Too Much Information: Questioning Security in a Post-Digital Society

Whilst user- and people-centered design are accepted routes for digital services, they are less commonly used in the design of technologies that control access to data and the security of information. The ubiquity of both technology and programmes such as "digital by default" as well as the weaving of digital systems into the everyday fabric of society, create an environment in which people and technology become enmeshed. Such an environment might be termed "post-digital" and its security is dependent on a people-centered approach to its design. In this paper we present a study that uses critical design techniques coupled with critical security analysis to examine how security might be approached in a post-digital context. We call for a paradigm shift towards a people-centered security practice and using a case study then make practical recommendations as to how this shift might be achieved.

[1]  Graham Smith,et al.  Into Cerberus' Lair: Bringing the Idea of Security to Light 1 , 2005 .

[2]  Helen Nissenbaum,et al.  Where Computer Security Meets National Security1 , 2005, Ethics and Information Technology.

[3]  C. Badcock,et al.  Trust : making and breaking cooperative relations , 1989 .

[4]  M. Angela Sasse,et al.  The compliance budget: managing security behaviour in organisations , 2009, NSPW '08.

[5]  Elvia Wilk,et al.  Across and beyond: A transmediale reader in post-digital practices, concepts and institutions , 2016 .

[6]  Mariarosaria Taddeo,et al.  Trust in Technology: A Distinctive and a Problematic Relation , 2010 .

[7]  Lizzie Coles-Kemp,et al.  Who says personas can't dance?: the use of comic strips to design information security personas , 2014, CHI Extended Abstracts.

[8]  Adam N. Joinson,et al.  What is 'Cyber Security'?: Differential Language of Cyber Security Across the Lifespan , 2019, CHI Extended Abstracts.

[9]  Klaus-Peter Schulz,et al.  Creative Tools for Collective Creativity: The Serious Play Method Using Lego Bricks , 2013 .

[10]  Jo Briggs,et al.  Socio-materiality of trust: co-design with a resource limited community organisation , 2019, CoDesign.

[11]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[12]  Helena M. Mentis,et al.  Upside and Downside Risk in Online Security for Older Adults with Mild Cognitive Impairment , 2019, CHI.

[13]  M. Angela Sasse,et al.  How Users Bypass Access Control - And Why: The Impact Of Authorization Problems On Individuals And The Organization , 2013, ECIS.

[14]  Kentaro Toyama,et al.  Towards an Effective Digital Literacy Intervention to Assist Returning Citizens with Job Search , 2019, CHI.

[15]  Mats Edenius,et al.  The hipster’s dilemma: What is analogue or digital in the post-digital society? , 2019 .

[16]  Samuel Kinsley The matter of ‘virtual’ geographies , 2014 .

[17]  Ben Matthews,et al.  Trust Me: Doubts and Concerns Living with the Internet of Things , 2016, Conference on Designing Interactive Systems.

[18]  Christopher A. Le Dantec,et al.  Going the Distance: Trust Work for Citizen Participation , 2018, CHI.

[19]  Ma Sasse,et al.  Usability and Trust in Information Systems , 2005 .

[20]  H. Nissenbaum,et al.  Digital Disaster, Cyber Security, and the Copenhagen School , 2009 .

[21]  William D. Guth Images of Strategy , 2004 .

[22]  Eric Baumer,et al.  Reflective Informatics: Conceptual Dimensions for Designing Technologies of Reflection , 2015, CHI.

[23]  M. Angela Sasse,et al.  CISOs and organisational culture: Their own worst enemy? , 2013, Comput. Secur..

[24]  Monica den Boer,et al.  The Viability of Human Security , 2008 .

[25]  Fredrik Karlsson,et al.  Measuring employees' compliance - the importance of value pluralism , 2017, Inf. Comput. Secur..

[26]  F. Cramer What Is ‘Post-digital’? , 2014 .

[27]  David M. Berry,et al.  Thinking Postdigital Aesthetics: Art, Computation and Design , 2015 .

[28]  M. Taddeo,et al.  The Case of Online Trust , 2010 .

[29]  Nick Vaughan-Williams,et al.  Everyday security threats: Perceptions, experiences, and consequences , 2016 .

[30]  Simon Parkin,et al.  Learning from "Shadow Security": Why understanding non-compliant behaviors provides the basis for effective security , 2014 .

[31]  Harvey Molotch Everyday Security: Default to Decency , 2013, IEEE Security & Privacy.

[32]  Kyle Montague,et al.  Understanding the Family Perspective on the Storage, Sharing and Handling of Family Civic Data , 2018, CHI.

[33]  Geoff Cox,et al.  Prehistories of the Post-digital: or, some old problems with post-anything , 2014 .

[34]  Tara Matthews,et al.  Tough Times at Transitional Homeless Shelters: Considering the Impact of Financial Insecurity on Digital Security and Privacy , 2019, CHI.

[35]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[36]  Hamid R. Ekbia,et al.  Social Inequality and HCI: The View from Political Economy , 2016, CHI.

[37]  Debi Ashenden,et al.  Security Dialogues: Building Better Relationships between Security and Business , 2016, IEEE Security & Privacy.

[38]  Paul Dourish,et al.  Implications for design , 2006, CHI.

