{ "version" : "https://jsonfeed.org/version/1", "content" : "news", "type" : "single", "title" : "IT warning banners: How GSA is working to stop unnecessarily frightening users |Digital.gov", "description": "IT warning banners: How GSA is working to stop unnecessarily frightening users", "home_page_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/","feed_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/2024/08/07/it-warning-banners-how-gsa-is-working-to-stop-unnecessarily-frightening-users/index.json","item" : [ {"title" :"IT warning banners: How GSA is working to stop unnecessarily frightening users","deck" : "Driving policy changes and improving user experience through M-23-22","summary" : "OMB Memo M-23-22 discourages the use of pop-ups and modals. GSA IT updated security policies so that IT warning banners are presented less intrusively to users.","date" : "2024-08-07T00:00:00Z","date_modified" : "2025-01-27T19:42:55-05:00","authors" : {"jessica-marine" : "Jessica Marine"},"topics" : { "human-centered-design" : "Human-centered design", "public-policy" : "Public policy", "security" : "Security", "terms-of-service" : "Terms of service" },"primary_image" : { "uid" : "example-gsa-official-use-system-warning-blue-bg-sm-comp", "alt" : "An IT warning banner example alerts user that the system is for official federal government use, is subject to monitoring, and has penalties for unauthorized use.", "width" : "1200", "height" : "630", "credit" : "", "caption" : "", "format" : "png" },"branch" : "bc-archive-content-3", "filename" :"2024-08-07-it-warning-banners-how-gsa-is-working-to-stop-unnecessarily-frightening-users.md", "filepath" :"news/2024/08/2024-08-07-it-warning-banners-how-gsa-is-working-to-stop-unnecessarily-frightening-users.md", "filepathURL" :"https://github.com/GSA/digitalgov.gov/blob/bc-archive-content-3/content/news/2024/08/2024-08-07-it-warning-banners-how-gsa-is-working-to-stop-unnecessarily-frightening-users.md", "editpathURL" :"https://github.com/GSA/digitalgov.gov/edit/bc-archive-content-3/content/news/2024/08/2024-08-07-it-warning-banners-how-gsa-is-working-to-stop-unnecessarily-frightening-users.md","slug" : "it-warning-banners-how-gsa-is-working-to-stop-unnecessarily-frightening-users","url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/2024/08/07/it-warning-banners-how-gsa-is-working-to-stop-unnecessarily-frightening-users/","weight" : "1","content" :"\u003cp\u003eDoes your agency use a pop-up, modal, or overlay to present its IT warning banner (system use notifications) to users? The U.S. General Services Administration (GSA) did.\u003c/p\u003e\n\u003cp\u003eIn fact, 34% of GSA’s public-facing websites contained some version of the following warning banner:\u003c/p\u003e\n\n\n\n\n\n\n\n\u003cdiv class=\"image\"\u003e\n \u003cimg\n src=\"https://s3.amazonaws.com/digitalgov/example-gsa-official-use-system-warning-blue-bg-sm-comp.png\"alt=\"An IT warning banner example alerts user that the system is for official federal government use, is subject to monitoring, and has penalties for unauthorized use.\"/\u003e\u003c/div\u003e\n\n\n\u003cp\u003eIn September 2023, the Office of Management and Budget (OMB) issued M-23-22, Delivering a Digital-First Public Experience, which provides further guidance to help agencies fully implement 21st Century IDEA. The law and policy guidance collectively establish a framework and the \u003ca href=\"https://digital.gov/resources/delivering-digital-first-public-experience/\"\u003erequirements for a digital-first public experience\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThe M-23-22 memo advises agencies on how to handle system use notifications.