OpenIDEO is an open innovation platform. Join our global community to solve big challenges for social good. Sign Up / Login or Learn more

Creeping Data Critters: A Cautionary Tale of Keeping Lurking Security Monsters at Bay

Our idea conveys how consenting to seemingly-harmless tracking agreements can lead to organizations knowing more than they should about you.

Photo of John Hurley
5 11

Written by

Sketch 1 (1,500 characters)

These two sketches focus on the surveillance opportunity area. An alarming number of web services rely on collecting and leveraging user data to provide or augment their service's functionality. Blindly agreeing to a terms & services agreement has become a meme, and as a result is not taken seriously. Surveillance and the tracking of people can have serious implications on the safety and wellbeing of those people. Leaked datasets from breaches expose countless people to further cybercrime and exploitation. Enabling the collection of location data for your banking app to help find local ATMs might sound convenient, and in a pinch it definitely is; however, if this data is in the wrong hands or not managed properly, it can be leveraged for more nefarious things. We have a short animation, and would like to continue to refine this into something more fluid. Our animation shows the silhouette of a monster in the dark. Upon further inspection with a flashlight, we can see that the monster is a group of harmless objects. These objects represent the numerous datasets that accumulate from the automatic agreements made. A single leaked dataset by itself might not seem so dangerous, but when paired together with machine learning algorithm and other unique datasets, it can take on a form that should make anyone check under their bed.

Sketch 2 (1,500 characters)

These two sketches focus on the surveillance opportunity area. An alarming number of web services rely on collecting and leveraging user data to provide or augment their service's functionality. Blindly agreeing to a terms & services agreement has become a meme, and as a result is not taken seriously. Surveillance and the tracking of people can have serious implications on the safety and wellbeing of those people. Leaked datasets from breaches expose countless people to further cybercrime and exploitation. Enabling the collection of location data for your banking app to help find local ATMs might sound convenient, and in a pinch it definitely is; however, if this data is in the wrong hands or not managed properly, it can be leveraged for more nefarious things. We have a short animation, and would like to continue to refine this into something more fluid. Our animation shows the silhouette of a monster in the dark. Upon further inspection with a flashlight, we can see that the monster is a group of harmless objects. These objects represent the numerous datasets that accumulate from the automatic agreements made. A single leaked dataset by itself might not seem so dangerous, but when paired together with machine learning algorithm and other unique datasets, it can take on a form that should make anyone check under their bed.

What have you learned through this sketching process? (1,000 characters)

It's surprising how different talking about cybersecurity conversationally and trying to convey a cybersecurity concept visually are. This is a contributing factor for why the visuals surrounding hacking, cybersecurity, and privacy are outdated and remain built upon reliable and existing, albeit misleading, analogies.

Tell us more about you. (1,000 characters)

We are a team of designers and software engineers from Cantina, a Boston-based consulting agency devoted to building digital experiences that matter. Our team for this challenge consists of Virginia Wood, Matthias Ferber, Amy Perelberg, John Hurley, and Dakota Kim. We have over 10 years of collective experience designing and building digital products. You’d be hard-pressed to find an area of daily life that is not augmented by or reliant on computers or communication systems. Software has become the civil infrastructure upon which lives are built. Unfortunately, cybersecurity isn’t paid as much attention as it should warrant; it is an integral part of our lives as both creators and digital citizens. We believe that it is the duty of digital citizens everywhere to participate in conversations around privacy and security, both in the work they perform and personal lives, so that we may work towards a more secure and security-conscious world.

Why are you participating in this Challenge? (750 characters)

This is a great opportunity to help raise awareness and help folks become more knowledgeable and engaged in the conversations around cybersecurity. This is exciting to us as we recently started a new working group within our company focused on exploring the data privacy and security domains. We believe the problems facing the security world today are exacerbated by existing sociocultural models pertaining to security. The existing popular visual representations create fear and misrepresent the state of cybersecurity which does little to inspire folks to be conscientious of their role in personal and societal security issues. These preconceived notions can be combated through accurate, compelling, and accessible representation within media.

Website(s)

www.cantina.co

What is your experience with the field of cybersecurity?

  • I have never worked in cybersecurity before but am excited to learn more and get involved.

What best describes you?

  • I’m a professional visual creator affiliated with an organization.

How did you hear about this OpenIDEO Challenge?

  • OpenIDEO email / social media

Location: City

Boston

Location: State / District

MA

Location: Country

  • United States of America

What opportunity areas are you covering with this final portfolio? (250 characters)

Surveillance

Final Portfolio (1,500 characters)

We seek to change behaviors around data security. In our animation, we are hoping to educate younger users by illustrating the risks that come with giving away your personal data through a cautionary tale, and playfully dramatizing how consenting to seemingly innocuous tracking agreements can lead to undesirable outcomes. The user in our story is prompted with permission requests for various bits of information. Almost instinctively the user complies. When they click Yes, unnoticed by them, the data manifests as a tasty colorful ball that falls to the floor, where tiny data monsters notice it. This illustrates how the user’s casual decision releases valuable data to corporations or unintended third parties. One monster approaches and eats the data, as others approach. As the user submits more data, the monsters feed and grow, until they become big enough to overwhelm the user, just as data consumers combine and cross reference their accumulated data to form increasingly powerful insights that can be leveraged to good or bad ends. But the user wakes up—the monsters were a bad dream. And this time, when the request for data appears on their phone, they choose No. In the final scene, we see that the monster is small and harmless… and tamed, safely on a leash. With this conclusion, we want to leave viewers with the message that they have some power, through their choices, to keep the lurking security monsters at bay.

