Underexposed: Building a Movement for Secure UX

Last week Simply Secure hosted a pilot workshop called Underexposed. A small group came together in San Francisco to

  • Share successes and challenges in secure user experiences
  • Describe processes and wishes for successful collaboration between designers, developers, and security professionals
  • Prioritize the most important topics and audiences for outreach.

We also held participant-proposed breakout sessions on topics ranging from “Making a Living” to “Privacy-Preserving User Research Metrics.”

You can download a pdf of photos capturing the post it notes from the sessions.

Top 3 Surprises

We're hard at work synthesizing the discussion, but Underexposed is a community effort. Please reach out if you're interested in being a reviewer of the output. Stay tuned for more outcomes, but here are three of the things from the notes that stood out to me.

Timing is Everything

One of our goals was to find specific ways to facilitate collaboration between designers and other teammates. Part of that effort involved identifying communication gaps and misconceptions about design. Timing came up as a common misconception. Budgeting sufficient time for design into a project plan is one way to insure success. We also heard a clear request to involve design earlier in the process, rather than tacking it onto the end after the technical challenges are met.

![Image: Design takes time. Design is not window dressing at the end.](/images/blog/designmisconceptions-small.jpg)

We heard an unmet need for project and product management expertise, and Simply Secure is working to build those skills in the secure communications community.

Lights, Camera, Action!

The group identified some surprising potential audiences for Simply Secure's work normalizing Human-Centered Design for security. Journalists were consistently mentioned as a priority, but groups like celebrities and parents/grandparents unexpectedly surfaced as well.

![Image: Audience journalists; Audience: celebrities; Audience: Parents and Grandparents](/images/blog/audiences-small.jpg)

Telling human stories about the lives of relatable people is an important part in communicating the value of secure communications.

Blackout Day

The community is looking for ways to build awareness of global security challenges. There's a need for visual design that works across cultures, in addition to localizing the text in interfaces. Building empathy for the digital threats that people face in other geographies is challenging. Perhaps inspired by the 2012 protest against proposed internet legislation in the U.S., one creative way to help more people appreciate an open internet is to have a "Blackout Day," simulating the conditions of internet restrictions.

![Black Out Day. Empathy for the experience of other countries.](/images/blog/blackout-day-small.jpg)

Thanks to our participants' lively discussion, Underexposed was a success. We're working on ways to involve more people in the future.

Related

Lessons from Architecture School: Part 2

This continues Part 1 of a series of posts drawn from a talk I gave at O’Reilly’s online conference Experience Design for Internet of Things (IoT) on “Lessons from Architecture School for IoT Security.” You can find the slides for the original talk here. The talk encourages designers to think about security and outlines some ways UX design can support privacy in IoT applications. When designing IoT applications for the home, we can take advantage of how much time we spend there by looking critically at the unspoken assumptions homes reveal.

Fostering Discussions Around Privacy

This week we've been busy in New York City meeting with our advisors and co-hosting Art, Design, and the Future of Privacy. It was gratifying to see so many people turn out to discuss creative ways of approaching an issue that is dear to our hearts, and I know that I'm not the only one who was inspired by the work our speakers are doing. From Lauren McCarthy's crowdsourced relationships, to Sarah Ball's perspective from working as a prison librarian, and straight through to Cory's rousing call for hope and action in the era of peak indifference, the evening showed that the conversation about privacy is for more than just technologists and policy makers.

Notes on the O'Reilly Design Conference

Last week I went to the O'Reilly Design Conference and enjoyed learning about emerging UX trends. The conference was full of high-quality presentations on UX practice. Here are three of my favorite talks. The Many Minds of the Maker Knight-Mozilla Fellow Livia Labate shared examples of how designers can overcome barriers to learning code. Her experiences from the pragmatic (no you don't need to learn Rails) to the philosophical (to be good at something, be bad at it first) are relevant to people beyond designers.