 |
« | Week of Mar 21 | < | Individual Entries | > | Week of Apr 4 | » |  |
 |
 |
The Usability of Security
usability
March 30, 2004, 04:07 PM
Neema is working on a project to improve the usability of wireless network security. As I've touched on before, I think the usability of security is an underexplored but very important topic, so I'm glad to see that Neema is thinking about it.
Since he asked for feedback, I'm giving my view (for what it's worth) of how security should work as a user-centered design paradigm. Then I'll try to relate it back to wireless networking.
There is basically only one UCD problem in the security space. Users, organizations, and systems (security people call them "principles" I believe) need to identify what other users, organizations, and systems they trust, and which ones they do not. They may also need to specify further what information they trust each other party with, and what information should be kept hidden. The big interface design question, then, is how to make it quick and easy (remember that specifying security settings is rarely the user's main goal for any system) for people to make these distinctions. Once the appropriate distinctions are made, the software should determine what technologies (WEP, Kerberos, SSL, or whatever) are appropriate to guarantee the required level of trust, and employ them. This part shouldn't concern the user.
I know this is abstract, and determining how to realize this in any individual system is a decision that the designers of each system must make on a case-by-case basis. But it's important to think of the problem in these terms, and not in terms of "how can I teach users the advantages of using SSL?" Users don't know about SSL and don't want to know about SSL. They just know who they trust, and that must be enough.
So what might this mean for wireless security? Well, when a user logs on to a wireless network, their user agent (probably their computer) needs to know whether they trust the person who is administering that network. If the user is at Starbucks, then they must indicate whether they trust Starbucks Corp. to faithfully transmit their data. Maybe the interface must allow the user to directly specify this information. Maybe it only needs to show the user what other people they are currently "trusting" with their information. But these are the sorts of design questions I'd like to see addressed. Everything else should Just Work™.
Averting Starvation
charity
March 29, 2004, 08:27 PM
An old article on the Atlantic discusses the work of Norman Borlaug, one of America's three Nobel Peace Prize winners, though you've probably never heard of him. He has devoted his life to developing and disseminating high-yield farming techniques to the developing world, an effort that may have saved upwards of 1 billion lives. The article also makes a good case for why "non-natural" technologies aren't necessarily harmful to our world, and how opposing them can sometimes do more harm than good.
Truly an inspiring example of a technologist who has affected meaningful change in this world.
Email Rob:
Email Rob: