Separation of Lanthanides/ Lanthanides and Actinides
Accessible Privacy and Security
1. Pavithren (Viren), November 3rd 2021 (GMT-6)
Accessible Privacy and Security
COMP 3/4732 - Human-Centered Data Security and Privacy
1
2. Bio
Pavithren (Viren) is currently a research
associate at Telehealth Core, Saw Swee Hock
School of Public Health at the National
University of Singapore.
Viren’s research has been largely multi-
disciplinary, across Human-Computer
Interaction (HCI), Inclusive Design and Privacy
and Security.
He is passionate about bridging multiple
disciplines to tackle complex socio-technical
problems.
2
3. Content Page
1. Introduction
2. Accessibility in Privacy and Security
3. Case study - Inclusive Mobile Privacy and Security
4. Working with Vulnerable/Underrepresented Populations
3
4. Inclusive Design: from the pixel to the city
by the British Design Council
https://www.youtube.com/watch?
v=U5hRXwPE5a4
4
6. What is Inclusive Design?
Let’s get the de
fi
nitions right.
Inclusive Design is a
design methodology
which aims to
consider the full
range of human
diversity while
designing.
Image from https://dribbble.com/shots/10481307-Eventbrite-New-Illustration-System
6
7. What is Accessibility?
Accessibility is
about allowing
your product to
be usable by as
many people as
possible. Image from https://uxdesign.cc/thinking-like-a-developer-
part-ii-design-the-edge-cases-fe5f21516d20
7
8. What is Accessibility?
Accessibility is
about allowing
your product to
be usable by as
many people as
possible. Image from https://uxdesign.cc/thinking-like-a-developer-
part-ii-design-the-edge-cases-fe5f21516d20
7
12. Who benefits from Inclusive Design?
• Older adults
• Physical Disabilities - Deaf, Blind, Mobility
Impaired Individuals
• Cognitive Disabilities - ASD/ADHD, Down
syndrome
• People with lower SES or have poorer
network connection
• Non-WEIRD* Populations
• And the list goes on…
Image from https://dribbble.com/shots/4169845-Inclusive-Design-at-Microsoft
*WEIRD = Western, educated, industrialized, rich and democratic 10
13. Who benefits from Inclusive Design?
• Older adults
• Physical Disabilities - Deaf, Blind, Mobility
Impaired Individuals
• Cognitive Disabilities - ASD/ADHD, Down
syndrome
• People with lower SES or have poorer
network connection
• Non-WEIRD* Populations
• And the list goes on…
Image from https://dribbble.com/shots/4169845-Inclusive-Design-at-Microsoft
*WEIRD = Western, educated, industrialized, rich and democratic 10
14. Situational Impairment
When designing for
someone with disability,
someone else with a
temporary and situational
impairment would bene
fi
t
as well. Image from https://www.microsoft.com/design/inclusive/
11
15. The curb cut effect
Source: https://sketchplanations.com/the-curb-cut-e
ff
ect
“Solve for One,
Extend to Many.”
- Microsoft Inclusive design guide
12
17. State of the art - Inclusive Privacy and Security
“From 2005 to 2017, less
than 10 percent of papers at
Symposium on Usable
Privacy and Security
(SOUPS*) had studied under
represented population.”
-Yang Wang (2018
)
Sex Workers
Older adults
PwDs
Asian Middle
Eastern
*https://www.usenix.org/conference/soups2021/
Children
14
18. The issues with CAPTCHA
*https://nfb.org//sites/default/
fi
les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm
15
19. The issues with CAPTCHA
*https://nfb.org//sites/default/
fi
les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm
15
20. The issues with CAPTCHA
A visually
impaired person
can solve an
audio captcha
only 46 percent
of the time. *
*https://nfb.org//sites/default/
fi
les/images/nfb/publications/bm/bm09/bm0901/bm090108.htm
15
21. How about other Privacy and
Security tools/mechanisms?
Password
Generation
2FA
Biometric
Authentication
Secure WiFi
Security
Updates
Secure Messaging
Transmission of
Healthcare Data
App permissions
Privacy Policies
Cookies
Certi
fi
cates
Encryption
Tools
16
23. Increase in Greying Smartphone Users
Accelerated adoption
of Smartphone
amongst older adults.
