[liberationtech] 15 years later, why can't Johnny still not encrypt?

Wed Jan 15 11:32:28 PST 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 1/15/14, 5:52 AM, Lars Luthman wrote:
> 
> I don't think it's about UI issues anymore, simply about the lack
> of a critical mass and the move to webmail. Webmail operators, who
> by and large are also ad mongers, have zero interest in providing
> tools for client-side encryption since that would prevent them from
> analysing the message content and use it for targeting ads.

I do think there is something else going on here that I'm not sure if
I can adequately articulate: there are certain features of crypto
(opsec/commsec in general!) that are simply non-intuitive and hard to
get people to establish at an instinctual level.

I'm thinking of operations like fingerprint verification. I can
analogize encryption to locking boxes with keys (even asymmetric or
DHE), but when it comes to other kinds of things (even explaining the
utility of a cryptographic hash), there aren't a lot of real-world
analogies to bootstrap their intuition. Maybe this will come in future
generations of socialized human.

I've wondered if a "usable cryptosystem" could be developed that used
as its touchstone user intuition such that if users do what they
naively think they should (or if they're lazy, etc.) it works with
minimal risk to the user (not just fail safely, but not fail at all in
the face of What Users Will Do).

That may just be impossible or at least very hard.

best, Joe

- -- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe at cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS1uJMAAoJEF+GaYdAqahx9/sP/3XLppz02g7nYn5Jy1bGf7+q
icK+EJdtxKWec/WkyOdjitnd6mEEyTXOBo0OYzzDYL/KOz9fafwsIXWfaIem5Qtf
cxhTxbpBKNAWosTOC6ns48SLKEe+z8W6GIMzGsjMkO8TvGdXaKUsgA/xhlMU8zjc
f/uBFYBinUFSLrhPkA1pmyA7LqlCGoSAiumDaWdXRf5zNlEvXcjH5XTI9KuTH89P
Gzi2el73yYHqm9OLgJVJamTTHFeHvQ665MKDmN/K/t4quBx4gv8qYHUS6KKU+zMa
aa/CUFG+7Tjak/yvbFeDTU92K3H6cYRCd7fAcdOSVxV+PGuQlw2JyTzMhWjaoEVQ
K9V3yt/HAX6KcVxPAyLri+BMWTk5IHMC6pfICCJT737J9jTHOxwOj0f+1gOE24mE
WKAlH9eylbc+TpkmTizQh7AmP3jr4CpYm6TZcqUVrsF7M6TVEaqPYGMOCbHu3Z3C
9tz1rJZjViLr8jmRwPOnkXKh0h3GEBhObvTeYDYwyOgMp8cQJCEEJjiiDp94H5Yx
LEvynLesTC9cS6LwoUFtIjoyATuJvUfeHJlh42kn9GtW9Y05A9AcN9hpOOA+I9E0
8SYaYE/2sAR8rQjuWa26rP9Th67sAiW27iLpgJrmiv+TDXM3W0h0Z4bup7P2SJs8
GHHRocjjHyHDtyNmNfFN
=9UAV
-----END PGP SIGNATURE-----