How would you summarize your final portfolio in 100 words or less? (650 characters)

Our submission is a storyboard for an animated short about surveillance. The story follows a user who might be signing up for a new app/service or posting on an existing service and is prompted with a sequence of permission requests. The user blindly agrees to share the requested information, a habit that’s become far too common. As the frequency of data breaches and coordinated cyber attacks continues to increase, this automatic behavior must be brought into question. As more services and organizations suffer breaches, the data points can be cross referenced to build a more complete picture of you.

Briefly describe your imagined use case for the work in your portfolio. (250 characters)

Our team plans to turn our animated storyboard into a fully-animated short film. We plan to share the video via YouTube or another platform to educate younger users and help them make more informed decisions around data privacy.

What was the most useful feedback that you received? (1,000 characters)

When pitching our concept to Burton Rast during our mentoring session, we were challenged to expand our idea to include multiple monsters to improve the technical accuracy of the piece. This refinement communicates that there isn’t just one tracker sucking up the data you feed it—rather, there are many trackers, and they combine their data to create a remarkably detailed picture of you. To address this theme further, with additional input from our internal cybersecurity experts, we devised a visual metaphor in which the three monsters work together, each consuming the data points that they are interested in.

How have your concepts evolved since the Ideas Phase? (1,000 characters)

Our original submission revolves around the simple idea of a monster as a metaphor for the consequences of misused data. As we started to explore this idea further, we felt it was important to expand the metaphor to include multiple monsters, more accurately representing the threat from multiple data collectors acting in concert. To challenge ourselves further, we also decided that our original fear-mongering ending sent the wrong message and looked for an improvement. We settled on a new ending in which the protagonist takes appropriate action and successfully tames the monster.

How have you been able to incorporate technical accuracy into your concepts? (1000 characters)

Digital surveillance relies on the collection and analysis of information about people. Rather than focus on the specifics of the data collection methods—which often involve devices that people don’t have control over, like security cameras, microphones, and Bluetooth beacons—our submission focuses on something they do have control over: the data that they voluntarily share with companies, governments, and organizations. We pictorially depict several bits of personally identifiable information of varying sensitivity in our story, representing the kinds of information that these entities can combine and abuse for their own purposes.

How do your concepts expand the conversation on cybersecurity? (1000 characters)

We’re all part of the cybersecurity conversation now. As users, we have a say in today’s fast-evolving landscape of vulnerabilities, data breaches, and sophisticated cyber attacks, and if we want to create a security-conscious culture, it’s crucial that we convey that to people. Sharing data, for instance, is not inherently wrong, but people are too often unaware of the risks associated with data usage and storage. Organizations hide behind lengthy and inaccessible terms of service instead of doing due diligence to protect sensitive user data and informing their users appropriately. Using an abstract and accessible style, our story conveys these risks and the situations they can lead to, reminding users that the data they share can be leaked and combined with other data and turned into a monstrous loss of privacy.

If you were provided with additional time and resources, are there additional ways that you’d wish to reimagine the visual language of cybersecurity? (1,000 characters)

We believe that our work can continue to evolve and cover further narratives and opportunity areas within the cybersecurity domain by creating more accessible and educational stories, using the same visual style, to educate people and empower them to better navigate their digital lives. Users are prompted with terms of service and permissions requests frequently, and since the choice to comply is ultimately the individual’s, we believe that that is the point where our work can help the most to combat the automatic choices we all make. The team also generated ideas for a browser plugin that checks a webpage for a terms of service or permissions form, and if one is found, displays a smiling, waving cartoon monster, guiding users to valuable resources to help them better understand the data they’re about to share.

What resources did you find most helpful? (optional, 1,000 characters)

We found the Department of Homeland Security’s “Handbook for Safeguarding Sensitive PII” invaluable in learning about personally identifiable information and how to handle it responsibly. This guide covers the DHS’s standards for the collection, use, storage, and disposal of this data. The intended purpose of these standards is to allow the continued collection of data in the service of homeland defense, while ensuring that the data cannot be accessed by unauthorized parties—in other words, to prevent data breaches. These specific standards are only enforced for the DHS and its partners, but could serve as a model for anyone interested in protecting data.

Commitment to Creative Commons License (CC BY 4.0)

  • Yes, I ensure that my portfolio is in compliance with CC BY 4.0.

Attachments (1)

5 comments

Join the conversation:

Comment
Photo of Dima Boulad

I'm so glad to see the progress of this idea and the sketches into your final portfolio John Hurley ! As the review team is going through all submissions, I would like to take this chance to thank you for your participation in this Challenge and your dedication to this important and complex topic. Watch this space as we announce the top picks!

Photo of Dima Boulad

Delightful! Very happy to see the progression in this phase.

Photo of Viviane

This is a clever way to convey the potential issue with combining data.

For me, it’d be even stronger if the objects/data making up the monster form its silhouette entirely (rather than inside its body as if they’d been eaten). I’m thinking of those paintings with portraits composed from vegetables as an example: http://lunaticadesnuda.blogspot.com/2009/03/renaissance-illusion-paintings-giuseppe.html

Photo of Dima Boulad

Welcome to the challenge Dakota Kim  and thank you for your contribution! I like the character! We've had a large number of very interesting submissions so far and we will be going through them one by one in the Review phase. In the meantime, we invite you to browse the other submissions and join the conversation around cybersecurity on the platform!

Photo of Tristan Spill

I like the "monster" character and the use of the simple metaphor of bringing light to a subject. Also the colour works well ... kinda reminds me of what Tinybop might make. Tinybop's Human Body app was prototyped with cut out paper by illustrator and designer Kelli Anderson.