Title: User-Controllable Security and Privacy: Lessons from the Design and Deployment of a Family of Location Sharing Applications Abstract: Increasingly users are expected to configure a variety of security and privacy policies on their own, whether it's the firewall on their home computer, their privacy preferences on Facebook, or access control policies at work. In practice, research shows that users often have great difficulty specifying such policies. This in turn can result in significant vulnerabilities. This presentation will provide an overview of novel user-controllable security and privacy technologies developed to empower users to more effectively and efficiently specify security and privacy policies. In particular, I will outline a new search-based methodology to design expressive privacy and security policies as well as user-oriented machine learning techniques that show promise in helping users refine their policies. Results from this research shed some light on why, despite all the hoopla, most location sharing applications available in the marketplace today have failed to gain much traction. I will attempt to conclude with a few thoughts on the role of AI in the context of usable security and privacy research, an emerging area that is intrinsically inter-disciplinary in nature. Bio: Norman Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University. His broad research interests include Web Security, Privacy and Commerce. He is co-Director of the School of Computer Science's PhD Program in Computation, Organizations and Society and directs the School's Mobile Commerce Lab and e-Supply Chain Management Lab. Norman has been on the faculty at Carnegie Mellon since 1991. In the late nineties, he also served as Chief Scientist of the European Union's $800M e-Work and e-Commerce program, which at the time included all European-level cyber security and online privacy research. He has authored over 160 scientific publications and co-founded two companies. Norman is also well known for his work in scheduling, constraint satisfaction and supply chain management, which resulted in the successful deployment and/or commercialization of several scheduling and supply chain management tools by companies such as IBM, Numetrix (eventually acquired by JD Edwards, PeopleSoft and Oracle), CACI, Ilog (now part of IBM) and others.