SlideShare una empresa de Scribd logo

IAC22 Safe Tech Audit Presentation Noreen Whysel.pptx

Noreen Whysel
Noreen Whysel

Your Personal Information is none of anyone’s Business. Information Architecture can help keep it that way. Are you creating products that respect the needs and autonomy of your users? Would you like to learn how to evaluate your digital products for respectful behavior? It’s possible to measure ethical behavior of technology and Information Architecture is a key component. Join Noreen Whysel and you will Learn: -How can IA inform the design of safe and respectful apps and websites? -What is the Me2B Safe Technology Specification? -How can you get involved?

Internet
1 de 61
Safe Tech Audit: IA as a Framework forRespectful Design NoreenWhysel Director ofValidation Research Me2B Alliance/Internet Safety Labs
Agenda 01 02 03 04 05 06 Introduction IAHeuristics Me2BA Safe Technology Specification User Experience Audit –Applied IAHeuristics How toGet Involved IAPerimeter ofInfluence
Introduction
Curiosity
Introducing the Me2B Alliance We are a non-profit internet product testing organization, unrelentingly on the side of consumers and their safety.
Circle of Competence “…[S]tick within…your circle of competence…. “It's not terribly important how big the circle is. But it is terribly important that you know where the perimeter is.”— Rolf Dobelli
Perimeter of Competence Source: Sinclair, A. 2016 The Intellectual Base of Archaeological Research 2004-2013: a visualisation and analysis of its disciplinary links, networks of authors and conceptual language, Internet Archaeology 42. https://doi.org/10.11141/ia.42.8
Safe Technology
We measure the safety of websites, mobile apps, any connected technology.
Like Restaurant Scores. But for Technology.
1 Define Define "Safe" technology.​ Operate as an Internet Safety Lab.
Research Perform industry benchmarks.​ Validate safety spec with Me-s.​ 2
Test Conduct independent product testing of websites and mobile apps (and more).​ 3
Educate ​Helping all stakeholders know how to build safe products 4
Advocate Keep Me-s safe in the digital world.​ 5
EU - GDPR California - CCPA/CP RA Virginia Colorado …more coming • California specifically calls out “Dark Patterns” which impair user autonomy, decision-making and choice
IAHeuristics
National Strategy forTrusted Identity in Cyberspace (2011) How might we? • Help “Individuals and organizations” … “utilize secure, efficient, easy-to-use, and interoperable identity solutions” • So they can “access online services in a manner that promotes confidence, privacy, choice, and innovation.” Source: https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf
Identity Ecosystem Framework Registry The Identity Ecosystem Steering Group • Privacy • Security • Interoperability • Usability UX Committee • User Experience Guidelines and Metrics Source: https://idefregistry.edufoundation.kantarainitiative.org/
Nielsen/ Mack Usability Inspection Methods (1994) Source: Heuristic Evaluation – A System Checklist. https://stcsig.org/heuristic-evaluation-a-system-checklist/
Identity Ecosystem FrameworkRegistry For the IDEF Website, we found that many of the requirements in the Nielsen/Mack heuristics identified functions and processes of a system that are specific to standalone software and other technical systems and somewhat irrelevant to websites, which rely on command language and functionality of the browser and device used to access them.
Abby Covert’s 10 Heuristic IA Principles (2012) Source: Abby Covert. Information Architecture Heuristics. https://www.slideshare.net/AbbyCovert/information-architecture-heuristics
1 Identify What tasks does your audience value the most? What channels will the user path connect to?
Prioritize List taks in orderof imoprtance 2 List the IA Principles in order of importance Assign a pre-test score for each principle
Analyze Review and evaluate problems Rate the impact of the entire experience 3
Me2B SafeTechnologySpecification
Did YouKnow?
60% ofschool apps leakstudent informationto Big Tech • Second level • Third level • Fourth level • Fifth level
People are uninformed about their data rights • Morethanhalfof USadultsdon’tknowthatagreeing toTerms of Use createsalegally binding contractthatmayallow personaldata sharing • In ourfocusgroups,peoplesaytheylooktothe Privacy Policytounderstandtheir datarights.Tothem, theTermsof Usearejust “TheRules” • But…aPrivacyPolicyis just that—apolicy.It is requiredas anoticetoconsumers,butit is notalegally binding contract • The real,binding termsarein theTermsof Use
Source: Flash Guide #3: Me2B Rules of Engagement https://me2ba.org/flash-guide-3-the- me2b-rules-of-engagement-our-ethical-foundation/ The Me2B Rules of Engageme nt 1. Freedom | We agree not to coerce or manipulate each other. 2. Respect of Boundaries | We agree to respect each other’s personal boundaries. 3. Respectful Defaults | In the absence of stated preferences, we default to the most conservative behavior. 4. Fairness & Non-exploitation | We agree to treat each other fairly and not exploit things that are shared. 5. Good Communication | We agree to be forthright, honest and clear in our communication. 6. Promise-Keeping | We keep our promises. 7. Non-Harming | We agree not to willfully harm one another. 8. Respectful Dispute Resolution | We agree to respectful, collaborative and fair dispute resolution methods.
