Conceptions of Trust: How Designers Approach Usable Privacy and Security

Abstract

Designers who create user interfaces are frequently required to ask users for personal information. For the user, this is a "trust question": Do I, the user, trust the system or entity that is asking me for this information? The creation and management of these trust questions is an important aspect of the research field called usable privacy and security. However, most working designers do not focus exclusively on usable privacy and security problems. Decomposition and modularity of trust and usable privacy and security issues are problematic for working designers. Studies in the usable privacy and security field have traditionally focused on the usability of specific interface elements, or on a specific usable privacy and security problem. This dissertation explores how designers approach and handle these trust questions in their design process. A multi-modal study investigates how designers conceive of usable privacy and security in their daily work. The object of study is a working designer for whom privacy and security is not a primary task in their daily job. The study uses a survey based on a snowball sample of professional design online forums and semi-structured interviews to explore the attitudes and conceptual models of designers who produce designs involving "trust questions." The results showed that working designers are interested in usable privacy and security issues but often have problems decomposing and modularizing the problem space of usable privacy and security. Usable privacy and security problems are seen as important in the abstract but are hard to identify and engage as part of day-to-day work. To reach the shared goal of making it easy for working designers to achieve positive usable privacy and security outcomes including an increased sense of user satisfaction and safety, it will be important for the research community to find ways to assist working designers with that decomposition and modularization process.