Why instructions are not enough for promoting email encryption
Off the Beat: Bruce Byfield's Blog
The Free Software Foundation (FSF) took a step in the right direction when it recently released Email Self-Defense, a guide to encrypting email using Enigmail and GNUPG. More screen shots might improve it, but on the whole it's a clear and well-organized explanation of a topic that puzzles even some intermediate users. I suspect, however, that to get people to encrypt email is not so much a matter of releasing clear instructions -- many of which already exist -- as a matter of overcoming deeply embedded attitudes.
Admittedly, privacy and personal security have become popular topics in the media over the last couple of years. However, to conclude from this popularity that people actually want to learn how to protect themselves may be too large a leap. For over two decades, the media has published stories about the dangers of computing -- often with gaping inaccuracies. These stories are rarely calls to action -- instead, they seem designed to reinforce the impression of computers and the Internet as scary technologies. If anything, these stories discourage action, because they make casual users believe that computers and the Internet are far too dangerous and complicated for them to tinker with them.
Yet even if casual users can be convinced that they can act to protect themselves, convincing them that they need to do so remains difficult. The perception is still widespread that only crackers, stalkers, and such people need worry about loss of privacy. The idea that there are many classes of people who need privacy for legitimate reasons -- for example, whistle-blowers or women being stalked -- is only slowly being accepted at best. The Nym Wars over Google+'s insistence on real names or registered aliases, and Facebook's seemingly endless erosion of its users' privacy are constantly reported, yet have done little to drive users away from such sites.
Which brings up another point: If asked to choose between convenience and security, too many users will pick convenience every time. I first made this observation when I helped neighbors to set up passwords and limited accounts, only to find that they had undone my changes after a week, but it seems to hold true in other instances, too. No matter how clear the instructions are or how intuitive the interface becomes, encrypting email may not catch on simply because it requires extra steps. Even if the encryption takes less than thirty seconds, that is still about twenty-nine seconds too long to feel convenient to many users.
Given current attitudes, a very real chance exists that encrypted email will be seen as simply too complicated to become widely used. The FSF has chosen a relatively simple method using Thunderbird, but not everyone uses Thunderbird or will switch to it for the sake of security, and setting up encryption on other email readers can be much more difficult.
In the end, encryption is very much like the email services of about a decade ago that limited email to those on a white list. The setup and daily use of these services soon proved more than people wanted to bother with, and in a year or two most of the services disappeared, made extinct due to a lack of interest.
What this means is that clear instructions, as praiseworthy as they are, cannot be enough. For the FSF's campaign to succeed, it needs to be supported by people with some understanding of the difference between casual users and hardcore geeks. It needs to convince people that simply a belief in privacy is enough to justify the use of encryption, that encryption is necessary and carries no stigma. And while it is busy changing people's minds, it needs to convince email client projects that encryption should be no more difficult than running a spell-check. Spreading clear instructions, which apparently is the next step in the FSF's campaign, seems not nearly enough -- no matter how well-crafted the instructions.
Advocating encryption, it strikes me, is comparable to being an anti-smoking activist in the 1990s: with considerable effort, you can bring about the change you advocate, but you have to be prepared for years of efforts to change people's minds. Without this effort, all the instructions in the world will not be enough to make encryption routine.
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.