SlideShare a Scribd company logo

Accessible Privacy and Security

Pavithren V S Pakianathan, profile picture
Pavithren V S Pakianathan

The document outlines the work of Pavithren (Viren), a research associate focusing on human-centered data security and privacy, particularly concerning inclusive design for vulnerable and underrepresented populations. It discusses the challenges faced by older adults and those with disabilities in accessing privacy and security tools, emphasizing the importance of inclusive design practices to cater to their needs. The case study explores how to design mobile privacy and security mechanisms that consider the unique requirements of older users in Singapore.

Education
1 of 81
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
Pavithren (Viren), November 3rd 2021 (GMT-6) Accessible Privacy and Security COMP 3/4732 - Human-Centered Data Security and Privacy 1
Bio Pavithren (Viren) is currently a research associate at Telehealth Core, Saw Swee Hock School of Public Health at the National University of Singapore. Viren’s research has been largely multi- disciplinary, across Human-Computer Interaction (HCI), Inclusive Design and Privacy and Security. He is passionate about bridging multiple disciplines to tackle complex socio-technical problems. 2
Content Page 1. Introduction 2. Accessibility in Privacy and Security 3. Case study - Inclusive Mobile Privacy and Security 4. Working with Vulnerable/Underrepresented Populations 3
Inclusive Design: from the pixel to the city by the British Design Council https://www.youtube.com/watch? v=U5hRXwPE5a4 4
Introduction 5
What is Inclusive Design? Let’s get the de fi nitions right. Inclusive Design is a design methodology which aims to consider the full range of human diversity while designing. Image from https://dribbble.com/shots/10481307-Eventbrite-New-Illustration-System 6
What is Accessibility? Accessibility is about allowing your product to be usable by as many people as possible. Image from https://uxdesign.cc/thinking-like-a-developer- part-ii-design-the-edge-cases-fe5f21516d20 7
What is Accessibility? Accessibility is about allowing your product to be usable by as many people as possible. Image from https://uxdesign.cc/thinking-like-a-developer- part-ii-design-the-edge-cases-fe5f21516d20 7
8
Inclusive Design (Verb) Accessibility (Adjective) 8
Please go to https://www.menti.com/xxxxx Name an accessibility tool that you use daily. 9
Who benefits from Inclusive Design? • Older adults • Physical Disabilities - Deaf, Blind, Mobility Impaired Individuals • Cognitive Disabilities - ASD/ADHD, Down syndrome • People with lower SES or have poorer network connection • Non-WEIRD* Populations • And the list goes on… Image from https://dribbble.com/shots/4169845-Inclusive-Design-at-Microsoft *WEIRD = Western, educated, industrialized, rich and democratic 10
Who benefits from Inclusive Design? • Older adults • Physical Disabilities - Deaf, Blind, Mobility Impaired Individuals • Cognitive Disabilities - ASD/ADHD, Down syndrome • People with lower SES or have poorer network connection • Non-WEIRD* Populations • And the list goes on… Image from https://dribbble.com/shots/4169845-Inclusive-Design-at-Microsoft *WEIRD = Western, educated, industrialized, rich and democratic 10
Situational Impairment When designing for someone with disability, someone else with a temporary and situational impairment would bene fi t as well. Image from https://www.microsoft.com/design/inclusive/ 11
The curb cut effect Source: https://sketchplanations.com/the-curb-cut-e ff ect “Solve for One, Extend to Many.” - Microsoft Inclusive design guide 12
Accessibility in Privacy and Security 13
State of the art - Inclusive Privacy and Security “From 2005 to 2017, less than 10 percent of papers at Symposium on Usable Privacy and Security (SOUPS*) had studied under represented population.” -Yang Wang (2018 ) Sex Workers Older adults PwDs Asian Middle Eastern *https://www.usenix.org/conference/soups2021/ Children 14
The issues with CAPTCHA *https://nfb.org//sites/default/ fi les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm 15
The issues with CAPTCHA *https://nfb.org//sites/default/ fi les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm 15
The issues with CAPTCHA A visually impaired person can solve an audio captcha only 46 percent of the time. * *https://nfb.org//sites/default/ fi les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm 15
How about other Privacy and Security tools/mechanisms? Password Generation 2FA Biometric Authentication Secure WiFi Security Updates Secure Messaging Transmission of Healthcare Data App permissions Privacy Policies Cookies Certi fi cates Encryption Tools 16
Increase in Greying Smartphone Users 17
Increase in Greying Smartphone Users Accelerated adoption of Smartphone amongst older adults. ⁺https://www.pewresearch.org/internet/2017/05/17/tech-adoption-climbs-among-older-adults/pi_2017-05-17_older-americans-tech_0-01/ 17
Increase in Greying Smartphone Users Accelerated adoption of Smartphone amongst older adults. Are mobile privacy and security mechanisms/tools catching up in terms of meeting their needs? Photo by Anastasia Shuraeva from Pexels 17
A Case Study How might we design mobile privacy and security inclusively for older adults in Singapore? 18
Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk 19
Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk Discover 19
Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk Discover De fi ne 19
Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk Discover De fi ne Develop 19
Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk Discover De fi ne Develop Deliver 19
Discovery 20
Discovery Understanding the problem What’s happening in Singapore? • Smart Nation Initiative to digitise services • Increasing smartphone adoption among older adults in Singapore. • Increasing number of phishing scams. Image from https://abc7news.com/ grandparents-seniors-assisted-living-nursing- homes/6119545/ Why is it a problem? • Older adults are at higher risks to privacy and security threats Image from https://www.smartnation.gov.sg/ 21
Discovery Method • Dyadic Semi-structured Interviews • 45 mins. to 1 hour • 10 adults (caregivers, friends, volunteer trainers) • 10 older adults • Qualitative Analysis of Interview Transcripts Image from https://liveeverleigh.com/ resources/blog/how-older-adults-can- stay-in-touch-with-technology/ 22
Discovery Main fi ndings* 1. Reliance on Social Support for P&S 2. Attitude and Culture A ff ected Learning and awareness about P&S 3. Contextualized P&S preferences *https://www.usenix.org/conference/soups2020/presentation/pakianathan 23
Discovery Understanding the problem Common threat models 1. Password Management 2. Understanding of URLs 3. Reading Terms and Conditions 4. Changing privacy settings 5. Risk of Falling for phishing scams 6. Icon/Terminologies not understandable 7. Unaware of Data collection by Apps 8. Installing apps unknowingly Image from https://blogs.windriver.com/wind_river_blog/ 2017/09/tackling-iot-security-with-new-wind-river- services-o ff ering/ 24
Define 25
Define Reframing and concretising the problem • Online Survey to identify the top threats faced by older adults in Singapore • Adults (n=35) • Older adults (n=15) Common threat models 1. Password Management 2. Understanding of URLs 3. Reading Terms and Conditions 4. Changing privacy settings 5. Falling for phishing 6. Icon/Terminologies not understandable 7. Unaware of Data collection by Apps 8. Installing apps unknowingly 26
Define Reframing and concretising the problem • Online Survey to identify the top threats faced by older adults in Singapore • Adults (n=35) • Older adults (n=15) Top 3 threat models 1. Password Management 2. Understanding of URLs 3. Reading Terms and Conditions 4. Changing privacy settings 5. Falling for phishing 6. Icon/Terminologies not understandable 7. Unaware of Data collection by Apps 8. Installing apps unknowingly 26
Develop 27
Develop Method Participatory Design(PD) - An attempt to involving all stakeholders to be part of the design process. Designer Stakeholders 28
Develop PD Workshop Flow 3 Ideation Methods 29
Develop PD Workshop Flow 🧑 Design 🧑 Human Computer Interaction 🧑 Security and Privacy 3 Participants per workshop 3 Ideation Methods 29
Develop PD Workshop Flow 🧑 Design 🧑 Human Computer Interaction 🧑 Security and Privacy 3 Participants per workshop Morphological Matrix Brainstorming Persona 3 Ideation Methods 29
Develop PD Workshop Flow 🧑 Design 🧑 Human Computer Interaction 🧑 Security and Privacy 3 Participants per workshop Morphological Matrix Brainstorming Persona 6 Workshops 3 Ideation Methods 29
Develop PD Workshop Flow 🧑 Design 🧑 Human Computer Interaction 🧑 Security and Privacy 3 Participants per workshop Morphological Matrix Brainstorming Persona 6 Workshops Multi- disciplinary outcomes 3 Ideation Methods 29
Develop Developing ideas using How might we statements… 30
Develop 1. Provide critical information on data collection of apps in a format that is easy to understand for the users? How might we… Image from Apple 31
Develop 2. Improve password hygiene amongst users to reduce password compromise risks? How might we… Image from https://www.nethive.it/en/ blog/password-reuse-mmmmh-2/ 32
Develop How might we… 3. Redesign detection of malicious URLs to prevent Phishing? Image from https://www.straitstimes.com/ singapore/courts-crime/new-variant-of-phishing- scams-emerges-bank-victims-lost-1m-from-jan- to-may 33
Develop Persona Findings from the Discovery phase was condensed into an older adult persona. Older adult persona Given to Participants 34
Develop Morphological Matrix A structured way used to create large numbers of ideas. How might we redesign the detection of malicious URLs to prevent phishing? 35
Develop Morphological Matrix A structured way used to create large numbers of ideas. Sub-System Functions Concept 1 Concept 2 Concept 3 Concept 4 Check Unknown Link/URL within social ecosystem Verify URL How might we redesign the detection of malicious URLs to prevent phishing? 35
Develop Morphological Matrix A structured way used to create large numbers of ideas. Sub-System Functions Concept 1 Concept 2 Concept 3 Concept 4 Check Unknown Link/URL within social ecosystem Verify URL How might we redesign the detection of malicious URLs to prevent phishing? 35
Develop Analysis of Ideas 36
Develop Analysis of Ideas Ideas generated by the 18 participants were categorised into themes by 2 researchers 36
Develop Analysis of Ideas Ideas generated by the 18 participants were categorised into themes by 2 researchers 36
Develop Analysis of Ideas Ideas generated by the 18 participants were categorised into themes by 2 researchers 36
Develop Analysis of Ideas Ideas generated by the 18 participants were categorised into themes by 2 researchers 36
Deliver 37
38
38
