# 資訊安全與隱私保護的 UX 檢核表 (DSPPUX-Checklist) 這份檢核表的設計目的，在於針對為敏感社群開發工具時，應如何增強資安與隱私保護的建議。 * * * ### 第一階段：研究與構思 在你開始打造工具、平台或科技產品前，你會希望能了解你的使用者。「使用者研究」通常包括收集、分析各種潛在的使用者（和研究對象）的意見、資訊和行為。 1. 「使用者研究」牽涉許多不同的方法——訪談、人類學田野、焦點團體、問卷等等^[1]——幾乎所有的方法，都會需要收集到其他人的資料，而此時你就需要思考如何保護研究對象的資訊。 ###### *回答下列問題來評估你的做得如何！* ##### 通訊與資訊收集 ☐ 針對如何儲存研究對象的資訊，我已評估過目前方法的潛在風險，包括： 數位的筆記（例如我儲存我的筆記在雲端平台，或是在我的硬碟裡） 我把這些研究筆記儲存在 ___________________________ ☐ The medium I store notes in is relatively secure — it is end-to-end encrypted, and difficult for third parties to access (such as law enforcement requests). 我儲存筆記的工具是相對安全的 - 是點對點加密且第三方很難輕易取得（包括執法單位要求） ☐ My research does not create a digital paper trail. (For instance, I consider how metadata, like the times we have contacted each other, can expose at-risk users.) 我的研究過程不會留下數位的足跡。（例如，我已審慎考慮過關於我與其他人討論的 metadata，像是時間戳記等，可能會讓某些人暴露在風險中） ☐ If I have identifiable information about my participants, I have thought about where I will store this information. I have created a plan for keeping this information safe. 如果我的專案有收集使用者或參與者的識別資料，我已經有仔細想過如何儲存這些資料，並建立一套確保資料安全的計畫。 ☐ I have a list of topics I should not ask my intended audience about. 我有一個「這些資料不該詢問使用者」的列表。 ☐ I know the kinds of topics I should keep off-record. 我知道哪些資料我應該完全不儲存。 | 小提醒 | | ------------- | | *通訊與資訊收集:* | | [a] Always use end-to-end encrypted channels when you can, and train your contact to securely contact you. 如果可能，永遠使用點對點加密的頻道，並且引導你的研究對象與夥伴使用加密頻道與你聯繫。| |[b] Secure the data you keep and pay attention to protecting the identities of people in your research.在初期研究階段的時候，記得保護你的資料，並隨時注意如何保護研究對象的身份識別資料。 |[c] If metadata is a concern for your audience (e.g. having evidence of you and the contact chatting or calling), do you have an alternate method of communicating? 如果溝通過程中產生的 metadata 可能會危及到你的研究對象，例如，產生了你與某人通話、聊天的證據，你是否有想過替代的通訊方案？| ##### Due Diligence ☐ I have a trusted network to vet my research subjects. ☐ If I keep documentation of my research process, I have considered the risks of keeping that information. (The same concerns in Communications and Information Gathering apply.) 我將我的 | Tips | | ------------- | | *Due Diligence:* | | [a] Partner with human rights organizations or have them as part of your research network.| ##### Diversity and Inclusion ☐ The language I use to describe my project is written simply, and is free of jargon. ☐ I work closely with someone — within the group that I am researching — to be mindful about their culture. ☐ I always ask for consent. I remind people of safety and security concerns. ☐ I use participatory research methods. | Tips | | ------------- | | *Diversity and Inclusion:* | | [a] Always respect and consider diversity and inclusion in your process — tone, words, contact methods, etc.| |[b] Always be empathetic and considerate. ### PHASE II Prototyping and Building With the initial research results, you now have a direction to build the prototype of your tool, tech, or platform. During this process, in particular to test your demo, you may have several checkpoints to refer back to or continue your initial research. 2.Building a product / service that balances security and usability necessarily brings up questions of practicality. ###### *Answer the following to gauge how you are doing.* ##### Contextual Concerns ☐ My design is applicable across a wide spectrum of connectivity environments. (e.g. Networks at refugee camps, places with frequent internet shutdowns.) ☐ My font settings are suitable for the language(s) of my user groups. ☐ My design considers the local digital literacy level. (I have thought about what tasks my audience are able to do, e.g. if they can download tools on their own or if they need help.) ☐ My design incorporates universal features. (e.g. The connotations of icons, interpretations of signs and colors across cultures, etc.) ☐ My design is culturally sensitive. (e.g. It considers cultural taboos of the user group.) | Tips | | ------------- | | *Contextual Concerns:* | | [a] Local connectivity and internet environment varies dramatically from place to place, country to country. If you can not test it in the field, ensure you have trusted representatives in your network to gather local test results.