Securing the Client from Prying Eyes

I had an experience on the train the other day which got me thinking. In our current age of always on and connected, we find ourselves working in various public places. Coffee shops, the train, an aircraft, wherever. You can get internet now basically anywhere and with the propagation of VPN’s and Two-Factor authentication we can also work anywhere.

Poor Software Design

On the train, I was sitting behind a seemingly stressed out health care provider. Being married to one, I can fully understand the state they were in and am subsequently sympathetic. However, then something amazing happened. They logged into their EMR system and they began going over their patient list for the day. I was gazing out the window, listening to music and watching the scenery go by when something caught my eye that made my stomach drop. Data.. very sensitive data. In the upper left hand corner of the screen, large enough for me to clearly read as well as potentially photograph was the First, Middle and Last Name as well as the Birthday, Age and SSN of each patient. I was shocked. In the 45 minute train ride I potentially could have had around 25 patients personal information. This coupled with a google search behind a proxy could have resulted in enough information to seriously compromise these individuals identity.

Who’s to blame?

At first, I was quick to blame the provider. How in their right mind could they think this is appropriate with someone sitting right behind them. Then I thought, wow, why hasn’t the institution provided them with basic HIPAA training, clearly this is a violation. Then as an engineer I blamed the UI design. A trivial fix could be applied and solve this entire problem. If they would simply make it so the information is invisible unless the pointer is over the data, it would make it much more secure. Obviously the information still is on the client in the source code, but it would solve this specific problem.

The moral

All the SSL Certificates, VPN software, Anti-Malware and encryption cannot save us from the user and poor design. What’s the point of designing in all this security if someone can just sit at the table behind someone and gather all the data that is available in plain site. If you’re designing software for this application, please keep this in mind.

Example Fix

The simple fix is to just have the foreground color and background color match by default. Another possible fix would be to only have the data load when needed, but is more complicated. In this particular example where you’re only worried about not displaying sensitive data to prying eyes, the matching color solution works well. The following sentence is obfuscated using this solution. Here is an example of the fix The goal here is not just to show a solution but get developers thinking not just about the network layer but the user layer as well.