Data Flows:Not a Trickle. A Firehose.
Apple and Google have changed their privacy settings, but… • Most mobile appsandwebsitescreatepersistentchannelstothirdparty databrokerswhocan shareyourdatafarandwide • Wecanpointtochanges in the privacysettingsforAppledevices (2022) andupcoming privacylabeling onappsin theGooglePlay store(2023) thatarestepsin therightdirection • ButBigTech will continuetofindwaystocollect, useand sharetheir customer’spersonaldata,andthirdpartieswill continuetodevelop andshareyourdataprofilein new ways.
No Gossip No Eavesdropping No Stalking No Manipulation No Coercion Progressive Consent All Touch Points Should Be Respectful Respectful Relationships
Respectful Relationships No Gossip No Eavesdropping No Stalking No Manipulation No Coercion Progressive Consent All Touch Points Should Be Respectful Data minimization Individual control and autonomy Respectful defaults
Safe Relationships ● Data minimization ● Individual control and autonomy ● Respectful defaults
User Experience Audit: Applied IA Heuristics
Attributes of Respectful Commitments 1. Clear Data Processing Notice 2. Viable Permission (Data Controllers and All Data Processors) 3. Identification Minimization 4. Data Collection Minimization 5. Private by Default 6. Reasonable Data Use & Sharing Behavior 7. Data Processing Complies with Data Subject's Privacy Preferences & Permissions 8. Data Processing Complies with Policies 9. Reasonable Commitment Duration 10. Commitment Termination or Change Behavior
Abby Covert’s 10 Heuristic IA Principles (2012) Source: Abby Covert. Information Architecture Heuristics. https://www.slideshare.net/AbbyCovert/information-architecture-heuristics
1 Identify Identify user flows and actions to evaluate in websites and apps • First-Open/No Commitment • Local Storage Commitment • Location Commitment • Promotional Commitment • Contact Us Commitment • One-Off Transaction Commitment • Loyalty Commitment • Me2B Marriage Commitment
Prioritize List taks in orderof imoprtance 2 Prioritize the IA Principles. Provide a score.
Findable • Is there a data processing notice available to the user? • Is the data processing notice present/available on the same screen as the commitment? 1. Clear Data Processing Notice
Accessible • Is the data processing notice/information accessible and rendered by assistive services and other machine-readable processes? 1. Clear Data Processing Notice
Clear (understandable) • Is the copy for the website notice for clear and easy to understand by the general population. • Readable privacy policy: Grade level 6 or lower as measured by the Flesch- Kincaid Readability Index 1. Clear Data Processing Notice
Communicative • Is the data processing notice that the data subject receives on the website complete? 1. Clear Data Processing Notice
Controllable • Does the data subject freely give permission for this commitment? • No dark patterns detected in the UX • Is there a discrete, intentional permission UX for the commitment? • Does the consent flow to all downstream data processors and co- controllers? 2. Viable Permission
Give up yet? How ‘bout now?
Analyze Review and evaluate problems Rate the impact of the entire experience 3
Findable 1. Clear Data Processing Notice 0 == Data processing notice exists -2 == Data processing notice is not on the same screen. -3 == Data processing notice is missing
Accessible 1. Clear Data Processing Notice 0 == The assistive screen reader can read the notice. -1 == The assistive screen reader is unable to read part of the notice. -2 == The assistive screen reader is unable to read most of the notice. -3 == The assistive screen reader is unable to read any of the notice.
Clear (understandable) 1. Clear Data Processing Notice 0 == Reading comprehension score is at or below Flesch Kincaid 6th grade reading level -1 == Reading comprehension score is above Flesch Kincaid 6th grade reading level -3 == Reading comprehension score is above Flesch Kincaid 8th grade reading level
Communicative 1. Clear Data Processing Notice 0 == Data processing notice explains the data process per Me2B Commitment. -3 == Data processing notice does not explain data process per Me2B Commitment.
Controllable No Dark Patterns • -1 to -3 == Harmful patterns detected in UX. • -3 == Data subject is required to agree to terms of service prior to account creation. Appropriate Level of Control • -3 == Data subject controls are are inadequate/insufficient/too coarse-grained. • -1 == Data subject controls are somewhat inadequate/sub-optimal. 2. Viable Permission
How to Get Involved
Get Involved with Safe and Respectful Technology • Me2B Alliance (Me2ba.org) • Respectful Technology Specification WG • PaLS: Policy and Legal WG • Kantara Initiative (Kantarainitiative.org) • FIRE WG (Federated Identity) • ANCR WG (Advanced Notice & Consent Receipt) • PEMC WG (Privacy Enhanced Mobile Credentials) • UMA WG (User Managed Access) • Project VRM, (cyber.harvard.edu/projectvrm/) • IEEE P7012 Machine Readable Personal Privacy • W3C • Information Architecture Community Group
Thank you! Noreen Whysel Director of Validation Research Me2B Alliance Noreen.whysel@me2ba.org Follow @nwhysel and @me2balliance on Twitter

