Why doesn't Jane protect her privacy?

Karen Renaud, Melanie Volkamer, Arne Renkema-Padmos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

34 Citations (Scopus)

Abstract

End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper "Why Johnny Can't Encrypt". Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.

Original languageEnglish
Title of host publicationPrivacy enhancing technologies
Subtitle of host publication14th International Symposium, PETS 2014, Amsterdam, The Netherlands, July 16-18, 2014, proceedings
EditorsEmiliano De Cristofaro, Steven J. Murdoch
Place of PublicationCham
PublisherSpringer
Pages244-262
Number of pages19
ISBN (Electronic)9783319085067
ISBN (Print)9783319085050
DOIs
Publication statusPublished - 7 Jun 2014
Externally publishedYes
Event14th International Symposium on Privacy Enhancing Technologies - Amsterdam, Netherlands
Duration: 16 Jul 201418 Jul 2014
Conference number: 14th
https://petsymposium.org/2014/index.php

Publication series

NameLecture Notes in Computer Science (LNCS)
PublisherSpringer
Volume8555
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference14th International Symposium on Privacy Enhancing Technologies
Abbreviated titlePETS 2014
CountryNetherlands
CityAmsterdam
Period16/07/1418/07/14
Internet address

Fingerprint

Electronic mail
Cryptography
Availability

Cite this

Renaud, K., Volkamer, M., & Renkema-Padmos, A. (2014). Why doesn't Jane protect her privacy? In E. De Cristofaro, & S. J. Murdoch (Eds.), Privacy enhancing technologies: 14th International Symposium, PETS 2014, Amsterdam, The Netherlands, July 16-18, 2014, proceedings (pp. 244-262). (Lecture Notes in Computer Science (LNCS); Vol. 8555). Cham: Springer. https://doi.org/10.1007/978-3-319-08506-7_13
Renaud, Karen ; Volkamer, Melanie ; Renkema-Padmos, Arne. / Why doesn't Jane protect her privacy?. Privacy enhancing technologies: 14th International Symposium, PETS 2014, Amsterdam, The Netherlands, July 16-18, 2014, proceedings. editor / Emiliano De Cristofaro ; Steven J. Murdoch. Cham : Springer, 2014. pp. 244-262 (Lecture Notes in Computer Science (LNCS)).
@inproceedings{0a5bd7f6f712488490dd4cc156ad70f1,
title = "Why doesn't Jane protect her privacy?",
abstract = "End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper {"}Why Johnny Can't Encrypt{"}. Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.",
author = "Karen Renaud and Melanie Volkamer and Arne Renkema-Padmos",
year = "2014",
month = "6",
day = "7",
doi = "10.1007/978-3-319-08506-7_13",
language = "English",
isbn = "9783319085050",
series = "Lecture Notes in Computer Science (LNCS)",
publisher = "Springer",
pages = "244--262",
editor = "{De Cristofaro}, Emiliano and Murdoch, {Steven J.}",
booktitle = "Privacy enhancing technologies",

}

Renaud, K, Volkamer, M & Renkema-Padmos, A 2014, Why doesn't Jane protect her privacy? in E De Cristofaro & SJ Murdoch (eds), Privacy enhancing technologies: 14th International Symposium, PETS 2014, Amsterdam, The Netherlands, July 16-18, 2014, proceedings. Lecture Notes in Computer Science (LNCS), vol. 8555, Springer, Cham, pp. 244-262, 14th International Symposium on Privacy Enhancing Technologies, Amsterdam, Netherlands, 16/07/14. https://doi.org/10.1007/978-3-319-08506-7_13

Why doesn't Jane protect her privacy? / Renaud, Karen; Volkamer, Melanie; Renkema-Padmos, Arne.

Privacy enhancing technologies: 14th International Symposium, PETS 2014, Amsterdam, The Netherlands, July 16-18, 2014, proceedings. ed. / Emiliano De Cristofaro; Steven J. Murdoch. Cham : Springer, 2014. p. 244-262 (Lecture Notes in Computer Science (LNCS); Vol. 8555).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Why doesn't Jane protect her privacy?

AU - Renaud, Karen

AU - Volkamer, Melanie

AU - Renkema-Padmos, Arne

PY - 2014/6/7

Y1 - 2014/6/7

N2 - End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper "Why Johnny Can't Encrypt". Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.

AB - End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper "Why Johnny Can't Encrypt". Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.

U2 - 10.1007/978-3-319-08506-7_13

DO - 10.1007/978-3-319-08506-7_13

M3 - Conference contribution

AN - SCOPUS:84903957235

SN - 9783319085050

T3 - Lecture Notes in Computer Science (LNCS)

SP - 244

EP - 262

BT - Privacy enhancing technologies

A2 - De Cristofaro, Emiliano

A2 - Murdoch, Steven J.

PB - Springer

CY - Cham

ER -

Renaud K, Volkamer M, Renkema-Padmos A. Why doesn't Jane protect her privacy? In De Cristofaro E, Murdoch SJ, editors, Privacy enhancing technologies: 14th International Symposium, PETS 2014, Amsterdam, The Netherlands, July 16-18, 2014, proceedings. Cham: Springer. 2014. p. 244-262. (Lecture Notes in Computer Science (LNCS)). https://doi.org/10.1007/978-3-319-08506-7_13