When technologists design software, who are they thinking about when they are considering who will use their solution? Dr. Mattea Sim examined this question in a recently accepted paper presented at the New Security Paradigms Workshop (NSPW 2023), “A Scalable Inclusive Security Intervention to Center Marginalized & Vulnerable Populations in Security & Privacy Design”.  Dr. Sim is a postdoctoral scholar working with the Stereotyping, Prejudice, and Facial Expressions Lab at Indiana University and the Security & Privacy Research Lab at the University of Washington. Her research focuses on inclusive computing practices at the intersection of social psychology and computer security.  

Dr. Sim’s paper centers on the disconnect between software designers (as well as designers-in-training) and marginalized/vulnerable populations. Research in psychology has shown that marginalized and vulnerable groups are rarely considered in a variety of contexts – including the area of current computer technology.  As technology has become more entrenched in our world, the designer’s perceptions on the people who will ultimately use technology can have a dramatic effect on society.  There is a trend for greater consideration being afforded to more privileged groups rather than marginalized and vulnerable populations.

“Systems designed with only more privileged users in mind will discriminate by design,” said Dr. Sim.  “Our goal was to make marginalized and vulnerable groups more salient to designers-in-training, and thus encourage designers-in-training to center these populations in the context of computer security.” 

Dr. Sim and the team of researchers conducted two studies with a total of 225 Computer Science students enrolled in an upper-level computer security course as a part of an in-lab threat modeling exercise. Students completed an online threat modeling exercise twice: the first instance submitting answers for an Augmented Reality headset with no prompting; the second instance completing the same assignment while either in a control group (those provided a prompt explaining people sometimes come up with alternate responses when considering a question on a second pass) and Salience intervention condition (those provided an education prompt explaining the concept of a default persona and asking students to consider populations who may normally be overlooked). 

Students exposed to the salience intervention prompt considered a higher proportion of marginalized and vulnerable stakeholders as compared to their responses before receiving the intervention prompt and compared to those who received the control prompt.  “A brief intervention was successful at helping designers-in-training consider marginalized and vulnerable populations that did not often come to mind spontaneously. We hope this type of practice can be part of a broader tool kit to help people design more inclusively down the line,” said Sim. This work can also help the general public in understanding how users can be overlooked in the technological design process.

Dr. Sim’s research is supported by the Center for Privacy and Security of Marginalized and Vulnerable Populations (PRISM), a National Science Foundation project that aims to transform how the security community addresses the specific cybersecurity needs of marginalized and vulnerable (M&V) populations, by developing tools and methods to center those needs at the core of cybersecurity research and technology design.

The full paper is available via this DOI link – https://doi.org/10.1145/3633500.3633508

This research was a collaboration with Dr. Mattea Sim (Indiana University), Dr. Kurt Hugenberg (Indiana University), Dr. Tadayoshi Kohno (University of Washington), and Dr. Franziska Roesner (University of Washington).