Safety, UX, and when Users are responsible.

Posted on February 13, 2024 by rrglaser

By Bob Glaser, UX Architect

Designer

Areas of safety in UX Design

There are 3 generalized ways to classify safety in the realm of UX design requirements. It can be defined by determining if:

  1. The mechanism of safety is part of the UX/UI by preventing or reducing the likelihood of making unsafe choices.
  2. Warning the user if there is a potential of a choice causing harm. This requires that the user understand the situation and then decide if overriding the safety requirement of the safe choice is warranted by special circumstances.
  3. The UX can provide generalized safe flows that can improve the speed of a time sensitive process and where overriding the safe flow is an informed choice by a knowledgeable user.

In the first situation, the user is likely to not need to have special knowledge or certification to use the product. They are, usually unknowingly prevented from making potentially unsafe choices. In these cases, overriding safety protocols usually requires a process that is intentionally difficult and not likely to happen accidentally. A good example of this is the recessed reset switches in devices that require a tool like a paperclip to access.

For the 2nd and 3rd situations, there must be an understanding by the user of the safety factors of specific processes.  There are many areas in the professional world where the products require safety attributes be built-in. These can vary from the simple protection of the user from a potential danger to themselves such as a high voltage protection measure to themselves or preventing them from causing harm to others. Then there are the far more complex tasks where potentially financial, or worse, physical harm can be the result of poor or misinformed decision. (I didn’t say uninformed in the later statement because I’m referring to tasks that should be handled by qualified professionals only who have certification to perform the potentially dangerous task.) An important aspect here is to provide at a minimum, information that explains the possible results of overriding the recommendation.

One case of user responsibility would be where a fiduciary or fund manager makes a financial decision based on a single risk point without appropriate backup, consideration of additional risks, or contingency planning. Another is a doctor prescribing the wrong medication and causing harm. Another would be a nuclear systems engineer not being properly aware of complex cooling status of a power producing reactor. 

The 3rd case specifically addresses safety issues that may be time related. For example, an ER surgeon may need to wait until an x-ray is read by a radiologist before working on a patient that just arrived in the emergency room.

However, a knowledgeable user can still make an unknowingly flawed decision because of a UI that is ambiguous in providing feedback, displays information which is not properly updated or contradictory, allows choices that can be destructive, or simply not providing clearly defined warnings and errors.

Non-user based interaction requirements.

As a UX designer, it is imperative to be fully aware of the needed and required integrated attributes of safety (and security as well) of the UI’s that are designed.

Safety in the realm of UX means including safety design elements within the design.
Safety is a fundamental to the ergonomics and empirical ease with which an interaction takes place. These are clear design points which are usually based on simple logic.

Then there are the intangible attributes of the interaction with an interface. Here is were psychology of the user is important in terms of cultural norms, individual user needs and expectations, and perspectives. This aspect is the area where ambiguity in task flow decisions varies based on the individual’s perception. A good example here is that a button could display current state or future state such as an on/off button. (If I see the word “On”, does that mean it is currently ‘on” or that it needs to be pressed to turn it “on”?)

 Safety and security is enumerated in the steps put into the interaction task flow that either prevent or eliminate a problem, warn the user of a potential problem before proceeding or providing feedback of the result of the problem if initiated as well as a solution.)

I’m not going to be going into detail about the issues of regulatory requirements of safety and security as they are complex for any one sector as well as being specific. I will, however, stress the importance of knowing and understanding the regulatory environment of the sector as well as location in which you are designing for. These could include:

  • Software requirements for US government
  • Medical device requirements for Brazil
  • Postal requirements for India
  • GDPR requirements for the EU

Even in these examples, the UX designer needs to consider all the current and potential issues for the entire sector and the entire global economy for which they are to be (eventually) integrated.

Regulatory requirements should always be a baseline from which a design is created. This is minimum level of quality, safety and security that should be achieved. Assuming that safety is being addressed without clear definitions of specific requirements of safety as well as how they are being implemented or mitigated is a disaster waiting to happen.

That being said, it is also the point that you must improve on and not merely meet.
• How can I make it safer?
• How can I make it more secure?
• How can I make it easier to achieve the desired results?
• How can I make it faster? (Remembering that safety may also be a time factor.)

