Current Projects

Designing a Usable Online Privacy tool

I am working with a team at Carnegie Mellon to create more Usable Privacy Policies. One of the main deliverables we’re creating is a plugin for web browsers, that shows the user information about the site that they’re on. The goal is to present information about the site’s legal and privacy policies in compelling ways, so the person visiting the site will be a more critical consumer of it.

The plugin would be an intervention just-in-time, as the user has arrived on a site & is assessing whether she wants to stay there, explore it some more, or give it her usage data if not also subscription. How do we help her be smart about whether she wants to use that site & accept its privacy practices?

Privacy Policy design  user journey

Back in May, I worked with one other leader of this project, Pedro Leon who is a fellow at Stanford Law School’s Center on Internet & Society, did a design sprint to create sketchy mock-ups of what some different browser plugins might look like. Our goal was to create paper mock-ups of possible browser interfaces, that we could do some quick testing with on that day, and then refine them into proper digital mockups to test in focus groups and online.

Usable Privacy policy - workshop work

We tried to capture a range of different messages, compositions, moods, and hierarchies. For our first round of designs, our concepts ranged from the hyper-complex to the hyper-simple. Our main line of variables was along how much information we presented.

User Interface for Privacy Policy spectrum - variables from super clean to hyper detailed

We also were cognizant of possible variations in elements & composition that we could use in putting together possible plugins.

User Privacy Plugin design variables

And we also drew on some other inspiration & analogies for how we could present information like privacy ratings.

Usable Privacy Policies - plugin inspiration - Screen Shot 2015-05-11 at 6.03.43 PM Usable Privacy Policies - plugin inspiration - Screen Shot 2015-05-11 at 6.02.56 PM Usable Privacy Policies - plugin inspiration - Screen Shot 2015-05-11 at 6.02.46 PM Energy Label rating display

Mock-ups of possible privacy plug-in interfaces

Along the axis of simple to complex information, we created some very raw sketches of what a plug-in interface could look like.

Here’s the most simple: a single grade and some links to see what this grade actually looks like:

Usable Privacy Policy design project - IMG_20150512_143251.767

We didn’t necessarily think this super-simple grade would actually be the most effective or user-friendly interface, but our goal was to stretch our own imagination about what’s possible and divine the right amount of simplicity-information balance.

A slightly more complex interface (but still on the simple end of the spectrum) is a letter-score plus some more, very simplified markers of a score — emoji faces, a text description, or something that gives a very glanceable impression of ‘is this good or is this bad?’

Privacy Policy Design scoring

From these very stripped down designs, we started to get to more plausible, and richer designs — though we still tried to keep the amount of information to a relatively simple & digestible quantity. Here are some slightly more complex interface sketches.

This design is the Letter-Score plus 3 possible actions for the user to take in response:

Usable Privacy Policy design project - IMG_20150512_143309.943

The thought was to give a simple rating/assessment, combined with user choice to make it more actionable and empowering. We created a few more slightly complex variations of this theme: rating plus user choice.

Here is one design, with a Rating plus many User Choices — the emphasis is on a quick alert about the rating of the site, and then following up with a large menu of possible responses that the user is able to take in order to protect herself and send her preferences to the site and wider community.

Usable Privacy Policy design project - IMG_20150512_124718.470

We also created a collection of interfaces that give some more detail to the rating, pairing an overall score with a breakdown of sub-category scores.

Here is one Rating – Sub-rating – Action design:

Usable Privacy Policy design project - IMG_20150512_124633.135

And another Rating – Sub-rating – Action design, this time with sub-ratings on a scale (potentially with other competitor sites also featured on the scale to show comparisons):

Usable Privacy Policy design project - IMG_20150512_124621.241

And one last Rating – Sub-rating – Action design, this time also with a ‘comparison’ option woven in, to allow the user to shop around for other options besides the page they’re currently on:

Usable Privacy Policy design project - IMG_20150512_124702.590

Here’s a design with the same information pattern Rating – Sub-rating – User Action, but with more visual elements. We took a card & icon based approach, to use less text and more graphics to show off the info.

