Understanding the Experience-Centeredness of Privacy and Security Technologies

The joint study of computer security, privacy and human-computer interaction (HCI) over the last two decades has shaped a research agenda focused upon usable privacy & security. However, in HCI research more generally there has long been an awareness of the need to understand and design for user experience, in recognition of the complex and multi-faceted role that technology now plays in our lives. In this paper we add to the growing discussion by introducing the notion of experience-centered privacy and security. We argue that in order to engage users of technology around issues related to experiences of privacy and security, research methods are required that may be outside of the normal repertoire of methods that we typically call upon. We describe three projects that developed non-typical research methods to reveal experiential insights into user interactions with privacy and security-related technologies. We conclude by proposing a research agenda that begins to illustrate how the discourse and methods of experience-centered design might serve to provide valuable alternative perspectives on new and enduring user-facing privacy and security problems

Holding on to dissensus: Participatory interactions in security design

Recent high-profile cyber-attacks affecting the National Health Service (NHS) in the UK have brought into focus the fact that data, devices, and people are so intermingled that we now need a new way of approaching everyday security that provides an account of place. The assumption until now has been that the security of the individual will follow from technical security and that designing for security requires purely technological solutions. Our creative engagement method puts the human security of actors in the foreground, ensuring that actors who may ordinarily be marginalized may have their perspectives taken into account. The creative methods used include participatory physical modelling to co-design representations of what constitutes ontological security in the everyday for communities. LEGO and other materials allow participants to physically model matters of concern as tangible scenarios, using colored bricks to encode actors, infrastructure, and the movement of data. In this paper, a single LEGO model, depicting an internet-protocol home-banking service, is described in detail. A number of playful and agonistic interactions between our participants are examined through a place-based lens, using descriptive concepts from ontological and autonomous design, an approach designed to tease apart different aspects of our results. This reveals how a community constructs place, the perspectives and horizons of actors, and networks of resilience. We find that participants achieve positive insight into these scenarios by testing out the ways in which they can be broken down by antagonists and adversaries. Participants sustain a space of contestation in which dissensus is established and anticipation of breakdown can be played with.Keywords: ontological design, autonomous design, ontological security, co-design, LEGO

In a New Land:Mobile Phones, Amplified Pressures and Reduced Capabilities

Framed within the theoretical lens of positive and negative security, this paper presents a study of newcomers to Sweden and the roles of mobile phones in the establishment of a new life. Using creative engagement methods through a series of workshops, two researchers engaged 70 adult participants enrolled into further education colleges in Sweden. Group narratives about mobile phone use were captured in creative outputs, researcher observations and notes and were analysed using thematic analysis. Key findings show that the mobile phone offers security for individuals and a safe space for newcomers to establish a new life in a new land as well as capitalising on other spaces of safety, such as maintaining old ties. This usage produces a series of threats and vulnerabilities beyond traditional technological security thinking related to mobile phone use. The paper concludes with recommendations for policies and support strategies for those working with newcomers

Holding onto Dissensus: the participatory co-design of security

Recent high-profile attacks have brought into focus the fact that data, devices and people are so intermingled that we now need a new way of approaching everyday security that provides an account of place. The assumption until now has been that the security of the individual will follow from technical security, and that designing for security requires purely technological solutions. This paper describes a creative engagement method that puts the human security of actors in the foreground, ensuring that actors who may ordinarily be marginalised may have their perspectives taken into account

Holding on to dissensus: Participatory interactions in security design

Recent high-profile cyber-attacks affecting the National Health Service (NHS) in the UK have brought into focus the fact that data, devices, and people are so intermingled that we now need a new way of approaching everyday security that provides an account of place. The assumption until now has been that the security of the individual will follow from technical security and that designing for security requires purely technological solutions. Our creative engagement method puts the human security of actors in the foreground, ensuring that actors who may ordinarily be marginalized may have their perspectives taken into account. The creative methods used include participatory physical modelling to co-design representations of what constitutes ontological security in the everyday for communities. LEGO and other materials allow participants to physically model matters of concern as tangible scenarios, using colored bricks to encode actors, infrastructure, and the movement of data. In this paper, a single LEGO model, depicting an internet-protocol home-banking service, is described in detail. A number of playful and agonistic interactions between our participants are examined through a place-based lens, using descriptive concepts from ontological and autonomous design, an approach designed to tease apart different aspects of our results. This reveals how a community constructs place, the perspectives and horizons of actors, and networks of resilience. We find that participants achieve positive insight into these scenarios by testing out the ways in which they can be broken down by antagonists and adversaries. Participants sustain a space of contestation in which dissensus is established and anticipation of breakdown can be played with.Keywords: ontological design, autonomous design, ontological security, co-design, LEGO

Revealing cumulative risks in online personal information : a data narrative study

When pieces from an individual's personal information available online are connected over time and across multiple platforms, this more complete digital trace can give unintended insights into their life and opinions. In a data narrative interview study with 26 currently employed participants, we examined risks and harms to individuals and employers when others joined the dots between their online information. We discuss the themes of visibility and self-disclosure, unintentional information leakage and digital privacy literacies constructed from our analysis. We contribute insights not only into people's difficulties in recalling and conceptualising their digital traces but of subsequently envisioning how their online information may be combined, or (re)identified across their traces and address a current gap in research by showing that awareness is lacking around the potential for personal information to be correlated by and made coherent to/by others, posing risks to individuals, employers, and even the state. We touch on inequalities of privacy, freedom and legitimacy that exist for different groups with regard to what they make (or feel compelled to make) available online and we contribute to current methodological work on the use of sketching to support visual sense making in data narrative interviews. We conclude by discussing the need for interventions that support personal reflection on the potential visibility of combined digital traces to spotlight hidden vulnerabilities, and promote more proactive action about what is shared and not shared online

Revealing Cumulative Risks in Online Personal Information: A Data Narrative Study

When pieces from an individual’s personal information available online are connected over time and across multiple platforms, this more complete digital trace can give unintended insights into their life and opinions. In a data narrative interview study with 26 currently employed participants, we examined risks and harms to individuals and employers when others joined the dots between their online information. We discuss the themes of visibility and self-disclosure, unintentional information leakage and digital privacy literacies constructed from our analysis. We contribute insights not only into people’s difficulties in recalling and conceptualising their digital traces but of subsequently envisioning how their online information may be combined, or (re)identified across their traces and address a current gap in research by showing that awareness is lacking around the potential for personal information to be correlatedby and made coherent to/by others, posing risks to individuals, employers, and even the state. We touch on inequalities of privacy, freedom and legitimacy that exist for different groups with regard to what they make (or feel compelled to make) available online and we contribute to current methodological work on the use of sketching to support visual sense making in data narrative interviews. We conclude by discussing the need for interventions that support personal reflection on the potential visibility of combined digital traces to spotlight hidden vulnerabilities, and promote more proactive action about what is shared and not shared online