Ame Elliot on designing for usable security and privacy
The O’Reilly Security Podcast: Designing for security and privacy, noteworthy tools, and the real-world consequences of design.
In this episode, O’Reilly’s Mary Treseler talks with Ame Elliot, design director at Simply Secure. They discuss designing for security and privacy, noteworthy tools, and the real-world consequences of design.
Here are some highlights:
Designing for usable security and privacy
Privacy and security are tightly interrelated. Privacy, or confidentiality, is one technical goal of security. Other technical goals of security include integrity and non-reputability. As a UX designer, I’m coming at this from a human-centered design perspective. I care about what end users experience, and privacy feels like the quality that people are looking for in an interaction. I would like to see designers working together with some of the fantastically talented cryptographers to make security usable and delightful so that end users can experience privacy. In order to do that, there’s a real need to help users understand that privacy and security aren’t necessarily the same. There can be opportunities for new interactions and new product messages to make it clear to end users who is accessing their data and to what purpose. That could be everything from privacy being a feature that a cloud service company promotes, to a secure system for end-to-end encryption in a messaging application. I would like to see a new class of interfaces that give people confidence and power about how their data is accessed and used.
Promising open source options and other tools
Right now at Simply Secure, we’re choosing to partner with open source development efforts. There are a lot of things that are special and exciting about open source. I think designers who take a human-centered approach can benefit by being empathetic with their partners and empathetic toward the other people in their efforts, so it’s not just a matter of how you can understand the needs and priorities of end users, but how you can understand the needs and priorities of the teams that you’re working with so that you can come together toward a common goal.
The Electronic Frontier Foundation has a score card out right now around secure messaging. There are some tools on there that are very rightly being called out and celebrated. For example, the Signal iOS app has been recommend by Laura Poitras, Citizenfour, and The Wall Street Journal. I have a ton of respect for what the Open Whisper Systems team is doing, including integrating into WhatsApp. I’m also just excited about mass market tools. Apple’s iMessage is doing some really interesting things. The hope in using a variety of tools is that we can come up with solutions that are globally inclusive and can give a huge mass of people worldwide the ability to communicate securely and privately.
Design has real-world consequences
I’ve learned a lot from successes in health care and banking, and in transforming previously complex, off-putting, technical, irrelevant information into exciting and actionable information for end users. The thing that unlocked that change was design. I am optimistic about the role design can play in solving similar systematic challenges, like those found in security and privacy. One of the things that really influenced me in my journey toward working on security and privacy was Mike Monteiro’s 2013 Webstock talk, How Designers Destroyed the World. He gave examples of the ways Facebook users can make decisions that have drastic, real-world consequences to people’s lives. That was pretty eye-opening for me and made me think, ‘Hey, these aren’t just pixels on a screen. There are people behind these systems, and where designers are making questionable choices, there can be drastic consequences.’ I think designers do have a responsibility. User experience is critical. Design leadership needs to empower designers so they feel they have a voice and the agency to change the shape of a product and get the right values out in the world.