| ##### Practicality Concerns ☐ I have reviewed the types of technology\ies local people are using. ☐ I have a device — similar to that of the intended users — that I can test with. ☐ I understand the security limitations of the tested devices. ☐ My tool / tech / platform is easy for people to acquire / setup. ☐ I have considered the repercussions of whether my tool / tech / platform costs data, collects personal information, or requires other things on the user’s end. ☐ My tool / tech / platform does not use a lot of storage space. ☐ My interface is accessible to people with disabilities. (e.g. following WCAG guidelines.) ☐ I have considered whether my system collects sensitive data. ☐ My system’s design uses end-to-end encryption and takes other measures to prevent third-party access (e.g. access to my server). ☐ I have considered whether my tool / tech / platform should allow cloud settings. ☐ I have considered the physical security needs of using my tool / tech / platform. ☐ I have thought about whether internal documentation should store sensitive data. ☐ My internal documentation takes measures to prevent third-party access, such as using full-disk encryption and end-to-end encryption (e.g. I have thought about people trying to access our servers remotely and in person). ### PHASE III Release and Feedback Once you have a final product, prepare a thorough release strategy and document the process. It is very important to create a culture of feedback — always be open to feedback, and think of constructive ways to gather feedback. 3.Your research continues in this phase as you are coming back to the conversation you had with your testers. practicality. ###### *Answer the following to gauge how you are doing.* ##### Distribution Strategy ☐ I have identified specific platforms or channels for my tool to reach out through. ☐ I am working with someone who has relationships and trust in the communities I am reaching out to. ☐ For gathering feedback, I am providing people with safe channels to contact me (e.g. end-to-end encrypted emails). ##### Training and Documentation ☐ I have created a user manual or guide. ☐ It is easy for people to see the updates for my tool / technology / platform. (Consider if you have a public webpage or portal and if you regularly update them and track the updates.) ##### Evaluation and revisions ☐ I revisited my research methods and analysis. ☐ My work met my original research objectives. ☐ If I have learned anything new in the test, I have written it down in my documentation. ☐ I have a contingency plan for unexpected situations (e.g. Connectivity issues, a trusted alternative network, Code of Conduct, a mechanism for reporting problems, etc.). | Tips | | ------------- | | *Comms and Info Gathering:* | | [a] It is always a good practice to allow people to reach you securely and anonymously. Consult newsroom whistleblowing platforms for tips and recommendations.| | *Evaluation and revisions:* | | [a] It is particularly important to set a Code of Conduct and problem tracking mechanism for your tool / tech / platform if you aim to nurture a community through your rights-protecting product or service. | * * * For further information, inquiries, user research resource, or partnership opportunities, please contact: ##### Natalie Cadranel, natalie@open-archive.org ##### Anqi Li, anqi@accessnow.org ##### An Xiao Mina, an@meedan.com ##### Caroline Sinders, csinders@gmail.com Current and Past Contributors also include: Martin Shelton, Matt Mitchell, Soraya Okuda, TTCat [1] For more about user research methods, visit Nielsen Norman Group’s summary at https://www.nngroup.com/articles/which-ux-research-methods