policy and the Lived Experience of Transport Systems in London: in People and Computers XXI: HCI ... but not as we know it HCI 2007, Lancaster, UK, September 2007

2005

Philip Inglesant and M. Angela Sasse: Usability is a policy issue: Minimising the "Hassle Factor" in mobile payment of the Central London Congestion Charge: in Proceedings of Euro m-Gov Conference, Brighton, UK, 10-12 July 2005

Philip Inglesant and M. Angela Sasse: Situating the transient user: overcoming challenges in the design of e-government systems: in User Involvement in e-Government development projects, workshop at Interact 2005, Rome, Italy, September 2005