Why instructions are not enough for promoting email encryption

Off the Beat: Bruce Byfield's Blog
The Free Software Foundation (FSF) took a step in the right direction when it recently released Email Self-Defense, a guide to encrypting email using Enigmail and GNUPG. More screen shots might improve it, but on the whole it's a clear and well-organized explanation of a topic that puzzles even some intermediate users. I suspect, however, that to get people to encrypt email is not so much a matter of releasing clear instructions -- many of which already exist -- as a matter of overcoming deeply embedded attitudes.
Admittedly, privacy and personal security have become popular topics in the media over the last couple of years. However, to conclude from this popularity that people actually want to learn how to protect themselves may be too large a leap. For over two decades, the media has published stories about the dangers of computing -- often with gaping inaccuracies. These stories are rarely calls to action -- instead, they seem designed to reinforce the impression of computers and the Internet as scary technologies. If anything, these stories discourage action, because they make casual users believe that computers and the Internet are far too dangerous and complicated for them to tinker with them.
Yet even if casual users can be convinced that they can act to protect themselves, convincing them that they need to do so remains difficult. The perception is still widespread that only crackers, stalkers, and such people need worry about loss of privacy. The idea that there are many classes of people who need privacy for legitimate reasons -- for example, whistle-blowers or women being stalked -- is only slowly being accepted at best. The Nym Wars over Google+'s insistence on real names or registered aliases, and Facebook's seemingly endless erosion of its users' privacy are constantly reported, yet have done little to drive users away from such sites.
Which brings up another point: If asked to choose between convenience and security, too many users will pick convenience every time. I first made this observation when I helped neighbors to set up passwords and limited accounts, only to find that they had undone my changes after a week, but it seems to hold true in other instances, too. No matter how clear the instructions are or how intuitive the interface becomes, encrypting email may not catch on simply because it requires extra steps. Even if the encryption takes less than thirty seconds, that is still about twenty-nine seconds too long to feel convenient to many users.
Given current attitudes, a very real chance exists that encrypted email will be seen as simply too complicated to become widely used. The FSF has chosen a relatively simple method using Thunderbird, but not everyone uses Thunderbird or will switch to it for the sake of security, and setting up encryption on other email readers can be much more difficult.
In the end, encryption is very much like the email services of about a decade ago that limited email to those on a white list. The setup and daily use of these services soon proved more than people wanted to bother with, and in a year or two most of the services disappeared, made extinct due to a lack of interest.
What this means is that clear instructions, as praiseworthy as they are, cannot be enough. For the FSF's campaign to succeed, it needs to be supported by people with some understanding of the difference between casual users and hardcore geeks. It needs to convince people that simply a belief in privacy is enough to justify the use of encryption, that encryption is necessary and carries no stigma. And while it is busy changing people's minds, it needs to convince email client projects that encryption should be no more difficult than running a spell-check. Spreading clear instructions, which apparently is the next step in the FSF's campaign, seems not nearly enough -- no matter how well-crafted the instructions.
Advocating encryption, it strikes me, is comparable to being an anti-smoking activist in the 1990s: with considerable effort, you can bring about the change you advocate, but you have to be prepared for years of efforts to change people's minds. Without this effort, all the instructions in the world will not be enough to make encryption routine.
comments powered by DisqusIssue 270/2023
Buy this issue as a PDF
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
CarbonOS: A New Linux Distro with a Focus on User Experience
CarbonOS is a brand new, built-from-scratch Linux distribution that uses the Gnome desktop and has a special feature that makes it appealing to all types of users.
-
Kubuntu Focus Announces XE Gen 2 Linux Laptop
Another Kubuntu-based laptop has arrived to be your next ultra-portable powerhouse with a Linux heart.
-
MNT Seeks Financial Backing for New Seven-Inch Linux Laptop
MNT Pocket Reform is a tiny laptop that is modular, upgradable, recyclable, reusable, and ships with Debian Linux.
-
Ubuntu Flatpak Remix Adds Flatpak Support Preinstalled
If you're looking for a version of Ubuntu that includes Flatpak support out of the box, there's one clear option.
-
Gnome 44 Release Candidate Now Available
The Gnome 44 release candidate has officially arrived and adds a few changes into the mix.
-
Flathub Vying to Become the Standard Linux App Store
If the Flathub team has any say in the matter, their product will become the default tool for installing Linux apps in 2023.
-
Debian 12 to Ship with KDE Plasma 5.27
The Debian development team has shifted to the latest version of KDE for their testing branch.
-
Planet Computers Launches ARM-based Linux Desktop PCs
The firm that originally released a line of mobile keyboards has taken a different direction and has developed a new line of out-of-the-box mini Linux desktop computers.
-
Ubuntu No Longer Shipping with Flatpak
In a move that probably won’t come as a shock to many, Ubuntu and all of its official spins will no longer ship with Flatpak installed.
-
openSUSE Leap 15.5 Beta Now Available
The final version of the Leap 15 series of openSUSE is available for beta testing and offers only new software versions.