Privacy and Security in 2021

I just got a new phone, which means a good chunk of time spent slogging through its OS, opening every menu I can find, and turning off any setting that might plausibly translate into packets of information flying through the air without my explicitly sending or asking for them.

As before, my new phone is a “dumb-phone” (what else?), but even candybar and flip phones these days are equipped with all kinds of geolocation, auto-updates, background data, and other transmission capabilities, turned on by default, that could translate into data about me and my life being captured, sold, archived on some corporate server somewhere, and otherwise used to lower my quality of life.

People who see me using a flip phone tend to have the same reaction: praise (“Nice! A flip phone!”), admiration (“Good for you!”), even statements of jealousy (“I wish I could have a phone like that!”). But occasionally I encounter the opposite response: a kind of huffy sneer, as if I’m rocking the boat and holding society back by not getting with the smartphone program. Indeed, if quality of life is defined as maximizing convenience and computer-assisted abilities, I am lowering my quality of life, as well as that of anyone who might want to text me a link (rather than email it), or have me download their app, or whatever else smartphone users do in their sleep but which I kept out of my life.

But in the most basic sense it isn’t true: in this case my quality of life is improved through inconvenience. I don’t have Twitterer’s brain, I don’t interrupt conversations to look things up, and I don’t Google anything.

I almost wrote “I don’t Google anything, ever” but eliminated that last word because it’s not technically true: from my laptop running a VPN and my location data concealed as best I can, I sometimes use Youtube, Google Maps, Google Scholar, and for some collaborative activities I go along with their use of Google Drive.

In each case I have taken reasonable steps to restrict access to my data, but I know it is never perfect, and I also know a motivated and skilled person can probably find a way to get it anyway. There is no perfect privacy or security, ever. In “meatspace” we live in houses with windows, after all. Parabolic and laser microphones are a thing. Camera drones are getting smaller and quieter all the time. You walk into someone’s house and you never know what devices are listening. Surveillance cameras are ubiquitous, from on doorbells to stoplights. In the virtual world, where everything can be recorded, copied, and sent to a million places at once, perfect privacy and security are even less plausble.

But to me, this makes it even more important to define and defend a reasonable expectation of privacy and security, especially on my phone and laptop. I know these devices will never be perfectly private and secure. I know that I could spend years learning the most advanced cryptography skills and tighten up my my privacy and security more. I also know I could take the path of least resistance and do nothing, opting for maximum convenience instead. I choose the middle path, of maximizing the privacy and security I can get right now, for a few hours’ work.

Data and tracking and updates and geolocation services are turned off. Caches are cleared. Privacy settings are thoroughly fiddled-with. My phone is as dumb as I can make it. It’s a great feeling!

Technology Ethics: My Seven Year Journey

In 2014 I attended a UX conference in which the closing keynote was about how the future will have no interface. The presenter gushed about the years ahead, when transhumanist devices, the Internet of Things, and ubiquitous sensors will transform our world into one in which the interface, instead of being located on a device, is the world itself:

You won’t have a light switch on your wall; you’ll turn on the light by pointing at it in a decisive way. You won’t learn to draw; you’ll wear a wristband that jiggles your hand as you hold a pencil to paper, causing you to make marks indistinguishable from those that might have been put there by a trained artist. You won’t interact with computer hardware; virtual objects and a keyboard will be projected right onto your desk and you’ll manipulate them as if they were real.

Rather than get excited for this, my reaction was horror and disgust. On my two-hour drive home I wondered if I was in the wrong industry, if maybe I should pack up my family and start life over in some kind of ultra-primitive arrangement in the woods.

I got over the worst of it by the time I arrived home, but I was left wondering why I had had that strong reaction and what it meant. What was it about that future that felt so wrong? What could I learn from it?

Eventually I figured out that what I recoiled from was the threat to my values presented by these technologies. All the sensors and complex circuitry required to make the IoT work violated my desire for simplicity and privacy; the transhumanist devices attacked my sense of authenticity; and so on. Moreover, I feared the alienation I would feel from my children if (or when) they embraced these technologies and absorbed their attendant values.

Amish churches, I came to learn, have successfully tackled this exact problem by drafting ordnungs — written community guidelines, more or less — that include regulations about which technologies may be owned and used as normal, or else must be modified, kept outside the home, or banned entirely. As a result the Amish appear frozen in time to most outsiders, but it is hard to deny they also enjoy the benefits of tight-knit communities, lower rates of physical and mental illness, and are even seeing a decades-long drop in attrition. Apparently being able to control the direction and pace of change in one’s social values comes with a huge payoff.