\u003c/p\u003e\n\u003cp\u003eSection III(A)(2), \u003ca href=\"https://www.whitehouse.gov/omb/management/ofcio/delivering-a-digital-first-public-experience/#IIIA:~:text=Reduce%20user%20friction%20by%20limiting%20warnings%3A\"\u003eReduce user friction by limiting warnings\u003c/a\u003e, says:\u003c/p\u003e\n\u003cdiv style=\"text-align:left; margin-left: 2em;\"\u003e\n\u003cp\u003e\u003cem\u003eAgencies should avoid the use of unnecessary pop-ups, modals, overlays, interstitials, and other messages that interrupt the user experience and impede the user from completing a task, unless it is a necessary part of the design of the user experience.\u003c/em\u003e\u003c/p\u003e\n\u003c/div\u003e\n\u003cp\u003eAnd section III(A)(2), \u003ca href=\"https://www.whitehouse.gov/omb/management/ofcio/delivering-a-digital-first-public-experience/#IIIA:~:text=Do%20not%20alarm%20or%20frighten%20your%20users%20in%20ways%20that%20erode%20trust\"\u003eDo not alarm or frighten your users in ways that erode trust\u003c/a\u003e, says:\u003c/p\u003e\n\u003cdiv style=\"text-align:left; margin-left: 2em;\"\u003e\n\u003cp\u003e\u003cem\u003eAgencies should consider how legal, security, and error messages are presented and conveyed to users.\u003c/em\u003e\u003c/p\u003e\n\u003c/div\u003e\n\n\n\n\n\n\n\u003cdiv class=\"quote-block \"\u003e\n \u003cblockquote\u003e\n \u003cspan class=\"quote-block__quotation-mark\"\u003e“\u003c/span\u003e\n The warning message reads like a ‘no trespassing’ sign. It\u0026rsquo;s an unwelcoming signal.\n \u003cspan class=\"quote-block__quotation-mark\"\u003e”\u003c/span\u003e\u003ccite\u003e— GSA employee\u003c/cite\u003e\u003c/blockquote\u003e\n \u003c/div\u003e\n\u003cp\u003eWith that in mind, we worked with GSA’s Tech Law Division and GSA IT Security to update the agency’s policies to be consistent with M-23-22. The following updated guidance was provided to GSA websites managers:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eFor public websites, systems, and applications like Digital.gov where \u003cstrong\u003eusers do NOT register or log in\u003c/strong\u003e: Don’t actively present a warning banner to users; instead, link to \u003ca href=\"https://www.gsa.gov/website-information/website-policies#privacy\"\u003eGSA.gov’s Privacy and Security policies\u003c/a\u003e. GSA websites that leverage the \u003ca href=\"https://www.gsa.gov/website-information/website-policies#privacy\"\u003eU.S. Web Design System identifier component\u003c/a\u003e already satisfy this recommendation, as shown below. \u003cstrong\u003eNo additional System Use Notification is required\u003c/strong\u003e.\u003c/li\u003e\n\u003c/ol\u003e\n\n\n\n\n\n\n\n\u003cdiv class=\"image\"\u003e\n \u003cimg\n src=\"https://s3.amazonaws.com/digitalgov/digital-gov-identifier-policy-circled-med.png\"alt=\"Screen capture of the U.S. Web Design System identifier component at the bottom of Digital.gov. The link for privacy policy is circled in yellow.\"/\u003e\u003c/div\u003e\n\n\n\u003col start=\"2\"\u003e\n\u003cli\u003eFor public websites, systems, and applications where \u003cstrong\u003eusers register or log in\u003c/strong\u003e: Display system use language with the terms and conditions the user must agree to. The example below from Login.gov presents the Rules of Use at account creation. This method satisfies the acknowledgements required from users that the system they’re using will be monitored, and ensures they are aware that they’re accessing a federal government system every subsequent time they log in.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cdiv style=\"text-align:center;\"\u003e\u003cimg src=\"https://s3.amazonaws.com/digitalgov/rules-of-use-login-gov.png\" alt=\"Login.gov's create an account screen ends with a checkbox and sentence, I read and accept the Login.gov Rules of Use. Rules of use is linked and circled in red.\"\u003e\u003c/div\u003e\n\u003cp\u003eThis work is a great example of a policy tweak that can be immediately applied to public-facing websites to improve user experience.\u003c/p\u003e\n\u003cp\u003eThank you to everyone who had a hand in implementing this change: GSA Tech Law Division, GSA IT Security, GSA Service Delivery team, GSA User Experience team, and GSA’s Digital Council User Experience working group.\u003c/p\u003e\n"} ] }