Recomendados

Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Final review m score
Final review m scoreFinal review m score
Final review m scoreazhar4010
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxtmbainjr131
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data SecurityCareer Communications Group
 

Recomendados

Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Final review m score
Final review m scoreFinal review m score
Final review m scoreazhar4010
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxtmbainjr131
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data SecurityCareer Communications Group
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...Edge AI and Vision Alliance
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Risk Crew
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Open Data Center Alliance
 
Bridging the Gap: Analyzing Data in and Below the Cloud
Bridging the Gap: Analyzing Data in and Below the CloudBridging the Gap: Analyzing Data in and Below the Cloud
Bridging the Gap: Analyzing Data in and Below the CloudInside Analysis
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesBlack Duck by Synopsys
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Joanne Klein
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Agile data science
Agile data scienceAgile data science
Agile data scienceJoel Horwitz
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in MindGosia Fraser
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCP®
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxtmbainjr131
 
Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptx
Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptxInformed Consent-Are Your Participants-Aware-o- What-They-Share.pptx
Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptxNoreen Whysel
 
User Experience Research: Deriving Insights for Customer Development
User Experience Research: Deriving Insights for Customer DevelopmentUser Experience Research: Deriving Insights for Customer Development
User Experience Research: Deriving Insights for Customer DevelopmentNoreen Whysel
 

Más contenido relacionado

Similar a IAC22 Safe Tech Audit Presentation Noreen Whysel.pptx

“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...Edge AI and Vision Alliance
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Risk Crew
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Bridging the Gap: Analyzing Data in and Below the Cloud
Bridging the Gap: Analyzing Data in and Below the CloudBridging the Gap: Analyzing Data in and Below the Cloud
Bridging the Gap: Analyzing Data in and Below the CloudInside Analysis
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesBlack Duck by Synopsys
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Joanne Klein
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Agile data science
Agile data scienceAgile data science
Agile data scienceJoel Horwitz
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in MindGosia Fraser
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxtmbainjr131
 

Similar a IAC22 Safe Tech Audit Presentation Noreen Whysel.pptx (20)

“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics
 
Bridging the Gap: Analyzing Data in and Below the Cloud
Bridging the Gap: Analyzing Data in and Below the CloudBridging the Gap: Analyzing Data in and Below the Cloud
Bridging the Gap: Analyzing Data in and Below the Cloud
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Agile data science
Agile data scienceAgile data science
Agile data science
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving Security
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptx
 

Más de Noreen Whysel

Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptx
Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptxInformed Consent-Are Your Participants-Aware-o- What-They-Share.pptx
Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptxNoreen Whysel
 
User Experience Research: Deriving Insights for Customer Development
User Experience Research: Deriving Insights for Customer DevelopmentUser Experience Research: Deriving Insights for Customer Development
User Experience Research: Deriving Insights for Customer DevelopmentNoreen Whysel
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfNoreen Whysel
 
Consumer Views on Respectful Technology.pdf
Consumer Views on Respectful Technology.pdfConsumer Views on Respectful Technology.pdf
Consumer Views on Respectful Technology.pdfNoreen Whysel
 
Information architecture for science gateways
Information architecture for science gatewaysInformation architecture for science gateways
Information architecture for science gatewaysNoreen Whysel
 
How to Create and Maintain an Effective Information Architecture and Navigati...
How to Create and Maintain an Effective Information Architecture and Navigati...How to Create and Maintain an Effective Information Architecture and Navigati...
How to Create and Maintain an Effective Information Architecture and Navigati...Noreen Whysel
 
Shaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital IdentityShaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital IdentityNoreen Whysel
 
Finding Empathy for Your Future Self: UX User Researchers Meetup April 4, 2018
Finding Empathy for Your Future Self: UX User Researchers Meetup April 4, 2018Finding Empathy for Your Future Self: UX User Researchers Meetup April 4, 2018
Finding Empathy for Your Future Self: UX User Researchers Meetup April 4, 2018Noreen Whysel
 
Kantara Orientation for CARIN Digital ID Summit
Kantara Orientation for CARIN Digital ID SummitKantara Orientation for CARIN Digital ID Summit
Kantara Orientation for CARIN Digital ID SummitNoreen Whysel
 
Preserving Performance at DHWEEK 2018
Preserving Performance at DHWEEK 2018Preserving Performance at DHWEEK 2018
Preserving Performance at DHWEEK 2018Noreen Whysel
 
Journey App: Empathy Jam 2017 Hackathon Entry
Journey App: Empathy Jam 2017 Hackathon EntryJourney App: Empathy Jam 2017 Hackathon Entry
Journey App: Empathy Jam 2017 Hackathon EntryNoreen Whysel
 
SLP 2018 Customer Development
SLP 2018 Customer DevelopmentSLP 2018 Customer Development
SLP 2018 Customer DevelopmentNoreen Whysel
 
Dreams, resilience and making a difference
Dreams, resilience and making a differenceDreams, resilience and making a difference
Dreams, resilience and making a differenceNoreen Whysel
 
Diversity and Inclusion in Wikipedia
Diversity and Inclusion in WikipediaDiversity and Inclusion in Wikipedia
Diversity and Inclusion in WikipediaNoreen Whysel
 
IA Wikipedia Edit-a-thon
IA Wikipedia Edit-a-thonIA Wikipedia Edit-a-thon
IA Wikipedia Edit-a-thonNoreen Whysel
 
Creating a Collaborative Learning Gateway
Creating a Collaborative Learning GatewayCreating a Collaborative Learning Gateway
Creating a Collaborative Learning GatewayNoreen Whysel
 
Prelude 16: Preserving Performance
Prelude 16: Preserving PerformancePrelude 16: Preserving Performance
Prelude 16: Preserving PerformanceNoreen Whysel
 
Mentoring Women in Open Source
Mentoring Women in Open SourceMentoring Women in Open Source
Mentoring Women in Open SourceNoreen Whysel
 
Pinterest as Digital Archive, IA Summit 2016, Atlanta
Pinterest as Digital Archive, IA Summit 2016, AtlantaPinterest as Digital Archive, IA Summit 2016, Atlanta
Pinterest as Digital Archive, IA Summit 2016, AtlantaNoreen Whysel
 

Más de Noreen Whysel (20)

Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptx
Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptxInformed Consent-Are Your Participants-Aware-o- What-They-Share.pptx
Informed Consent-Are Your Participants-Aware-o- What-They-Share.pptx
 
User Experience Research: Deriving Insights for Customer Development
User Experience Research: Deriving Insights for Customer DevelopmentUser Experience Research: Deriving Insights for Customer Development
User Experience Research: Deriving Insights for Customer Development
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdf
 
Consumer Views on Respectful Technology.pdf
Consumer Views on Respectful Technology.pdfConsumer Views on Respectful Technology.pdf
Consumer Views on Respectful Technology.pdf
 
Information architecture for science gateways
Information architecture for science gatewaysInformation architecture for science gateways
Information architecture for science gateways
 
How to Create and Maintain an Effective Information Architecture and Navigati...
How to Create and Maintain an Effective Information Architecture and Navigati...How to Create and Maintain an Effective Information Architecture and Navigati...
How to Create and Maintain an Effective Information Architecture and Navigati...
 
Shaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital IdentityShaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital Identity
 
Trust and inclusion
Trust and inclusionTrust and inclusion
Trust and inclusion
 
Finding Empathy for Your Future Self: UX User Researchers Meetup April 4, 2018
Finding Empathy for Your Future Self: UX User Researchers Meetup April 4, 2018Finding Empathy for Your Future Self: UX User Researchers Meetup April 4, 2018
Finding Empathy for Your Future Self: UX User Researchers Meetup April 4, 2018
 
Kantara Orientation for CARIN Digital ID Summit
Kantara Orientation for CARIN Digital ID SummitKantara Orientation for CARIN Digital ID Summit
Kantara Orientation for CARIN Digital ID Summit
 
Preserving Performance at DHWEEK 2018
Preserving Performance at DHWEEK 2018Preserving Performance at DHWEEK 2018
Preserving Performance at DHWEEK 2018
 
Journey App: Empathy Jam 2017 Hackathon Entry
Journey App: Empathy Jam 2017 Hackathon EntryJourney App: Empathy Jam 2017 Hackathon Entry
Journey App: Empathy Jam 2017 Hackathon Entry
 
SLP 2018 Customer Development
SLP 2018 Customer DevelopmentSLP 2018 Customer Development
SLP 2018 Customer Development
 
Dreams, resilience and making a difference
Dreams, resilience and making a differenceDreams, resilience and making a difference
Dreams, resilience and making a difference
 
Diversity and Inclusion in Wikipedia
Diversity and Inclusion in WikipediaDiversity and Inclusion in Wikipedia
Diversity and Inclusion in Wikipedia
 
IA Wikipedia Edit-a-thon
IA Wikipedia Edit-a-thonIA Wikipedia Edit-a-thon
IA Wikipedia Edit-a-thon
 
Creating a Collaborative Learning Gateway
Creating a Collaborative Learning GatewayCreating a Collaborative Learning Gateway
Creating a Collaborative Learning Gateway
 
Prelude 16: Preserving Performance
Prelude 16: Preserving PerformancePrelude 16: Preserving Performance
Prelude 16: Preserving Performance
 
Mentoring Women in Open Source
Mentoring Women in Open SourceMentoring Women in Open Source
Mentoring Women in Open Source
 
Pinterest as Digital Archive, IA Summit 2016, Atlanta
Pinterest as Digital Archive, IA Summit 2016, AtlantaPinterest as Digital Archive, IA Summit 2016, Atlanta
Pinterest as Digital Archive, IA Summit 2016, Atlanta
 

Último

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 

Último (20)

