Webinar: Building Accessibility to Address Cognitive Impairments

Conducted By: Lisa Seeman, Chair of The W3C Cognitive Accessibility Task Force; and Rich Schwerdtfeger, Chief Technology Officer, Accessibility, for IBM Software Group, an IBM Distinguished Engineer and Master Inventor.

Sponsored by: International Association of Accessibility Professionals

Date: Wednesday, September 16, 2015

Time: 11:00 AM Eastern (UTC – 4 hours)

Length: 1.5 hours

Fee: $59 for members; $119 for nonmembers

The discount code is: LSRS20

From Rich: “It will cover much of the great work the Cognitive Accessibility task force is doing, including the roadmap.”

Register at: Building Accessibility to Address Cognitive Impairments

Description of the Technologies

Textual content can be delivered in different modes to help people with cognitive disabilities comprehend it. These modes can include:

• text to speech (TTS)
• video;
• text with contextually-relevant images;
• text with consistent icons and graphics; and/or
• text replaced or augmented by symbol sets.

Challenges for People with Cognitive Disabilities

Difficulty of text comprehension by people with cognitive disabilities ranges from minimal to extreme. They may comprehend most of a web page’s textual content, or none at all.

Effect of memory impairments

People with cognitive disabilities may have to:

• read text several times to aid comprehension; and/or
• repeat aloud or otherwise reiterate text multiple times to retain it.

Effect of impaired executive function

People with cognitive disabilities may not:

• sufficiently process / understand text as they read it; and/or
• understand text because they did not understand the text that preceded it.

Effect of attention-related limitations

People with cognitive disabilities:

• may not attend to important concepts and relevant details; and/or
• may be significantly distracted by extraneous text.

Effect of impaired language-related functions

People with cognitive disabilities:

• may have comprehension problems exacerbated by text or instructions presented in a non-native language;
• may not understand text written in their native language, but not written in language from the same culture.

Effect of impaired literacy-related functions

Some people with cognitive disabilities may not:

• understand text because it is not literal and written plainly; and/or
• comprehend text-only instructions in order to adequately follow them.

Effect of perception-processing limitations

Many people with cognitive disabilities may not:

• comprehend text that can’t be enlarged without distortion;
• recognize characters if they do not form words, or are shown in different fonts or styles, e.g., italics.

Effect of reduced knowledge

Some people with cognitive disabilities may not comprehend text because:

• they do not have relevant background knowledge; and/or
• background concepts are not explained simply.

Proposed Solutions

Text is written communication.

Textual content can be provided in a variety of alternative modes / formats as described below. Ideally, people with cognitive disabilities should be able to choose that content is delivered in the mode they comprehend best. (This is an important component of the proposed Global Public Inclusive Infrastructure.)

Text To Speech

Text To Speech (TTS) is hardware and/or software that produces human speech by a device such as a computer. Most TTS reads text aloud in a voice. Other TTS converts symbols, such as those employed by augmentative and alternative communication (AAC), into spoken speech.

Many people with cognitive disabilities, such as Dyslexia, may have the capacity to use a screen reader for text to speech (TTS). However, people with severe cognitive disabilities, such as intellectual disabilities, may require simpler TTS delivery.

A common one is a TTS widget embedded in a website. An alternative is a CSS speech module, as proposed by the W3C. Advantages include that there is nothing to download and install; and learning how to use a TTS widget or a CSS speech module is dramatically simpler than learning how to use a screen reader.

The TTS should be limited to relevant content, and exclude such text as found in menus, footers, and advertisements. Another helpful feature is the visual highlighting of text as it is read aloud. Such features may help people with cognitive disabilities who are overwhelmed even by simple TTS delivery.

Video

Video is a short film clip of moving visual images with or without audio.

To aid comprehension, video with audio should be captioned and/or have audio description, which provides important information not described or spoken in the main sound track. For example, see “Autistic spectrum, captions and audio description”.

WCAG 2.0 Success Criterion References:

• 1.2.2 Captions (Prerecorded): Captions are provided for all prerecorded audio content in synchronized media, except when the media is a media alternative for text and is clearly labeled as such. (Level A)
• 1.2.5 Audio Description (Prerecorded): Audio description is provided for all prerecorded video content in synchronized media. (Level AA)
• 1.2.7 Extended Audio Description (Prerecorded): Where pauses in foreground audio are insufficient to allow audio descriptions to convey the sense of the video, extended audio description is provided for all prerecorded video content in synchronized media. (Level AAA)

Text With Contextually-Relevant Images

An image is a picture, a representation of a visual perception.

