Since December 2022, Karola Marky leads the research group "Digital Sovereignty" at the Chair for Human-Centred Security (HCS) at the Ruhr-Universität Bochum. As a CASA PI, she's researching within CASA HUB D "Usability".
She received her PhD at the Telecooperation Lab at TU Darmstadt and finished her postdoc at the Glasgow Interactive Systems (GIST) research unit at the University of Glasgow in Scotland. She was Assistant Professor in the Empirical Information Security Lab at Leibniz Universität Hannover before joining the Ruhr-Universität Bochum. With more than 50 publications in her field of research, she has already built up an international reputation. Learn more about Karola Marky here.
Having lived and worked abroad has had many positive effects, she says. "For one thing, I had to learn to be very economical with resources. This is also important in science. On the other hand, I was able to make a lot of contacts in the industry," says the scientist, who is now a long-term external cooperation partner of the Keio University in Japan, and adds: "I am open-minded when it comes to joint projects and other cultures. That helps a lot in terms of teamwork. During these trips, I experienced being the 'foreigner' and had to deal with integration and cultural differences. This is something I think everyone should have experienced at some point".
Karola, what exactly is digital sovereignty?
Digital sovereignty refers to informational self-determination in the digital space. It is very different from self-determination in the analog space. There you have a lot of control. I can close the door if I want to talk to someone alone and nobody can hear me. In the digital space, that possibility has to be built into the system. People quickly lose control of what they're doing in the digital space, what data they're transmitting, and the consequences of their actions.
Why do we need this?
The information we share could be used to influence our behavior. I might say something different when someone is in the room during our conversation compared to when I am alone. This is not about secrecy. We need privacy to protect ourselves. There's the "lift experiment". A person gets into a lift. Everyone is standing with their back to the door and their face to the wall. Many people intuitively put themselves in the same position. Even though it doesn't make sense.
In digital space, how are we influenced?
Nowadays we have so-called surveillance capital in the digital space. In other words, we can influence people's actions without them realizing it by targeting and analyzing information. Let's take the example of targeted advertising: When I'm shopping online, I'm shown similar products that I might like. This is quite convenient, but it can lead to me buying something I would never have bought otherwise. In the worst case, you can lose your freedom as a result of this influence. From a psychological perspective, we humans are very susceptible to this.
What connection does this have with IT security?
There is a need for mechanisms that protect us from this kind of manipulation. The current Internet technology is not designed to do this, but rather allows influence to be exerted quite easily. Some people want a political solution. But we would lose a lot of functionality if we do so. An example of bad regulation is cookie banners: from a legal point of view, they are fine. But when users have to read and click them 50 times a day, the sense begins to fade. That's why we do a lot of psychological research into people's behavior and design mechanisms around that.
How do you research user behavior?
Right now I do a lot of qualitative research. In the future, my focus will be on the development of methods that accompany people in their everyday lives, for example, an app. You can easily ask people about their usage, for example, which security mechanisms they used that day, how they handled them, etc. I also want to focus on the use of virtual reality to simulate everyday IT situations. We have a 3D printer at the moment. I want to use it to improve the interfaces. For example, I personally printed a small cat for 2-factor authentication. Things like that make IT security more accessible and personal.
It is this kind of out-of-the-box thinking that characterizes the young scientist, who took a three-year break from university life after completing her bachelor's degree in Applied Computer Science at the Technical University of Kaiserslautern. She backpacked around the world and worked in a space station laboratory in Japan during this time.
What influence have your stays abroad on your research today?
For one thing, I had to learn to be very economical with resources. This is also important in science. On the other hand, I was able to make a lot of contacts in the industry," says the scientist, who is now a long-term external cooperation partner of the Keio University in Japan, and adds: "I am open-minded when it comes to joint projects and other cultures. That helps a lot in terms of teamwork. During these trips, I experienced being the 'foreigner' and had to deal with integration and cultural differences. This is something I think everyone should have experienced at some point.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.