Although the Amish do not explicitly map technologies to values, this was something I recognized as necessary. In 2015 I devised a design process model in which the values potentially supported or threatened by a proposed technology are evaluated deeply so their primary and secondary effects on users’ lives might be anticipated, and negative effects avoided. I got as far as testing this process model, but the results were unclear. Later I determined my experimental design likely did not control variables tightly enough. Further, I conjectured that the system that includes both technology and modern western social values is probably too complex to predictably influence with a design process model.

I was deflated by this setback, but soon began to notice lots of other people had started talking about ethics in design. It sounded like many people shared my concerns about the future of technology and its impact on society. When I gave a presentation on this topic at Midwest UX in 2017, it seemed like half the other presentations shared the same theme.

(I wrote an article describing my technology ethics journey up to this point, with more detail about the process model and how I tested it, on Pomiet’s website in 2016.)

Shortly afterward I joined a fledgling discussion group, Ethical Technology, founded by someone who’d struck me by his intelligence and clear writing on the subject. Many of the things he said felt like things I’d wanted to say but hadn’t found words for.

The discussion group soon grew quite sizeable but I found the tone of the conversation had changed. We didn’t seem to be talking about technology as much we talked about the people making it. It did not take long for the dialogue to devolve further, all the way into partisan politics. Sometimes technology was merely decoration and not relevant to what people were really talking about; the issues raised seemed purely about political ideology. Disillusioned with both its political fixation and ideological uniformity, I left the discussion group and returned to thinking and reading on my own.

Around that time, during my “day job” I was the UX researcher on a learning management system that was to eventually be rolled out to thousands of employees at the large company where I worked. In our team meetings we frequently discussed the change management aspects of the project, and I came to see how the user experience and the change experience were intricately tied together.

I became fascinated with the field of change management. I read its foundational texts and many of its journal articles, and attended meetings of the local chapter of the ACMP. But I did all this with a critical eye: I wanted to show that those who resist technology change need to be listened to rather than persuaded. This stands as the most recent influence on my thinking about technology ethics.

The success of the Amish is ultimately attributable to the control and self-determination they are able to exercise over their technology adoption decisions. I have come to see that as the most basic truth of technology ethics. The most important aspect of a technology’s design when it comes to ethics is the degree to which the human user can control his or her relationship with that technology. This means the ethics may come from the design of the technology itself, or from the rules and customs that surround it, but will ultimately be determined by the user’s freedom to adopt or reject it.

This also means few technologies are ethically perfect. We give up some freedom of what technologies to use or avoid when we agree to work for various employers, or sometimes even just to live in certain areas. We adopt many technologies simply because they are considered normal and baseline, and we never think twice about it.

Yet awareness of this situation brings into sharper relief the opportunities to make technology more ethical. That is what I hope to do in my work these days, and going forward.

Practice Makes Better: A silver lining to the quarantine

First among Nielsen-Norman’s ten heuristics for a good usability experience is “visibility of system status”, which is a fancy way of saying “feedback”: how clearly, how quickly, and how often is the system showing you its responses to your inputs? Dr. Rob Keefer includes an analogous principle — “Always know how things are going” — in his seven-part Harmonics Way philosophy.

There are a lot of unknowns floating around these days. Will we ever return to normal work and school lives? How much longer will we have to wear these uncomfortable masks whenever we go into a store? Where will the chain reaction set off by the coronavirus eventually take us? It is a time of uncertainty, and if we consider existence as one big system, the virus and its impact are certainly not helping the “visibility of system status”.

Simultaneously, the full days many of us now spend quarantined at home with our families afford us much more feedback about how we’re doing as property owners, as spouses, and as parents. This feedback is linked to the opportunity to practice and improve in these roles.

Musicians who shred for 30 or more hours a week not only get a more intimate feel for their instruments and the music they’re playing; they also get better faster than musicians who only put in an hour or two over that same timespan. In this same way, increased exposure to the “systems” of home life is allowing many of us to find out what we’re really made of when it comes to those areas, and then hopefully to improve.

