Simson L. Garfinkel
(slgarfin@nps.edu)
Naval Postgraduate School & Harvard University
Having decided to focus attention on the ``weak link'' of human
falability, a growing number of security researchers are discovering
the US Government's regulations that govern human subject research.
This paper discusses those regulations, their application to research
on security and usability, and presents strategies for negotiating the
Institutional Review Board (IRB) approval process. It argues that a
strict interpertation of regulations has the potential to stymie
security research.