By: Regina Ashna Singh
When Leah told her Chinese-immigrant parents she wanted to pursue a career in graphic design, they were all for it; a reaction that is perhaps contrary to pervasive stereotypes associated with Asian parental units which currently exist in Canada.
“Growing up, I feel like I had a good childhood in that my parents weren't too demanding. When I told them I wanted to pursue something in the arts, they were very supportive,” said Leah. Smiling from ear to ear, she reflected that her mother and father did not steer her away from her aspirations and were completely understanding. Unbeknownst to them, Leah would go on to make her own mark in the globally impactful field of cybersecurity and privacy as Dr. Leah Zhang-Kennedy - Assistant Professor in interaction design and user experience research, and director of the Safe Interactions Lab at the University of Waterloo’s Stratford School of Interaction Design and Business. Trusting her instincts and being open to new avenues would lead the professor down a windy path to success, something her family could not have predicted.
How it started…
From the printing press to post grad
Over the past six years as a member of the Cybersecurity and Privacy Institute (CPI), Leah has been at the forefront of research in privacy conscious design and improving cybersecurity practices. From teaching students to creating apps to leading events, Leah takes full advantage of opportunities that cross her path in order to create maximum impact. However, her career trajectory was not always so crystal clear.
At 11 years old, Leah, along with her mom, came to Canada and reunited with her dad after living apart from him for about half a decade. Her father practiced anesthesiology and later dentistry in Canada while her mother was a nurse; both are currently retired from the medical-related fields. However, Leah always had different interests and found herself drawn to fine arts and other types of problem solving. She recalled her first job was at a printing company where she was fascinated by typography and learning how machines like the printing press work. Understanding CMYK offset printing was only the beginning of Leah’s journey in graphic design.
She eventually attained her undergraduate honours degree in design at York University and worked in an agency for about four years where her role focused on creating marketing communication items, such as advertising campaigns and website design. In conducting market research for consumer products and dabbling in a few focus groups, Leah was intrigued by the idea of bridging technology and design. Feeling like she had hit a plateau and that “there was a lot of executing and not enough learning new things” in her then current position, Leah began exploring post-graduate opportunities and advancing her education. In her opinion, it seemed like an opportune time to take a leap as her family was also going through a transitional period of moving between cities.
“I believe Carleton was one of Canada’s first universities that offered an interdisciplinary research Master’s program in HCI (human computer interaction),” said Leah. In a 2020 alumni interview with Carleton University, Leah stated, “my favourite part about the program was its interdisciplinarity and the opportunity to work with researchers and students from various backgrounds.”
How it’s going…
Bridging Technology and Design
Some would consider Leah ahead of her time and a prime case that exemplifies the University of Waterloo’s recently launched Global Futures vision – a strategic initiative that provides a framework to address the world’s most pressing challenges through collaborative and interdisciplinary approaches to solve real-world problems. According to Leah, HCI is at the intersection of psychology, interaction design, and computer science. As the next phase of the internet evolves into the metaverse, which S&P Global defines as a “single, shared, immersive and persistent 3D virtual space where humans and machines interact with one another and with data”, issues of security and privacy will persist. Thus, through the advice and guidance she received by those whom she considers her “research parents” (Dr. Sonia Chiasson and Dr. Robert Biddle), Leah pursued a doctorate in Computer Science and achieved her PhD in 2017.
Her current research at Waterloo falls under the Societal and Technological futures by examining the implications of new technology and people’s attitudes and perceptions towards them. More importantly, Leah is investigating how people’s privacy and security practices can be improved in a wave of emerging and immersive environments. In other words, it is important to protect people’s privacy and security, but from a design perspective, she believes it is essential to create privacy and security mechanisms that are better integrated into the entire user experience.
She used an interesting analogy of security mechanisms as speed bumps to further explain: “It's well known that no one likes to click on security warnings…I see them really as speed bumps…necessary speed bumps in the user flow…For example, I want to play my game using my virtual reality headset, but I’m not necessarily interested in authenticating myself…but it’s an additional layer of burden for users…So how can we support people’s security and privacy preferences, but also maintain their user experience and their primary goals, whatever that may be?” One approach is privacy conscious design.
Privacy Conscious Design, Robots, and Extended Reality
Privacy conscious design involves proactive considerations of users’ privacy when creating/designing a digital product or service. For example, instead of analyzing and reflecting on privacy-related issues that surface post product launch, Leah is of the mindset that these problems need to be anticipated and studied from conception, which would require collaboration from multiple stakeholders, including designers, developers, product managers, privacy engineers, and security experts etc. “There is a phenomenon called the ‘privacy paradox’ where people say they value their privacy, but their online behaviour displays otherwise…,” said Leah. She also added there are instances where people share more information than they initially report that they would.
For one of her current research projects, Leah received seed funding from CPI and RoboHub and is collaborating with fellow Waterloo affiliates, JaeEun (Jen) Shin (PhD student) and Yue Hu (Assistant Professor in the Department of Mechanical & Mechatronics Engineering), to investigate privacy perception towards humanoid robots. By conducting a study with parents and children, their goal is to derive design recommendations to improve the design of security and privacy mechanisms that would support the needs of families using robots for education or entertainment purposes. Despite the various preliminary evidence that child-robot interaction could benefit in supporting children's education and development, concerns about data security and privacy have been raised widely.
Apart from robots, Leah also has a keen research interest in extended reality (XR). Compared to traditional web and mobile interfaces, she said XR technologies, “introduce multiple layers of data collection and possible manipulation…We're no longer dealing with just two-dimensional interfaces.” In immersive three-dimensional environments, for example, the use of deceptive design or privacy dark patterns – tricking users into revealing more personal information than they intended e.g., through involuntary emotional responses or body signals – would be more challenging to detect. Leah clarified, “deceptive design does not always originate from malicious intent and sometimes could be driven by a [legitimate] business goal.” Nonetheless, users may struggle to counteract these subtle forms of manipulation. So once again, privacy conscious design comes into play as it is the practice of identifying and addressing privacy concerns in the design process. Design practitioners would ask themselves: How would your design decisions affect the privacy of users?
The Movement: Cybersecurity is Basic Literacy
As much as her research is making an impact, Leah’s overall mission can be summed up into one sentence: “Cybersecurity is basic literacy.” Whether it is how to create a good password or online etiquette or cyberbullying, Leah has become a behind-the-scenes advocate for the cause. For future generations, she said it is important to assess how people teach and learn about cybersecurity and how secondary users such as parents and teachers fit into the equation. How and where they access their educational resources will also need to be considered.
Of course, Leah has never lost her passion for art and continues to engage in artistic ventures during her personal time. She specializes in creating hand-made marbled papers and medieval, limp leather (book) bindings. When asked what is one fact no one would guess about her, Leah said: “It may be surprising to my students that it took me six years to finish my undergraduate studies because I changed my major halfway through. Looking back, those two additional years gave me the necessary time to fully explore my potential and to grow. I tell my students that it’s OK not to have everything figured out at age 20 or even at age 30 or 40. The most important thing is to keep striving for self-improvement and move forward until you find something you enjoy doing for the rest of your life.”
For more insight on Leah’s research, check out the Safe Interactions Lab.