This can be an intimidating and overwhelming process. Users aren’t (and shouldn’t be) judged by how well they interact with technical systems — for example, how easily they are able to use the checkout process on Amazon.com — but we are judged by how well we interact with our families, jobs, and how well we maintain our property. This creates added stress, especially when there are conflicts or setbacks, but (like most stress) may ultimately represent a chance for huge masses of people to become better homeowners, spouses, and parents.

The Vicious Cycle of Recruiting With Unpaid Work

The pandemic has left lots of people unemployed, including many UX professionals. Some companies are taking advantage of this situation to automate and scale their recruiting. (Historically this has been called “carpetbagging“, and it hasn’t gone away.)  I have seen one company even make the completion of unpaid work part of their application process: after an initial screening interview with a third-party recruiter, the applicant is sent a link to Usertesting.com, where he or she is asked to watch a video of a user interacting with the company’s software and then evaluate the session. Applicants are not compensated for this work, which the recruiter told me takes about three quarters of an hour.

Forty-five minutes of uncompensated work in exchange for a shot at a steady job might seem like an okay deal for someone just entering the field, or who is for other reasons desperate. But if ten people go through this process, then the company has received 7.5 hours of free labor. If 100 people go through this process, then they have received nearly two weeks of free labor. It becomes easy to see how the incentives become misaligned.

When the prospect of being hired is drastically reduced, going through an application process like this is an unambiguously negative experience. Luckily, quality UX candidates have a passion for improving experiences. They want to work somewhere they can put this passion to use, which means a place where their recommendations will be taken seriously. A company that persists in putting people through bad experiences will ultimately fail to attract quality candidates; it’s a vicious cycle.

The unpaid work I described above was ostensibly meant to show the company how the candidate evaluates a usability session. Here are two alternatives to that kind of recruiting method:

  1. Pay applicants for the time they spend evaluating your usability sessions. That at least keeps the incentives more aligned and steers clear of unethical “carpetbagging” practices.
  2. Talk to candidates instead. Quality candidates will be willing to spend time interviewing, because an interview gives them visibility into the process they’re participating in, realtime feedback about how they’re doing, and a personal sense of who they’re going to be working with.

Social interaction and technological mediation under Lockdown

The shelter-in-place order in response to Covid-19 has demonstrated both the necessity and insufficiency of virtual socialization. Technologies like Zoom and Skype (not to mention email) have allowed countless people to remain employed, to check in with each other, and to enjoy some diversion from the tedium of confinement.

But although most states are only in week three or four of “lockdown” I am already seeing accounts of people, particularly those who live alone, suffering emotional breakdowns as a result of their physical isolation. Seeing and hearing each other in real-time is a marvelous thing, but we apparently have a deeper need to be with other people.

Videoconferencing in 3D with goggles and headphones (i.e. VR) might one day become a viable way to fulfill that need. But it presents an additional hurdle: participants will have most of their faces covered by cumbersome equipment. One solution is for participants to represent themselves with 3D avatars.. But this detracts significantly from the verisimilitude of the experience, which was supposed to be the whole point.

What is less clear is whether people will care. Maybe feeling as if you’re around someone else, even if that someone looks like an obviously-fake 3D avatar, is still psychologically preferable to interacting with a video representation of a person, even a realistic one, if that representation must be mediated by a screen held at arm’s length.

“A System to Change the Culture”

The title of this blog post is a quote from Michael Corboy, the assistant commissioner of police in New South Wales, Australia. He used that phrase to describe the introduction of traffic cameras that use an AI to detect when drivers are on the phone.

I think it’s a profound phrase. In one sense, it’s backward from how we normally like to think about the relationship between technology systems and culture: we want our culture to grow organically, and our technology systems to be designed around them, in a humane way that preserves and supports our values. Intuitively, the culture should affect the system rather than the other way around.

But in another sense, this acknowledges a very real and basic phenomenon that happens any time a system is introduced into a culture: the culture changes. Now, the intended changes rarely obtain exactly the way they’re meant to, at least without unintended side-effects, but the relationship between human culture and manmade systems is definitely a two-way street.

These traffic cameras will have some impact on traffic safety in NSW. And, they will incite some amount of backlash from people who feel intruded upon by Big Brother. But a lot of people will respond with indifference, and these cameras might even further normalize and legitimize the idea of high-tech government surveillance.

From the government’s standpoint, it will be nearly impossible to go back to a lower-tech alternative if this initiative does not succeed, so these cameras also mean a redefining of what it means for law enforcement to do their job. They signal an increasing dependence on computers and automation to replace human labor and judgment. And will the cameras actually change Australians’ culture around traffic safety? If so, how?

