Nick Merrill

My research career

My research career has taken me through brain-computer interface, virtual reality, authentication, and cryptography. See below for a brief story.

Passthoughts Why passthoughts? Well, traditional passwords are easy to guess and difficult to remember, while possession factors (like phones or fobs) are easy to lose. Meanwhile, biometric identifiers like fingerprints are easy to steal and difficult to change (remember the eyeball transplant scene from Minority Report?).

Passthoughts combine multiple factors of authentication into a single step: a knowledge factor (your secret thought), and a biometric factor (the unique way you express your thought neurally). Passthoughts are easy to change, but tough for an attacker to fake, even if they know their target's secret thought.

I see of passthoughts as a good way to protect something important, like a password manager. I also see it as a useful test-case for probing the future of consumer brain-computer interface.

In the beginning of my PhD, I worked on passthought authentication. Passthought authentication allows you to think a secret thought to log into things.

A brainscanning device (in your ear) collects signatures of the corresponding neural activity and uses them as a password, or passthought.

Nick Merrill, Max T. Curran, Swapan Gandhi, John Chuang. One-Step, Three-Factor Passthought Authentication with Custom-Fit, In-Ear EEG. Frontiers in Neuroscience 13:354. 2019.

Tanya Piplani, Nick Merrill, John Chuang. Faking it, Making it: Fooling and improving brain-based authentication with generative adversarial networks. BTAS '18.

Max T. Curran, Nick Merrill, Swapan Gandhi, John Chuang. Exploring the Feasibility and Performance of One-Step Multi-Factor Authentication with Ear-EEG. PhyCS '18. Best student paper

Nick Merrill, Max T Curran, John Chuang. Is the Future of Authenticity All In Our Heads? Moving passthoughts from the lab to the world. NSPW '17.

Max Curran, Nick Merrill, John Chuang, Swapan Gandhi One-step, three-factor authentication in a single earpiece. UBICOMP '17.

Nick Merrill, Max Curran, Jong Kai Yang, John Chuang Classifying Mental Gestures with In-Ear EEG. BSN '17.

Max Curran, Jong Kai Yang, Nick Merrill, John Chuang. Passthoughts Authentication with Low-Cost EarEEG. EMBC '16.

In the press...

NEO.LIFE. When computers read your mind, you’ll need a great passthought. July 15, 2017.

Techonomy. Will your next password be a brainwave? June 20, 2017.

KRON4. New brainwave reading tech from Cal Berkeley released. November 18, 2016.

IEEE Spectrum. In-Ear EEG Makes Unobtrusive Brain-Hacking a Real Possibility. July 7, 2016.

CNET. Use your eyes, voice -- and thoughts -- to replace passwords. July 4, 2016.

Tech Republic. Is it time to replace passwords with passthoughts?. March 17, 2015.

CNBC. Replace Your Password With Brainwaves? Yes, Really. April 9, 2013.

Venturebeat. Brain drain: Your thoughts could soon replace passwords. April 8, 2013.

Mind-reading machines This work taught me that sensors' capabilities about the mind are entangled with beliefs about what the mind *is*. What we believe the mind is informs the sorts of devices that seek to read it. Devices that (cl)aim to read the mind inform our beliefs about the mind.

This feed-forward relationship between beliefs and technical development blurs the line between sensing bodies and sensing minds. What does this moving boundary means for the future of security online?

While working on passthoughts, I began to wonder: what can machines know about the mind?

My dissertation sought to understand people's beliefs about this question: how these beliefs affect and arise from interactions with digital sensors, from prior beliefs about the mind and the body, and how these beliefs may shape the design of technical systems in the future.

I built a working brain-computer interface to study how software engineers conceive of the brain and mind (CHI '18), and studied how people build emotional interpretations around basic biosignals (CSCW '17).

Nick Merrill, John Chuang, Coye Cheshire. Sensing is Believing: What People Think Biosensors Can Reveal About Thoughts and Feelings. DIS '19.

