The main reason the world is able to read and enjoy the contents of Hillary Clinton's emails is that crypto tools aren't any better than back when Phil Zimmerman created PGP, the crypto system even he can't use.
That's the conclusion of this study into e-mail crypto usability, a follow-up to a study which reached the same conclusion 15 years back.
The study, which hit Arxiv at the end of last week, was conducted by a group of Brigham Young University researchers led by Scott Routi.
Checking over the Mailvelope PGP browser extension and which carries EFF endorsement. For the study, the researchers got ten pairs of participants to try to install and use Mailvelope.
They may as well have not bothered: even getting started with crypto defeated nearly everybody:
- In two pairs out of ten, the person supposed to initiate contact never managed to actually use the software to send a message;
- In another two pairs, the recipient couldn't work out that they needed to install Mailvelope to read a message;
- One pair managed to get as far as trying to share their public keys, but didn't really know what to do with them.
Just one pair, of which one member already knew about public key crypto, actually managed to install Mailvelope, trade their PGP keys, and communicate.
There's also the question of what to do if a sender wants to encrypt, but is sending to a receiver that isn't ready or knowledgeable.
In such a case, the study suggests, some kind of integrated tutorial and automatic Mailvelope invites for new recipients might mean a message doesn't just get dropped in the junk folder. ®