Usable Privacy Policy design project - IMG_20150512_124646.125

And one other design was focused totally on User Choices, giving a whole visual menu of actions to make the user feel empowered & activated.

Usable Privacy Policy design project - IMG_20150512_124609.926


And a final sketch was to have all kinds of information — rating, sub-rating and explanation, choices, and participation invitation — but to have it selectively displayed through sliding displays where the complexity is only shown upon click or hover by the user.


Testing Results

So what did our initial, quick testing of these interfaces tell us? Our main message actually upended much of our design hypothesizing. The key factor in the user response was not the amount/complexity of information, but rather the tone, mood, and framing of the message. Though users did show some interest in the amount of detail when assessing how trustworthy & useful the plugin was — the real factor in whether they would use it or not was ‘is this plugin neutral, reliable, and apolitical?’

The user testers were aware enough of privacy and the importance of it, but they did not want any kind of presentation that seemed too radically pro-privacy or anti-tracking. They do not want the sense that the makers of the plugin have a strong agenda as to what is good or bad when it comes to how companies gather data about their users. Rather, they want ratings and recommendations that seem to be neutral, apolitical, and based on clear & authoritative standards.

The language that we had used in our quick sketches alienated the user testers, because it seemed to be too bossy, strident, and like an advocacy group.

Instead, the users said they’d rather something like Film Ratings (G, PG, PG-13, R) that seem to be quite objective and without explicit messages that say whether things rated this way are good or bad. Rather, the people who have rated films seem to just be putting out the neutral rating out to the public without telling the public how they should they react or whether the film is good or bad.

They also suggested that we follow the model of Commonsense Media, an organization that rates movies, tv, games, and other media as to whether it’s family-friendly and kid-appropriate or not. According to one tester, Commonsense does an excellent job at making its ratings persuasive because they do it with a strong veneer of neutrality. They do not use highly-charged language, they do not condemn or use political messaging, and they leave it up to the parents to read the ratings and decide what their response should be.

The main lesson learned from the testing is the importance of language, framing, and messaging. Complexity to simplicity of information presented is important, but even before that, we must care about how we present the tone of information. We must aspire to neutrality & authority by avoiding words like ‘threat’ and ‘risk’, and not calling for too much advocacy or political change. We must show the user respect, by encouraging them to decide what they want to do with our ratings. And we must clearly show that our ratings are based on objective and reliable standards, and not arbitrary or politically-charged.

The second lesson is to frame the plugin as something that saves the user time, giving them the luxury of a shorthand & easy version of something that they want to know but don’t want to spend time on. The users want a Cliff Notes version of privacy information. The value proposition that would get the user to download the plug-in in the first place (and then not delete it later) – is “We (smart lawyers or the like) have read it so you don’t have to!” or “You care about privacy but you don’t have time to figure it all out — let us help you do it quickly, cleanly, and in an empowering way”

Here are my notes, taken during the testing session.

IMG_20150512_142808.630 IMG_20150512_142825.400 IMG_20150512_142752.450 IMG_20150512_142739.594 IMG_20150512_142837.383

Design Notes

As an addendum for the design process-geeks out there, here is some documentation of how we ended up at our designs & how we are moving forward. Before we actually took pen to paper to make our rough mock-ups, we had gone through what the essential content, elements, and user/system requirements would be for our plug-in design. These were constraints and options we could play with.

User Privacy Policy plugin design requirements and notes

Here are some of the questions that we have to grapple with as we craft our designs, message, and experience:

Questions for Privacy Policy design

We fleshed out user requirements for what the plug-in should provide functionally, as well as what impression and experience it should create with the users.

