As a practitioner of Human-Centered Design, empathy is a core skill in the work I do. In No Flex Zone: Empathy Driven Development, Duretti Hirpa writes about how empathy can be a competitive advantage.
“We build software for all kinds of people, and empathy helps us to connect to these disparate audiences. We have to choose empathy, but I’d argue, it’s undeniably the ‘one weird trick’ to future-proofing the software engineering.” – Duretti Hirpa
Simply Secure chooses empathy, and we believe that understanding the lives of end-users is an essential element in building empathy for them. Here are some security-focused resources for building empathy. These are useful not only because they explain use scenarios for different technologies, but because they paint vivid pictures of users’ priorities and motivations.
Swift on Security writes A Story About Jessica, a fictionalized 17-year-old interested in biology and her boyfriend. She is currently worried about getting a scholarship for college and getting evicted from the apartment she shares with her mother. To make matters worse, Jessica unwittingly infects her hand-me-down laptop with spyware and doesn’t even know it, since she trusts the accuracy of the reassuring “protected” message she sees from her anti-virus software. This story is consistent with the finding shared by Iulia Ion, Rob Reeder, and Sunny Consalvo that non-experts rely on anti-virus software for all their security needs.
Eleanor Saitta gives detailed Real World Use Cases for High-Risk Users, explaining the how applications like Facebook are essential emotional supports for vulnerable people, and that Facebook over Tor can help keep them safe. Details like a controlling husband making his wife get rid of her phone after a cross-country move can help tool developers build empathy for people who would benefit from their services. It can also help technologists make “compromises,” such as interoperating with services like Facebook that may be problematic from a security point of view, more desirable.
Simply Secure fellow Gus Andrews’ User Personas for Security and Privacy build on work from Saitta and others to share personas from around the globe, important for helping developers make technologies that are accessible to people in contexts different than their own. The example of human-rights activist from the Democratic Republic of Congo contains some helpful nuance – for example, that she needs “to take a break from the stress of worrying for her safety and meeting with victims of violence.” Social technologies are one way that people escape and relax, so this activist may get important emotional benefits from using “insecure” applications.
Working on secure communications is important because we have the chance to improve people’s lives by making critical tools meet their needs more closely. As Saitta writes about a woman living in a shelter’s Facebook use, “That account has been her one lifeline to contacting people, and not only is it crucial for her to be able to access it, it's been an emotional lifeline for her for years. Losing access to it radically lowers her long-term chances of not only getting to safety, but also of living a happy life later on.”
Doing user research is a powerful and efficient way to build empathy, and I encourage everyone to spend time in the field, talking with people about their lives and how technology fits (or doesn’t fit) into it. One starting point when having such conversations is the USDS 18F Method Cards, which are an open-source resource for structuring user research. The cards on bodystorming and user interviews from the Discover section are particularly relevant for gaining insight that helps establish an empathetic connection with users.