Time will tell whether the introduction of these cameras is a good thing in the end, but as always it is much bigger than just the adoption of one system.

Another writer exposes the terrible downsides of a new technology — but keeps using it!

Not only did Alli Conti get scammed on Airbnb, she uncovered a big ring of scams that exploit baked-in security weaknesses of the site, its rules, and the expectations of its users. But…

Even after a month of digging through public records, scouring the internet for clues, repeatedly calling Airbnb and confronting the [scammer] who called himself Patrick, I can’t say I’ll be leaving the platform, either. Dealing with Airbnb’s easily exploitable and occasionally crazy-making system is still just a bit cheaper than renting a hotel.

Conti’s message to Airbnb is effectively “Don’t worry about fixing these problems, I’ll keep using your site anyway so long as an Airbnb is marginally cheaper than alternatives.” Not counting all the indirect costs, of course.

I suspect there’s something else going on under the surface: a reluctance to go back to reserving rooms in hotels, simply because it is the “old way”. It doesn’t feel as hip or fresh or exciting — or dare I say fashionable? — to book a room in a hotel, and it doesn’t fit the narrative people have told themselves about what travel is supposed to look like in 2019. But that is a narrative, and not only is it an arbitrary one, it’s harmful in the case of people who are unwilling to change their consumer behavior in response to serious problems.

Should we be concerned about Maria Farrell?

The title of this post is tongue-in-cheek of course, but in an article at the Conversationalist, Maria Farrell compares smartphones to abusive partners by listing a bunch of things abusive partners do and claiming smartphones do those same things (quote):

  • They isolate us from deeper, competing relationships in favour of superficial contact – ‘user engagement’ – that keeps their hold on us strong. Working with social media, they insidiously curate our social lives, manipulating us emotionally with dark patterns to keep us scrolling.
  • They tell us the onus is on us to manage their behavior. It’s our job to tiptoe around them and limit their harms. Spending too much time on a literally-designed-to-be-behaviorally-addictive phone? They send company-approved messages about our online time, but ban from their stores the apps that would really cut our use. We just need to use willpower. We just need to be good enough to deserve them.
  • They betray us, leaking data / spreading secrets. What we shared privately with them is suddenly public. Sometimes this destroys lives, but hey, we only have ourselves to blame. They fight nasty and under-handed, and are so, so sorry when they get caught that we’re meant to feel bad for them. But they never truly change, and each time we take them back, we grow weaker.
  • They love-bomb us when we try to break away, piling on the free data or device upgrades, making us click through page after page of dark pattern, telling us no one understands us like they do, no one else sees everything we really are, no one else will want us.
  • It’s impossible to just cut them off. They’ve wormed themselves into every part of our lives, making life without them unimaginable. And anyway, the relationship is complicated. There is love in it, or there once was. Surely we can get back to that if we just manage them the way they want us to?

I agree with some of these, but not with the claim that it’s impossible to stop using smartphones. As someone who doesn’t use a smartphone, I am living testimony to the contrary. (Hasn’t Farrell ever met someone who doesn’t use a smartphone?)

This article, like a lot of the criticism of technology I’ve seen, contains a recurring theme: it articulates serious concerns about the technology but then stops short of saying we should discontinue our use of it. (Another instance of this was Cathy O’Neil’s book, Weapons of Math Destruction, which presented a strong case against the use of computer algorithms in finance, hiring, criminal justice, and other areas, but dismissed the notion that we ought to abandon them.) Why?

If Farrell knows her smartphone is doing all these horrible things, why does she still have a smartphone? Why isn’t she leading the charge to go back to simple phones and leave the serious computing to laptops and desktop machines? I would happily support her if she did that, and I could provide lots of good reasons to use a simple phone as well as answers to many of the anticipated objections. I honestly do think a significant migration from smartphones to simple phones would make the world a drastically better place, even with all the benefits of smartphones considered.

It could be that Farrell is herself a victim to the abuses she warns us about: maybe she’s isolated from deep relationships, and her social life is curated by her phone; maybe she lacks the willpower to curtail her use of her phone; maybe she’s taken in by the “love-bombing” whenever she tries to cut it out of her life; maybe she really is unable to manage her life without her phone. If these things were true, it would explain why she doesn’t end her article by calling for readers to ditch their smartphones: she knows her smartphone will discover the betrayal, and abuse her even worse.

