The desire to feel and be safe is an intrinsic human need. But when it comes to technology, the lack of transparency, meaningful choices, and understanding of the system leads people to feel that they have little control over their security and privacy. Besides these barriers, the digital ecosystem is often too complex for most of us to master; we must relinquish some control and find ways to trust other entities such as our social circles, companies, governments.
In order for digital security and privacy mechanisms to truly feel meaningful to people, they must inspire trust and provide a sense of control.
When used together, the following four imperatives help foster a cycle of trust and control. They can guide all aspects of the product, such as its functionality, user interface, visual design, language and communication, and marketing.
Under each imperative are some design principles that give tangible suggestions for common security and privacy issues. Different products might require different principles. As long as they are consistent with the imperatives, other principles can work just as well.