How might we redesign detection of malicious URLs to prevent Phishing? 38
Deliver Method Image from https://www.uxness.in/2019/09/ how-to-choose-usability-testing-method-p.html 39
Deliver Method 1. Semi-structured interviews 1. 45 mins to 1 hour 2. 30 Participants 1. 12 Older adults 2. 18 Adults 3. Think aloud activity 4. Prototype evaluation Image from https://www.uxness.in/2019/09/ how-to-choose-usability-testing-method-p.html 39
Deliver Current Flow of Navigating Certi fi cate UI in Chrome 40
Deliver Think aloud activity 41
Deliver Think aloud activity DBS Digibank Real vs Dummy URL Activity Participants were randomly shown 1 genuine and 1 fake banking/government website. 41
Deliver Think aloud activity DBS Digibank Real vs Dummy URL Activity Participants were randomly shown 1 genuine and 1 fake banking/government website. Results None of 30 participants could identify the fake website! 41
Deliver Insights from navigating Certi fi cate UI in Chrome “/spauth looks suspicious” P19, 65-74 y.o Genuine Government Website “Normal person won’t know [content in circle]” P26, 65-74 y.o. Genuine Banking website “I don’t know Entrust.” P28, 25-34 y.o Genuine Banking website 42
Deliver A multimodal approach to reducing Phishing attacks - SoCiAI* *Social Circle + Crowdsourcing + Arti fi cial Intelligence = > SoCiAI, a hypothetical application design to solve web trust issues using multiple modalities 43
Deliver Results 44
Deliver Results Mixed preferences amongst older adults and adults regarding their preferred modality - Social Circle, Crowdsourcing or AI. AI? Crowdsourcing? Social Circle? 44
Deliver Results Mixed preferences amongst older adults and adults regarding their preferred modality - Social Circle, Crowdsourcing or AI. AI? Crowdsourcing? Social Circle? Mean SUS Scores Adult Older Adults Existing Mechanism 45.29 28.96 SoCiAI 71.03 77.91 Considerably higher usability Score (SUS) for SoCiAI compared to current Android Chrome browser certification UI by both adults and older adults. 44
Working with Vulnerable/Under- represented Population Groups 45
Research Challenges Considerations • Ethics - Belmont Report, Nuremberg Code, the Common Rule, CITI certification, etc. • Access to population - elderly home, remote areas, red light district etc. • Mode of study - online, face to face, phone call, online survey, in the wild, group interview etc. Photo by Startup Stock Photos from Pexels 46
Learnings from working with Older adults 1. Build a relationship with participants 2. Be mindful of social desirability bias 3. Keep interview on track and limit digression 4. Use simple language and terminologies 5. Avoid lengthy studies to reduce fatigue 6. Run pilot studies to assess readability of questions 47
Taking action • Adopt Inclusive Design/Universal Design Methodologies in your next project from day 1. • Follow or contribute to Accessibility Guidelines (e.g. WCAG 2.1) • Encourage Govts. to mandate policies to ensure that organisations follow guidelines and reduce discrimination (for e.g. American Disabilities Act ) Image from https://www.shutterstock.com/image-photo/ woman-jumping-over-abyss-front-sunset-1039137214 48
Recap What did we learn today? 1. Intro to Accessibility and Inclusive Design 2. Intro Accessible Privacy and Security 3. Case Study - Inclusive Mobile Privacy and Security 4. Working with Vulnerable or Under represented Population groups 49
Please go to https://www.menti.com/xxxxx How would you contribute to Accessible Privacy and 50
Design for the young and you exclude the old. Design for the old and you include everyone. - Bernard Issacs 51
References and guides Related Works and Accompanying Materials Vitak J, Shilton K, editors. Trust, Privacy and Security, and Accessibility Considerations When Conducting Mobile Technologies Research With Older Adults. In: National Academies of Sciences, Engineering, and Medicine; Division of Behavioral and Social Sciences and Education; Board on Behavioral, Cognitive, and Sensory Sciences. Mobile Technology for Adaptive Aging: Proceedings of a Workshop. Washington (DC): National Academies Press (US); 2020 Sep 25. 1. Available from: https://www.ncbi.nlm.nih.gov/books/NBK563116/ Y. Wang, "Inclusive Security and Privacy," in IEEE Security & Privacy, vol. 16, no. 4, pp. 82-87, July/August 2018, doi: 10.1109/ MSP.2018.3111237. Yao Ma, Jinjuan Feng, Libby Kumin, and Jonathan Lazar. 2013. Investigating User Behavior for Authentication Methods: A Comparison between Individuals with Down Syndrome and Neurotypical Users. ACM Trans. Access. Comput. 4, 4, Article 15 (July 2013), 27 pages. DOI:https://doi.org/10.1145/2493171.2493173 V S Pakianathan, P. and Perrault, S., 2020. Towards Inclusive Design for Privacy and Security: Perspectives from an Aging Society. [online] Available at: <https://www.usenix.org/conference/soups2020/presentation/pakianathan> [Accessed 25 October 2021]. Design Tools/Kits/Guides/Misc. Usability Toolkit for working with at-risk populations - https://usable.tools/ Cambridge Inclusive Design Toolkit - http://www.inclusivedesigntoolkit.com/ Microsoft Inclusive Design Guide - https://www.microsoft.com/design/inclusive/ Accessibility Guidelines - https://www.w3.org/TR/WCAG21/ Conducting studies with Sex workers - https://elissaredmiles.com/research/swmethods.pdf Belmont Report - https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html Nurembery Code - https://history.nih.gov/download/attachments/1016866/nuremberg.pdf 52

