A series of images covering faith, trust and the importance of understanding underlying perceptions.
Sketch 1 (1,500 characters)
The brief revealed a wonderful ‘elephant in the room’ moment and uncovered prevalent problems with visuals in this space. Having developed some understanding via this process - I now believe there are, in fact, two elephants - with one shrouding the other. Broadly, the cited aim of the project is to aid the technical to explain Cybersecurity (CS) to their peers or clients – but every case persona has cause to communicate with the less technical – from the public to policymakers. Hence, there is a more fundamental misunderstanding of CS that should be addressed and in order to prevent misdirection. While we hear about hacks and security breaches in the news, as much, if not more airtime, is given to antitrust issues i.e. the Facebook hearings (the pink elephant). This creates confusion between the difference in legitimate/desired privacy, security, hacking and ‘who’ the adversary(s) is. Grey areas lead the uninitiated to be disillusioned - not only of bad players/hackers (the grey Elephant) but the very institutions we give entrust with data. My premise: many people (wrongly or rightly) make little to no distinction between privacy and security on a macro level. Consequently we are less likely to take protective steps where it counts. This visual is designed to be expansive but to identify both ‘elephants’ – providing CS professionals a visual tool to introduce and define the distinction between legitimate and illegitimate cyber infringements as they stand today.
Sketch 2 (1,500 characters)
This remains on the macro with a focus on surveillance - it's designed to speak to us as individuals as it's a scene we can relate too. As noted, I believe that the public do not always perceive a clear distinction between legitimate / illegitimate cyber threats to privacy/surveillance or security i.e. while we fear hackers are corporations any better? In order to have trust in something – you must first have faith in it. As the digital world is now firmly part of our lives, there is continuing and vibrant public debate regarding what should be considered ‘secure’ and what is free for exploitation by companies or even governments. If the situation feels hopeless then there is a chance we collectively lower our guard. This is increasingly important as a digital presence is often a requirement, not a choice. Multiple scandals from hacking cover-ups to eaves dropping via smart devices in our homes, let alone the real implication of bad players, compound a feeling of disenfranchisement. Within this visual, we see a depiction of our devices 'using' us and it highlights that our data is valuable to someone and thus worth protecting. The more casual user is leaving a digital trail of breadcrumbs and these are being followed. I hope that this image is a useful in acknowledging this line of thinking. As the cybersecurity field is still relatively young - the industry not only complies with public policy but has a chance to influence it and address broader public concerns.
What have you learned through this sketching process? (1,000 characters)
Though I completed multiple submissions - the main theme running throughout was trustworthiness. Latterly - I discovered that many issues stem from misinterpretation. I believe that there is a void between the broader perception/understanding of cyber ‘security’ and the professional definition. While both are of high importance the public’s definition is far broader, subjective and includes privacy and liberty on multiple levels. More technical cyber professionals generally define security as a ‘breach’ of the existing systems, laws or rules only - this was also seen via comments made in the collaboration phase of this project. The more technical/specialist the person, generally the more specificity they desired in a visual. With information we may be able to bridge the gap in perspectives and focus on the specific issues with more clarity.
Tell us more about you. (1,000 characters)
I am a designer who loves to try and understand people and gain an insight into their thoughts. Where possible I like to break up complicated things into smaller, simpler ones.
Why are you participating in this Challenge? (750 characters)
It seems a very complicated subject to understand, let alone convey - thus a challenge of our time. Metaphorical visual tools are not always obvious. Ubiquitous data and reliance on technology has big consequences, which will be both positive and negative. I believe that individuals and groups need to understand the implication of digital security as it evolves and importantly to understand, not only how it can be gathered, but what the value of it is to others. Beyond loosing your banking information - if you fail to appreciate why your broader data is important or recognize its wider value then why would you defend it? There is no previous generation to lean back on for guidance - many of these issues are unfolding and new to us all.
What is your experience with the field of cybersecurity?
I have never worked in cybersecurity before but am excited to learn more and get involved.
How did you hear about this OpenIDEO Challenge?
OpenIDEO email / social media
What opportunity areas are you covering with this final portfolio? (250 characters)
Trustworthiness and indirectly surveillance.
Final Portfolio (1,500 characters)
My submissions cover the subject of faith, trust and indirectly surveillance. If trust erodes from something as simple as a manipulated Amazon review – faith will diminish in general. A run on a bank is caused by lack of faith accumulating and gathering its own momentum. Broad faith in our systems, money, businesses' and laws is the oil that allows us to work on a societal level.
