It's 2014. Are we there yet?

John Clizbe JPClizbe at
Thu Apr 10 06:16:47 CEST 2014

Robert J. Hansen wrote:
>> The “secure communications” paradigm of course spans a whole spectrum
>> from “I don’t give a ****” to “I’ll do anything to protect my
>> communications, including giving away my first born”. I suspect the
>> “average Joe user” in 2014 is slightly above the former, but way below
>> the latter. Without going to the other end of the spectrum, what will
>> make adoption of secure communications a bit more palatable to the
>> “average Joe user”?
> Every year or so this subject comes up, and my answers are unchanged
> from last time: start by reading up on academic papers studying this
> exact problem.  For a while John Clizbe and I kept a list of good
> papers, but I have to confess I haven't been keeping up on the latest
> literature.  Still, our last list is pretty good reading.
> (These selections come from both John and me, but John is the one who
> assembled them into proper cite format -- thanks, John.  For the
> original message, see "Re: what is killing PKI?" on this mailing list,
> posted on 24 Aug 2012.)
> =====
Oh yeah, THAT thread. There hasn't been much new work that I've seen.
Certainly nothing invalidating any of these.

The list along with available from links:

       Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
       Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
       In Proceedings of the SIGCHI Conference on Human Factors in Computing
       Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
       R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
       G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.

Available at:

I would also add

       Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E.,
       and Miller, R. C. 2005. How to make secure email easier to use.
       In _Proceedings of the SIGCHI Conference on Human Factors in Computing
       Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
       CHI '05. ACM, New York, NY, 701-710.

Available at:

And a perennial favorite:

       Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
       Hyland. Why Johnny Still Can’t Encrypt: Evaluating the Usability of
       Email Encryption Software. Poster session, 2006 Symposium On Usable
       Privacy and Security, Pittsburgh, PA, July 2006.

And its predecessor:

       Alma Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability
       Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security
       Symposium, Washington, DC, August 1999.

> > Everyone on this mailing list has their own pet theory for why PKI
> > adoption is so lousy.  All of us are probably wrong.  However,
> > published, peer-reviewed studies of PKI adoption and the forces driving
> > and inhibiting them are probably less wrong.

The peer reviewed literature has many, many, references on this topic.
They're a great place to start when assumptions and pet theories take root.


2nd msg:Chatting with Kristen [Fiskerstrand], he pointed me to

Usability of Security: A Case Study. Alma Whitten and J. D. Tygar.
Carnegie Mellon University Computer Science technical report CMU-CS-98-155,
December 1998.


'The unmotivated user property' and 'The abstraction property' are
particularly worth noting and keeping in mind.
John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://  or
     mailto:pgp-public-keys at

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140409/f2b19250/attachment.sig>

More information about the Gnupg-users mailing list