People Want Safe Communications, Not Usable Cryptography

For encryption to be widely used, it must be built into attractive, easy-to-use apps like those people already rely on.

Security and privacy expert Micah Lee recently described how he helped set up cryptographically protected communications between whistleblower Edward Snowden and the journalists Glenn Greenwald and Laura Poitras, who would share what he had learned about the NSAs surveillance programs with the world. Lees tale of how the three struggled to master the technology was an urgent reminder of a problem that has bugged me for a while and has implications for anyone who wants to ensure the privacy of personal or professional matters.

The cryptographic software we have today hobbles those who try to use it with Rube Goldberg-machine complexity and academic language as dated as a pair of Jordache jeans. Snowden, Poitras, and Greenwalds tussles with that problem could conceivably have foiled Snowdens attempts to communicate safely, leaving the world in the dark about U.S. surveillance practices and their effects on our security and privacy.

Why is encryption software so horrid to use? Because theres no such thing as usable cryptography, despite growth in popularity of the buzzword usable crypto among experts in recent years. Usability and crypto are in fact two separate disciplines. One is about crafting things that people interact with; the other is concerned with technical plumbing that, although crucial, should not be visible to the end user. Unless we find the right balance, consumers will never benefit from crypto.

The cypherpunk dreamwhere crypto is ubiquitous and everyone speaks code as a second languagenever reached fruition because we cryptographers mistook our goal for our consumers goal. Johnny cant encrypt because Johnny never wanted to encrypt. Nobody really wants cryptography in and of itself. What they want is to communicate how, and with whom, they please, but safely.

Cryptographers and the security and privacy community cant fix this problem by ourselves. Real-world cryptography isnt only about cryptography. Its just as much about product design, and building experiences that work for the usernot requiring work from the user. Its a cross-discipline problem that requires not only cryptographers but user-experience designers and developers, too.

Equivalent problems have been more or less solved in other areas of computing. The e-mail encryption system PGP debuted in 1991, the same year as Linux and the World Wide Web. The last two have evolved to become central to many services and products with hundreds of millions of nonexpert users. But when you try to use PGP or its open-source cousin, GPG, you will find yourself in many ways stuck in 1991as Snowden and his contacts discovered.

One way we can start to solve this problem is by adapting a common tool in security circles, the security audit, where an applications vulnerability to attacks is investigated through a variety of technical processes. Recently, campaigners have raised money to fund security audits of critical tools such as the hard-drive encryption software TrueCrypt. I suggest we use the same model to fund user-experience audits of secure communication software, and subject our tools to the kind of user testing that hones the blockbuster apps of leading consumer companies.

We also need to change how we talk to users about cryptographic concepts and security, and to set up places for cross-discipline research into how to craft friendly user experiences underpinned by security and privacy technologies.

Right now, things are bad, but inconsistently promising. The Open WhisperSystems project has made mobile apps for encrypted messaging and calls that appear much like normal apps for voice and text, and recently it announced it is helping WhatsApp encrypt its users messages. We have new organizations like Simply Secure, which aims to foster the development of usable security and privacy software (and is led by a product designer, not a cryptographer).

Read this article:
People Want Safe Communications, Not Usable Cryptography