Jon Udell has a great post today on people’s expectactions about their security:
In his recent TED talk he mentions that the Tylenol incident led to tamper-proof caps — a perfect example of what Schneier likes to call “security theater”:
As a homework assignment, think of 10 ways to get around it. I’ll give you one, a syringe.
So far this is typical Schneier. It’s a great point, but one I’ve heard him make many times before. In the next sentence, though, he breaks new ground:
But it made people feel better. It made their feeling of security more match the reality.
Bruce Schneier used to mock the theatrical dimension of security. Now it seems his thinking has evolved — and in a really interesting way. He’s alway viewed security in a relativistic way, and as a game of economic tradeoffs. Here he twists the lens to bring something else into focus: the relationship between how secure we feel and how secure we are.
This hit home for me, because is exactly the same way I feel about product development, especially mobile development. We can fight all day about mobile web vs mobile native, but that’s only half of the issue. An equally important piece of software development is making sure to set and exceed user expectations.
When developing software, step 1 should be: “What are my user’s expectations? Can I change those expectations before they even launch my app? How should those expectations change how I design the user experience?”