⁺https://www.pewresearch.org/internet/2017/05/17/tech-adoption-climbs-among-older-adults/pi_2017-05-17_older-americans-tech_0-01/
17
24. Increase in Greying Smartphone Users
Accelerated adoption
of Smartphone
amongst older adults.
Are mobile privacy
and security
mechanisms/tools
catching up in terms
of meeting their
needs?
Photo by Anastasia Shuraeva from Pexels
17
25. A Case Study
How might we design mobile privacy and security
inclusively for older adults in Singapore?
18
32. Discovery
Understanding the problem
What’s happening in Singapore?
• Smart Nation Initiative to digitise
services
• Increasing smartphone adoption among
older adults in Singapore.
• Increasing number of phishing scams.
Image from https://abc7news.com/
grandparents-seniors-assisted-living-nursing-
homes/6119545/
Why is it a problem?
• Older adults are at higher risks to privacy
and security threats
Image from https://www.smartnation.gov.sg/
21
34. Discovery
Main
fi
ndings*
1. Reliance on Social Support for
P&S
2. Attitude and Culture A
ff
ected
Learning and awareness about
P&S
3. Contextualized P&S preferences
*https://www.usenix.org/conference/soups2020/presentation/pakianathan
23
35. Discovery
Understanding the problem
Common threat models
1. Password Management
2. Understanding of URLs
3. Reading Terms and Conditions
4. Changing privacy settings
5. Risk of Falling for phishing scams
6. Icon/Terminologies not understandable
7. Unaware of Data collection by Apps
8. Installing apps unknowingly
Image from https://blogs.windriver.com/wind_river_blog/
2017/09/tackling-iot-security-with-new-wind-river-
services-o
ff
ering/
24
37. Define
Reframing and concretising the problem
• Online Survey to identify the top
threats faced by older adults in
Singapore
• Adults (n=35)
• Older adults (n=15)
Common threat models
1. Password Management
2. Understanding of URLs
3. Reading Terms and Conditions
4. Changing privacy settings
5. Falling for phishing
6. Icon/Terminologies not understandable
7. Unaware of Data collection by Apps
8. Installing apps unknowingly
26
38. Define
Reframing and concretising the problem
• Online Survey to identify the top
threats faced by older adults in
Singapore
• Adults (n=35)
• Older adults (n=15)
Top 3 threat models
1. Password Management
2. Understanding of URLs
3. Reading Terms and Conditions
4. Changing privacy settings
5. Falling for phishing
6. Icon/Terminologies not understandable
7. Unaware of Data collection by Apps
8. Installing apps unknowingly
26
52. Develop
Morphological Matrix
A structured
way used to
create large
numbers of
ideas.
Sub-System
Functions
Concept 1 Concept 2 Concept 3 Concept 4
Check Unknown
Link/URL within
social ecosystem
Verify URL
How might we redesign the detection of
malicious URLs to prevent phishing?
35
53. Develop
Morphological Matrix
A structured
way used to
create large
numbers of
ideas.
Sub-System
Functions
Concept 1 Concept 2 Concept 3 Concept 4
Check Unknown
Link/URL within
social ecosystem
Verify URL
How might we redesign the detection of
malicious URLs to prevent phishing?
35
67. Deliver
Think aloud activity
DBS Digibank Real vs Dummy URL
Activity
Participants were randomly
shown 1 genuine and 1 fake
banking/government website.
41
68. Deliver
Think aloud activity
DBS Digibank Real vs Dummy URL
Activity
Participants were randomly
shown 1 genuine and 1 fake
banking/government website.
Results
None of 30 participants
could identify the fake
website!
41
69. Deliver
Insights from navigating Certi
fi
cate UI in Chrome
“/spauth looks suspicious”
P19, 65-74 y.o
Genuine Government
Website
“Normal person won’t know
[content in circle]”
P26, 65-74 y.o.
Genuine Banking website “I don’t know Entrust.”
P28, 25-34 y.o
Genuine Banking website
42
70. Deliver
A multimodal approach to reducing Phishing attacks - SoCiAI*
*Social Circle + Crowdsourcing + Arti
fi
cial Intelligence = > SoCiAI, a hypothetical application design to solve web trust issues using multiple modalities
43
72. Deliver
Results
Mixed preferences amongst older
adults and adults regarding their
preferred modality - Social Circle,
Crowdsourcing or AI.