Nick Merrill, John Chuang. Models of Minds: Reading the mind beyond the brain. alt.chi '19.

Nick Merrill. Mind Reading & Telepathy for Beginners & Intermediates: What people think machines can know about the mind, and why their beliefs matter. Ph.D. Dissertation. Advisor: John Chuang. University of California, Berkeley, 2018.

Richmond Y Wong, Nick Merrill, John Chuang. When BCIs have APIs: Design fictions of everyday brain-computer interface adoption. DIS '18. Honorable mention

Nick Merrill, John Chuang. From Scanning Brains to Reading Minds: Talking to engineers about brain-computer interface. CHI '18.

Nick Merrill, Coye Cheshire. Trust Your Heart: Assessing cooperation and trust with biosignals in computer-mediated interactions. CSCW '17. Honorable mention

Nick Merrill, Coye Cheshire. Habits of the Heart (rate): Social interpretation of biosignals in two interaction contexts. ACM GROUP '16.

Fall, 2017. INFO 290T: Mind Reading & Telepathy for Beginners & Intermediates. Designed and taught with John Chuang.

Daylight Security Research Lab Security is organized around threats, speculative scenarios that describe possible attacks. How people imagine threats—and who does the imagining—largely dictates what people are vulnerable to when they interact with computers.

Our group draws on speculative traditions in design research to produce novel techniques, helping a broader range of stakeholders (beyond security professionals) identify emerging technical harms.

After my PhD, I was convinced that mind-reading machines pose novel security risks. However, these threats were difficult to take action on, in part because they are difficult to understand.

I began to think broadly about the potential harms of technology, and how well the frame of "security" helps relevant stakeholders identify and deal with these harms. Currently, “security” lurks in the shadows; literally, in imagery of hackers in hoodies, but also figuratively. Language for describing, imagery for representing, and tactics for understanding security fall short. They fail to spur people to take relevant actions.

In response, I founded the Daylight Security Research Lab at the UC Berkeley Center for Long-Term Cybersecurity. This lab aims to shift the way people portray, discuss, and understand cybersecurity. By generating novel tools, practices, and representations, we aim to make "security" specific and actionable to the people who need it. We aim to pull security out of the shadows and bring it into the light of day.

James Pierce, Sarah Fox, Nick Merrill, Richmond Wong. Differential Vulnerabilities and a Diversity of Tactics: What toolkits teach us about cybersecurity. CSCW '18.

James Pierce, Sarah Fox, Nick Merrill, Richmond Wong, Carl DiSalvo. An Interface Without a User: An exploratory design study of online privacy policies and digital legalese. DIS '18.

Nick Merrill. Better Not to Know?: The SHA1 collision & the limits of polemic computation. LIMITS '17.

Adversary Personas. A card-driven improv game for imagining security threats.

More here soon...

Also... Do try the Aaronson Oracle...

Programming is a long-time hobby.

signal-protocol (2016). Signal Messenger's key ratchet, packaged for node and browsers. (HN)

aaronson oracle (2016). Press the 'f' and 'd' keys randomly. Just use your "free will." (HN) (2015). Encrypted, pseudonymous chat in the web browser.

npm packages (2015-2017). 50+ tiny, UNIX-styled javascript modules.

Virtual worlds I was a Second Life beta tester when I was about 14. I feel that virtual worlds led me into research...

Before my PhD at Berkeley, I started my research career studying virtual worlds as an undergraduate research assistant with Brooke Foucault Welles.

Brooke Foucault-Welles, Nick Merrill, Thomas Rousse, Noshir Contractor. Virtually friends: An exploration of friendship claims and expectations in immersive virtual worlds (2014). Journal for Virtual Worlds Research.

Joshua McVeigh-Schultz, Elena Márquez Segura, Nick Merrill, Katherine Isbister. What's It Mean to "Be Social" in VR?: Mapping the social VR design ecology. DIS '18.