Sign In

Communications of the ACM


Designing Effective Interfaces For ­Usable Privacy and Security

View as: Print Mobile App Share:
Carnegie Mellon Associate Professor Jason Hong

I often cringe when I hear highly technical engineers talk about people.

I usually hear broad generalizations tossed about, like "people are lazy, that's why they can't use the system", or "people don't understand security". The worst is "people are just stupid".

With this kind of attitude, it's no surprise that there are so many complicated user interfaces in the world, let alone in privacy and security. Failing to try to understand things from the user's point of view is the cardinal sin in user interface design.

With this in mind, I thought it would be good to shift focus in this blog entry away from individual case studies of usable privacy and security, and look at the bigger picture of how to design better user interfaces in this space.

Now, how to craft an effective user interface is a very involved topic that one can study for years, and there are lots of great web sites and books out there. Effective user interface design combines our understanding of aesthetics, technology, and human behavior to develop artifacts that are useful, usable, and desirable for a specific target audience.

What makes usable privacy and security different from designing other interfaces is that privacy and security are often secondary tasks. People don't go into an e-commerce site explicitly wanting to protect their credit cards and email addresses, they go there to buy things. Security and privacy are obvious things they want while accomplishing their main goal, in the same manner that they want the web site to also be fast and usable.

Roughly, there are three broad strategies for usable privacy and security (note that these aren't mutually exclusive):

  • make the interface invisible
  • make the interface more understandable
  • train the users

A good example of better security by making the interface invisible is SSL. End-users don't have to do anything special, and all of their network traffic is transparently encrypted.

Often times, we just need to make the user interface more understandable to end-users. This might be accomplished through better layout, simplified task flows, better visualizations, or more appropriate metaphors (why do we sign digital documents using keys, anyway?).

Finally, some user interfaces may also require training the users. One common misconception about user interfaces is that they should be "intuitive" (a description that always raises a red flag with me). If you're a Star Trek fan like I am, you might remember that famous scene in Star Trek IV where Montgomery Scott, the ship's engineer, is trying to use a Macintosh computer. After trying to talk to the computer and getting no response, he then picks up the mouse and tries talking into it. Intuitive indeed.

Applications are always designed for a specific context, for specific purposes, and for a specific target audience. The best designs will empower people and let them get started quickly, while also providing a way for them to get better. Minutes to learn, a lifetime to master, as the old saying goes.

As such, there will be some applications will require some level of training. The training might range from a basic understanding of how to zoom in and out on the iPhone (where Apple cleverly trained people how to use with their television ads), all the way to learning how to drive a car (something we actually start training our children to do since birth, given how ingrained cars are in society).

Now, this doesn't mean that you can get away with a disastrous user interface and expect people to have to train how to use it, but it also doesn't mean that all user interfaces should be walk up and use either. You have to balance ease-of-use with power and flexibility for your specific audience and your specific goals. As Silicon Valley pioneer Doug Engelbart once noted, if ease of use was all that mattered, we'd all still be riding tricycles.

In my next few blog entries, I'll discuss some more thoughts on how to design effective interfaces for usable privacy and security.


Douglas Kayama

Unfortunately, developers still see interfaces as the last thing to be done (or to think about), as if such functionality (that nobody can use or just them can) were something that distracts them from getting the real work done. As if interfaces weren't real work.
Or oftentimes the importance is low and the interface is made quickly, without so much design :(

Nice post.

Jason Hong

In this regard, user interfaces, and more generally usability, is a lot like security, in that it can't be done at the end. It has to be designed in from the very beginning.

This is one reason I've found that security folk have in common with people in human-computer interaction. I think I'll talk about this more in a future post.

Going back to the main point, I think it requires a shift in people's thinking. Some things that we have seen work well is bringing engineers and managers on field studies to see how people actually work, doing low-fidelity paper prototyping so that everyone on the team can participate, and showing clips of user studies on actual interfaces.

Jesse Iswaraputra

This is a good post, and I agree very much as a Mac and iPhone apps developer.

But, the real problem is everyone has their own way to use something. Though, after several repeated usages, they're inclined to use things in the way the designer of the products expect them to be.

One good example is the conflicting usage pattern between Mac vs Windows or KDE or Gnome users. Most people complained about the inability to resize Mac OS X window from any window edges (you could only resize the window from the bottom-right).

I advised them to use either the maximum size or medium size, and don't do too much resizing. But, could I force them ? No.
Could I fix Mac OS X window behaviors ? No, I'm not an Apple software designer.

Let's bring this to the iPhone, where the Blackberry or Windows Mobile, or Symbian users are complaining about the lack of "context menu", difficult to use touchscreen keyboard, and some flashy iPhone OS UI that they're not familiar with.

Though it's not a problem at all for me, it's a problem for them. User Interface still can't satisfy everyone. Some users will eventually choose to follow the designers' way of doing things.

Displaying all 3 comments