UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Dead on Arrival: Recovering from Fatal Flaws in Email Encryption Tools

Mauriés, JRP; Krol, K; Parkin, S; Abu-Salma, R; Sasse, MA; (2017) Dead on Arrival: Recovering from Fatal Flaws in Email Encryption Tools. In: Proceedings of LASER 2017 Learning from Authoritative Security Experiment Results. (pp. pp. 49-57). USENIX Association: Arlington, VA, USA. Green open access

Mauries_LASER2017.pdf - ["content_typename_Accepted version" not defined]

Download (165kB) | Preview


Background. Since Whitten and Tygar’s seminal study of PGP 5.0 in 1999, there have been continuing efforts to produce email encryption tools for adoption by a wider user base, where these efforts vary in how well they consider the usability and utility needs of prospective users. Aim. We conducted a study aiming to assess the user experience of two open-source encryption software tools – Enigmail and Mailvelope. Method. We carried out a three-part user study (installation, home use, and debrief) with two groups of users using either Enigmail or Mailvelope. Users had access to help during installation (installation guide and experimenter with domain-specific knowledge), and were set a primary task of organising a mock flash mob using encrypted emails in the course of a week. Results. Participants struggled to install the tools – they would not have been able to complete installation without help. Even with help, setup time was around 40 minutes. Participants using Mailvelope failed to encrypt their initial emails due to usability problems. Participants said they were unlikely to continue using the tools after the study, indicating that their creators must also consider utility. Conclusions. Through our mixed study approach, we conclude that Mailvelope and Enigmail had too many software quality and usability issues to be adopted by mainstream users. Methodologically, the study made us rethink the role of the experimenter as that of a helper assisting novice users with setting up a demanding technology.

Type: Proceedings paper
Title: Dead on Arrival: Recovering from Fatal Flaws in Email Encryption Tools
Event: The LASER Workshop: Learning from Authoritative Security Experiment Results
Location: Arlington, VA, USA
Dates: 18 October 2017 - 19 October 2017
ISBN-13: 978-1-931971-41-6
Open access status: An open access version is available from UCL Discovery
Publisher version: https://www.usenix.org/sites/default/files/laser20...
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
URI: http://discovery.ucl.ac.uk/id/eprint/10041297
Downloads since deposit
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item