TY - CHAP
T1 - Why doesn't Jane protect her privacy?
AU - Renaud, Karen
AU - Volkamer, Melanie
AU - Renkema-Padmos, Arne
A2 - De Cristofaro, Emiliano
A2 - Murdoch, Steven J.
N1 - Conference code: 14th
PY - 2014/6/20
Y1 - 2014/6/20
N2 - End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper "Why Johnny Can't Encrypt". Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.
AB - End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper "Why Johnny Can't Encrypt". Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.
KW - end-to-end encryption
KW - privacy
KW - security
KW - end-user mental models
U2 - 10.1007/978-3-319-08506-7_13
DO - 10.1007/978-3-319-08506-7_13
M3 - Chapter (peer-reviewed)
SN - 9783319085050
VL - 8555
T3 - Lecture Notes in Computer Science
SP - 244
EP - 262
BT - International Symposium on Privacy Enhancing Technologies Symposium
PB - Springer
CY - Cham
T2 - 14th International Symposium on Privacy Enhancing Technologies - PETS 2014
Y2 - 16 July 2014 through 18 July 2014
ER -