A View from Justin Troutman
People Want Safe Communications, Not Usable Cryptography
For encryption to be widely used, it must be built into attractive, easy-to-use apps like those people already rely on.
Security and privacy expert Micah Lee recently described how he helped set up cryptographically protected communications between whistleblower Edward Snowden and the journalists Glenn Greenwald and Laura Poitras, who would share what he had learned about the NSA’s surveillance programs with the world. Lee’s tale of how the three struggled to master the technology was an urgent reminder of a problem that has bugged me for a while and has implications for anyone who wants to ensure the privacy of personal or professional matters.
The cryptographic software we have today hobbles those who try to use it with Rube Goldberg-machine complexity and academic language as dated as a pair of Jordache jeans. Snowden, Poitras, and Greenwald’s tussles with that problem could conceivably have foiled Snowden’s attempts to communicate safely, leaving the world in the dark about U.S. surveillance practices and their effects on our security and privacy.
Why is encryption software so horrid to use? Because there’s no such thing as usable cryptography, despite growth in popularity of the buzzword “usable crypto” among experts in recent years. Usability and crypto are in fact two separate disciplines. One is about crafting things that people interact with; the other is concerned with technical plumbing that, although crucial, should not be visible to the end user. Unless we find the right balance, consumers will never benefit from crypto.
The cypherpunk dream—where crypto is ubiquitous and everyone speaks code as a second language—never reached fruition because we cryptographers mistook our goal for our consumers’ goal. Johnny can’t encrypt because Johnny never wanted to encrypt. Nobody really wants cryptography in and of itself. What they want is to communicate how, and with whom, they please, but safely.
Cryptographers and the security and privacy community can’t fix this problem by ourselves. Real-world cryptography isn’t only about cryptography. It’s just as much about product design, and building experiences that work for the user—not requiring work from the user. It’s a cross-discipline problem that requires not only cryptographers but user-experience designers and developers, too.
Equivalent problems have been more or less solved in other areas of computing. The e-mail encryption system PGP debuted in 1991, the same year as Linux and the World Wide Web. The last two have evolved to become central to many services and products with hundreds of millions of nonexpert users. But when you try to use PGP or its open-source cousin, GPG, you will find yourself in many ways stuck in 1991—as Snowden and his contacts discovered.
One way we can start to solve this problem is by adapting a common tool in security circles, the security audit, where an application’s vulnerability to attacks is investigated through a variety of technical processes. Recently, campaigners have raised money to fund security audits of critical tools such as the hard-drive encryption software TrueCrypt. I suggest we use the same model to fund user-experience audits of secure communication software, and subject our tools to the kind of user testing that hones the blockbuster apps of leading consumer companies.
We also need to change how we talk to users about cryptographic concepts and security, and to set up places for cross-discipline research into how to craft friendly user experiences underpinned by security and privacy technologies.
Right now, things are bad, but inconsistently promising. The Open WhisperSystems project has made mobile apps for encrypted messaging and calls that appear much like “normal” apps for voice and text, and recently it announced it is helping WhatsApp encrypt its users’ messages. We have new organizations like Simply Secure, which aims to foster the development of usable security and privacy software (and is led by a product designer, not a cryptographer).
However, there aren’t many of these exceptional products or organizations. We’re still way too new at this for our own good—or that of the many people who need ways to stay safe. And our attempts aren’t always successful. The sooner we find ways to deliver good user experience and security together, the more impact the tools we make can have. Because let’s face it, “the masses” aren’t going to sacrifice a good experience for a bad one that includes encryption.
Justin Troutman is an independent cryptographer creating a workshop series, CRUX, dedicated to fostering collaboration between experts in cryptography and user-experience design.