I am a postdoc at the UC Berkeley Center for Long-Term Cybersecurity (CLTC).
I received my PhD in 2018 from the UC Berkeley School of Information,
The social practice of computer security Security is organized around threats, speculative
scenarios that describe possible attacks. How people who build software imagine
threats (and prioritize fixing them) largely dictates what people are vulnerable
to when they interact with computers.
This project uses role-playing games to help engineers and designers speculate about threats in an open-ended way.
New procedures for speculation may help software-builders catch threats they would otherwise miss.
James Pierce, Sarah Fox, Nick Merrill, Richmond Wong. Differential Vulnerabilities and a Diversity of Tactics: What toolkits teach us about cybersecurity. CSCW '18.
James Pierce, Sarah Fox, Nick Merrill, Richmond Wong, Carl DiSalvo. An Interface Without a User: An exploratory design study of online privacy policies and digital legalese. DIS '18.
Nick Merrill. Better Not to Know?: The SHA1 Collision & the Limits of Polemic Computation. LIMITS '17.
What can machines know about the mind? This work seeks to understand people's
beliefs about this question: how these beliefs affect and arise from
interactions with digital sensors, from prior beliefs about the mind and the
body, and how these beliefs may shape the design of technical systems in the
I built a working brain-computer interface to study how software engineers conceive of the brain and mind (CHI '18), and studied how people build emotional interpretations around basic biosignals (CSCW '17).
During my PhD, I studied how sensing technologies blur the line between sensing
bodies and sensing minds, and what this moving boundary means for the future of security online.
Nick Merrill, John Chuang. Models of Minds: Reading the mind beyond the brain. alt.chi '19.
Nick Merrill. Mind Reading & Telepathy for Beginners & Intermediates: What People Think Machines Can Know About the Mind, and Why Their Beliefs Matter (2018), my dissertation.
Richmond Y Wong, Nick Merrill, John Chuang. When BCIs have APIs: Design fictions of everyday brain-computer interface adoption. DIS '18. Honorable mention
Nick Merrill, John Chuang. From Scanning Brains to Reading Minds: Talking to engineers about brain-computer interface. CHI '18.
Nick Merrill, Coye Cheshire. Trust Your Heart: Assessing cooperation and trust with biosignals in computer-mediated interactions. CSCW '17. Honorable mention
Nick Merrill, Coye Cheshire. Habits of the Heart (rate): Social Interpretation of Biosignals in Two Interaction Contexts. ACM GROUP '16.
Fall, 2017. INFO 290T: Mind Reading & Telepathy for Beginners & Intermediates. Designed and taught with John Chuang.
Why passthoughts? Well, traditional passwords are easy to guess and difficult to remember, while
possession factors (like phones or fobs) are easy to lose. Meanwhile, biometric
identifiers like fingerprints are easy to steal and difficult to change
(remember the eyeball transplant scene from Minority Report?).
Passthoughts combine multiple factors of authentication into a single step: a
knowledge factor (your secret thought), and a biometric factor (the unique way
you express your thought neurally). Passthoughts are easy to change, but tough
for an attacker to fake, even if they know their target's secret thought.
I see of passthoughts as a good way to protect something important, like a
password manager. I also see it as a useful test-case for probing the future of
consumer brain-computer interface.
Passthought authentication allows you to think a secret thought to log into things. A brainscanning device collects signatures of the corresponding neural activity and uses them as a password, or passthought.
Tanya Piplani, Nick Merrill, John Chuang. Faking it, Making it: Fooling and improving brain-based authentication with generative adversarial networks. BTAS '18.
Max T. Curran, Nick Merrill, Swapan Gandhi, John Chuang. Exploring the Feasibility and Performance of One-Step Multi-Factor Authentication with Ear-EEG. PhyCS '18. Best student paper
Nick Merrill, Max T Curran, John Chuang. Is the Future of Authenticity All In Our Heads? Moving passthoughts from the lab to the world. NSPW '17.
Max Curran, Nick Merrill, John Chuang, Swapan Gandhi One-step, three-factor authentication in a single earpiece. UBICOMP '17.
Nick Merrill, Max Curran, Jong Kai Yang, John Chuang Classifying mental gestures with in-ear EEG. BSN '17.
Max Curran, Jong Kai Yang, Nick Merrill, John Chuang. Passthoughts authentication with low cost EarEEG. EMBC '16.
In the press...
NEO.LIFE. When computers read your mind, you’ll need a great passthought. July 15, 2017.
Techonomy. Will your next password be a brainwave? June 20, 2017.
KRON4. New brainwave reading tech from Cal Berkeley released. November 18, 2016.
IEEE Spectrum. In-Ear EEG Makes Unobtrusive Brain-Hacking a Real Possibility. July 7, 2016.
CNET. Use your eyes, voice -- and thoughts -- to replace passwords. July 4, 2016.
Tech Republic. Is it time to replace passwords with passthoughts?. March 17, 2015.
Joshua McVeigh-Schultz, Elena Márquez Segura, Nick Merrill, Katherine Isbister. What's It Mean to "Be Social" in VR?: Mapping the Social VR Design Ecology. DIS '18.
Brooke Foucault-Welles, Nick Merrill, Thomas Rousse, Noshir Contractor. Virtually friends: An exploration of friendship claims and expectations in immersive virtual worlds (2014). Journal for Virtual Worlds Research.
Software Do try the Aaronson Oracle...
signal-protocol (2016). Signal Messenger's key ratchet, packaged for node and browsers. (HN)
aaronson oracle (2016). Press the 'f' and 'd' keys randomly. Just use your "free will." (HN)
chat.cosmopol.is (2015). Encrypted, pseudonymous chat in the web browser.
BCI review (2017-). Brain-computer interface news & opinion.
I grew up in Los Angeles and now live in the East Bay, Ohlone territory. My father is a retired journalist & screenwriter who is much more interesting than I am.
ffff at berkeley edu
(my public key)