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 

IAC22 Safe Tech Audit Presentation Noreen Whysel.pptx

  • 1. Safe Tech Audit: IA as a Framework forRespectful Design NoreenWhysel Director ofValidation Research Me2B Alliance/Internet Safety Labs
  • 2. Agenda 01 02 03 04 05 06 Introduction IAHeuristics Me2BA Safe Technology Specification User Experience Audit –Applied IAHeuristics How toGet Involved IAPerimeter ofInfluence
  • 5.
  • 6. Introducing the Me2B Alliance We are a non-profit internet product testing organization, unrelentingly on the side of consumers and their safety.
  • 7. Circle of Competence “…[S]tick within…your circle of competence…. “It's not terribly important how big the circle is. But it is terribly important that you know where the perimeter is.”— Rolf Dobelli
  • 8. Perimeter of Competence Source: Sinclair, A. 2016 The Intellectual Base of Archaeological Research 2004-2013: a visualisation and analysis of its disciplinary links, networks of authors and conceptual language, Internet Archaeology 42. https://doi.org/10.11141/ia.42.8
  • 10. We measure the safety of websites, mobile apps, any connected technology.
  • 11. Like Restaurant Scores. But for Technology.
  • 12. 1 Define Define "Safe" technology.​ Operate as an Internet Safety Lab.
  • 14. Test Conduct independent product testing of websites and mobile apps (and more).​ 3
  • 15. Educate ​Helping all stakeholders know how to build safe products 4
  • 16. Advocate Keep Me-s safe in the digital world.​ 5
  • 17. EU - GDPR California - CCPA/CP RA Virginia Colorado …more coming • California specifically calls out “Dark Patterns” which impair user autonomy, decision-making and choice
  • 19. National Strategy forTrusted Identity in Cyberspace (2011) How might we? • Help “Individuals and organizations” … “utilize secure, efficient, easy-to-use, and interoperable identity solutions” • So they can “access online services in a manner that promotes confidence, privacy, choice, and innovation.” Source: https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf
  • 20. Identity Ecosystem Framework Registry The Identity Ecosystem Steering Group • Privacy • Security • Interoperability • Usability UX Committee • User Experience Guidelines and Metrics Source: https://idefregistry.edufoundation.kantarainitiative.org/
  • 21.
  • 22. Nielsen/ Mack Usability Inspection Methods (1994) Source: Heuristic Evaluation – A System Checklist. https://stcsig.org/heuristic-evaluation-a-system-checklist/
  • 23. Identity Ecosystem FrameworkRegistry For the IDEF Website, we found that many of the requirements in the Nielsen/Mack heuristics identified functions and processes of a system that are specific to standalone software and other technical systems and somewhat irrelevant to websites, which rely on command language and functionality of the browser and device used to access them.
  • 24. Abby Covert’s 10 Heuristic IA Principles (2012) Source: Abby Covert. Information Architecture Heuristics. https://www.slideshare.net/AbbyCovert/information-architecture-heuristics
  • 25. 1 Identify What tasks does your audience value the most? What channels will the user path connect to?
  • 26. Prioritize List taks in orderof imoprtance 2 List the IA Principles in order of importance Assign a pre-test score for each principle
  • 27. Analyze Review and evaluate problems Rate the impact of the entire experience 3
  • 30. 60% ofschool apps leakstudent informationto Big Tech • Second level • Third level • Fourth level • Fifth level
  • 31. People are uninformed about their data rights • Morethanhalfof USadultsdon’tknowthatagreeing toTerms of Use createsalegally binding contractthatmayallow personaldata sharing • In ourfocusgroups,peoplesaytheylooktothe Privacy Policytounderstandtheir datarights.Tothem, theTermsof Usearejust “TheRules” • But…aPrivacyPolicyis just that—apolicy.It is requiredas anoticetoconsumers,butit is notalegally binding contract • The real,binding termsarein theTermsof Use
  • 32.
  • 33. Source: Flash Guide #3: Me2B Rules of Engagement https://me2ba.org/flash-guide-3-the- me2b-rules-of-engagement-our-ethical-foundation/ The Me2B Rules of Engageme nt 1. Freedom | We agree not to coerce or manipulate each other. 2. Respect of Boundaries | We agree to respect each other’s personal boundaries. 3. Respectful Defaults | In the absence of stated preferences, we default to the most conservative behavior. 4. Fairness & Non-exploitation | We agree to treat each other fairly and not exploit things that are shared. 5. Good Communication | We agree to be forthright, honest and clear in our communication. 6. Promise-Keeping | We keep our promises. 7. Non-Harming | We agree not to willfully harm one another. 8. Respectful Dispute Resolution | We agree to respectful, collaborative and fair dispute resolution methods.
  • 34.
  • 35.
  • 36.
  • 37. Data Flows:Not a Trickle. A Firehose.
