SoS Musings - Addressing Security and Privacy for People With Blindness and Low Vision
By grigby1
Security and privacy are essential for all individuals, including people with Blindness and Low Vision (BLV). The accessibility tools and devices that BLV individuals use to navigate the digital world render them particularly susceptible to cyberattacks. BLV users may need to rely on others to help them manage their personal and financial information, increasing the risk of falling victim to compromise if such information is exposed to the wrong people. They are more vulnerable to phishing scams because they may not see the visual cues that indicate a message is fraudulent or see if an email is coming from a legitimate source. BLV people may be more likely to accidentally download malware because they rely on assistive technology to navigate the Internet. Therefore, it is essential to continue research and development efforts to improve security and privacy for BLV users.
As Hyung Nam Kim of North Carolina A&T State University pointed out, there are significant privacy concerns regarding the use of camera-based assistive technology on smartphones. There is a concern that visually impaired individuals who rely on this technology for facial recognition and object identification may expose themselves and others to compromise if their device, connections, or software are breached by third parties. Kim wrote a report titled "Digital Privacy of Smartphone Camera-Based Assistive Technology for Users With Visual Disabilities." He conducted a small-scale survey of users with visual impairments who use this technology and associated software, finding that only a few of them were knowledgeable of the privacy policies and potential risks associated with the use of assistive technology. They were generally unaware of the potential problems related to privacy and security breaches. Kim's study aimed to help researchers and professionals provide greater support and education for those with visual impairments who rely on this technology. According to Kim, since many people with visual impairments in the US are just as likely as fully sighted individuals to engage with social media sites such as Facebook, there is an urgent need to improve and enhance their privacy.
A team of researchers at Texas Tech University released a paper titled "Internet Use and Cybersecurity Concerns of Individuals with Visual Impairments," in which they shared findings from a survey of individuals with visual impairments. The purpose of the survey was to gain insight into the individuals' Internet use and to study the relationships between Internet usage metrics and cybersecurity-related knowledge, skills, confidence, and attitudes. They wanted to research the Internet use of visually impaired individuals and investigate their cybersecurity challenges and concerns. Findings from the survey revealed that reading and composing emails was the most common activity. The participants also commonly or extensively engaged in browsing the Internet for entertainment purposes, downloading and uploading files, and conducting educational tasks. The most common social media activities among participants were listening to podcasts, using instant messaging services, updating status on personal web spaces, and adding someone to personal web spaces. Participants reported often encountering different problems while browsing the Internet, including security-related issues, such as misleading links, malware, unauthorized software, and spam emails. Most of the participants reported feeling "concerned" or "very concerned" when asked about cybersecurity threats. The theft of private information, unauthorized individuals gaining access to financial information, and personal information becoming public were the most worrisome among the participants, while the risk of a computing device becoming infected with a virus or malware scored the lowest in regard to concerns. The participants who were more knowledgeable and skilled in cybersecurity were found to be more concerned about it and to use the Internet less frequently than those with less cybersecurity knowledge. The researchers highlighted that concerns about cybersecurity may cause individuals with visual impairments to reduce their Internet use, which could exacerbate the digital divide.
Work led by researchers at the University of Colorado Boulder aimed to improve digital privacy for blind users. Blind people, like sighted people, use Instagram and text photos. To learn about their visual environment, they often share images with identification software such as Microsoft's Seeing AI, Be My Eyes, and TapTapSee. However, when BLV users share photos, they run the risk of accidentally capturing private information. The project aimed to develop a system capable of alerting users when private information is present in an image and, if the user so chooses, concealing it. Methods are needed for flagging what private information may be contained in an image and allowing the user to choose whether to use the image as-is, reject it, or obscure the private information before sharing the image.
Researchers at the University of Waterloo and the Rochester Institute of Technology, in collaboration with BLV people, created a novel authentication method that could enable BLV users to access their devices more securely. OneButtonPIN is a solution that allows users to enter PIN codes using a single large button and haptic vibrations. Existing identification methods, such as drawing patterns, fingerprint and face scans, and PIN codes, have been found to frustrate BLV users as the absence of visual data makes it difficult to effectively use them. Other methods are susceptible to the compromise of users' privacy. OneButtonPIN addresses these security concerns through the use of haptic vibrations that are imperceptible to outsiders. Through OneButtonPIN, when the BLV user is prompted to enter a PIN code on their smartphone, they press and hold a big button on the screen, initiating a series of vibrations separated by pauses. The user counts the number of vibrations corresponding to the number they want to enter, then releases the button, repeating the process until all desired numbers have been entered. Stacey Watson, one of the researchers behind OneButtonPIN pointed out that biometrics such as fingerprints and facial scans are easy to use and are distinctive, but cannot be modified or reset. Watson stated that the more conventional entry methods are vulnerable due to the use of screen reader technology by many BLV people. Those who use PINs are vulnerable to eavesdropping and shoulder surfing attacks, in which a nearby person observes the user's device without them knowing. Nine BLV participants installed OneButtonPIN apps on their smartphones for the study. Their first task was to enter randomly generated PINs using the OneButtonPIN method multiple times. Then, as part of a diary study, they were instructed to use the app at least once a day for one week. Findings from the study showed that OneButtonPIN users entered codes with an average accuracy of 83.6 percent or higher, compared to older techniques' accuracy of 78.1 percent. In addition, the approach proved to be significantly secure. In the second phase of the study, ten sighted participants looked at videos showing individuals using traditional PIN input methods and OneButtonPIN, and then attempted to guess their PIN codes. All of the sighted participants successfully guessed the PINs of those using traditional methods, but none of them were able to guess the codes of those using OneButtonPIN.
In addition to developing more solutions for enhancing security and privacy for BLV users, it is essential to continue efforts to teach such users about cybersecurity and provide more opportunities for BLV people to explore cybersecurity careers. For example, ten BLV high school students attended a GenCyber Camp at the University of Alabama in Huntsville (UAH) to learn about cybersecurity. The camp was a collaboration between UAH, the Center for Assistive Technology Training at the Alabama Institute for Deaf and Blind (AIDB), Microsoft, the Federal Bureau of Investigation (FBI), and the American Printing House for the Blind. Through the camp, the students were introduced to various cybersecurity and computer-related topics. They built a computer, developed programming skills, as well as encrypted and decrypted secret messages. The campers heard from guest speakers, including those with visual impairments who work in the technology industry. To learn about cybersecurity, many campers used assistive tools such as screen readers, magnifiers, braille devices, and more. The camp encouraged students with visual impairments to explore careers in cybersecurity by providing camp experiences with skills, technology, and tools used in the field.
The Science of Security (SoS) community should continue delving into the unique privacy and security concerns of BLV individuals, particularly in regard to using Internet services.
To see previous articles, please visit the Science of Security Musings Archive.