User experience, that now ubiquitous phrase, is at the core of design culture in the Internet age. Developers obsess over the way lines flow across a webpage, how many taps of a screen it will take to get you from one place to the next, and the functionalities a person wants but doesn't know how to articulate.
But there's a critical component of true "user experience" that often gets lost in the clinical nature of the term. Users are humans. And humans have innate rights. Which is why, the American Civil Liberties Union explained in a recent blog post, the ACLU has hired an Internet infrastructure technologist.
Secure communications, ACLU technologist Daniel Kahn Gillmor explains, are a "fundamental requirement for free expression, free association, privacy, and a functioning free press." And that kind of security has everything to do with design and implementation of vast and critical systems that are now being built: systems like banking software, communications networks, electronic medical records, and other sensitive databases. He asks:
• Will it be possible to communicate confidentially with your doctor, your business partner, your mate, or your friend?
• Will you know for sure who you are talking to?
• Can you be confident that no one else is listening?
• Can you try on new identities as you grow and change, or will you have one single "face" that you must present for all your communications and that will follow you for your entire life?
• What assurances do you have that when you send someone a message, they will actually get it, and it will not be tampered with along the way?
• Who else gets to know who you communicated with?
• What authorities are you willing to trust with your data or your identity?
• Do you get a choice of authorities, or is it decided for you?
• What recourse do you have if these authorities misbehave?
Gillmor's focus is on defining standards and protocols that will shape communications infrastructure on a sprawling scale.
"These design decisions are often 'baked in' to the communications tools we use," he wrote, "and they can shape our lives in ways we don't expect, including in ways that infringe on some of the most fundamental human rights: how we express ourselves, who we communicate with, and how we grow as people."
Encryption and cryptography, he argues, is not enough. Protecting civil freedoms must be done at the design level because of how the Internet's infrastructure works (or doesn't) directly affects the security of the person using it. And people must actually have access to products designed to serve them—including software built on information-security and rights-preserving protocols.
Again, Gillmor: "Sometimes finding the right answers to the choices that appear in the design process are easy... Other times, the tradeoffs can be difficult: Are we willing to leak our own identities long-term to the communications partner in exchange for having a faster connection?"
The larger question he gets at is one that will shape ideas about privacy and identity in the years to come: What are individuals willing to give up—and at what cost—in exchange for access to online platforms and experiences we've already come to expect?
This is a question Americans will have to ask themselves, but it's also a question for Americans to ask their government, which has long justified encroachments on personal security in the name of national security. A White House review group outlined this tension in a 303-page report a year ago.
In the American tradition, the word “security” has had multiple meanings. In contemporary parlance, it often refers to national security or homeland security. One of the government’s most fundamental responsibilities is to protect this form of security, broadly understood. At the same time, the idea of security refers to a quite different and equally fundamental value, captured in the Fourth Amendment to the United States Constitution: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated... ” Both forms of security must be protected.
Doing so requires the understanding that security in either case cannot be fully measured in the infrastructure we see—metal detectors, password-protected access points, and so on—but also includes the larger, underlying, and often invisible foundational systems in which we live.
"As our society moves further and further online," Gillmor wrote, "the design choices made in the underlying communications technology infrastructure can critically shape what kinds of society are possible."