  • 38. Apple and Google have changed their privacy settings, but… • Most mobile appsandwebsitescreatepersistentchannelstothirdparty databrokerswhocan shareyourdatafarandwide • Wecanpointtochanges in the privacysettingsforAppledevices (2022) andupcoming privacylabeling onappsin theGooglePlay store(2023) thatarestepsin therightdirection • ButBigTech will continuetofindwaystocollect, useand sharetheir customer’spersonaldata,andthirdpartieswill continuetodevelop andshareyourdataprofilein new ways.
  • 39. No Gossip No Eavesdropping No Stalking No Manipulation No Coercion Progressive Consent All Touch Points Should Be Respectful Respectful Relationships
  • 40. Respectful Relationships No Gossip No Eavesdropping No Stalking No Manipulation No Coercion Progressive Consent All Touch Points Should Be Respectful Data minimization Individual control and autonomy Respectful defaults
  • 41. Safe Relationships ● Data minimization ● Individual control and autonomy ● Respectful defaults
  • 43. Attributes of Respectful Commitments 1. Clear Data Processing Notice 2. Viable Permission (Data Controllers and All Data Processors) 3. Identification Minimization 4. Data Collection Minimization 5. Private by Default 6. Reasonable Data Use & Sharing Behavior 7. Data Processing Complies with Data Subject's Privacy Preferences & Permissions 8. Data Processing Complies with Policies 9. Reasonable Commitment Duration 10. Commitment Termination or Change Behavior
  • 44. Abby Covert’s 10 Heuristic IA Principles (2012) Source: Abby Covert. Information Architecture Heuristics. https://www.slideshare.net/AbbyCovert/information-architecture-heuristics
  • 45. 1 Identify Identify user flows and actions to evaluate in websites and apps • First-Open/No Commitment • Local Storage Commitment • Location Commitment • Promotional Commitment • Contact Us Commitment • One-Off Transaction Commitment • Loyalty Commitment • Me2B Marriage Commitment
  • 46. Prioritize List taks in orderof imoprtance 2 Prioritize the IA Principles. Provide a score.
  • 47. Findable • Is there a data processing notice available to the user? • Is the data processing notice present/available on the same screen as the commitment? 1. Clear Data Processing Notice
  • 48. Accessible • Is the data processing notice/information accessible and rendered by assistive services and other machine-readable processes? 1. Clear Data Processing Notice
  • 49. Clear (understandable) • Is the copy for the website notice for clear and easy to understand by the general population. • Readable privacy policy: Grade level 6 or lower as measured by the Flesch- Kincaid Readability Index 1. Clear Data Processing Notice
  • 50. Communicative • Is the data processing notice that the data subject receives on the website complete? 1. Clear Data Processing Notice
  • 51. Controllable • Does the data subject freely give permission for this commitment? • No dark patterns detected in the UX • Is there a discrete, intentional permission UX for the commitment? • Does the consent flow to all downstream data processors and co- controllers? 2. Viable Permission
  • 52. Give up yet? How ‘bout now?
  • 53. Analyze Review and evaluate problems Rate the impact of the entire experience 3
  • 54. Findable 1. Clear Data Processing Notice 0 == Data processing notice exists -2 == Data processing notice is not on the same screen. -3 == Data processing notice is missing
  • 55. Accessible 1. Clear Data Processing Notice 0 == The assistive screen reader can read the notice. -1 == The assistive screen reader is unable to read part of the notice. -2 == The assistive screen reader is unable to read most of the notice. -3 == The assistive screen reader is unable to read any of the notice.
  • 56. Clear (understandable) 1. Clear Data Processing Notice 0 == Reading comprehension score is at or below Flesch Kincaid 6th grade reading level -1 == Reading comprehension score is above Flesch Kincaid 6th grade reading level -3 == Reading comprehension score is above Flesch Kincaid 8th grade reading level
  • 57. Communicative 1. Clear Data Processing Notice 0 == Data processing notice explains the data process per Me2B Commitment. -3 == Data processing notice does not explain data process per Me2B Commitment.
  • 58. Controllable No Dark Patterns • -1 to -3 == Harmful patterns detected in UX. • -3 == Data subject is required to agree to terms of service prior to account creation. Appropriate Level of Control • -3 == Data subject controls are are inadequate/insufficient/too coarse-grained. • -1 == Data subject controls are somewhat inadequate/sub-optimal. 2. Viable Permission
  • 59. How to Get Involved
  • 60. Get Involved with Safe and Respectful Technology • Me2B Alliance (Me2ba.org) • Respectful Technology Specification WG • PaLS: Policy and Legal WG • Kantara Initiative (Kantarainitiative.org) • FIRE WG (Federated Identity) • ANCR WG (Advanced Notice & Consent Receipt) • PEMC WG (Privacy Enhanced Mobile Credentials) • UMA WG (User Managed Access) • Project VRM, (cyber.harvard.edu/projectvrm/) • IEEE P7012 Machine Readable Personal Privacy • W3C • Information Architecture Community Group
  • 61. Thank you! Noreen Whysel Director of Validation Research Me2B Alliance Noreen.whysel@me2ba.org Follow @nwhysel and @me2balliance on Twitter