More Related Content

PPTX
Understanding Disengagement from Social Media: A Research Agenda
University of Sydney
 
PPTX
Research seminar Queen Mary University of London (CogSci)
Miriam Fernandez
 
PDF
Vision track october_2020_fernandez_v5
Miriam Fernandez
 
PDF
Biases in Social Media Research (NoBias EU project)
Miriam Fernandez
 
PPTX
Are we all knowledgeable now
Petr Lupac
 
PPTX
Findings from the Global Impact Study of Public Access ICTs
Technology & Social Change Group
 
PDF
5 ways to bridge the Digital gender Gap
betterplace lab
 
PPTX
Society Meets Social Media at reyerson-2015
Oxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Understanding Disengagement from Social Media: A Research Agenda
University of Sydney
 
Research seminar Queen Mary University of London (CogSci)
Miriam Fernandez
 
Vision track october_2020_fernandez_v5
Miriam Fernandez
 
Biases in Social Media Research (NoBias EU project)
Miriam Fernandez
 
Are we all knowledgeable now
Petr Lupac
 
Findings from the Global Impact Study of Public Access ICTs
Technology & Social Change Group
 
5 ways to bridge the Digital gender Gap
betterplace lab
 
Society Meets Social Media at reyerson-2015
Oxford Martin Centre, OII, and Computer Science at the University of Oxford
 

What's hot (19)

PDF
DPSY Week-9 Discussion 2: Generational Differences
eckchela
 
PDF
Kirkizh E.
Nora Kirkizh
 
PDF
Final survey report on multistakeholder concept and its practice by shreedeep...
Shreedeep Rayamajhi
 
ODP
Social Media in Crisis Management: ISCRAM Summer School 2011
Connie White
 
PDF
Web 20 (Social Media) Policies in Higher Education
Anne Arendt
 
PPT
SMSM2014
Nora Kirkizh
 
PPTX
ICT as Platform for Change - Empowerment Technologies
Mark Jhon Oxillo
 
PDF
Knowledge Sharing in the Networked World of the Internet of Things
Pew Research Center's Internet & American Life Project
 
PDF
Future opportunities in social communications
Pawan Gupta
 
DOCX
Opening Up Development-
Soren Gigler
 
PPTX
Internet Activity, Skills, and Political Opinion Formation
Bianca C. Reisdorf, Ph.D.
 
PPTX
The digital divide
ktm373
 
PDF
Digital technology impacts by 2020
Pew Research Center's Internet & American Life Project
 
PPT
The Internet And The Arts: How new technology affects old aesthetics
Pew Research Center's Internet & American Life Project
 
PDF
The New Era of News: How Social Media is Impacting The U.S Presidential Election
Madison Marcello
 
PPT
"Understanding Broadband from the Outside" - ARNIC Seminar April1 08
ARNIC
 
PDF
Computational Social Science
journal ijrtem
 
PDF
Teens and Sexting
Pew Research Center's Internet & American Life Project
 
PDF
The Internet of Things and what it mean for librarians
Pew Research Center's Internet & American Life Project
 
DPSY Week-9 Discussion 2: Generational Differences
eckchela
 
Kirkizh E.
Nora Kirkizh
 
Final survey report on multistakeholder concept and its practice by shreedeep...
Shreedeep Rayamajhi
 
Social Media in Crisis Management: ISCRAM Summer School 2011
Connie White
 
Web 20 (Social Media) Policies in Higher Education
Anne Arendt
 
SMSM2014
Nora Kirkizh
 
ICT as Platform for Change - Empowerment Technologies
Mark Jhon Oxillo
 
Knowledge Sharing in the Networked World of the Internet of Things
Pew Research Center's Internet & American Life Project
 
Future opportunities in social communications
Pawan Gupta
 
Opening Up Development-
Soren Gigler
 
Internet Activity, Skills, and Political Opinion Formation
Bianca C. Reisdorf, Ph.D.
 
