Reaching For The Masses: Protecting Privacy Through Better Software

Many regular readers of our blog have already drunk the metaphorical Kool-Aid. You know that a good user experiences is critical to an app's success; moreover, you know that when a piece of software seeks to preserve its users' privacy, a poor UX can have disastrous results.

But working in a community of passionate individuals – whether it's as a designer, a cryptographer, or an internet-freedom activist – can make it easy to forget that the majority of the human race isn't aware of your favorite issues. It's easy to lose sight of the fact that most people don't spend their days thinking about their relationship to software, or how their software handles their data. The recent news about Apple and the FBI have brought many of these issues to the forefront, but it's hard for people on the outside to sort through the hype to understand what's really going on.

Although our main focus at Simply Secure is on helping UX professionals and software developers learn, connect, and grow in their efforts to make great experiences for their users, we also try to help other communities understand the space we work in. To that end, I recently penned "Protecting Data Privacy With User-Friendly Software" for the Council on Foreign Relations series of "Cyber Briefs". The CFR positions itself as "a resource for its members, government officials, business executives, journalists, educators and students, civic and religious leaders, and other interested citizens" – many of whom aren't familiar with the difference between symmetric and asymmetric crypto, or between UI and UX.

Policymakers in the United States and other countries should recognize that anything less than intact cryptography puts all users at risk. Developers cannot build software that allows law enforcement to access encrypted communications but prevents malicious actors from exploiting that access. Cryptography cannot distinguish good people from bad, so a backdoor for one is a backdoor for all.
The focus of too many projects has long been on users who resemble the developers themselves. It is time to professionalize the practice of open-source development, recruit designers and usability researchers to the cause, and take a human-centered approach to software design. In particular, project leaders should make the development process more accessible to new participants by including explicit instructions to user-experience experts in their documentation.

You can read the full brief here.

Related

Fighting Phishing in the Browser: Security for Designers

Get prepared to discuss security with more technical team mates. If you’re a designer, learn useful background information.

Prototyping Transparency: A Smart Charging Station

We interviewed Marcel Schouwenaar from The Incredible Machine on his prototype, a transparent charging station.

Lessons from Architecture School: Part 3

This is the third and final installment in the series on Lessons fromArchitecture School: Lessons for IoT Security. You can also read the first and... (Read more)