User research has shown that text comprehension is significantly enhanced where accompanied by contextually-relevant images. A picture of an object may be easier to recognize than a textual description of it.

Diagrams and charts as visual representations could be helpful for textual descriptions of processes or flows. Employing HTML Canvas, as proposed by the W3C, diagrams and charts could be interactive and have additional descriptions for their parts to aid comprehension.

Text With Consistent Icons And Graphics

An icon is a small image or drawing that commonly represents a function. A graphic is a drawing of a visual perception or an abstract concept, or is otherwise a representation of an object or an idea.

Text accompanied by consistent iconography helps convey meaning, such as by associating discrete textual passages with each other. Similarly, a pie-chart graphic may help convey meaning easier to comprehend than a table of statistics.

Text Replaced Or Augmented By Symbol Sets

A symbol is a sign that represents or suggests an idea, an object, an action, or a belief.

Symbol sets can be used for augmentative and alternative communication to support people with cognitive disabilities who have severe speech and/or language difficulties. This can include those who may understand speech, but who are unable to express what they wish to say, perhaps because of a physical disability. (It is common for people with cognitive disabilities to also have physical disabilities.) Ideally, interoperable symbol sets could be used to replace or to augment web-based text.

Ease-of-Use Ideas

Text should be written clearly and simply using the following attributes:

• plain-language standards relevant to language and culture;
  • (Examples for English include:
  • literal explanations, e.g., without jargon, slang, and metaphors;
  • active voice, not passive voice; and
  • no or minimal use of acronyms and abbreviations.)
• visual and organizational structures, e.g., headings and bulleted lists;
• large font size; and
• sans-serif font

The first 2 attributes, especially the clear structures, will help comprehension via text-to-speech.

Notes

• I welcome your suggestions. Please add a comment.
• This is version 3 of an issue paper I wrote as part of my work as a member of the W3C’s Cognitive and Learning Disabilities Accessibility Task Force. It is a work-in-progress.
• Other task force members who have contributed to the content so far are:
  • Lisa Seeman, Athena ICT
  • Mary Jo Mueller, IBM Accessibility
  • Jamie Knight + Lion, British Broadcasting Corporation
  • E.A. Draffan, University of Southampton
• References in this document to “some people with cognitive disabilities” are to people with the lowest-functioning intellectual capacity, such as people with intellectual disabilities.

I have been busy with my cognitive web accessibility work, though I have not blogged about it much. Here are 3 examples.

Ongoing

• I have a weekly teleconference with the W3C‘s Cognitive and Learning Disabilities Accessibility Task Force. I have been an “Invited Expert” on the task force since it began in November, 2014.
  • We published the first working draft of our Cognitive Accessibility User Research on January 15, 2015. We welcome feedback.

Upcoming

• I will be speaking at the 30th Annual International Technology and Persons with Disabilities Conference of California State University, Northridge (CSUN).
  • Topic: Cognitive Web Accessibility: W3C Task Force & Future Research
  • Date: March 6, 2015
  • Partner: Susann Keohane, IBM Master Inventor

Previous

• By invitation, I spoke at the Fourteenth Annual Conference on Cognitive Disability and Technology of the Coleman Institute for Cognitive Disabilities, University of Colorado.
  • Topic: New Work from the W3C to Create Guidelines.
  • Date: October 9, 2014

Description of the Technologies

Most user interfaces are designed to help users complete tasks. However, web security and privacy technologies intentionally introduce barriers to task completion. They require users to perceive more and to do more to complete tasks. Three examples of these technologies are passwords, CAPTCHA, and 2-Factor Authentication.

• Passwords are words or character strings used for authentication and/or for identity confirmation.
• CAPTCHA is a website widget, which prevents automated programs from submitting a web form intended for humans, by requiring humans to pass a test. Such tests:
  • present distorted text visually and/or aurally;
  • require users to enter that text into a field; and
  • require users to invoke a submit button.
• 2-factor authentication requires a two-stage process to verify the identity of a user. The user is required to have two of three of the following factors:
  • knowledge, e.g., password or PIN;
  • possession, e.g., mobile device or credit card;
  • inherence, e.g., fingerprint or voice print (via biometric device).

