Understanding the Experience-Centeredness of Privacy and Security Technologies

The joint study of computer security, privacy and human-computer interaction (HCI) over the last two decades has shaped a research agenda focused upon usable privacy & security. However, in HCI research more generally there has long been an awareness of the need to understand and design for user experience, in recognition of the complex and multi-faceted role that technology now plays in our lives. In this paper we add to the growing discussion by introducing the notion of experience-centered privacy and security. We argue that in order to engage users of technology around issues related to experiences of privacy and security, research methods are required that may be outside of the normal repertoire of methods that we typically call upon. We describe three projects that developed non-typical research methods to reveal experiential insights into user interactions with privacy and security-related technologies. We conclude by proposing a research agenda that begins to illustrate how the discourse and methods of experience-centered design might serve to provide valuable alternative perspectives on new and enduring user-facing privacy and security problems.

[1]  Paul C. van Oorschot,et al.  A Research Agenda Acknowledging the Persistence of Passwords , 2012, IEEE Security & Privacy.

[2]  Paul Dourish,et al.  Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena , 2006, Hum. Comput. Interact..

[3]  Susanne Bødker,et al.  Experiencing security in interaction design , 2011, CHI.

[4]  Jeff Yan,et al.  A note on proactive password checking , 2001, NSPW '01.

[5]  Cecilia Mascolo,et al.  Integrating security and usability into the requirements and design process , 2007, Int. J. Electron. Secur. Digit. Forensics.

[6]  G. Cumming The New Statistics: Why and How , 2013 .

[7]  Jeff Yan,et al.  Is FacePIN secure and usable? , 2007, SOUPS '07.

[8]  Susanne Bødker,et al.  Threats or threads: from usable security to secure experience? , 2008, NordiCHI.

[9]  Donald A. Norman,et al.  The invisible computer , 1998 .

[10]  Stephen Lindsay,et al.  Questionable concepts: critique as resource for designing with eighty somethings , 2012, CHI.

[11]  Janet C. Read,et al.  Under my pillow: designing security for children's special things , 2009, BCS HCI.

[12]  Joseph Kaye Self-reported password sharing strategies , 2011, CHI.

[13]  Stuart E. Schechter The User IS the Enemy, and (S)he Keeps Reaching for that Bright Shiny Power Button! , 2013 .

[14]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[15]  M. Orne On the social psychology of the psychological experiment: With particular reference to demand characteristics and their implications. , 1962 .

[16]  D. Spence The art of deception , 2013, BMJ.

[17]  H. Rittel,et al.  Dilemmas in a general theory of planning , 1973 .

[18]  D. Norman Emotional design : why we love (or hate) everyday things , 2004 .

[19]  Andreas P. Heiner,et al.  A closer look at recognition-based graphical passwords on mobile devices , 2010, SOUPS.

[20]  Gunela Astbrink,et al.  Password sharing: implications for security design based on social practice , 2007, CHI.

[21]  Stephen Lindsay,et al.  The joy of cheques: trust, paper and eighty somethings , 2012, CSCW.

[22]  William W. Gaver,et al.  Design: Cultural probes , 1999, INTR.

[23]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[24]  Don Davis Compliance Defects in Public Key Cryptography , 1996, USENIX Security Symposium.

[25]  Patrick Olivier,et al.  Designing for Spontaneous and Secure Delegation in Digital Payments , 2014, Interact. Comput..

[26]  R.I.A. Mercuri,et al.  Technology as Experience , 2005, IEEE Transactions on Professional Communication.

[27]  Peter C. Wright,et al.  Experience-Centered Design: Designers, Users, and Communities in Dialogue , 2010, Experience-Centered Design.

[28]  Patrick Olivier,et al.  BallotShare: An exploration of the design space for digital voting in the workplace , 2014, Comput. Hum. Behav..

[29]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[30]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[31]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[32]  Peter DePasquale,et al.  Security and privacy considerations in digital death , 2011, NSPW '11.

[33]  Alexander De Luca,et al.  Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices , 2013, MobileHCI '13.

[34]  Simson L. Garfinkel,et al.  Security and Usability , 2005 .

[35]  Amy L. Parsons,et al.  Emotional Design: Why We Love (or Hate) Everyday Things , 2006 .

[36]  Rick Wash,et al.  Stories as informal lessons about security , 2012, SOUPS.

[37]  Peter C. Wright,et al.  Digital portraits: photo-sharing after domestic violence , 2013, CHI.

[38]  Alain Forget,et al.  Improving text passwords through persuasion , 2008, SOUPS '08.

[39]  Patrick Olivier,et al.  Digitally driven: how location based services impact the work practices of London bus drivers , 2014, CHI.

[40]  Simone Wannemaker Security And Usability Designing Secure Systems That People Can Use , 2016 .

[41]  Allison Druin,et al.  Technology probes: inspiring design for and with families , 2003, CHI '03.

[42]  Patrick Olivier,et al.  Cheque mates: participatory design of digital payments with eighty somethings , 2012, CHI.

[43]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[44]  Gillian R. Hayes The relationship of action research to human-computer interaction , 2011, TCHI.

[45]  Peter C. Wright,et al.  Empathy and experience in HCI , 2008, CHI.

[46]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[47]  Nigel Derrett Heckel’s law: conclusions from the user interface design of a music appliance—the bassoon , 2004, Personal and Ubiquitous Computing.

[48]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .