Quinn Norton's lecture A Network of Sorrows: Small Adversaries and Small Allies at Hack.lu (helpfully transcribed by the Open Transcripts folks!) is a great call-to-arms for user-centered security.
Norton says that the only way we'll make things secure is if we listen to users when they explain their insecure behavior, but points out that the users who need security the most will never be able to afford to speak to real security experts: the kids at the public schools and the nurses at the hospitals that are taken over by ransomware creeps.
So, people are not stupid about their security and their privacy. But they've been lied to. And that's part of the problem that we as a community are in a position to help with, to fix. And one of the other things I think gets disconnected between technicians of all stripes and the people who are not in their fields is that we often think people don't listen or don't care because we forget that this isn't other people's jobs. If you are sitting in this room, to some degree people are paying you to use a long password. People are paying you to to worry about key management. If you are a trash collector or radiologist or a lawyer, this takes away from your work day.
So honestly, one of the reasons we want to bring good tools to where people are is because if you have a radiologist, you don't want your radiologist to learn PGP. I promise. You want your radiologist to look at your frickin' scans. You want them to look at it again. You don't want them to worry about whether their communications with you are encrypted. Because that's time that they're going to take away from trying to spot something on your lungs. Which would you really rather they do?So, we specialize in society for a reason. Because we really want people to pick up our trash. We really want people to defend us, or protect us, from the law. We really want doctors to find the things and fix them that are wrong with us. And we really don't want those people taking their time away from that to learn how to do what we do. Until you are ready to go spend a day of the week picking up everybody else's trash, you're not in a position to tell everybody else to learn how to do your job.
A Network of Sorrows: Small Adversaries and Small Allies [Quinn Norton/Hack.lu]
(via 4 Short Links)