Privacy Policy Plugin Goals for design

And here are the types of content that we can be displaying in the plug-in (though we can prioritize and hide some of these):

Privacy Policy content

Finally, here are notes on the next battery of testing we’ll run in focus groups:

Usable Privacy Project focus group notes

Stay tuned for more updates — more beautiful & refined interfaces — and testing results from these focus groups!



Wise Design (or why are human systems so screwed up?)

This post is not just for lawyers — it is for people who work in hospitals, banks, insurance companies, government agencies, loan companies, accounting firms — people who work in complex systems that are supposed to be serving lay people.

I propose a new field of Wise Design — to build out tools, principles, and patterns to help normal people make more strategic, smart decisions for themselves while trying to make their way through overwhelming systems.

Where I’m coming from

As I’ve been working on legal design, I’ve been hunting down analogous fields — what other areas outside law can legal professionals draw from to rethink how they provide services? Like a good design-thinker, I’m hungry for cross-pollination.

And what I’ve come to realize is that the same challenge I’m tackling in the legal sector — trying to make it easier for a lay person to understand & to navigate the legal system — runs parallel to so many other complicated systems that humans have set up.

Wise Design - system versus person

What I’m realizing is that the challenge (if not the crisis) around how unusable the legal system is coincides with other human system design challenges. The systems that adults are expected to be able to navigate — insurance, mortgages, health care, taxes, student loans, personal savings, estate planning, visas and immigration, credit card offers and payments — have not been designed for humans.

Wise Design we are embedded in hyper complex systems Wise Design systems are anti user

Most adults — even those well-educated & well-meaning — struggle to figure out how to make their way through these systems. You turn 18 and are expected to be able to deal with these systems — follow their rules, use them to your best interest, walk the straight path through them. But the learning curve is steep, we aren’t trained for them, and usually it’s only after making mistakes and missing opportunities do people figure out how to navigate these systems (if they ever do).

Wise Design - happy birthday adult

We need cross-industry Wise Design

All the work, patterns, insights, principles I’ve been gathering up to guide legal design efforts — it can all be extended, shared & remixed with design for these other human systems. We who are working to make law more accessible need to be partnering with people in these other fields — financial planning, health care empowerment, patient engagement, consumer protection.

We are all fighting parallel battles — how to make life more livable for normal people. How to help them make better decisions for themselves, to protect their interests in complex systems. How to make these relatively dreary (or, in worse cases, horribly frustrating) parts of our lives — taxes, insurance, loans, litigation, accounting, medical care, banking — less frustrating, confusing, and punitive.

Wise Design - what if we used design to make systems more navigable

Human-centered design has great potential here, to transform both the front-end of these systems (how we people interact with them) and the back-end of them too (how the systems are actually structured, the rules and procedures that comprise them). What I’d love to see is cross-discipline collaborations, to build better front-end tools and back-end systems and then share best practices among these different fields.

Wise Design - this is a branch of design called wise design

I’m hoping to link the work of legal design, all focused on making legal systems more usable & user-friendly, into a larger movement of Wise Design.

Innovations that Intuit comes up with to make filing taxes easier should be borrowed and used to make it easier to choose the right health insurance. Great insights and experience designs that hospitals create to guide patients through a treatment plan should be remixed into navigation tools for a litigant going through a family law case.

There needs to be a Wise Design coalition — sharing code, design, and momentum. We in the legal sector need to scout out and partner with our counterparts in other industries —  to figure out together how to make human systems more user-centered and how to empower people to make more strategic, rewarding decisions.

And my other hope with a Wise Design movement is to attract all those wonderfully creative designers & developers who are currently working on interesting consumer-based challenges (how do we get people to buy things, love products so much they will use them and spend money on them?) and persuade them to work on these larger systems challenges.  We need more creativity & experimentation on how to help people deal with complex information and make smart decisions.

Wise Design - A design typology

This post has been brewing for a while — I’m interested in your thoughts, especially on how we in the legal world can build better partnerships from other sectors & recruit more creatives and entrepreneurs to work on these challenges.