Challenges for People with Cognitive Disabilities

Web security and privacy technologies often block people with cognitive and/or physical disabilities who may not be able to:

• discern text they are required to enter and submit;
• recall text or instructions they have seen or heard;
• follow multi-step procedures.

The scope of the problem is vast because, for examples, people with disabilities:

• are prevented from purchasing goods and registering for services on the millions of websites that employ web security and privacy technologies;
• may circumvent web security and privacy technologies with insecure techniques/methods;
• may become so frustrated working through web security and privacy technologies that they relinquish their efforts, and thereby are thwarted from purchasing goods and registering for services;
• may be unable to become accustomed to a web security and privacy technology because there are multiple versions of it across websites;
• may be afraid to trust a web site, thus causing them to cancel a transaction.
  • Note: This is of particular concern for efforts to personalize web sites so they conform to users’ accessibility preferences. (E.g., users may be asked whether they trust a web site in order to pass such preferences.) See:
  • IndieUI
  • Global Public Inclusive Infrastructure (GPII)

Effect of memory impairments

Many people with cognitive disabilities:

• may have to look at or listen to text several times to copy or type it into a form field;
• may not recall steps needed to complete a procedure if an authentication session expires;
• may reuse passwords;
• may use simple-to-remember passwords, which are easy to guess/determine;
• may keep passwords insecurely, such as written on pieces of paper;
• may not recall where they keep passwords (which may be found by people who should not have them).

Some people with cognitive disabilities may not:

• be able to recall required text, such as a password or a PIN, or remember how to retrieve it.

Effect of impaired executive function

Many people with cognitive disabilities may not:

• complete a multi-step procedure for submitting text, such as a password;
• complete a timed procedure due to slowness in completing all steps;
• complete a procedure even if provided multiple opportunities to do so;
• enter characters in the correct order;
• enter characters correctly on the first try (resulting in being locked out).

Some people with cognitive disabilities may not be able to:

• retrieve required text, such as a password or a PIN;
• determine the purpose of a web security and privacy technology sufficiently or at all.

Effect of attention-related limitations

People with cognitive disabilities may not focus due to:

• frustration with time-limited procedures or presentations of digital security tokens;
• irrelevant instructions, such as CAPTCHA‘s “stop spam” and “read books”;
• presentation of multiple options, such as CAPTCHA‘s “Refresh”, “Listen”, and “Help”.

Effect of impaired language-related functions

Some people with cognitive disabilities:

• may have comprehension problems exacerbated by text or instructions presented in a non-native language.

Effect of impaired literacy-related functions

Some people with cognitive disabilities:

• may not comprehend the meaning of instructions related to web security and privacy technologies;
• may, when presented with words by CAPTCHA, be at a disadvantage due to lack of word recognition or comprehension.

Effect of perception-processing limitations

Many people with cognitive disabilities may not:

• read text at all because of the intentional distortion of it, a CAPTCHA technique;
• comprehend text that can’t be enlarged without additional distortion;
• understand text spoken in a computerized and distorted voice, a CAPTCHA technique;
• recognize characters if they do not form words, or are shown in different fonts/styles.

Some people with cognitive disabilities may not:

• understand the purpose of buttons such as CAPTCHA‘s “reset”, “listen”, and “help”;
• recognize functional elements, such as CAPTCHA‘s buttons, are clickable;

Effect of reduced knowledge

Some people with cognitive disabilities may not:

• recognize images, such as symbols or icons, of web security and privacy technologies;
• comprehend the meaning of rich media designed to be instructive.

Proposed Solutions

W3C Recommended Guidelines and Techniques

• Provide text alternatives that identify and describe the purpose of the non-text content.
  • See WCAG 2.0 Guideline 1.1.
• Turn off or adjust time limits, including allowing continuation of activity without reauthentication.
  • See WCAG 2.0, Guideline 2.2.
• Help users avoid and correct mistakes.
  • See WCAG 2.0, Guideline 3.3.
• Save submitted data for reuse after a user authenticates.
  • See WCAG 2.0, Technique G105.
• Encode user data as hidden or encrypted in a re-authorization page.
  • See WCAG 2.0, Technique G181.