The digital divide
ktm373
 
Digital technology impacts by 2020
Pew Research Center's Internet & American Life Project
 
The Internet And The Arts: How new technology affects old aesthetics
Pew Research Center's Internet & American Life Project
 
The New Era of News: How Social Media is Impacting The U.S Presidential Election
Madison Marcello
 
"Understanding Broadband from the Outside" - ARNIC Seminar April1 08
ARNIC
 
Computational Social Science
journal ijrtem
 
Teens and Sexting
Pew Research Center's Internet & American Life Project
 
The Internet of Things and what it mean for librarians
Pew Research Center's Internet & American Life Project
 
Ad

Similar to Accessible Privacy and Security (20)

PDF
Talks submitted
Kim Minh
 
PPTX
Digital project planning and pedagogy
librarianrafia
 
PPTX
Digital Literacy Workshop
Lisa Harris
 
PDF
UXPA 2023: Rethinking Design Processes for Inclusion
UXPA International
 
PDF
A Framework for Analysing, Designing and Evaluating Persuasive Technologies.pdf
Kayla Smith
 
PDF
Luciano uvi hackfest.28.10.2020
Joanne Luciano
 
PPTX
DigComp - Konferens om skolans digitalisering, 8 sep, Stockholm
Riina Vuorikari
 
PPTX
BYOD & Social Media: The Risks and Benefits for Education
Bloxx
 
PPTX
BYOD and Social Media in Education
Bloxx
 
PPTX
Bl cybersecurity z_dooly
zdooly
 
PDF
Visualization for Software Analytics
Margaret-Anne Storey
 
PDF
A Guide to AI for Smarter Nonprofits - Dr. Cori Faklaris, UNC Charlotte
Cori Faklaris
 
PDF
CSR Plan for National Celular Operator - Award Winning CSR
Christofer Felix
 
PDF
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
Zac Darcy
 
PPTX
Digital Competence framework for citizens (DIGCOMP )
Riina Vuorikari
 
PDF
BINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNING
IRJET Journal
 
PPTX
A Blind Date With (Big) Data: Student Data in (Higher) Education
University of South Africa (Unisa)
 
PDF
204
vivatechijri
 
PDF
An Introduction To Information Design Coates Kathryn Ellison
niliguiffo
 
PDF
An Introduction To Information Design Coates Kathryn Ellison
niliguiffo
 
Talks submitted
Kim Minh
 
Digital project planning and pedagogy
librarianrafia
 
Digital Literacy Workshop
Lisa Harris
 
UXPA 2023: Rethinking Design Processes for Inclusion
UXPA International
 
A Framework for Analysing, Designing and Evaluating Persuasive Technologies.pdf
Kayla Smith
 
Luciano uvi hackfest.28.10.2020
Joanne Luciano
 
DigComp - Konferens om skolans digitalisering, 8 sep, Stockholm
Riina Vuorikari
 
BYOD & Social Media: The Risks and Benefits for Education
Bloxx
 
BYOD and Social Media in Education
Bloxx
 
Bl cybersecurity z_dooly
zdooly
 
Visualization for Software Analytics
Margaret-Anne Storey
 
A Guide to AI for Smarter Nonprofits - Dr. Cori Faklaris, UNC Charlotte
Cori Faklaris
 
CSR Plan for National Celular Operator - Award Winning CSR
Christofer Felix
 
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
Zac Darcy
 
Digital Competence framework for citizens (DIGCOMP )
Riina Vuorikari
 
BINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNING
IRJET Journal
 
A Blind Date With (Big) Data: Student Data in (Higher) Education
University of South Africa (Unisa)
 
204
vivatechijri
 
An Introduction To Information Design Coates Kathryn Ellison
niliguiffo
 
An Introduction To Information Design Coates Kathryn Ellison
niliguiffo
 
Ad

Recently uploaded (20)

PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 

Accessible Privacy and Security

  • 1. Pavithren (Viren), November 3rd 2021 (GMT-6) Accessible Privacy and Security COMP 3/4732 - Human-Centered Data Security and Privacy 1
  • 2. Bio Pavithren (Viren) is currently a research associate at Telehealth Core, Saw Swee Hock School of Public Health at the National University of Singapore. Viren’s research has been largely multi- disciplinary, across Human-Computer Interaction (HCI), Inclusive Design and Privacy and Security. He is passionate about bridging multiple disciplines to tackle complex socio-technical problems. 2
  • 3. Content Page 1. Introduction 2. Accessibility in Privacy and Security 3. Case study - Inclusive Mobile Privacy and Security 4. Working with Vulnerable/Underrepresented Populations 3
  • 4. Inclusive Design: from the pixel to the city by the British Design Council https://www.youtube.com/watch? v=U5hRXwPE5a4 4
  • 6. What is Inclusive Design? Let’s get the de fi nitions right. Inclusive Design is a design methodology which aims to consider the full range of human diversity while designing. Image from https://dribbble.com/shots/10481307-Eventbrite-New-Illustration-System 6
  • 7. What is Accessibility? Accessibility is about allowing your product to be usable by as many people as possible. Image from https://uxdesign.cc/thinking-like-a-developer- part-ii-design-the-edge-cases-fe5f21516d20 7
  • 8. What is Accessibility? Accessibility is about allowing your product to be usable by as many people as possible. Image from https://uxdesign.cc/thinking-like-a-developer- part-ii-design-the-edge-cases-fe5f21516d20 7
  • 9. 8
  • 11. Please go to https://www.menti.com/xxxxx Name an accessibility tool that you use daily. 9
  • 12. Who benefits from Inclusive Design? • Older adults • Physical Disabilities - Deaf, Blind, Mobility Impaired Individuals • Cognitive Disabilities - ASD/ADHD, Down syndrome • People with lower SES or have poorer network connection • Non-WEIRD* Populations • And the list goes on… Image from https://dribbble.com/shots/4169845-Inclusive-Design-at-Microsoft *WEIRD = Western, educated, industrialized, rich and democratic 10
  • 13. Who benefits from Inclusive Design? • Older adults • Physical Disabilities - Deaf, Blind, Mobility Impaired Individuals • Cognitive Disabilities - ASD/ADHD, Down syndrome • People with lower SES or have poorer network connection • Non-WEIRD* Populations • And the list goes on… Image from https://dribbble.com/shots/4169845-Inclusive-Design-at-Microsoft *WEIRD = Western, educated, industrialized, rich and democratic 10
  • 14. Situational Impairment When designing for someone with disability, someone else with a temporary and situational impairment would bene fi t as well. Image from https://www.microsoft.com/design/inclusive/ 11
  • 15. The curb cut effect Source: https://sketchplanations.com/the-curb-cut-e ff ect “Solve for One, Extend to Many.” - Microsoft Inclusive design guide 12
  • 16. Accessibility in Privacy and Security 13
  • 17. State of the art - Inclusive Privacy and Security “From 2005 to 2017, less than 10 percent of papers at Symposium on Usable Privacy and Security (SOUPS*) had studied under represented population.” -Yang Wang (2018 ) Sex Workers Older adults PwDs Asian Middle Eastern *https://www.usenix.org/conference/soups2021/ Children 14
  • 18. The issues with CAPTCHA *https://nfb.org//sites/default/ fi les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm 15
  • 19. The issues with CAPTCHA *https://nfb.org//sites/default/ fi les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm 15
  • 20. The issues with CAPTCHA A visually impaired person can solve an audio captcha only 46 percent of the time. * *https://nfb.org//sites/default/ fi les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm 15
  • 21. How about other Privacy and Security tools/mechanisms? Password Generation 2FA Biometric Authentication Secure WiFi Security Updates Secure Messaging Transmission of Healthcare Data App permissions Privacy Policies Cookies Certi fi cates Encryption Tools 16
  • 22. Increase in Greying Smartphone Users 17
  • 23. Increase in Greying Smartphone Users Accelerated adoption of Smartphone amongst older adults. ⁺https://www.pewresearch.org/internet/2017/05/17/tech-adoption-climbs-among-older-adults/pi_2017-05-17_older-americans-tech_0-01/ 17
  • 24. Increase in Greying Smartphone Users Accelerated adoption of Smartphone amongst older adults. Are mobile privacy and security mechanisms/tools catching up in terms of meeting their needs? Photo by Anastasia Shuraeva from Pexels 17
  • 25. A Case Study How might we design mobile privacy and security inclusively for older adults in Singapore? 18
  • 26. Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk 19
  • 27. Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk Discover 19
  • 28. Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk Discover De fi ne 19
  • 29. Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk Discover De fi ne Develop 19
  • 30. Design Methodology Double Diamond Design Methodology* *https://www.designcouncil.org.uk Discover De fi ne Develop Deliver 19
