Friday, November 18, 2005

imho Balance usability and Privacy


Muse: Bhar

Usability? I don’t want others to invade my privacy because it's a user-friendly thing to do.

Usability? Could the blinds on the windows of my house be any more usable? As Lily Tomlin said, living in the city means always knowing where your wallet is. It also means not simply leaving the places you own, such as your home and car. It means placing valuable items where they can’t be easily seen from outside, then shutting doors and windows behind you, locking them, giving them one extra tug to test the security of the lock, and then walking quickly away so that strangers don’t sense that a place with valuables is newly vacant and the live-in/drive-in sentry won’t be back for a decent interval. Oh…and taking the key with you, secreting in on your person, always being aware of its presence….or freaking out upon its apparent absence.

It’s not a question of whether this or any other privacy-protection scheme is usable. We’ll morph our habits in some weird ways to protect our dearest possessions. And we’ll forget that this strange new choreography of worry, wariness, and response isn’t first-nature. It only becomes second-nature after we’ve retooled our daily rhythms around it.

About privacy protection in computers, across the Internet….where do you put your personal key….and how do you sense it on, or adjacent to, your person? In my job, I have a USB token that holds a private key, which is associated with the public key bound to my identity on an X.509 cert, which is managed in a directory service, which is accessed by the various applications I access when I attempt to authenticate myself through that token….that key. I never leave my (physical) house in the morning without that key (physically) hanging on a sash around my (physical) neck. And I never leave the office later that day without that same key around that same neck. That’s part of my semi-neurotic kinesthetic key-sense: I must always have a sure sense of where every physical key (to every space/resource/asset I depend on) is (on or near my person) when I exit one Kobielus-locked space in transit to another Kobielus-locked space.

How usable can we make that key-mediated space-transition choreography from my point of view? How can I always maintain a sure sense of all relevant keys at all times without having to continually fuss and fret with physical keys and their locations on or around me and my environs? How can I track all the virtual keys that bind my identities to virtual space? How can I make damn sure that all of these physical and virtual keys have been employed (by me manually and/or the infrastructure intelligently) to secure my every last resource, including all my personal data?

And do it all so simply that it becomes second-nature? So that all the virtual doors and windows and locks and blinds are always secure, and all of my personal effects are secreted far away from virtual prying eyes?

And I don’t have to worry about any of this? No matter how neurotic I get about such things, especially as my life grows more complex, and the number of keys and doors and private spaces and privacy-sensitive data elements grows?

Usability of privacy-protection schemes on the Internet means always knowing where your keys are.

And still worrying.