Other considerations

These are questions which must all be met. You don’t pick a top goal here or even a top two or three. You address all of them. This can be addressed by first tackling one the low hanging fruit in the initial problem, but it must always be in context to the other 3 remaining.
The issues of security and other regulatory control are often overlooked by many designers as not pertinent to their product. This is a common oversight. For example, a game may be designed that could be used as a standalone game or a MMORPG. In this case there are security concerns in payment, access to the player’s local machine, password protection and firewalls. All of these attributes contain varying amount of interaction flow which must be designed for considering both the prior mentioned issues of security/privacy as well as the user experience for the typical player.

There are innumerable possible ways which these tasks can be addressed. The significant point is in separating the absolute requirements (preventing fatal outcomes,) from the important (meeting highest possible accuracy,) from the desired (desired outcome of low risk,) from the inconsequential results (which may be useful for other purposes: tracking, system learning, system driven user preferences, etc.)

Reasonable assumptions

This is the tricky part of UX/UI design. Here, we have a specific user population with an expected knowledge base. Thoracic surgeon, nuclear engineer, and financial securities officer are a few professions which typically require some level of board certification in order to be allowed to perform their functions professionally and publicly. If you are designing a UI for a product intended to be used specifically by someone like this, then it becomes important to differentiate between what is reasonable expectation of safety and security. What the UX/UI designer must be acutely aware of is whether the creation of a workflow/taskflow or a new paradigm for an existing workflow/taskflow may introduce the possibility of error, security hole, or flawed presentation of information (where either the data may be inaccurate or be accurate but presented in a way that allows for misinterpretation.)

A simple web search will reveal many spectacular mistakes from seemingly small issues (e.g. the Hubble telescope, incorrect reading of decimal location in stats leading to misdiagnosis in a medical patient, ambiguous wording on a control panel leading to causing a dangerous or fatal situation.

Balancing Ease of Use with Safety and Security.

Here’s is where you need to know precisely who the user is. Is the user someone who has access based on specific designated qualifications? Are there varying levels of qualifications that will determine the breadth of capabilities your product has to offer? Who is the gate keeper of qualifying the user? Is the gatekeeper internal to your company or the company/site of the user (e.g. a qualified admin.) What elements of security and safety task flows do you build into the product that are static and which are variable and at the users choice (i.e. password compliance, ssl’s, firewalls, etc.) These issues become more important and sometime more difficult to deal with when you consider microservices, distributed computing and edge based computing.

In these situations where a user’s standardized certification qualifies them to use the product, doesn’t alleviate the UI/UX designer, or anyone on the design team from the responsibility of including thorough diligence in the safety and security of the UI.
The ideal situation is to remove the safety concern without impact to the usability. If you prioritize safety factors, frequency of use/situations where those safety concerns will be evident if not manifest, you can then not only have a clear hierarchy of safety and security, you will also have a tree which can help you determine ways in which actual use can mitigate the safety and/or security conditions by the very function of use.

I realize that this is very generic and it needs to be in order to address the umbrella of UX over function, use, safety, security, and product success.

Misuse or use of unintended purpose.

This is the “Shoe as hammer” scenario. A product can be sometimes used for a purpose for which its design had neither intended nor foreseen. Part of this perspective is in the understanding that there are always users who will try something unexpected. While we try to design for the most effective and easiest use, there is no predicting the anomalous use case. These shifting use cases can cause or be the cause of massive cultural changes. The smart phone went from being a phone that allowed you to also do other tasks to being a communication device that you may occasionally use as a phone. Social media, once it became accessible on a mobile device shifted common communication behaviors and patterns of a large portion of society, 

These use cases should be documented for at least two primary reasons:

  1. To make sure that the anomalous use doesn’t circumvent the safety and security of the product. 
  2. The unintended use could provide insight into new innovations. This isn’t common but it can provide truly innovating ideas through unexpected repurposing of the product.

Innovation in UX and technology should always these changes in paradigm while still remembering that many of the fundamentals are still valid and have a significant effect on the user.

Unknown's avatar

About rrglaser

Sr. UX Architect/director, with avocations in music, science & technology, fine arts & culture. Finding ways of connecting disparate ideas, facts, and concepts into solving problems. In the last 30 years, I have worked at (among others) various Ad agencies, Xerox, Pitney Bowes, Shortel, Philips (medical imaging R&D), CloudCar, IDbyDNA, and Cisco. I prefer to stand at the vertex of art, technology, culture and design since there is the where the best view of the future exists. "Always learning, since I can't apply what I haven't yet learned."
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a comment