  • 32. Discovery Understanding the problem What’s happening in Singapore? • Smart Nation Initiative to digitise services • Increasing smartphone adoption among older adults in Singapore. • Increasing number of phishing scams. Image from https://abc7news.com/ grandparents-seniors-assisted-living-nursing- homes/6119545/ Why is it a problem? • Older adults are at higher risks to privacy and security threats Image from https://www.smartnation.gov.sg/ 21
  • 33. Discovery Method • Dyadic Semi-structured Interviews • 45 mins. to 1 hour • 10 adults (caregivers, friends, volunteer trainers) • 10 older adults • Qualitative Analysis of Interview Transcripts Image from https://liveeverleigh.com/ resources/blog/how-older-adults-can- stay-in-touch-with-technology/ 22
  • 34. Discovery Main fi ndings* 1. Reliance on Social Support for P&S 2. Attitude and Culture A ff ected Learning and awareness about P&S 3. Contextualized P&S preferences *https://www.usenix.org/conference/soups2020/presentation/pakianathan 23
  • 35. Discovery Understanding the problem Common threat models 1. Password Management 2. Understanding of URLs 3. Reading Terms and Conditions 4. Changing privacy settings 5. Risk of Falling for phishing scams 6. Icon/Terminologies not understandable 7. Unaware of Data collection by Apps 8. Installing apps unknowingly Image from https://blogs.windriver.com/wind_river_blog/ 2017/09/tackling-iot-security-with-new-wind-river- services-o ff ering/ 24
  • 37. Define Reframing and concretising the problem • Online Survey to identify the top threats faced by older adults in Singapore • Adults (n=35) • Older adults (n=15) Common threat models 1. Password Management 2. Understanding of URLs 3. Reading Terms and Conditions 4. Changing privacy settings 5. Falling for phishing 6. Icon/Terminologies not understandable 7. Unaware of Data collection by Apps 8. Installing apps unknowingly 26
  • 38. Define Reframing and concretising the problem • Online Survey to identify the top threats faced by older adults in Singapore • Adults (n=35) • Older adults (n=15) Top 3 threat models 1. Password Management 2. Understanding of URLs 3. Reading Terms and Conditions 4. Changing privacy settings 5. Falling for phishing 6. Icon/Terminologies not understandable 7. Unaware of Data collection by Apps 8. Installing apps unknowingly 26
  • 40. Develop Method Participatory Design(PD) - An attempt to involving all stakeholders to be part of the design process. Designer Stakeholders 28
  • 41. Develop PD Workshop Flow 3 Ideation Methods 29
  • 42. Develop PD Workshop Flow 🧑 Design 🧑 Human Computer Interaction 🧑 Security and Privacy 3 Participants per workshop 3 Ideation Methods 29
  • 43. Develop PD Workshop Flow 🧑 Design 🧑 Human Computer Interaction 🧑 Security and Privacy 3 Participants per workshop Morphological Matrix Brainstorming Persona 3 Ideation Methods 29
  • 44. Develop PD Workshop Flow 🧑 Design 🧑 Human Computer Interaction 🧑 Security and Privacy 3 Participants per workshop Morphological Matrix Brainstorming Persona 6 Workshops 3 Ideation Methods 29
  • 45. Develop PD Workshop Flow 🧑 Design 🧑 Human Computer Interaction 🧑 Security and Privacy 3 Participants per workshop Morphological Matrix Brainstorming Persona 6 Workshops Multi- disciplinary outcomes 3 Ideation Methods 29
  • 46. Develop Developing ideas using How might we statements… 30
  • 47. Develop 1. Provide critical information on data collection of apps in a format that is easy to understand for the users? How might we… Image from Apple 31
  • 48. Develop 2. Improve password hygiene amongst users to reduce password compromise risks? How might we… Image from https://www.nethive.it/en/ blog/password-reuse-mmmmh-2/ 32
  • 49. Develop How might we… 3. Redesign detection of malicious URLs to prevent Phishing? Image from https://www.straitstimes.com/ singapore/courts-crime/new-variant-of-phishing- scams-emerges-bank-victims-lost-1m-from-jan- to-may 33
  • 50. Develop Persona Findings from the Discovery phase was condensed into an older adult persona. Older adult persona Given to Participants 34
  • 51. Develop Morphological Matrix A structured way used to create large numbers of ideas. How might we redesign the detection of malicious URLs to prevent phishing? 35
  • 52. Develop Morphological Matrix A structured way used to create large numbers of ideas. Sub-System Functions Concept 1 Concept 2 Concept 3 Concept 4 Check Unknown Link/URL within social ecosystem Verify URL How might we redesign the detection of malicious URLs to prevent phishing? 35
  • 53. Develop Morphological Matrix A structured way used to create large numbers of ideas. Sub-System Functions Concept 1 Concept 2 Concept 3 Concept 4 Check Unknown Link/URL within social ecosystem Verify URL How might we redesign the detection of malicious URLs to prevent phishing? 35
  • 55. Develop Analysis of Ideas Ideas generated by the 18 participants were categorised into themes by 2 researchers 36
  • 56. Develop Analysis of Ideas Ideas generated by the 18 participants were categorised into themes by 2 researchers 36
  • 57. Develop Analysis of Ideas Ideas generated by the 18 participants were categorised into themes by 2 researchers 36
  • 58. Develop Analysis of Ideas Ideas generated by the 18 participants were categorised into themes by 2 researchers 36
  • 60. 38
  • 61. 38
  • 62. How might we redesign detection of malicious URLs to prevent Phishing? 38
