Why Doesn’t Jane Protect Her Privacy?

  • Karen Renaud
  • Melanie Volkamer
  • Arne Renkema-Padmos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8555)


End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper “Why Johnny Can’t Encrypt”. Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.


email end-to-end encryption privacy security mental model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the 5th ACM Conference on Electronic Commerce EC 2004, pp. 21–29. ACM, New York (2004)Google Scholar
  2. 2.
    Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security & Privacy 2, 24–30 (2005)Google Scholar
  3. 3.
    Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)CrossRefGoogle Scholar
  4. 4.
    Atkins, D., Stallings, W., Zimmermann, P.: PGP Message Exchange Formats. RFC 1991 (Informational), obsoleted by RFC 4880 (August 1996),
  5. 5.
    Bhattacherjee, A.: Social science research: principles, methods, and practices (2012)Google Scholar
  6. 6.
    Bravo-Lillo, C., Cranor, L.F., Downs, J.S., Komanduri, S.: Bridging the gap in computer security warnings: A mental model approach. Security & Privacy 9(2), 18–26 (2011)CrossRefGoogle Scholar
  7. 7.
    Bright, P., Goodin, D.: Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away?, aRS Technica (June 2013),
  8. 8.
    Burghardt, T., Buchmann, E., Böhm, K.: Why do privacy-enhancement mechanisms fail, after all? a survey of both, the user and the provider perspective. In: Workshop W2Trust, in Conjunction with IFIPTM, vol. 8 (2008)Google Scholar
  9. 9.
    Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP Message Format. RFC 4880 (Proposed Standard), updated by RFC 5581 (November 2007),
  10. 10.
    Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. RFC 2440 (Proposed Standard), obsoleted by RFC 4880 (November 1998),
  11. 11.
    Clark, S., Goodspeed, T., Metzger, P., Wasserman, Z., Xu, K., Blaze, M.: Why (special agent) Johnny (still) can’t encrypt: a security analysis of the APCO project 25 two-way radio system. In: Proceedings of the 20th USENIX Conference on Security, p. 4. USENIX Association (2011)Google Scholar
  12. 12.
    Conti, G., Sobiesk, E.: An honest man has nothing to fear: User perceptions on web-based information disclosure. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 112–121. ACM, New York (2007), Google Scholar
  13. 13.
    Crocker, S., Freed, N., Galvin, J., Murphy, S.: MIME Object Security Services. RFC 1848 (Historic) (October 1995),
  14. 14.
    Davis, D.: Defective sign & encrypt in S/MIME, PKCS# 7, MOSS, PEM, PGP, and XML. In: USENIX Annual Technical Conference, General Track, pp. 65–78 (2001)Google Scholar
  15. 15.
    Diesner, J., Kumaraguru, P., Carley, K.M.: Mental models of data privacy and security extracted from interviews with Indians. In: 55th Annual Conference of the International Communication Association (ICA), New York, May 26-30 (2005)Google Scholar
  16. 16.
    Dingledine, R., Mathewson, N.: Anonymity Loves Company: Usability and the Network Effect. In: The Fifth Workshop on the Economics of Information Security (WEIS 2006), June 26-28 (2006)Google Scholar
  17. 17.
    Fahl, S., Harbach, M., Muders, T., Smith, M., Sander, U.: Helping Johnny 2.0 to Encrypt His Facebook Conversations. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 11:1–11:17 (2012)Google Scholar
  18. 18.
    Friedman, B., Hurley, D., Howe, D.C., Felten, E., Nissenbaum, H.: Users’ conceptions of web security: A comparative study. In: CHI 2002 Extended Abstracts on Human Factors in Computing Systems, pp. 746–747. ACM (2002)Google Scholar
  19. 19.
    Furman, S.M., Theofanos, M.F., Choong, Y.Y., Stanton, B.: Basing cybersecurity training on user perceptions. IEEE Security & Privacy 10(2), 40–49 (2012)CrossRefGoogle Scholar
  20. 20.
    Furnell, S.: Why users cannot use security. Computers & Security 24(4), 274–279 (2005)CrossRefGoogle Scholar
  21. 21.
    Garfinkel, S.L., Miller, R.C.: Johnny 2: A user test of key continuity management with s/mime and outlook express. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 13–24. ACM (2005)Google Scholar
  22. 22.
    Gaw, S., Felten, E.W., Fernandez-Kelly, P.: Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 591–600. ACM (2006)Google Scholar
  23. 23.
    Greenwald, G., MacAskill, E., Poitras, L.: Edward Snowden: the whistleblower behind the NSA surveillance revelations. The Guardian 9 (2013)Google Scholar
  24. 24.
    Gross, J.B., Rosson, M.B.: Looking for trouble: understanding end-user security management. In: Proceedings of the 2007 Symposium on Computer Human Interaction for the Management of information Technology, p. 10. ACM (2007)Google Scholar
  25. 25.
    Hoffman, P.: SMTP Service Extension for Secure SMTP over Transport Layer Security. RFC 3207 (Proposed Standard) (February 2002),
  26. 26.
    Kaliski, B.: PKCS #7: Cryptographic Message Syntax Version 1.5. RFC 2315 (Informational) (March 1998),
  27. 27.
    Keller, L., Komm, D., Serafini, G., Sprock, A., Steffen, B.: Teaching public-key cryptography in school. In: Hromkovič, J., Královič, R., Vahrenhold, J. (eds.) ISSEP 2010. LNCS, vol. 5941, pp. 112–123. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  28. 28.
    Lampson, B.: Privacy and security: Usable security: How to get it. Commun. ACM 52(11), 25–27 (2009)CrossRefGoogle Scholar
  29. 29.
    Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, UbiComp 2012, pp. 501–510. ACM, New York (2012)CrossRefGoogle Scholar
  30. 30.
    Linn, J.: Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures. RFC 989, obsoleted by RFCs 1040, 1113 (February 1987),
  31. 31.
    Linn, J.: Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures. RFC 1040, obsoleted by RFC 1113 (1988),
  32. 32.
    Linn, J.: Privacy enhancement for Internet electronic mail: Part I - message encipherment and authentication procedures. RFC 1113 (Historic), obsoleted by RFC 1421 (August 1989),
  33. 33.
    Linn, J.: Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. RFC 1421 (Historic) (February 1993),
  34. 34.
    Moecke, C.T., Volkamer, M.: Usable secure email communications: criteria and evaluation of existing approaches. Information Management & Computer Security 21(1), 41–52 (2013)CrossRefGoogle Scholar
  35. 35.
    Muslukhov, I., Boshmaf, Y., Kuo, C., Lester, J., Beznosov, K.: Understanding users’ requirements for data protection in smartphones. In: 2012 IEEE 28th International Conference on Data Engineering Workshops (ICDEW), pp. 228–235. IEEE (2012)Google Scholar
  36. 36.
    Newman, C.: Using TLS with IMAP, POP3 and ACAP. RFC 2595 (Proposed Standard), updated by RFC 4616 (June 1999),
  37. 37.
    Nordgren, L.F., Van Der Pligt, J., Van Harreveld, F.: Unpacking perceived control in risk perception: The mediating role of anticipated regret. Journal of Behavioral Decision Making 20(5), 533–544 (2007)CrossRefGoogle Scholar
  38. 38.
    Raja, F., Hawkey, K., Hsu, S., Wang, K., Beznosov, K.: Promoting a physical security mental model for personal firewall warnings. In: CHI 2011 Extended Abstracts on Human Factors in Computing Systems, CHI EA 2011, pp. 1585–1590. ACM, New York (2011)Google Scholar
  39. 39.
    Ramsdell, B.: S/MIME Version 3 Message Specification. RFC 2633 (Proposed Standard), obsoleted by RFC 3851 (June 1999),
  40. 40.
    Ramsdell, B.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification. RFC 3851 (Proposed Standard), obsoleted by RFC 5751 (July 2004),
  41. 41.
    Ramsdell, B., Turner, S.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification. RFC 5751 (Proposed Standard) (January 2010),
  42. 42.
    Rhee, H.S., Ryu, Y.U., Kim, C.T.: I am fine but you are not: Optimistic bias and illusion of control on information security. In: Avison, D.E., Galletta, D.F. (eds.) ICIS. Association for Information Systems (2005),
  43. 43.
    Ruoti, S., Kim, N., Burgon, B., van der Horst, T., Seamons, K.: Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS 2013, pp. 5:1–5:12. ACM, New York (2013)Google Scholar
  44. 44.
    Sheng, S., Broderick, L., Koranda, C.A., Hyland, J.J.: Why Johnny still can’t encrypt: Evaluating the usability of email encryption software. In: Symposium On Usable Privacy and Security (2006)Google Scholar
  45. 45.
    Solove, D.J.: I’ve got nothing to hide and other misunderstandings of privacy. San Diego L. Rev. 44, 745 (2007)Google Scholar
  46. 46.
    Van Vleck, T.: Electronic mail and text messaging in CTSS, 1965-1973. IEEE Annals of the History of Computing 34(1), 4–6 (2012)CrossRefMathSciNetGoogle Scholar
  47. 47.
    Volkamer, M., Renaud, K.: Mental models – general introduction and review of their application to human-centred security. In: Fischlin, M., Katzenbeisser, S. (eds.) Buchmann Festschrift. LNCS, vol. 8260, pp. 255–280. Springer, Heidelberg (2013)Google Scholar
  48. 48.
    Wash, R.: Folk Models of Home Computer Security. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS 2010, pp. 11:1–11:16. ACM, New York (2010)Google Scholar
  49. 49.
    Wästlund, E., Angulo, J., Fischer-Hübner, S.: Evoking comprehensive mental models of anonymous credentials. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2011. LNCS, vol. 7039, pp. 1–14. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  50. 50.
    Whitten, A., Tygar, J.D.: Why Johnny cant encrypt: A usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX Security Symposium, vol. 99, McGraw-Hill (1999)Google Scholar
  51. 51.
    Williams, M.: Interpretivism and generalisation. Sociology 34(2), 209–224 (2000)CrossRefGoogle Scholar
  52. 52.
    Woo, W.K.: How to Exchange Email Securely with Johnny who Still Can’t Encrypt. Master’s thesis, University of British Columbia (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Karen Renaud
    • 1
  • Melanie Volkamer
    • 2
  • Arne Renkema-Padmos
    • 2
  1. 1.School of Computing ScienceUniversity of GlasgowGlasgowUK
  2. 2.CASED / TU DarmstadtDarmstadtGermany

Personalised recommendations