What Matters When Designing For Safety?

What Matters When Designing For Safety?

Eva PenzeyMoog
Eva PenzeyMoog

August 24, 2021

My first book, Design for Safety, is now available for purchase!

This book is the culmination of more than 10 years of work. Before joining the tech field, I worked in the non-profit space and volunteered as a domestic violence educator and rape crisis counselor. When I decided to switch careers and joined 8th Light, I quickly saw the ways these two paths overlap. For the last five years, 8th Light has been incredibly supportive of this work, including supporting my first conference talk back in 2018, and giving me time and resources to help finish this book.

I went on a recent Collaborative Craft episode to talk a little bit about the work I’ve been doing, what’s motivated me, and where I’d like to see us move as an industry that considers these issues as first-class concerns.

In this blog, I wanted to provide a little bit more of a detailed overview of what topics I cover in the book, and how it might affect you and your work as a technologist.

A chapter-by-chapter overview of Design for Safety

The first chapter introduces the problem space by challenging our assumptions about tech products. Technologists will often use the term “happy path” to describe their focus on building a product for its intended use, and often de-prioritize and defer work on edge cases to be addressed well after launch (if ever). However, not all of the edge cases and deviations from the happy path are harmless. In some cases, even the desired features are vulnerable to abuse.

We need to take seriously all of the data and research that challenges basic assumptions about our users. We can’t assume that our users are in safe, healthy relationships; that there aren’t people out there who are looking at every single piece of tech in their lives for new ways to enact power and control over someone in their life; that passwords are an effective way to keep unwanted users out of an account (which is not the case in a domestic violence context).

With that groundwork in place, I go into deeper detail about a few of the more pertinent examples I’ve found. Chapter 2 focuses on control, and includes a bunch of examples of products that have really fuzzy lines of who has the ultimate authority within a shared product or device. Many of these features are easy to take for granted, but can cause serious issues like controlling someone’s finances in a shared bank account, or remotely harassing someone with IoT devices.

Chapter 3 dives into location-revealing data, and the plethora of products that enable covert stalking. This behavior is incredibly common, and something that domestic violence advocates are reporting is a huge problem.

Chapter 4 is about surveillance, and mostly focuses on Amazon. The company is truly leading the way in abuse-ready products, especially when it comes to allowing people who live together to surveil each other. They also have a history of disregarding basic security practices—like not making users setting up a new Ring device change the default password, which allowed anonymous people to access Ring devices in other people’s homes.

This chapter also gets into stalkerware, or spyware, which is software that can be installed on someone’s phone or laptop either by someone who has access to the phone, or through remote methods like sending someone a link that downloads the software when they click. Somehow this is still legal. It’s typically marketed as a tool for “protecting children,” but we know that many people use it on adults without their consent, and its use has been linked to multiple domestic violence homicides.

The final chapters are all about putting this information to work. There’s a chapter about how to implement a practice of safety at your company, followed by a chapter about doing research with vulnerable populations. There’s also a chapter about how to build tech specifically for vulnerable groups—such as an app for domestic violence survivors, where the stakes are really high. And lastly, there’s a chapter about systems-level changes we need in order to make the tech landscape safer.

I bought the book, what else can I do?

My biggest hope with this book is to inspire others to get involved and help us work toward a safer, more inclusive world of tech. I’ve begun to work with design teams directly on how to implement a practice of designing for safety in their work. If you want to learn more about that, or if this work spoke to you and you want to share it, you’re more than welcome to email me at eva at 8thlight dot com. You can also find me at Twitter under the handle @epenzeymoog.

8th Light is also helping grow this work by incorporating it into a service we can provide to our partners at scale. Reach out to us through our contact page, and we'll work with you to determine the best way for us to collaborate on crafting a safer and more inclusive software application.