  • 64. Deliver Method 1. Semi-structured interviews 1. 45 mins to 1 hour 2. 30 Participants 1. 12 Older adults 2. 18 Adults 3. Think aloud activity 4. Prototype evaluation Image from https://www.uxness.in/2019/09/ how-to-choose-usability-testing-method-p.html 39
  • 65. Deliver Current Flow of Navigating Certi fi cate UI in Chrome 40
  • 67. Deliver Think aloud activity DBS Digibank Real vs Dummy URL Activity Participants were randomly shown 1 genuine and 1 fake banking/government website. 41
  • 68. Deliver Think aloud activity DBS Digibank Real vs Dummy URL Activity Participants were randomly shown 1 genuine and 1 fake banking/government website. Results None of 30 participants could identify the fake website! 41
  • 69. Deliver Insights from navigating Certi fi cate UI in Chrome “/spauth looks suspicious” P19, 65-74 y.o Genuine Government Website “Normal person won’t know [content in circle]” P26, 65-74 y.o. Genuine Banking website “I don’t know Entrust.” P28, 25-34 y.o Genuine Banking website 42
  • 70. Deliver A multimodal approach to reducing Phishing attacks - SoCiAI* *Social Circle + Crowdsourcing + Arti fi cial Intelligence = > SoCiAI, a hypothetical application design to solve web trust issues using multiple modalities 43
  • 72. Deliver Results Mixed preferences amongst older adults and adults regarding their preferred modality - Social Circle, Crowdsourcing or AI. AI? Crowdsourcing? Social Circle? 44
  • 73. Deliver Results Mixed preferences amongst older adults and adults regarding their preferred modality - Social Circle, Crowdsourcing or AI. AI? Crowdsourcing? Social Circle? Mean SUS Scores Adult Older Adults Existing Mechanism 45.29 28.96 SoCiAI 71.03 77.91 Considerably higher usability Score (SUS) for SoCiAI compared to current Android Chrome browser certification UI by both adults and older adults. 44
  • 75. Research Challenges Considerations • Ethics - Belmont Report, Nuremberg Code, the Common Rule, CITI certification, etc. • Access to population - elderly home, remote areas, red light district etc. • Mode of study - online, face to face, phone call, online survey, in the wild, group interview etc. Photo by Startup Stock Photos from Pexels 46
  • 76. Learnings from working with Older adults 1. Build a relationship with participants 2. Be mindful of social desirability bias 3. Keep interview on track and limit digression 4. Use simple language and terminologies 5. Avoid lengthy studies to reduce fatigue 6. Run pilot studies to assess readability of questions 47
  • 77. Taking action • Adopt Inclusive Design/Universal Design Methodologies in your next project from day 1. • Follow or contribute to Accessibility Guidelines (e.g. WCAG 2.1) • Encourage Govts. to mandate policies to ensure that organisations follow guidelines and reduce discrimination (for e.g. American Disabilities Act ) Image from https://www.shutterstock.com/image-photo/ woman-jumping-over-abyss-front-sunset-1039137214 48
  • 78. Recap What did we learn today? 1. Intro to Accessibility and Inclusive Design 2. Intro Accessible Privacy and Security 3. Case Study - Inclusive Mobile Privacy and Security 4. Working with Vulnerable or Under represented Population groups 49
  • 79. Please go to https://www.menti.com/xxxxx How would you contribute to Accessible Privacy and 50
  • 80. Design for the young and you exclude the old. Design for the old and you include everyone. - Bernard Issacs 51
  • 81. References and guides Related Works and Accompanying Materials Vitak J, Shilton K, editors. Trust, Privacy and Security, and Accessibility Considerations When Conducting Mobile Technologies Research With Older Adults. In: National Academies of Sciences, Engineering, and Medicine; Division of Behavioral and Social Sciences and Education; Board on Behavioral, Cognitive, and Sensory Sciences. Mobile Technology for Adaptive Aging: Proceedings of a Workshop. Washington (DC): National Academies Press (US); 2020 Sep 25. 1. Available from: https://www.ncbi.nlm.nih.gov/books/NBK563116/ Y. Wang, "Inclusive Security and Privacy," in IEEE Security & Privacy, vol. 16, no. 4, pp. 82-87, July/August 2018, doi: 10.1109/ MSP.2018.3111237. Yao Ma, Jinjuan Feng, Libby Kumin, and Jonathan Lazar. 2013. Investigating User Behavior for Authentication Methods: A Comparison between Individuals with Down Syndrome and Neurotypical Users. ACM Trans. Access. Comput. 4, 4, Article 15 (July 2013), 27 pages. DOI:https://doi.org/10.1145/2493171.2493173 V S Pakianathan, P. and Perrault, S., 2020. Towards Inclusive Design for Privacy and Security: Perspectives from an Aging Society. [online] Available at: <https://www.usenix.org/conference/soups2020/presentation/pakianathan> [Accessed 25 October 2021]. Design Tools/Kits/Guides/Misc. Usability Toolkit for working with at-risk populations - https://usable.tools/ Cambridge Inclusive Design Toolkit - http://www.inclusivedesigntoolkit.com/ Microsoft Inclusive Design Guide - https://www.microsoft.com/design/inclusive/ Accessibility Guidelines - https://www.w3.org/TR/WCAG21/ Conducting studies with Sex workers - https://elissaredmiles.com/research/swmethods.pdf Belmont Report - https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html Nurembery Code - https://history.nih.gov/download/attachments/1016866/nuremberg.pdf 52