Notas del editor

  1. Hi I’m Noreen Whysel and I’m sitting in my 2BR apartment in Brooklyn. Describe myself and the room, black wall, colorful art, new lamp. From what I’m telling you, you might say that I have rather Quirky taste in art, but relatively simple, plain style of dress.  You may know me because I’ve been a fixture of past IACs and Summits or maybe I’m new to you so you looked me up on LinkedIn and read my Twitter feed to get a sense of my background.  You know these things about me because I choose to show you and tell you. Or because you knew where to find information about me and whom to ask. But there are things I didn’t tell you that you may notice. You see boxes so you might surmise that I moved recently. There are things you might see that I may not want you to notice, like the small speck on one of my teeth that I got from a Spin brush abrasion and that I’ve been avoiding the dentist. You don’t expect your devices and technology relationships to know these things about you, but they do have a very rich picture of where you are now, who you are with and what you are doing. They map that picture to others like you who share your habits, preferences and background. They use this information to predict and influence your behavior. And they share it with other networks (through adtech SDKs)
  2. I will be talking about one tool, IA heuristics and how I am applying it in the development of a safe technology specification at the Me2B Alliance. But you should think about your interests and field of expertise and how you might practice Applied IA.
  3. To give you a little background, here’s an overview of what we do at the Me2B Alliance.
  4. Hi I’m Noreen Whysel. I’m a researcher, an information architect and increasingly, an expert on developing technology standards. If there is one thing that defines me it is Curiosity.
  5. I am driven to explore things that happen on the edges. It is where a lot of the most interesting things happen. And it is a place that is ideal for people who practice information architecture.
  6. I work for the Me2B Alliance as the Director of Validation Research. We developing a safety spec for the internet. Our work encompasses new terrain that includes ethics, psychology, philosophy, anthropology, sociology, technology, law, regulation.  It’s a complex world to work in. Consumers and businesses speak different languages and the people creating technology standards speak yet another language. IA can help to draw these worlds together so that everyone speaks the same language.
  7. I recently found this quote from Rolf Dobelli, the one who gave us the adage about how if you have a hammer everything looks like a nail. Read slide.
  8. As IAs we are uniquely skilled to work on the edges. We don’t just see the hammer and nail. We look at the spaces where disciplines meet, break down the mental models and through a combination of curiosity and expertise we can build taxonomies and wayfinding to get everyone to speak the same language and find what they need..
  9. One of the areas where I am IA is Safe Technology. To give you a little background, here’s an overview of what we do at the Me2B Alliance.
  10. We measure the safety of connected technology. Where “safety” means the ability to exercise privacy, and live freely in the digital world. There are many cybersecurity standards; we're not doing that.  We're talking about human privacy and human safety. ​
  11. Think of it as Restaurant Scores for technology.
  12. We are creating a safe technology specification and operate as an Internet Safety testing Lab, similar to Underwriters Lab or Consumer Reports.
  13. We also do a lot of validation research to ensure that the our safe technology specification makes sense to developers and to ensure that they are addressing a recognizable problem faced by consumers. This is mostly what I do.
  14. We are also conducting independent product testing. These tests include product behaviors such as data capture and sharing that happens behind the curtain, as well as user experience tests to ensure that product users are informed of these behaviors and how what they can do to permit or deny them.
  15. We want to be sure all stakeholders know how to build safe products and publish Spotlight reports and flash guides on Me2B topics.
  16. We also advocate for safe product behavior at the government level to ensure the most people possible are safe. (Many states in the US have begun to adopt data privacy laws that are similar to GDPR (General Data Protection Regulation), which specifies how and whether technologies can collect, use and share personal information.)
  17. These laws and several state level privacy bills give consumers more control over the data that gets collected, used and shared with third parties. California’s law is particularly important since most companies doing business in the US are going to have users in California. CPRA specifically calls out “Dark Patterns” which are Uis that impair user autonomy, decision-making and choice.
  18. So where does IA come in? I discovered a way for Information Architecture Heuristics to inform a data privacy standards. But first, we will go back a few years to a project I was developing for the Identity Ecosystem Steering Group back in 2013.
  19. The IDESG was formed in 2011 in response to the White House National Strategy for Trusted Identity in Cyberspace. Their vision statement conveniently phrased as a HMW question: How might we help “Individuals and organizations” … “utilize secure, efficient, easy-to-use, and interoperable identity solutions” so they can “access online services in a manner that promotes confidence, privacy, choice, and innovation.”
  20. The IDESG created an Identity Ecosystem Framework and Registry with requirements for Privacy, Security, Interoperability and Usability of identity solutions. I was a vice chair on the UX committee where we developed the Usability requirements and a set of User Experience Guidelines and Metrics for ensuring usability of those identity solutions.
  21. For identity software, The IDEF User Experience Guidelines and Metrics (2016) recommend usability inspection method based on the industry standard “Heuristic Evaluation – A System Checklist,” which incorporates heuristics developed by Elaine Weiss (1993) and Jakob Nielsen and Robert Mack (1994).
  22. These heuristics are an exhaustive evaluation of the ten usability heuristics developed by Neilson (1994)
  23. Nielsen/Mack’s checklist was great for evaluating identity software, but for the IDEF Website, we found that many of the requirements in the Nielsen/Mack heuristics identified functions and processes that were somewhat irrelevant to websites, which rely on command language and functionality of the browser and device used to access them. 
  24. So we adopted Abby Covert’s IA Heuristics, which she had developed in 2012. Abby Covert’s Ten Information Architecture Heuristic Principles is a more relevant checklist. And are based on Neilsen/Mack as well as a number of more recently developed guidelines from Rosenfeld (2004), Morville (2004) and Resmini and Rosati (2011). Covert’s heuristics address relevant issues in the system checklist as well as additional concerns specific to a web-based application.
  25. Abby recommends beginning by identifying user tasks that you expect your audience to value over others. When you have identified these tasks, also note the channels that the user’s path will put them in contact with and what the context is. IDEF tasks included completing a product Attestation or looking up products in a registry that meet your needs as a business consumer
  26. The second step is to prioritize each of the ten information architecture principles in order of importance based on the coverage of the outlined tasks and organizational priorities. This step provides notes on the tasks that make each principle essential and list any expectations you anticipate from users. Then you can assign a pre-test score against each principle to note how well the website performs in the current implementation. Findable and Clear were important principles for IDEF. It wasn’t always clear exactly how to go through the product listing process and he way the information was presented to consumers needed to be clear and findable.
  27. The third step is to have a group of 3 to 5 experts review and evaluate any problems discovered and rate the impact on the entire experience. These ratings helped our developers prioritize user needs and create better visualizations of the product details.
  28. Abby’s framework worked very well for the ID Ecosystem Framework. But this was a straight application of a web interface. My next opportunity to apply IA to standards came at the Me2B Alliance and their Me2B Safe Technology Specification and it was a little different.
  29. Let’s look at some background on what the Me2BA is trying to change and how Applied IA helped.
  30. We do a lot of product research to demonstrate the value of our safe tech spec. Research on school apps in the San Diego Promise Zone last Fall found that 60% apps leak student information to third party data integrators in violation of COPPA. (Children’s Online Privacy Protection Act).
  31. Even something as simple and obvious as protecting our children’s data is not so easy to understand. Part of this has to do with the fact that we don’t understand our basic data rights. And we don’t know where to look for them or what we agreed to. This is an example of findings from research I did last summer on legal policies.
