Supporting safer cybersecurity decisions and a privacy-conscious mindset for industry leaders and others grappling with pandemic stress
As the pandemic drove people online to work, study and connect with loved ones, Leah Zhang-Kennedy doubled down on her commitment to making digital spaces safer for everyone.
“We are at a very critical crossroad right now. New and emerging technologies that rely heavily on our private information are becoming more ubiquitous,” says Zhang-Kennedy, a professor at Waterloo’s Stratford School of Interaction Design and Business. “The seamless convenience of these tools poses significant security concerns.”
With expertise spanning computer science, human-computer interaction and user experience (UX), Zhang-Kennedy says: “Online privacy is not just a matter of law and policy. It's a matter of ethics and doing what's right. Designers need to a have a sense of responsibility to use their skills for good.”
In 2020, about 57 per cent of Canadian internet users reported experiencing some form of privacy breach, according to Statistics Canada. Breaches included being redirected to fraudulent websites that steal personal information or trigger malware attacks. “We know that during this pandemic crisis, when everybody feels a lot of stress, people tend to make poor cybersecurity decisions.”
Zhang-Kennedy flags the pandemic response itself as a potential vulnerability. “COVID-19 contact tracing apps could allow for unprecedented surveillance — it’s always risky to create a tool that enables this type of large-scale population data collection,” she says.
Zhang-Kennedy’s work is focused on two related areas: improving cybersecurity practices among users and promoting secure, usable, engaging security and privacy technology design.
Connecting schools and non-profits to cybersecurity educational tools
Safe cybersecurity behaviours need to start at a very young age if we are to have a society of responsible digital citizens, says Zhang-Kennedy, who has created two interactive educational tools to boost online safety habits.
Cyberheroes introduces children younger than 10 to online privacy concepts and practices, including protecting personal information, combating cyber bullying and avoiding interaction with strangers.
Secure Comics targets non-technical audiences of all ages to improve their understanding of computer security and privacy, including revealing how hackers can easily access personal information or unleash malware attacks.
Both tools are highly visual and interactive, employing principles of persuasive technology, a design intended to change attitudes and behaviours. Secure Comics is available as curriculum resources for Canadian teachers through MediaSmarts, a digital literacy non-profit organization.
“It's really about empowering young children to be able to assess an online situation and educating caregivers and teachers about cybersecurity is part of the process,” Zhang-Kennedy says.
Connecting designers to scientific, technology and industry knowledge
Zhang-Kennedy is also deeply focused on privacy-conscious design, which incorporates privacy considerations into the development process. She stresses that combining scientific and technical knowledge across disciplines and outside academia is an essential part of the work.
“Designers need to stop thinking about privacy as someone else’s responsibility or as a complicated technical or legal problem that is beyond their role,” Zhang-Kennedy says.
Privacy design also depends on buy-in from organizational stakeholders, she adds. “Corporate leaders and management need to adopt a privacy-conscious mindset.” The Stratford School’s corporate partnerships, which often sponsor specific class projects, is one avenue for influencing this mindset within industries.
Think Privacy Design Jam
To build greater capacity for privacy design, Zhang-Kennedy received funding from the Waterloo Cybersecurity and Privacy Institute (CPI) to lead the Think Privacy Design Jam, a virtual event in the fall of 2020 with cybersecurity and UX experts from universities and industry partners including Rogers Communications and BlackBerry.
Non-profit partners such as MediaSmarts, Knowledgeflow and the Cybersafety Foundation also joined more than 50 students from Waterloo’s faculties of Arts, Engineering and Mathematics. The winning teams successfully adapted the Privacy by Design framework in their solutions.
Clubhouse is a secure, online community platform for students to meet and interact with like-minded friends in an after-school club setting which is supervised by teachers. Bondfire is a real-time interactive platform for isolated college students that builds meaningful connections through the power of storytelling. Secretum is an open-source, decentralized social media platform that makes digital activism safe and sustainable for everyone.
Zhang-Kennedy was happy with the outcome of the Jam. “I think it's really about empowering the students to own their authority as privacy-conscious professionals after they graduate.”