Last month I attended the Girls Scout Saturdays event, arranged by Drexel Ischool for introducing high school girls to Computer Science. I must say it was an amazing experience. When I was a high school student in Bangladesh, my school had an educational program where the high school students had to teach uneducated female garments factory workers. It was a highlight of my high school years. I love these sorts of events because I live in a tiny bubble of people who are like me, and mostly have the same educational/social background. These events give me a sneak peek of the rest of world which is completely different and remind me of a world, which I hardly think, exists. Also they remind me that I might seem really dumb in a world full of intellectuals but I am still useful to some other part of the world :-D.
Anyway, I was talking about my experience with the girls scout. I was invited to this event because I was once a software developer and I was supposed to talk about my experience. The event was for 6-12 graders. I had 12 graders in mind when I was preparing my presentation. But to my surprise, I saw that my audience was a group of 6-12 years "old" girls and I don't know how to talk software engineering with the people so tiny! They all have facebook accounts and they use youtube, skype, emails. In someways, they know more about internet and games and softwares than I used to at that age, (I had my first computer at 20 and snails are faster than internet in Bangladesh). And the scary thing was that when I showed them a real site and a phishing site, no one could detect the fake site. They use internet everyday but they don't know the basic rules of security that why a webpage that looks real might not be real, why it's not good to download every attachment and click on every link in an email that is apparently coming from a friend and why it's not okay to click "Accept" every time your browser gives you a choice. These security decisions are hard even for the adults! How it is possible to make them understandable for these kids? Now I think I understand what Ross Anderson was saying about security and usability that most systems are not designed to consider all kinds of users. Just imagine that you let your kid (or your old parents or anyone) to check emails using your laptop and she downloads every attachments her friend sends and thus installs trozans and keyloggers on your laptop that you use to check your bank accounts. All that encryption and SSL on your bank site won't save your credentials to become a product in the hackers' market. One weak link in the security-chain completely breaks the whole system.
In these days everything I see or read or do or think, brings back this insecurity complex. On another note, the outside world just seems to be getting too interesting to disregard.