Re-conceptualizing cybersecurity by going (In)visible
An interview with Joyce Lee, one of the winners of CLTC’s 2019 Cybersecurity Arts Contest.
Joyce Lee is a design and user experience researcher based in Berkeley, California. She also loves to create zines and has been publishing and participating in the zine community since 2015. Her practice largely focuses on technology’s role in society, particularly for non-technical and more vulnerable communities. Lee was previously part of a group of collaborators that received a grant from the Center for Long-Term Cybersecurity (CLTC) for a project entitled “Secure Internet of Things for Senior Users.”
CLTC recently sat down with Lee to discuss her most recent zine, “(In)visible,” one of the winning projects from the 2019 CLTC Cybersecurity Arts Contest.
(Note that responses have been lightly edited for length and content.)
What motivated you to do this project?
Having spent some time among security researchers in graduate school, I felt like there was a big gap between their discourse and conversations about security with other “non-technical” people. For instance, I had previously worked on qualitative research about older adults (65+ years old) and their attitudes and behaviors about security. Hearing the kinds of threats they perceived made me reflect on the mostly ominous ways that security is reflected in the media and thus perceived by non-experts.
It seemed like there was an opportunity to have more of an accessible discussion about security — beyond advice shared in reaction to sensational stories of high-profile hacks. Digital security is often seen as either a dry abstraction or a tedious chore. I thought the project could be an opportunity to help people re-conceptualize cybersecurity as a way to think creatively and to empower themselves.
“I think decentralized zine-making practices align with the growing sentiment of public skepticism and understanding of risks associated with life online, particularly those emerging from the centralization of power among monopolistic tech companies.”
Why did you choose the zine format?
Well, I’ve been making zines for the last five or six years; it’s been the preferred format of my creative practice. I do think there are a few qualities of zines that make them particularly relevant, though.
For example, one might think that paper seems ill-suited to conveying the risks of digital activities. But the unexpected format is actually quite appropriate for thinking about how to avoid and subvert digital security risks. I love how artist and educator Amy Sou Wu put it: “Paper is not ‘smart’ — it doesn’t send information back and forth to servers around the world, and thus it cannot so easily be intercepted by third parties.”
The do-it-yourself (DIY) spirit of self-publishing also aligns with early tech culture, with historical examples like “Radical Software” and “The Whole Earth Catalog.” I think decentralized zine-making practices align with the growing public skepticism and understanding of risks associated with life online, particularly those emerging from the centralization of power among monopolistic tech companies.
What is the meaning of the parenthetical title “(In)visible”?
I had originally conceived of the title as “Hack Back,” to evoke the prankish bent of white-hat hackers. But the terminology “hacker” is laden with other connotations, so I decided against it. Eventually I came across Kevin Mitnick’s book, The Art of Invisibility, and chose to center on the idea of invisibility instead. Invisibility invokes the feeling of magic and superheroes; I liked the idea of the zine opening up a space for people to imagine and feel empowered.
The parenthetical (in) aims to convey that what appears visible may in fact have some partially invisible or hidden dimension to it. In an ideal world, I would hope that people can control what they make public and available — and what they choose to remain private and secure. That’s the spirit of the title.
How is “(In)visible” connected to, or different from, your previous work?
This zine was modeled off another zine I had made called “Fictions of Frictions,” with Xiaowei Wang and Gabrielle Elias. We conceived of that zine as a speculative workbook to re-contextualize digital activities by putting them on paper. Specifically, we were challenging the idea of “friction-less” design — or digital experiences that are designed to be easy to use. The idea was to give people an opportunity to re-evaluate their default modes of engagement with technology and imagine alternative possibilities.
Other zines I have made about technology have more often been collections of a particular concept or topic. For instance “G.U.I. Dreams” is a zine that features people describing their dreams about graphical user interfaces and what their unconscious might be telling them about their technology use. And “Identified” is a compilation zine I made that features examples of facial recognition in movies, exploring how this has shaped our collective understanding of how the technology works.
My tendency to collect and aggregate is reflected in this project with the case studies, which were meant to highlight interesting examples of security practices that were a little more experimental or not widely known — to inspire people to keep thinking about security beyond the exercises on the pages. So I guess “(In)visible” is a hybrid of both the workbook and the compilation-style zines I’ve made in the past.
“I think bridging this physical-digital divide is really integral to making people ‘feel’ the effect and importance of good security hygiene.”
What was your process in putting this together and creating the different exercises?
I wanted them to be fun, yet also try to convey a message — something to learn or a possible behavior to adopt. For instance, in the password search puzzle, you get to wear the hat of a hacker and find common passwords like “iloveyou” and “biteme,” which implies how easily bad actors can find weak passwords.
Usually I started with activities first, then tried to think about how they could be connected to security. Sometimes this didn’t always work, though, and I had to drop the exercise. One of these involved a color-by-number activity with cute owls carrying envelopes; it was vaguely about encryption in transit and encryption at rest, but not really. So it didn’t make the final version, which is probably for the best.
In the more open-ended activities, I tried to encourage people to draw connections between security practices we have in the physical world, and how these have been or might be adapted to the digital world. The idea of two-factor authentication, for example, is something people already do when they access their home or cash at an ATM, though they may not realize it. I think bridging this physical-digital divide is really integral to making people “feel” the effect and importance of good security hygiene.
“My hope with the project was that people might perceive security differently. As a concept that is not intimidating — even, dare I say, interesting?”
Who is your primary target audience for the zine? How do you hope “(In)visible” might help to reshape the way they understand security?
I purposely tried to avoid a “digital security 101” explainer approach. Many good educational resources already exist in that realm, and I’m certainly no expert. So I think the target audience would probably be people who know a little about security, but don’t really care that much about it. They know what they should be doing, but don’t, in the same way you might know that saving money and flossing your teeth are good for you, but maybe don’t do it as much as you should.
I think another target audience would be people who are interested in or concerned about security, but perceive it as a kind of amorphous threat that they don’t know what to do about. My hope with the project is that people might perceive security differently, as a concept that is not intimidating — even, dare I say, interesting? Essentially, something they could take action on.
What’s been the response to the zine?
Originally I had planned to distribute it at various in-person events; talking to people about the work is my favorite part of making zines. But due to the pandemic and subsequent event cancellations, it was released at a virtual event. So sadly, I don’t have a very good read on the response. The main signal I have is people “ordering” the zine (for free, thanks to support from the CLTC arts contest).
I only have one copy left, so I could interpret that as a positive sign? I found it interesting that some people ordered multiple copies, which has not been common with previous zines. I guess I could also interpret that as a positive response. When we are able to gather again, I’m hoping to print another run and discuss with people at in-person events. Thank you for giving me the opportunity to make and share “(In)visible” with the world.