Via IOT / devices we welcome eyes, ears and controls into our homes and offices. These may work for you - but also for others.
IOT of things - devices will be treated as 'part of the family', given unprecedented personal access and gain greater control over physical environments from temperature to opening doors. The security implication is very 'real' should these devices be breached and possibly severe in health or industrial scenarios.
The compiler: a harmless piece of AI that can tirelessly gather your digital crumbs and build a full picture of you from browsing actions, location, shopping, habits, video, social media - even beliefs. This highlights the point that, seemingly meaningless data, may be of value when compiled.
Surveillance sorter: information in isolation is of less value (unless the target is specific). Here we see compiled information being bulk processed, packaged, assessed, bought and sold or discarded.
Are 'we' the product? A broad visual depicting a social change that arguably creates data mountains. It may be applied to various contexts: if you are the product - your data is the value, if we must follow the herd then should we demand transparency?, if you are not 'plugged in' is your ability to operate in society diminished etc.
Fake news, fake reviews, fake ratings, fake emails, fake SMS... what can you trust?
How would you summarize your final portfolio in 100 words or less? (650 characters)
The images are not intended to stand alone - but to convey ideas or feelings that authors may apply for their own purposes and provide greater meaning via their given context. These are visual tools for others to use. Where possible I have either attempted to simplify a complicated technique (see encryption) or have provided a wider concept and feeling without dictating i.e. a specific adversary. Where it has been necessary to depict a bad player/character I have tried to use human features or a character with no personality and in order to prevent loading it with any initial bias. The logic being - less specifics enable broader use.
Briefly describe your imagined use case for the work in your portfolio. (250 characters)
Presentations, articles and blogs - and where authors would find it helpful to frame the bigger picture prior to getting into specifics. With less need to preach to the choir - expected use is for a non technical audience.
What was the most useful feedback that you received? (1,000 characters)
My Mentor conversation (thanks to Jen Ellis) made it very clear that my view of CS was quite different and more far reaching than the black and white definition that the professionals abide by. This greatly impacted the work and led the project to increase focus on the differences in perception. It also highlighted that my direction was really aimed at technical to less technical.
How have your concepts evolved since the Ideas Phase? (1,000 characters)
In order to try and minimize 'scary' imagery I had originally used drawn elements to represent characters. However - I was advised that the bad player element is not yet AI based alone. Hence I reintroduced human features to more accurately relay that it is people behind everything - whether their intentions are good or bad. Color palettes have remained colder and blue so they are not alien to the space. Where appropriate a friendly, hand-drawn style has been applied to warm up the subject.
How have you been able to incorporate technical accuracy into your concepts? (1000 characters)
As above - human features have been reintroduced to demonstrate that human activity is the root - not systems working against systems. I also read that most security breaches are caused by human error i.e. clicking on a bad link. Where characters are intended to represent conceptual themes these have remained as drawn charactures.
How do your concepts expand the conversation on cybersecurity? (1000 characters)
Digital threats and specific events will come and go. These visuals are intended to focus on human concerns and will hopefully prevent them from becoming dated quickly. Overall, the purpose it to help frame wider issues so that people may communicate more concisely and not at cross-purposes. Visuals have been created specifically to cover a broader 'ideas' and set a tone - which might be lengthy to explain via written word or speech alone.
If you were provided with additional time and resources, are there additional ways that you’d wish to reimagine the visual language of cybersecurity? (1,000 characters)
As someone who is not technical, I have approached this challenge on a high level and focused on broad perceptions and ideas. In order to meet highly specific requirements and needs of the CS profession, it would be great to have targeted and specific briefings to cover specific issues they encounter and need support to explain. Creative work can then be built to aid in the communication for defined issues. I think this method would also be essential when tackling complex business to business communication and where granular - not generalized explanations are required.
What resources did you find most helpful? (optional, 1,000 characters)
Overall there was a huge amount of information provided - thank you. However – the mentorship call did crystallize the difference in the way I, as a layman, perceived cybersecurity and the stricter, black and white form with which it is perceived within the industry. In part, this also illustrated the difference in approach that may be needed from a B2B to B2C standpoint. I felt that this brief mentor call revealed an information and perception gap that, if bridged, could greatly aid technical people in conveying their message to non technical companies, policy makers and the public.
Commitment to Creative Commons License (CC BY 4.0)
Yes, I ensure that my portfolio is in compliance with CC BY 4.0.