Ame Elliott is the design director of the non-profit Simply Secure. She is an award-winning designer and longtime consultant on “human-centered” technology strategy, having worked with countless global technology companies over the course of a decade.

Ame Elliott
Ame Elliott of Simply Secure. Photo by Nicholas Zurcher (CC BY-SA 4.0).

At Simply Secure, Elliott helps lead outreach efforts and workshops that convene designers and decision makers at technology companies to foster privacy conscious innovation.

Q: Do you feel designers are overlooked in conversations about the need for more privacy in Internet of things (IoT) systems and devices?

A: Yes. There’s a popular misconception that you have to be highly technical to work in security, but that isn’t true. Security is a pressing problem, and not just a consumer problem of one person with one device. It’s a social problem because botnets can take advantage of insecure IoT devices and damage parts of the open Internet through DDoS attacks.

There is a critical need for reimagining the user experience design of security, and that work needs contributions from interaction designers, copywriters, brand strategists, user researchers, and disciplines beyond engineering.

Q: What are examples of important design decisions that had either a negative or positive effect on users?

A: Phishing scams, for example: fraudulent emails impersonating services to steal users’ login credentials, are made more dangerous through bad UX design. When products communicate with inconsistent voices and use sloppy brand identity graphics, it builds user tolerance for ambiguity. And that’s a security risk. When users can’t tell if something is from their bank or not, that’s a problem. In the world of IoT, email still plays a role because any service with an account login also has a password reset. Style guides are one way design can protect against phishing and promote security.

User experience design is a powerful tool for communicating how things work, and one interesting provocation for privacy is read receipts in messaging apps. For example, WhatsApp uses a check mark to indicate that people in the chat have seen a message. That simple check mark makes complex, multi-party interaction seem simple, and it works across software platforms, geography, and network carriers. Taking inspiration from read receipts, designers have some exciting challenges in communicating how other systems work, for example voice assistants. What would the check marks indicate for those systems?

Q: With so many cameras and microphones involved, is it silly to think the Internet of things can ever be secure?

A: There are serious security risks built in to the Internet of things. For example, devices sold last year that can’t be updated are going to pose a risk their entire lifespan. Changes to future products won’t change that. But there’s also the opportunity to build better things that more clearly communicate with users how they work and if they can be updated. Since the number of IoT devices will proliferate, it’s important to work quickly to make these improvements before the problems grow further.

Further reading:

Simply Secure’s Knowledge Base