Ame Elliott on making security usable and delightful
The O'Reilly Radar Podcast: UX for security, architectural inspirations, and problem finding over problem solving.
This week’s episode is a cross-post from the O’Reilly Design Podcast. O’Reilly’s Mary Treseler chats with Ame Elliott, design director at Simply Secure. They talk about security and privacy design, with a focus on the end user experience, and how to give designers a voice in changing the shape of a product and getting the right values out in the world. Elliott also talks about how architecture inspires her work and why problem finding is a better approach than problem solving.
Here are a few highlights from their chat:
Problem finding
What makes architecture interesting are some properties of what are called ‘wicked problems.’ A professor in the architecture department at UC Berkeley before my time had a whole lot of things to say about why defining the problem is really congruent with solving it. What that means is by the time you completely write an exhaustive, functional specification for something, you’re describing the solution in such a way that it makes a universe of one.
There’s a lot of really great thinking around in the built environment, “No one has put a building on this particular site.” This design problem is a universe of one. I think that there’s a bunch of systematic things around ways in which knowledge we use versus what’s specific and particular to this problem that’s really pretty interesting. By ‘problem finding’ I mean that it’s less about coming up with a right answer and more about bringing multiple voices into the question—let’s work together as a group to find a problem and define the problem, and then work together on making that better.
Technical depth and UX
Being explicitly collaborative, I think, has shaped me in some pretty clear ways, too. I could also go further back in my background, when I was a research scientist. Collaboration is really important. The same impulse that drew me to some abstract technology projects like image processing and machine learning—it’s the same impulse that draws me to security and privacy. I see there being a really exciting tension between technical depth and user experience, and how you get the right team together to move forward.
Make security usable and delightful
Privacy and security are tightly interrelated. Privacy or confidentiality is one technical goal of security. There are other technical goals of security—integrity, non-reputability, and other kinds of things. Coming at this from a human-centered design perspective, I’m a UX designer, I care about what end users experience, and privacy feels like the quality that people are looking for in an interaction.
It’s less about what’s tougher. There’s plenty of tough to go around. Really, what I would like to see is designers working together with some of the fantastically talented cryptographers to make security usable and delightful so that end users can experience privacy. In order to do that, there’s a real need to help users understand how privacy and security aren’t necessarily the same. There can be opportunities for new interactions, new product messages to make it clear to end users who is accessing their data and to what purpose. That could be everything from privacy being a feature that a cloud service company promotes, to a secure system for end-to-end encryption in a messaging application, for example. … What I would like to see is a new class of interfaces that give people confidence and give people power in how their data is accessed and used.
Getting the right values out in the world
One of the things that really influenced me in my journey toward working on security and privacy was Mike Monteiro’s talk at Webstock in 2013 called, “How designers are destroying the world.” It’s a provocative title, but I think it was pretty eye-opening for me. He used an example of ways in which the users of Facebook can make decisions that have drastic, real-world consequences to people’s lives. That was pretty eye-opening to me to think, ‘Hey, these aren’t just pixels on a screen. There are people behind these systems, and where designers are making questionable choices, there can be drastic consequences.’
Surely, we in a way see this now in a Simply Secure context, where we’re looking at things like human rights violations, and globally everything from groups that are working to report evidence of atrocities and sexual violence to the international criminal court, and all the way down to activists and journalists who are trying to make sure that their communications are protected so they can participate in some of the systems that help people get information about the world around them.
Beyond that I think designers do have a responsibility. User experience is critical. I think that design leadership is the piece for unlocking that so designers feel they really have a voice and an agency in changing the shape of a product and getting the right values out in the world.