For people around the world, technology eases the friction of everyday life: bills paid with a few clicks online, plans made and sometimes broken with the tap of a few keys, professional and social relationships initiated and sustained from anywhere at the touch of a button. But not everyone experiences technology in a positive way, because technology — including built-in safeguards for protecting privacy and security — isn’t designed with everyone in mind. In some cases, the technology community’s tendency to develop for a “default persona” can lead to harm. This is especially true for people who, whether due to age, ability, identity, socioeconomic status, power dynamics or some combination thereof, are vulnerable to exploitation and/or marginalized in society.
Researchers in the Allen School’s Security & Privacy Research Lab have partnered with colleagues at the University of Florida and Indiana University to provide a framework for moving technology design beyond the default when it comes to user security and privacy. With a $7.5 million grant from the National Science Foundation through its Secure and Trustworthy Cyberspace (SaTC) Frontiers program, the team will blend computing and the social sciences to develop a holistic and equitable approach to technology design that addresses the unique needs of users who are underserved by current security and privacy practices.
“Technology is an essential tool, sometimes even a lifeline, for individuals and communities. But too often the needs of marginalized and vulnerable people are excluded from conversations around how to design technology for safety and security,” said Allen School professor and co-principal investigator Franziska Roesner. “Our goal is to fundamentally change how our field approaches this question to center the voices of marginalized and vulnerable people, and the unique security and privacy threats that they face, and to make this the norm in future technology design.”
To this end, Roesner and her collaborators — including Allen School colleague and co-PI Tadayoshi Kohno — will develop new security and privacy design principles that focus on mitigating harm while enhancing the benefits of technology for marginalized and vulnerable populations. These populations are particularly susceptible to threats to their privacy, security and even physical safety through their use of technology: children and teenagers, LGBTQ+ people, gig and persona workers, people with sensory impairments, people who are incarcerated or under community supervision, and people with low socioeconomic status. The team will tackle the problem using a three-prong approach, starting with an evaluation of how these users have been underserved by security and privacy solutions in the past. They will then examine how these users interact with technology, identifying both threats and benefits. Finally, the researchers will synthesize what they learned to systematize design principles that can be applied to the development of emerging technologies, such as mixed reality and smart city technologies, to ensure they meet the privacy and security needs of such users.
The researchers have no intention of imposing solutions on marginalized and vulnerable communities; a core tenet of their proposal is direct consultation and collaboration with affected people throughout the duration of the project. They will accomplish this through both quantitative and qualitative research that directly engages communities in identifying their unique challenges and needs and evaluating proposed solutions. The team will apply these insights as it explores how to leverage or even reimagine technologies to address those challenges and needs while adhering to overarching security and privacy goals around the protection of people, systems, and data.
The team’s approach is geared to ensuring that the outcomes are relevant as well as grounded in rigorous scientific theory. It’s a methodology that Roesner, Kohno, and their colleagues hope will become ingrained in the privacy and security community’s approach to new technologies — but they anticipate the impact will extend far beyond their field.
“In addition to what this will mean in terms of a more inclusive approach to designing for security and privacy, one of the aspects that I’m particularly excited about is the potential to build a community of researchers and practitioners who will ensure that the needs of marginalized and vulnerable users will be met over the long term,” said Kohno. “Our work will not only inform technology design, but also education and government policy. The impact will be felt not only in the research and development community but also society at large.”
Kohno and Roesner are joined in this work by PI Kevin Butler and co-PIs Eakta Jain and Patrick Traynor at the University of Florida, co-PIs Kurt Hugenberg and Apu Kapadia at Indiana University, and Elissa Redmiles, CEO & Principal Researcher at Human Computing Associates. The team’s proposal, “Securing the Future of Computing for Marginalized and Vulnerable Populations,” is one of three projects selected by NSF in its latest round of SaTC Frontiers awards worth a combined $24.5 million. The other projects focus on securing the open-source software supply chain and extending the “trusted execution environment” principle to secure computation in the cloud.