[39]  Colin Birge,et al.  Enhancing research into usable privacy and security , 2009, SIGDOC '09.

[40]  Kristina Höök,et al.  CHI '12 Extended Abstracts on Human Factors in Computing Systems , 2012, CHI 2012.

[41]  Martijn Dekker,et al.  Human security from below in a Hobbesian environment , 2008 .

[42]  F. Grey,et al.  Playing seriously with strategy , 2004 .

[43]  Johan Roos,et al.  Strategy as Practice: From metaphor to practice in the crafting of strategy , 2005 .

[44]  Shaowen Bardzell,et al.  What is "critical" about critical design? , 2013, CHI.

[45]  Tim Kindberg,et al.  Measuring trust in wi-fi hotspots , 2008, CHI.

[46]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[47]  Karen Renaud,et al.  Blaming Noncompliance Is Too Convenient: What Really Causes Information Breaches? , 2012, IEEE Security & Privacy.

[48]  Hamid R. Ekbia,et al.  The political economy of computing , 2015, Interactions.

[49]  J. Kidd Trust: Reason, Routine, Reflexivity , 2006 .

[50]  Gilbert Cockton,et al.  CHI '03 Extended Abstracts on Human Factors in Computing Systems , 2003, CHI 2003.

[51]  J. Lewis,et al.  Trust as a Social Reality , 1985 .

[52]  Josephine Wolff,et al.  What we talk about when we talk about cybersecurity: security in internet governance debates , 2016 .

[53]  M. Angela Sasse,et al.  The true cost of unusable password policies: password use in the wild , 2010, CHI.

[54]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[55]  R. Kitchin,et al.  Digital turn, digital geographies? , 2018 .

[56]  M. Angela Sasse,et al.  Scaring and Bullying People into Security Won't Work , 2015, IEEE Security & Privacy.

[57]  Kim Cascone,et al.  The Aesthetics of Failure: Post-Digital Tendencies in Contemporary Computer Music , 2000, Computer Music Journal.

[58]  Paul Dourish,et al.  Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena , 2006, Hum. Comput. Interact..

[59]  Steve Howard,et al.  Methods & tools: the rich picture: a tool for reasoning about work context , 1998, INTR.

[60]  Nick Vaughan-Williams,et al.  Fit for purpose? Fitting ontological security studies ‘into’ the discipline of International Relations: Towards a vernacular turn , 2017 .

[61]  Jenny Pearce,et al.  ‘Security from Below’ in Contexts of Chronic Violence , 2009 .

[62]  Stephen Hailes,et al.  A distributed trust model , 1998, NSPW '97.

[63]  Jens Riegelsberger,et al.  Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems , 2005, NSPW '05.

[64]  René F. Kizilcec How Much Information?: Effects of Transparency on Trust in an Algorithmic Interface , 2016, CHI.

[65]  Patrick Olivier,et al.  Cheque mates: participatory design of digital payments with eighty somethings , 2012, CHI.

[66]  Anne Adams,et al.  Building security and trust in online banking , 2005, CHI Extended Abstracts.

[67]  Kasia Muldner,et al.  Human, organizational, and technological factors of IT security , 2008, CHI Extended Abstracts.

[68]  Zsuzsanna Géring Visual Methodologies . An Introduction to Researching with Visual Materials by , 2017 .

[69]  Jens Riegelsberger,et al.  The mechanics of trust: A framework for research and design , 2005, Int. J. Hum. Comput. Stud..

[70]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[71]  Florian Cramer Post-Digital Literary Studies , 2016 .

[72]  Erik Stolterman,et al.  Digital form and materiality: propositions for a new approach to interaction design research , 2012, NordiCHI.

[73]  Lizzie Coles-Kemp,et al.  Walking the Line: The Everyday Security Ties that Bind , 2017, HCI.

[74]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[75]  Nathan L. Clarke,et al.  Power to the people? The evolving recognition of human aspects of security , 2012, Comput. Secur..

[76]  James Pierce,et al.  Smart Home Security Cameras and Shifting Lines of Creepiness: A Design-Led Inquiry , 2019, CHI.

[77]  Yvonne Rogers,et al.  Interaction design gone wild: striving for wild theory , 2011, INTR.

[78]  Rogier Woltjer,et al.  Workarounds and trade-offs in information security - an exploratory study , 2017, Inf. Comput. Secur..

[79]  M. Six Silberman,et al.  When the implication is not to design (technology) , 2011, CHI.

[80]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[81]  Jan Tullberg,et al.  Trust—The importance of trustfulness versus trustworthiness , 2008 .

[82]  Linda Little,et al.  Unpacking Security Policy Compliance: The Motivators and Barriers of Employees' Security Behaviors , 2015, SOUPS.

[83]  John F. Patterson,et al.  Identity disclosure and the creation of social capital , 2003, CHI Extended Abstracts.

[84]  P. Leonardi,et al.  Materiality and Organizing: Social Interaction in a Technological World , 2013 .

[85]  David M. Berry,et al.  Post-digital humanities: computation and cultural critique in the arts and humanities , 2014 .

[86]  Peter C. Wright,et al.  Understanding the Experience-Centeredness of Privacy and Security Technologies , 2014, NSPW '14.