Secure Email -- A Usability Study

TL;DR

This study investigates why users avoid email encryption by examining usability issues and awareness, revealing significant gaps in knowledge and challenges in setup despite recognizing its importance.

Contribution

It provides empirical insights into user perceptions, usability barriers, and awareness levels regarding email encryption technologies like PGP, S/MIME, and pEp.

Findings

Over 60% of users unaware of encryption tools

Users struggle with key management and setup

78% are concerned about identity theft

Abstract

Several end-to-end encryption technologies for emails such as PGP and S/MIME exist since decades. However, end-to-end encryption is barely applied. To understand why users hesitate to secure their email communication and which usability issues they face with PGP, S/MIME as well as with pEp (Pretty Easy Privacy), a fairly new technology, we conducted an online survey and user testing. We found that more than 60% of e-mail users are unaware of the existence of such encryption technologies and never tried to use one. We observed that above all, users are overwhelmed with the management of public keys and struggle with the setup of encryption technology in their mail software. Even though users struggle to put email encryption into practice, we experienced roughly the same number of users being aware of the importance of email encryption. Particularly, we found that users are very concerned about identity theft, as 78% want to make sure that no other person is able to write email in their name.