What does it mean to provide a secure user experience? The intersection of the two has generally been definedand exploredin technical terms. Hard-working people in BSD t-shirts have established over time what we, as user-experience professionals, have come to understand as the key considerations when working with security. These tend to the functional: standardized, time-tested design principles such as users and groups, access control lists, granular permissions, and redundancy. Incorporate best practices and design your interaction accordingly. Right?
However effective they might be, consider for a moment one source of these meaningful practices. They all have a strong connection with the Internet's forebears in the defense-academic complex. The people who developed ARPAnet unavoidably incorporated the military notion of "need-to-know." On the surface, "need-to-know" is about hierarchical communication, the kind necessary to ensure clear, accurate communication in wartime. Though when we poke under the contextual covers, "need-to-know"and the variety of software engineering, network administration and ultimately, UX practices it generatedis all about one thing: control.
A sense of control is what makes people feel secure. It produces a physical and emotional experience that encompasses predictive awareness, agency, and freedom from threat. At a minimum, control allows the perception of security. This is true of individuals, groups, corporations and governments. It's something that the developed world has become somewhat addicted to feeling. When people lose control, they notice.
This is what makes the intersection of control and HCI so challenging. The functional benefit of a secure user experience for the end-usersecurityis largely out of their control. Whether the redundant firewalls, intrusion detection systems, or uptight password expiration policy works or not, most users of "secure" systems know that it is out of their hands. It is in the hands of faceless good guys tailing logs in a datacenter, or faceless bad guys writing the newest malware for spamming and shakedowns.
Building secure user experiences is about respect for the user. It is about openly communicating security considerations within an interaction, whether or not they are controllable, and reducing anxiety by increasing awareness. That means we need to design for security both in terms of the functional tasks and emotional interpretations of people using the system. This approach is especially important considering that security models tend to overwhelmingly reflect the perceived agenda of an authority, rather than an individual person. Security derived from respect is the antithesis of "need-to-know."
One of the most telling comments to this point came from a person in a recent UX study my firm conducted. She described a system we were studying as "high security," yet it had no more or less functional security than the industry standard. When I asked her why, she replied, "It's obviously easy to get my personal data in and out. Just like a safe." That linkage between respectknowing that people require the freedom to move sensitive information in and outand the feeling of control and security it afforded is no accident. It is something we should encourage.
About the AUTHOR:
Joel Grossman is managing principal of Pivotal Click, a user-experience research, design, and innovation firm. Prior to founding Pivotal Click, he built the Interactive Branding practice for LAGA. Joel has held senior interactive management positions with Playboy Enterprises and Encyclopedia Britannica, as well as heading up product development for Edventions, a start-up acquired by Edison Schools. Joel began his career as an independent IT consultant, working on application development and networking projects in the US and Japan. Joel has an MA in political economy from the University of Minnesota, and serves as Chicago's Local Ambassador for UXnet.
©2006 ACM 1072-5220/06/0500 $5.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2006 ACM, Inc.