Ease-of-Use Ideas

• Allow alternative authentication factors, such as:
  • location (e.g., user’s home or place of employment);
  • presence of a trusted family member or friend, who is detected, for examples, by a wearable biometric device or by a mobile device;
  • could be implemented consistently so that the interface is the same across web sites.
• Develop and use a consistent interface, such as common sets of vocabulary and iconography, across sites.
• Offer textual-password alternatives, such as swipe patterns or click-based graphical passwords.
• Provide security and privacy instructions and policies in plain language.
• Provide helpful feedback during web-form submission, such as explanations of:
  • why an entered password is insufficient; and/or
  • how to create a password that is easy to remember but hard to guess/determine.
• Set a high-security privacy option as the default, but ensure it is easy to use.
• Use a password-keeper app that is accessed biometrically, such as via fingerprint or voice print.

Alternative Web Security and Privacy Technologies

• Security tokens, some of which are hardware devices,can be used to make authentication easier. Security tokens are used instead of, or in addition to, other forms of authentication such as passwords. Security-token hardware devices:
  • include key fobs, rings, or small keypads;
  • can store and/or generate a digital signature, a PIN, or biometric data;
  • can transmit such data via a USB connector, RFID, Bluetooth wireless, or NFC.
• Keygen, an element of HTML5,can be used to simplify re-authentication. After a user has completed authentication using keygen, the user will be automatically authenticated for subsequent uses of a web site or service. Thus, there will be no need for a user to re-enter authentication information.
  • Keygen establishes a private-key and a public-key pair.
  • The keygen tag designates a key-pair field in an authentication form.
  • Upon form submission:
  • a private key is encrypted and saved locally; and
  • a public key is signed with the private key, and is sent to the server.
  • In subsequent authentication sessions, the server will either automatically retrieve the private key, or prompt the user to select it.
  • See W3C HTML5 Recommendation 4.10.12 The keygen element.
• Fast IDentity Online (FIDO), password-free standards for typical and two-factor authentication.
  • FIDO relies upon user authentication based upon a user’s device (e.g., phone, tablet, computer).
  • A user’s device registers the user, to a server, via a public key.
  • Upon a challenge from the server, the user’s device responds with a private key.
  • The device’s keys are unlocked by the user biometrically (e.g., fingerprint scanner) or by a button press, not by a password.
• Spam-free accessible forms, WebAIM, Utah State University, March, 2007.

CAPTCHA Alternatives

• CAPTCHA-less Security, Karl Groves, April, 2012.
• Inaccessibility of CAPTCHA: Alternatives to Visual Turing Tests on the Web, World Wide Web Consortium, November, 2005.
• Determine the time difference between when a web form is loaded and when it is submitted. If it is submitted quickly, which may be indicative of a spambot, discard the submission. Otherwise, keep it.
• A web-form honeypot that is:
  • an input field
  • hidden using CSS
  • labeled with a field name atypical of forms
  • clearly identified with instructions, for AT users, and for others whom have disabled CSS, not to fill it in
  • checked to determine if something was entered
  • used to reject a submission if something was entered

Notes

• I welcome your suggestions.
• I wrote this document as part of my work as a member of the W3C’s Cognitive and Learning Disabilities Accessibility Task Force. Other task force members contributed to the content.
• References in this document to “some people with cognitive disabilities” are to people with the lowest-functioning intellectual capacity, such as people with intellectual disabilities.
• This document:
  • is an expansion of CAPTCHA, Cognitive Disabilities, v1 (W3C Task Force).
  • offers answers to the challenges I described in Online Security & Privacy for People with Cognitive Disabilities, Part 1.
• The web-form honeypot, which I described in this document, will not work for popular websites because spammers will likely expend the effort to defeat it.
• For the latest official version, see the W3C Techniques Paper: “Web Security and Privacy Technologies“.

I am trying to evaluate the barriers of online security and privacy to people with cognitive disabilities. This work will help inform the effort of the W3C’s Cognitive and Learning Disabilities Accessibility Task Force to recommend standards on how to make online security and privacy more accessible.