  32. The Me2B ethical orientation aligns with interpersonal relationship behavioral norms experienced in the physical world. (Refer also to Flash Guides #2-10 for a deeper treatment). It's important to have a grasp of the Me2B relationship framework and vocabulary in order to fully appreciate what “safe" means in the digital world. There is a longer description of this slide, but basically it shows a layered relationship between the product user, the business that makes it and the technology itself. Already as an IA you are probably drawn to the complex relationships and points of view in a diagram like this, which includes consumers, product design, lawyers, developers, third party software and data integrators. —- To begin, we view the relationship we have with technology as a dynamic relationship, that changes over time. We call this the Me2B Relationship, and there are several layers to the Me2B Relationship, including the legal layer with the business entity (Me2B Legal Relationship), the experiential relationship we have with a piece of technology itself (Me2P, or Me-to-Product Relationship), and the Hidden B2B Relationships the business has with third party Data Processors (or Co-Data Controllers), that have a quasi-relationship with the Me (or Data Subject)--"quasi" because the Me has little awareness or choice in these relationships. Which hints at one of the fundamental social norms of relationships in the physical world: which are mostly voluntary. We have distilled the characteristics of healthy human relationships and translated specifically for Me2B Relationships into a list of ethical principles called the Me2B Rules of Engagement (add link).
  33. We have distilled the characteristics of healthy human relationships and translated specifically for Me2B Relationships into a list of ethical principles called the Me2B Rules of Engagement (add link).
  34. TMe2B Relationship between the Me and the technology changes over time--like all the relationships we have. The full arc of the Me2B Relationship over time is called the Me2B Lifecycle (see Figure 2 below). And like our personal relationships, the Me2B relationship lifecycle is shaped by the two-way interaction experienced between the two parties. In particular in digital Me2B relationships, there are key transactions in the interaction that reflect Me2B Commitments--inflection points in the relationship trajectory that either deepen or lessen the intensity of the relationship. Each star in Figure 2 reflects these Me2B Commitments. At each such point, the Me is faced with a decision on whether or not to accept the offered Me2B Deal, which outlines what the Me gives (typically in the form of information) and what the Me gets in return.
  35. Which we imagine looks somewhat like this with a very small amount of data at the beginning of a relationship, gradually tapering off after the relationship is terminated.
  36. But it’s really like this. A major culprit in the tsunami of unwitting information sharing is the digital advertising infrastructure, (described in Flash Guide # 5) . This infrastructure systematically, and at massive scale shares personal data with multiple third parties (known as Data Processors). So long as this infrastructure exists, the personal data floodgates are open.ii 
  37. Our personal data flows do not start light and increase with time and trust. Instead, a firehose of personal information is released – and shared with a host of unseen third parties – as soon as we open an app or website. Me2BA’s Respectful Tech Specification V.1 is largely focused on testing for these invisible parallel dataverse data flows.
  38. Most mobile apps create persistent channels to third party data brokers who can share your data far and wide, and while there are promising changes in some of the big browsers and app stores due to government regulations like CCPA and GDPR, these channels innovate quickly while government moves at the speed of, well government.
  39. So back to the power of IA to educate stakeholders on the effects of these violations of safe and respectful design. …. Our research shows that deceptive UI patterns have a lot in common with harms that we sometimes experience in our personal relationships. They can affect our confidence, our sense of control and our emotional and physical well-being. People use these words and they sound very much like the words we use in a relationship.
  40. Our rules of engagement with human to human relationships map nicely to rules of engagement for technology relationships.
  41. And translate to safe relationships.
  42. The framework for the Safe technology audit is a series of tests against ten attributes of Respectful commitments. Each of these attributes we look at relevant information and notifications, data collection, use and sharing behavior and UX behavior. For my part I focus on behaviors that are perceivable to the product user through the product content and interactive elements to ensure the technology rules of engagement are respected.
  43. We return to Abby Covert’s IA Principles and her framework for evaluating product architecture applied via the safe tech spec.
  44. We identified and evaluated user flows that correspond to the commitment states in the technology relationship arc. These are: First-Open/No Commitment Local Storage Commitment Location Commitment Promotional Commitment Contact Us Commitment One-Off Transaction Commitment Loyalty Commitment Me2B Marriage Commitment Of these states, local storage is the only one that isn’t necessarily visible in the UX Audit.
  45. Next, we prioritized the IA Principles which are scored based on how well the product performs against the requirements in the Me2B Safe Technology Specification.
  46. Example of how it works for the first attribute: Clear Data Processing Notice
  47. This would involve looking for things like ALT and ARIA attributes and anything that isn’t relatively clear on the page.
  48. Which brings us to the next principle, Clear.
  49. This can include a lot of things that connect those different POVs from legal to content to development teams: (1) the Me2B Deal Terms(quid pro quo) including data subsidization and monetization; (2) list of information collected (covering volunteered, observed and derived information); and (3) for each item of information, (a) legal basis for collection, (b) purpose for collecting the information including how it's used, (c) all data processors & co-controllers who receive it, and (d) how long the information is retained (by all data controllers and co-processors).
  50. We also look at Controllable, which is an important aspect of safe and respectful tech. Does the subject give their explicit, intentional permission? Is it discreet or are the consent options all or nothing?
  51. The third step of Abby Covert’s IA Heuristic Evaluation is to have a group of 3 to 5 experts review and evaluate any problems discovered and rate the impact on the entire experience. Each major finding is listed in detail along with severity ratings indicating the level of impact each issue has on the user’s ability to complete a task. Severity ratings range from Critical, where the ability to complete a task is impaired, to Medium, which may affect brand reputation or the perception of the experience to Low, which are non-impacting or cosmetic issues that do not affect the experience greatly but would be nice to correct.
  52. Example of how it works for the first attribute: Clear Data Processing Notice -3 == Processing notice is missing a section from the list in 9E.
  53. This would involve looking for things like ALT and ARIA attributes and anything that isn’t relatively clear on the page.
  54. Which brings us to the next principle, Clear.
  55. This can include a lot of things that connect those different POVs from legal to content to development teams: (1) the Me2B Deal Terms(quid pro quo) including data subsidization and monetization; (2) list of information collected (covering volunteered, observed and derived information); and (3) for each item of information, (a) legal basis for collection, (b) purpose for collecting the information including how it's used, (c) all data processors & co-controllers who receive it, and (d) how long the information is retained (by all data controllers and co-processors).
  56. We also look at Controllable, which is an important aspect of safe and respectful tech. Does the subject give their explicit, intentional permission? Is it discreet or are the consent options all or nothing?
  57. This talk introduced an IA framework for testing for dark patterns and data privacy compliance. You may have other interests or work in other areas, but this happens to be the world I’m working in now. I’ve also applied IA heuristics in other areas, such as mobile authentication, EHR and patient choice The heuristic analysis is just one toolsThere are many other ia tools - taxonomies, content management/strategy, Search— and many other areas to apply them. Ive applied some of these tools in emergency management and vulnerable population research. I’ve even gone super meta and applied IA thinking to avian taxonomy research at the AMNH. So I’d like to encourage you to view these example of Applied IA in my field and think about how you might apply IA in other fields where you have interests.
  58. But if you are interested in this work, here are some ways to get involved