Building Real Privacy
In the past, answers to privacy concerns have been addressed in two ways: Hush it up, or cover it up. Cover it up is about building snazzy soundproof conference rooms, movable screens, and miniblinds. Modern day cover ups are things like 3M's privacy film for laptop screens. Hush it up is about putting up passwords, firewalls, and need-to-know policies to limit information availability, and therefore limit vulnerability.
The problem is, neither of these solutions really works anymore. The ever increasing power of information searches like P2P file sharing networks and Internet search engines makes "hushed" information all to accessible. Perfect examples are the thousands of unsecured security cameras online, and the growing numbers of users who unwittingly make their personal files available through file sharing programs like Kazaa. At the same time, cover up tactics are too expensive for today's offices that need flexibility and maneuverability over all else. Where once walls would have been built, offices have thin cubicle partitions, or sometimes not even that. Costs are kept lower, and it's easy to re-configure when a big new account comes in.
The interesting thing is that the increased technology available -- fingerprint scanners, palm scanners, retina scanners, and quantum encryption, to name a few -- isn't making people safer. It's actually making information more vulnerable to the simplest kind of attack: Good old social engineering.
Social engineering is a term used by security personnel and hackers to describe the different techniques that can be used to "hack" people like security guards, salespeople, tellers, and secretaries to extract useful information. This can be as simple as tripping someone up with a well placed "could you repeat that", or as elaborate as assuming identities and giving orders in person or over the phone. Kevin Mitnick, probably the most celebrated hacker of all time (though more for the ridiculous circumstances of his incarceration than his crimes), was a wildly successful user of these techniques, as he discusses in this interview.
More recently, it was revealed that the recent hacking and information theft from Paris Hilton's Sidekick phone was largely made possible by fairly low-skill social engineering, rather than complex hacking. In fact, the group of individuals responsible for the theft are all in their teens, and openly admit that the caper was easy to pull.
So, what are designers to do in the face of such a simple, but devilish adversary? Not to be cute, but the answers are probably devilishly simple. In order to thwart these sorts of soft hacks, you need to plug the information leaks where they can happen. Obviously, the first thing to do is develop some sort of solid training and protocols to establish identity over a telephone. If a physical product or other idea could be put into practice for to this end, that would be valuable. maybe this will finally bring video-phones, or some sort of voice-ID metric device into reality.
Another important place where leaky information can be plugged is at the desk. When an officemate is talking on a phone, it's nearly impossible not to overhear some of what they're saying. But if you work in health care, or some other field where information security is important, this can be a problem.
Herman Miller and their consulting partners Applied Minds and Insight Product Development hope to solve that problem with a new device called Babble. Sort of like a stomp pedal for your phone, Babble takes your spoken words, and synthesizes a "conversation" of babbling voices around you. The effect for you, is a mildly distracting burble. But for a co-worker who can't hear the other side of the conversation, keeping track of any information on a casual basis becomes almost impossible. Babble works, because it understands the social context of its function.
More and more, the proliferating technologies for identifying people will meet up with one conclusion: Tech isn't enough on it's own. Designers will need to make the inroads between the social and the tech. Otherwise, the simple, subtle con will always win out over technology. After all, no matter how sensitive your fingerprint scanner is, it can never get an "uneasy feeling" about a situation. We need to bring that human aspect of detection back into the equation. And carefully, insightfully designed products can be a part of that.
Copyright 2004-2006 Dominic Muren and IDFuel Team