It's 2014. Are we there yet?

Robert J. Hansen rjh at
Wed Apr 9 19:58:40 CEST 2014

> The “secure communications” paradigm of course spans a whole spectrum
> from “I don’t give a ****” to “I’ll do anything to protect my
> communications, including giving away my first born”. I suspect the
> “average Joe user” in 2014 is slightly above the former, but way below
> the latter. Without going to the other end of the spectrum, what will
> make adoption of secure communications a bit more palatable to the
> “average Joe user”?

Every year or so this subject comes up, and my answers are unchanged
from last time: start by reading up on academic papers studying this
exact problem.  For a while John Clizbe and I kept a list of good
papers, but I have to confess I haven't been keeping up on the latest
literature.  Still, our last list is pretty good reading.

(These selections come from both John and me, but John is the one who
assembled them into proper cite format -- thanks, John.  For the
original message, see "Re: what is killing PKI?" on this mailing list,
posted on 24 Aug 2012.)


Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
In Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.

Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E.,
and Miller, R. C. 2005. How to make secure email easier to use.
In _Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
CHI '05. ACM, New York, NY, 701-710.

Alma Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability
Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security
Symposium, Washington, DC, August 1999.

Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
Hyland. Why Johnny Still Can’t Encrypt: Evaluating the Usability of
Email Encryption Software. Poster session, 2006 Symposium On Usable
Privacy and Security, Pittsburgh, PA, July 2006.

More information about the Gnupg-users mailing list