In that case we should be concerned, and maybe even intercede on her behalf. If we followed her analogy, and her phone was like an abusive partner, the right thing to do would be to take away her phone so she can be safe. And then if she says “No, give me my phone back,” we should interpret it as a kind of Stockholm syndrome and continue to withhold the phone permanently, while setting her up with a simple phone with which she can have a healthier relationship.

But no, instead she resorts to daydreaming about what a Prince Charming smartphone would be like instead. “We have to imagine a future we want to live in so we can build it.” Just like you have to imagine the partner you want so you can change the abusive one you’ve got? I suppose that part of the analogy isn’t totally fair since phones really are designed from the ground up, but I think this hides a lot of complexity around what a smartphone is and how it’s even possible to bring them to market at an affordable price. The incentives on the part of the designers, manufacturers, businesspeople, retailers, and even consumers, just aren’t lined up in a way that would make the phone “loyal” to its owner.

Farrell seems to admit this when she says that to make these utopian phones a reality “[w]e can pay the full cost of them”, but is that true? Who is “we”? I can’t imagine what the “full cost” would be, or that anyone who isn’t rich would be willing or able to pay it.

Near the end of the article she reminds us again that smartphones and the services running on them fall into the category of “life-critical public goods”, like clean drinking water.

Does this mean she thinks I need a smartphone? Maybe in some weird inversion of the scenario I described above, instead of her smartphone being taken away, she thinks somebody ought to take away my flip phone and force me to use an iPhone or Android instead. No thanks, Ms. Farrell: I am not technologically destitute, and you are not a technology victim. You have a choice.

Same goes for any smartphone user reading this.

Andrew Yang wants to reduce harm to children caused by smartphones

(Note: currently no presidential candidate reflects most of my views, and I do not yet know whether or for whom I will vote. When I do, I certainly will not write about it here! As I hope will be obvious, this blog post is not an endorsement or disavowal of anyone. Instead it is ultimately about the technology discussion itself.)

As far as I am aware, Andrew Yang is the only presidential candidate talking about the negative impact of smartphones on kids. He seems to take a research-first approach, which is encouraging to see. His goals are:

– Work to understand emerging technologies impact on human health and behavior
– Find a way to promote responsible smartphone usage, both within the industry and within the users
(from https://www.yang2020.com/policies/effects-smartphones-human-development/)

He does refer to some statistics without citing them, and he does make some bold claims without referring to any known statistics. Sample quote:

Teenagers are spending more time worrying about whether their online acquaintances like their recent post than they are in person with their friends hanging out and developing social skills. The average teenager spends Friday nights at home, interacting with a machine, instead of out with friends at a game or event.

But that is from his campaign website after all; he is an aspiring politician, not a researcher. He also says some things that resonate with me:

Those who have worked within the industry describe the work they’ve done in stark terms. Often relating apps to slot machines, they say that the smartest minds of a generation are spending their time getting teenagers to click on ads and obsess over social media posts to see how many acquaintances respond or react to their posts.

In short, many experts are worrying that the widespread adoption of a poorly understood technology have destroyed the psyches of a generation.

Less inspiring to me is his proposed solution to create a Department of the Attention Economy that “focuses specifically on smartphones and social media, gaming and chat apps and how to responsibly design and use them, including age restrictions and guidelines.” And he wants Tristan Harris to lead it. I’m skeptical that regulation will be effective and efficient, or produce the desired outcome. I’m pretty sure the very concept of “the attention economy” is Harris’s invention, and it’s contestable and unproven.

From a policy standpoint, I’d much rather see a long-term education and public service campaign that simply discourages parents from giving smartphones to their children, and perhaps even from owning them themselves without a specific compelling reason.

Still, I’m glad Yang is talking about this, and that the notion of putting restrictions around computing technology usage is on the table. (I’d prefer them to be culturally rather than legally enforced, but I guess you have to start somewhere.) My hope is it will inspire other candidates to respond, and that this topic will become part of the national conversation.

Of course, the risk is that these issues will be politicized, and that the solutions people support will be mostly predicted by which party or candidate they support, and that would be a terrible outcome. In fact, I think it’s likely to happen. So in some ways, I’m also really horrified that Andrew Yang is talking about this!

All the more reason why it should be a conversation first and foremost within the technology industry.