Why instructions are not enough for promoting email encryption

Off the Beat: Bruce Byfield's Blog
The Free Software Foundation (FSF) took a step in the right direction when it recently released Email Self-Defense, a guide to encrypting email using Enigmail and GNUPG. More screen shots might improve it, but on the whole it's a clear and well-organized explanation of a topic that puzzles even some intermediate users. I suspect, however, that to get people to encrypt email is not so much a matter of releasing clear instructions -- many of which already exist -- as a matter of overcoming deeply embedded attitudes.
Admittedly, privacy and personal security have become popular topics in the media over the last couple of years. However, to conclude from this popularity that people actually want to learn how to protect themselves may be too large a leap. For over two decades, the media has published stories about the dangers of computing -- often with gaping inaccuracies. These stories are rarely calls to action -- instead, they seem designed to reinforce the impression of computers and the Internet as scary technologies. If anything, these stories discourage action, because they make casual users believe that computers and the Internet are far too dangerous and complicated for them to tinker with them.
Yet even if casual users can be convinced that they can act to protect themselves, convincing them that they need to do so remains difficult. The perception is still widespread that only crackers, stalkers, and such people need worry about loss of privacy. The idea that there are many classes of people who need privacy for legitimate reasons -- for example, whistle-blowers or women being stalked -- is only slowly being accepted at best. The Nym Wars over Google+'s insistence on real names or registered aliases, and Facebook's seemingly endless erosion of its users' privacy are constantly reported, yet have done little to drive users away from such sites.
Which brings up another point: If asked to choose between convenience and security, too many users will pick convenience every time. I first made this observation when I helped neighbors to set up passwords and limited accounts, only to find that they had undone my changes after a week, but it seems to hold true in other instances, too. No matter how clear the instructions are or how intuitive the interface becomes, encrypting email may not catch on simply because it requires extra steps. Even if the encryption takes less than thirty seconds, that is still about twenty-nine seconds too long to feel convenient to many users.
Given current attitudes, a very real chance exists that encrypted email will be seen as simply too complicated to become widely used. The FSF has chosen a relatively simple method using Thunderbird, but not everyone uses Thunderbird or will switch to it for the sake of security, and setting up encryption on other email readers can be much more difficult.
In the end, encryption is very much like the email services of about a decade ago that limited email to those on a white list. The setup and daily use of these services soon proved more than people wanted to bother with, and in a year or two most of the services disappeared, made extinct due to a lack of interest.
What this means is that clear instructions, as praiseworthy as they are, cannot be enough. For the FSF's campaign to succeed, it needs to be supported by people with some understanding of the difference between casual users and hardcore geeks. It needs to convince people that simply a belief in privacy is enough to justify the use of encryption, that encryption is necessary and carries no stigma. And while it is busy changing people's minds, it needs to convince email client projects that encryption should be no more difficult than running a spell-check. Spreading clear instructions, which apparently is the next step in the FSF's campaign, seems not nearly enough -- no matter how well-crafted the instructions.
Advocating encryption, it strikes me, is comparable to being an anti-smoking activist in the 1990s: with considerable effort, you can bring about the change you advocate, but you have to be prepared for years of efforts to change people's minds. Without this effort, all the instructions in the world will not be enough to make encryption routine.
comments powered by DisqusIssue 272/2023
Buy this issue as a PDF
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
News
-
An All-Snap Version of Ubuntu is In The Works
Along with the standard deb version of the open-source operating system, Canonical will release an-all snap version.
-
Mageia 9 Beta 2 Ready for Testing
The latest beta of the popular Mageia distribution now includes the latest kernel and plenty of updated applications.
-
KDE Plasma 6 Looks to Bring Basic HDR Support
The KWin piece of KDE Plasma now has HDR support and color management geared for the 6.0 release.
-
Bodhi Linux 7.0 Beta Ready for Testing
The latest iteration of the Bohdi Linux distribution is now available for those who want to experience what's in store and for testing purposes.
-
Changes Coming to Ubuntu PPA Usage
The way you manage Personal Package Archives will be changing with the release of Ubuntu 23.10.
-
AlmaLinux 9.2 Now Available for Download
AlmaLinux has been released and provides a free alternative to upstream Red Hat Enterprise Linux.
-
An Immutable Version of Fedora Is Under Consideration
For anyone who's a fan of using immutable versions of Linux, the Fedora team is currently considering adding a new spin called Fedora Onyx.
-
New Release of Br OS Includes ChatGPT Integration
Br OS 23.04 is now available and is geared specifically toward web content creation.
-
Command-Line Only Peropesis 2.1 Available Now
The latest iteration of Peropesis has been released with plenty of updates and introduces new software development tools.
-
TUXEDO Computers Announces InfinityBook Pro 14
With the new generation of their popular InfinityBook Pro 14, TUXEDO upgrades its ultra-mobile, powerful business laptop with some impressive specs.