AI?
Crowdsourcing?
Social Circle?
44
73. Deliver
Results
Mixed preferences amongst older
adults and adults regarding their
preferred modality - Social Circle,
Crowdsourcing or AI.
AI?
Crowdsourcing?
Social Circle?
Mean SUS Scores
Adult Older Adults
Existing
Mechanism
45.29 28.96
SoCiAI 71.03 77.91
Considerably higher usability
Score (SUS) for SoCiAI compared
to current Android Chrome
browser certification UI by both
adults and older adults.
44
75. Research Challenges Considerations
• Ethics - Belmont Report,
Nuremberg Code, the Common
Rule, CITI certification, etc.
• Access to population - elderly
home, remote areas, red light
district etc.
• Mode of study - online, face to
face, phone call, online survey,
in the wild, group interview etc.
Photo by Startup Stock Photos from Pexels
46
76. Learnings from working with Older adults
1. Build a relationship with participants
2. Be mindful of social desirability bias
3. Keep interview on track and limit digression
4. Use simple language and terminologies
5. Avoid lengthy studies to reduce fatigue
6. Run pilot studies to assess readability of questions
47
77. Taking action
• Adopt Inclusive Design/Universal
Design Methodologies in your
next project from day 1.
• Follow or contribute to
Accessibility Guidelines (e.g.
WCAG 2.1)
• Encourage Govts. to mandate
policies to ensure that
organisations follow guidelines
and reduce discrimination (for e.g.
American Disabilities Act )
Image from https://www.shutterstock.com/image-photo/
woman-jumping-over-abyss-front-sunset-1039137214
48
78. Recap
What did we learn today?
1. Intro to Accessibility and Inclusive Design
2. Intro Accessible Privacy and Security
3. Case Study - Inclusive Mobile Privacy and Security
4. Working with Vulnerable or Under represented Population groups
49
80. Design for the young and you exclude the old.
Design for the old and you include everyone.
- Bernard Issacs
51
81. References and guides
Related Works and Accompanying Materials
Vitak J, Shilton K, editors. Trust, Privacy and Security, and Accessibility Considerations When Conducting Mobile Technologies Research
With Older Adults. In: National Academies of Sciences, Engineering, and Medicine; Division of Behavioral and Social Sciences and
Education; Board on Behavioral, Cognitive, and Sensory Sciences. Mobile Technology for Adaptive Aging: Proceedings of a Workshop.
Washington (DC): National Academies Press (US); 2020 Sep 25. 1. Available from: https://www.ncbi.nlm.nih.gov/books/NBK563116/
Y. Wang, "Inclusive Security and Privacy," in IEEE Security & Privacy, vol. 16, no. 4, pp. 82-87, July/August 2018, doi: 10.1109/
MSP.2018.3111237.
Yao Ma, Jinjuan Feng, Libby Kumin, and Jonathan Lazar. 2013. Investigating User Behavior for Authentication Methods: A Comparison
between Individuals with Down Syndrome and Neurotypical Users. ACM Trans. Access. Comput. 4, 4, Article 15 (July 2013), 27 pages.
DOI:https://doi.org/10.1145/2493171.2493173
V S Pakianathan, P. and Perrault, S., 2020. Towards Inclusive Design for Privacy and Security: Perspectives from an Aging Society.
[online] Available at: <https://www.usenix.org/conference/soups2020/presentation/pakianathan> [Accessed 25 October 2021].
Design Tools/Kits/Guides/Misc.
Usability Toolkit for working with at-risk populations - https://usable.tools/
Cambridge Inclusive Design Toolkit - http://www.inclusivedesigntoolkit.com/
Microsoft Inclusive Design Guide - https://www.microsoft.com/design/inclusive/
Accessibility Guidelines - https://www.w3.org/TR/WCAG21/
Conducting studies with Sex workers - https://elissaredmiles.com/research/swmethods.pdf
Belmont Report - https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html
Nurembery Code - https://history.nih.gov/download/attachments/1016866/nuremberg.pdf
52