Provo, Utah - When BYU Computer Science Professor Kent Seamons explains email security, he often uses an analogy: Sending an email is more similar to sending a postcard than a letter in a sealed envelope—as the email transaction happens, other people may gain access to the information.
Encryption is usually the answer to protecting sensitive and personal information like medical records, PIN numbers, and social security numbers over email, but encryption can also be confusing and cumbersome for the novice user.
That’s why Seamons has spent the last decade researching to help find a balance between usability and security when it comes to technology.
“You might be interested in security and want your email to be secure, but in a work setting your job is to send email and get work done,” said Seamons. “As a result, security gets brushed aside.”
Seamons, in collaboration with Computer Science Professor Daniel Zappala, advised a group of students that were recently honored for their research at CHI (Computer Human Interaction) 2016, the top conference for Human-Computer Interaction. The group was directed by Ph.D. student Scott Ruoti, and included Jeff Andersen, Scott Heidbrink, Mark O’Neil, Elham Vaziripour, and Justin Wu.
The group conducted a study asking 25 pairs of novice users to install and use several of the latest email encryption systems to exchange secure messages. Results showed a preference for email encryption systems that integrate well with the user’s existing email account rather than using a program that exists separately. Additionally, if the encryption system didn’t provide some details about the process while it was encrypting, the users didn’t fully trust that the program had done its job.
The study was the first of its kind to use pairs of novice users instead of a single novice user in a laboratory setting, which the group felt set them apart at CHI.
“I was surprised at how much more effective the paired participant studies were than the single-user studies,” said Ruoti, also the lead author of the study. “As a study coordinator, it was clear how much more naturally participants acted when using our new methodology.”
CHI selected the paper for an “Honorable Mention Award,” given to only the top 4 percent of all papers submitted to the conference.
Users’ most favorable encryption system in the study was Pwm, a program designed by Seamons and Zappala’s group that integrates with existing Gmail accounts. Seamons plans to use the tool this Fall semester in his classes to send secure information, like grades, to his students while still complying with federal privacy laws.
Both Seamons and Ruoti admit they don’t use encryption daily because they’re not always sending sensitive information and don’t want to impose on the receiver to download the encryption software. But the research group hopes the progress they’re making on Pwm will soon make sending secure email easy enough for regular use.