Computing That Serves

Translucent Security


Thursday, March 16, 2017 - 11:00am


Jean Camp


Kent Seamons

Incentives cannot work unless there are two conditions. First, the incentives must be visible. Second, there must be a clear action to take in response to the incentives. Both of these outcomes are the goal of translucent design. Translucent design is neither transparent nor opaque; but rather consists of security technologies that are easy to use, communicate risk choices only to the degree necessary to avoid inadvertent fatal choices, can be overcome in a straight-forward manner if the individual chooses to take a risk, or if the system is in error.
In usable security design, opaque designs enable the user take an action seamlessly rather than requiring some understanding of the underlying system design. However, security choices inherently require some information, or the default option is to prevent all risky behaviors without interaction. In fact, blocking desired action without communication is one reason that individuals may abandon security technologies even when the risks these technologies mitigate are known.
Transparency allows individuals to easily see the consequences of their action. The ideal design, of making visible user-action-system-consequence, may be overwhelming or context-dependent. A truly transparent design can overwhelm and under-inform the user with information about configuration, the nature of the security technology, and the elements of a risk that are mitigated.  An example of inappropriately transparent design is the provision of hash and key values when providing certificate information to users.


Jean Camp is a Professor at the School of Informatics and Computing at Indiana University. She joined Indiana after eight years at Harvard’s Kennedy School where her courses were also listed in Harvard Law, Harvard Business, and the Engineering Systems Division of MIT. She spent the year after earning her doctorate from Carnegie Mellon as a Senior Member of the Technical Staff at Sandia National Laboratories. She began her career as an engineer at Catawba Nuclear Station and with a MSEE at University of North Carolina at Charlotte. Her research focuses on the intersection of human and technical trust, levering economic models and human-centered design to create safe, secure systems. She is the author of two monographs. In addition, she has authored more than one hundred fifty publications.