Problem

I am struggling with how to go about this evaluation. It is a daunting task to come up with common barriers and solution recommendations across:

• the many end-user security and privacy techniques, e.g.:
  • passwords;
  • two-factor authentication;
  • biometrics; and
  • encryption
• the variety of platforms upon which the techniquesare implemented, e.g.:
  • operating systems;
  • devices;
  • web and mobile apps; and
  • messaging
• the different ways the many techniques within the various platformshave been implemented by the major players, e.g.:
  • Apple;
  • Google;
  • Microsoft; and
  • Open Source

Background

It is well known that people sacrifice security and privacy for the sake of convenience. Security and privacy techniques are too difficult to use, and thus are inconvenient. For people with cognitive disabilities, such “inconvenience” amounts to a significant barrier. (See my recent blog post about CAPTCHA for an illustration.)

It appears to me, from my research so far, that there is a lot of work on how to improve the security standards of information and communications technology (ICT) without much focus on the usability and accessibility of it. For example, I could not find even the terms “usability” and “accessibility” in the ICT Security Standards Roadmap of the International Telecommunication Union, an agency of the United Nations.

Improvement

Determining how to make online security usable for everyone must include people with cognitive disabilities. Doing so will mean that the related user experience will be designed to be as simple as possible. The more the experience is easy to use, the more everyone will protect their assets and privacy.

A piece of good news is that the Electronic Frontier Foundation is researching how to measure the usability of implementing secure messaging as part of its “Designing a Prize for Usable Cryptography”. I expect that work would be enough to help develop usability and accessibility-evaluation standards for online security and privacy in general; and to inform the creation of related recommendations for people with cognitive disabilities.

Solution?

I am working on a list of barriers, based upon functional limitations, which are common to end-user security techniques, and sublists unique to each technique. I am not a security and privacy expert. Thus the limitations I am considering are based solely upon my expertise in accessibility and cognitive disability, and what seems logical to me. (For an example, see my recent blog post about CAPTCHA.) I suppose that effort will have to suffice until a security expert, such as the Electronic Frontier Foundation, determines how to measure related usability.

Help Needed

I welcome comments with:

• suggestions about how to evaluate the barriers of online security and privacy to people with cognitive disabilities; and
• information about any effort to evaluate the usability and accessibility of online security and privacy techniques

Notes:

• See Stay Safe Online for online security-related instructions and information.
• No endorsement is intended or implied of the organizations and their efforts mentioned in this blog post.

As a member of the W3C‘s Cognitive and Learning Disabilities Accessibility Task Force, I agreed to review web-security technologies. I chose to begin with CAPTCHA. My first draft is below. The format I am using is the one I intend to use for future reviews. All the text is my own.

I welcome your feedback, additions, and/or revisions.

Definition

CAPTCHA is typically a website widget that prevents automated programs from submitting a web form intended for humans by requiring humans to pass a test. Such tests present distorted text visually and/or aurally; and require the form-submitter to enter that text into a field, and invoke a submit button. See http://www.captcha.net/

Problem

CAPTCHA often blocks people with physical and/or cognitive disabilities who cannot discern the text they are required to enter and submit. The scope of the problem is vast because, for example, people with disabilities are prevented from purchasing goods and registering for services on the (probably) millions of websites that use CAPTCHA.

People with Cognitive Disabilities May Not Be Able to:

• read CAPTCHA text at all because of the intentional distortion of it
• comprehend text that can’t be enlarged without additional distortion
• have the advantage of comprehending the meaning of words or images
• understand text spoken in a computerized and distorted voice
• complete the multi-step procedure for submitting the CAPTCHA text
• complete a timed CAPTCHA due to slowness in completing all steps
• understand the purpose of buttons such as reset, listen, and help
• recognize functional elements, such as buttons, are clickable
• focus due to irrelevant instructions such as “stop spam” and “read books”
• become accustomed to CAPTCHA because there are multiple versions of it

Alternatives

• Inaccessibility of CAPTCHA: Alternatives to Visual Turing Tests on the Web, World Wide Web Consortium, November, 2005.
• A Sliding Alternative to CAPTCHA?, L. Wroblewski, June, 2010.
• sweetCaptcha: Fun and Human Friendly Captcha

Notes

• Neil Milliken suggested I add that people may not be able to complete CAPTCHAs correctly due to sequencing problems causing them to input the characters in incorrect order. I will do so in my next draft.
• No endorsement of CAPTCHA or its alternatives is intended or implied.