Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Publisher: Springer International Publishing
Languages: English
Types: Article
End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper “Why Johnny Can’t Encrypt”. Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • 1. Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the 5th ACM Conference on Electronic Commerce. pp. 21-29. EC '04, ACM, New York, NY, USA (2004)
    • 2. Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security & Privacy 2, 24-30 (2005)
    • 3. Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610- 613 (2006)
    • 4. Atkins, D., Stallings, W., Zimmermann, P.: PGP Message Exchange Formats. RFC 1991 (Informational) (Aug 1996), http://www.ietf.org/rfc/rfc1991.txt, obsoleted by RFC 4880
    • 5. Bhattacherjee, A.: Social science research: principles, methods, and practices (2012)
    • 6. Bravo-Lillo, C., Cranor, L.F., Downs, J.S., Komanduri, S.: Bridging the gap in computer security warnings: A mental model approach. Security & Privacy 9(2), 18-26 (2011)
    • 7. Bright, P., Goodin, D.: Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away? (June 2013), aRS Technica. http://arstechnica.com/security/2013/06/encryptede-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away/
    • 8. Burghardt, T., Buchmann, E., B o¨hm, K.: Why do privacy-enhancement mechanisms fail, after all? a survey of both, the user and the provider perspective. In: Workshop W2Trust, in conjunction with IFIPTM. vol. 8 (2008)
    • 9. Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP Message Format. RFC 4880 (Proposed Standard) (Nov 2007), http://www.ietf.org/rfc/rfc4880.txt, updated by RFC 5581
    • 10. Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. RFC 2440 (Proposed Standard) (Nov 1998), http://www.ietf.org/rfc/rfc2440.txt, obsoleted by RFC 4880
    • 11. Clark, S., Goodspeed, T., Metzger, P., Wasserman, Z., Xu, K., Blaze, M.: Why (special agent) Johnny (still) can't encrypt: a security analysis of the APCO project 25 two-way radio system. In: Proceedings of the 20th USENIX conference on Security. pp. 4-4. USENIX Association (2011)
    • 31. Linn, J.: Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures. RFC 1040 (Jan 1988), http://www.ietf.org/rfc/rfc1040.txt, obsoleted by RFC 1113
    • 32. Linn, J.: Privacy enhancement for Internet electronic mail: Part I - message encipherment and authentication procedures. RFC 1113 (Historic) (Aug 1989), http://www.ietf.org/rfc/rfc1113.txt, obsoleted by RFC 1421
    • 33. Linn, J.: Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. RFC 1421 (Historic) (Feb 1993), http://www.ietf.org/rfc/rfc1421.txt
    • 34. Moecke, C.T., Volkamer, M.: Usable secure email communications: criteria and evaluation of existing approaches. Information Management & Computer Security 21(1), 41-52 (2013)
    • 35. Muslukhov, I., Boshmaf, Y., Kuo, C., Lester, J., Beznosov, K.: Understanding users' requirements for data protection in smartphones. In: Data Engineering Workshops (ICDEW), 2012 IEEE 28th International Conference on. pp. 228-235. IEEE (2012)
    • 36. Newman, C.: Using TLS with IMAP, POP3 and ACAP. RFC 2595 (Proposed Standard) (Jun 1999), http://www.ietf.org/rfc/rfc2595.txt, updated by RFC 4616
    • 37. Nordgren, L.F., Van Der Pligt, J., Van Harreveld, F.: Unpacking perceived control in risk perception: The mediating role of anticipated regret. Journal of Behavioral Decision Making 20(5), 533-544 (2007)
    • 38. Raja, F., Hawkey, K., Hsu, S., Wang, K.L., Beznosov, K.: Promoting a physical security mental model for personal firewall warnings. In: CHI '11 Extended Abstracts on Human Factors in Computing Systems. pp. 1585-1590. CHI EA '11, ACM, New York, NY, USA (2011)
    • 39. Ramsdell, B.: S/MIME Version 3 Message Specification. RFC 2633 (Proposed Standard) (Jun 1999), http://www.ietf.org/rfc/rfc2633.txt, obsoleted by RFC 3851
    • 40. Ramsdell, B.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification. RFC 3851 (Proposed Standard) (Jul 2004), http://www.ietf.org/rfc/rfc3851.txt, obsoleted by RFC 5751
    • 41. Ramsdell, B., Turner, S.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification. RFC 5751 (Proposed Standard) (Jan 2010), http://www.ietf.org/rfc/rfc5751.txt
    • 42. Rhee, H.S., Ryu, Y.U., Kim, C.T.: I am fine but you are not: Optimistic bias and illusion of control on information security. In: Avison, D.E., Galletta, D.F. (eds.) ICIS. Association for Information Systems (2005), http://dblp.uni-trier.de/db/conf/icis/icis2005.html#RheeRK05
    • 43. Ruoti, S., Kim, N., Burgon, B., van der Horst, T., Seamons, K.: Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes. In: Proceedings of the Ninth Symposium on Usable Privacy and Security. pp. 5:1-5:12. SOUPS '13, ACM, New York, NY, USA (2013)
    • 44. Sheng, S., Broderick, L., Koranda, C.A., Hyland, J.J.: Why Johnny still can't encrypt: Evaluating the usability of email encryption software. In: Symposium On Usable Privacy and Security (2006)
    • 45. Solove, D.J.: I've got nothing to hide and other misunderstandings of privacy. San Diego L. Rev. 44, 745 (2007)
    • 46. Van Vleck, T.: Electronic mail and text messaging in CTSS, 1965-1973. Annals of the History of Computing, IEEE 34(1), 4-6 (2012)
    • 47. Volkamer, M., Renaud, K.: Mental models - general introduction and review of their application to human-centred security. Lecture Notes in Computer Science. Papers in Honor of Johannes Buchmann on the Occasion of his 60th Birthday (8260), 255-280 (2013)
    • 48. Wash, R.: Folk Models of Home Computer Security. In: Proceedings of the Sixth Symposium on Usable Privacy and Security. pp. 11:1-11:16. SOUPS '10, ACM, New York, NY, USA (2010)
  • No related research data.
  • No similar publications.

Share - Bookmark

Cite this article