"Please select what kind of key you want" ~~ suggestion to developers
Robert J. Hansen
rjh at sixdemonbag.org
Mon Feb 23 23:25:14 CET 2009
Robert J. Hansen wrote:
> Required reading:
And let's add to that:
Gaw, S., Felten, E. W., and
Fernandez-Kelly, P. 2006. Secrecy, flagging, and
paranoia: adoption criteria in encrypted email.
In Proceedings of the SIGCHI Conference on Human
Factors in Computing Systems (Montréal, Québec,
Canada, April 22 - 27, 2006). R. Grinter,
T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.
Again, read the entire thing. Email crypto is seen as the mark of a
fearful or paranoid mind. The excerpt here should give you an idea of
the paper, and will hopefully inspire you to read it for yourself.
Abe worked in development. ... Because he handled financial data, Abe
used encryption frequently, particularly when he received records from
online donations ("I tend to try and be sure I PGP everything that has a
credit card number on it"). He also communicated with an external
vendor for recruitment. They used encryption to protect financial data
when they synchronized their copies. Abe believed this setup was
simple; he also thought some people ... needed to be more vigilant. He
described how he tried to convince the head of campaigns in his home
country to use encryption:
"Why? Because it was just good. If the ... police
ever come and bust into the office, you shouldn't
have a document saying, 'hey, I'm discussing how I'm
going to campaign against [a controversial issue].'
It's not the kind of information you want them to
Despite his reasoned argument, his colleagues were uncooperative: "most
people see this as more work and want things simpler."
Many of the employees interviewed ... had limits to their willingness to
be more secure. In fact, moving beyond that limit was seen as abnormal
or paranoid. ... Abe explained how someone could "go overboard" when he
described how a representative of the PGP Corporation visited [the NGO].
Instead of a typical password authentication, the representative took
off his necklace and used a removable flash drive that held his private
key. The demonstration discouraged Abe:
"It was too over-the-top and definitely too complicated.
It was like a movie. ... Yeah, I admire him because he
comes in and puts his passphrase every single day, three
times a day, so that's very dedicated to his stuff. He
must either be very scared or very motivated."
He was not sure whether this vigilance was justified. In fact, he
associated it with being fearful, perhaps irrationally fearful. Abe
reiterated this when asked to speculate on why a colleague sent every
e-mail message encrypted. He figured this man has an automated system
for encrypting e-mail "or else he's nuts."
[big snip here, switching to a different employee, 'Jenny', who has used
PGP in the past and understands its use in contexts where secrecy is
Jenny also thought it was abnormal to encrypt non-secret information.
When the interviewer abstractly explained that people in security
suggest all users encrypt all messages, Jenny was baffled:
"So you're saying that ... people should just -- even
_normal_ people? That ... you're sending email to ...
your mom, like, 'hey, things are going [pause]'? That
you should encrypt your e-mail. That people should do
Jenny emphasizes "normal people." _Normal_ people wouldn't encrypt
More information about the Gnupg-users