It's the user experience, stupid


I've often heard prominent computer scientists lament the low uptake of email encryption -- that in the age of many gigahertz machines we still send plain text to each other (usually) over non-secure connections. Every couple years, just for the sake of my personal freedom and curiosity, I make an attempt to try and use encryption for a few days. Every time I do this, I am disappointed.

This shouldn't come as a shock to anyone that has tried to enable email encryption. Encryption seems to lie somewhere between privacy, security, and a mountain of engineering acronyms and standards. Unfortunately for regular people, most of these systems are overbuilt and the process is so painful that I would argue it barely even functions.

Take for example this tutorial on using encryption and digital signatures in Mail. It looks simple and straightforward, but interacting with the Thawte site is a long, painful process. I eventually got a working signature, but only after the following steps were taken:

- Sign up for an account at thawte, which requires an email, strong password, and the use of web server level password logins, instead of in-page logins (in-page login forms can give you good feedback, remind you that usernames are email addresses and how they should be formatted, etc).

- Once the forms were filled out, I had to validate my address to finish the account creation, which required copying/pasting two long hashed character strings. Now my account worked.

- Login to thawte using new account, hit the "request an email certificate" button

- System offers the following options for a X.509 Format Certificate (sidenote: wtf does X.509 mean and why should I care?):

For an X.509 certificate, please choose your software from the list below:
Netscape Communicator or Messenger
Microsoft Internet Explorer, Outlook and Outlook Express
Lotus Notes R5
OperaSoftware Browser
C2Net SafePassage Web Proxy

I run none of those, but just went with the Netscape one, assuming it would be universal (I later tried outlook, which blocked me, saying I need to use IE/windows to get one).

- Complete the request according to the tutorial (oh, and guess on either 1024 or 2084 bit security of the cert), wait about 15 minutes watching my certificate status sit at "pending"

- Remember to opt out of all marketing spam from thawte, in case they want to make some dough off my email address.

- When the certificate is complete and ready, the only way to download it is to click "Navigator" the name of the certificate type, in my accepted certificates list. It's totally non-obvious.

- On the certificate detail page, there is a button to fetch it. I click it in Firefox 1.5, and nothing seems to happen. I click again, and I see something gets loaded, but there is no download prompt.

- Since the tutorial is written for safari, I try that instead, and the fetch button asks me to download a windows EXE file, and for kicks, I do, which launches the mac's keychain access app. The keychain app only lists one certificate in my general list of email certs fetched from other people. There is no sign that I have my own, and Apple's Mail app doesn't show that it knows about it.

- I go back to Firefox, and read the special instructions for fetching downloaded certificates that your browser didn't tell you about.

- To "backup" your certificate from the browser to a desktop file, you have to enter a very high security password. Firefox won't let you copy the file until your password contains enough capital/lowercase/numbers/symbols to pass muster. My password is a combination of four of my highest security passwords because three of them munged together wasn't enough. I have to enter it twice to get the download. My bank doesn't require this level of security and even thawte gave me the certificate with a simpler password.

- I double-click the downloaded file, am asked for my insane high security backup password (which isn't my thawte login for the certificate itself) and I now successfully have my own certificates listed in the proper places according to the tutorial.

- I open Mail, and send a few emails to friends, the ones that also have a thawte certificate can get encrypted email from me by clicking a button. Only three friends of hundreds of people I interact with have a certificate that isn't expired. The keychain app lists about 50 expired certificates.

I can recall trying to get standard PGP going with Eudora on windows several times in the past, and having similar issues. There are problems on several levels here. It's a pain to get a certificate, it's a pain to incorporate that into your clients, and then finally it's a pain to actually send encrypted email to friends before asking first if they can receive it ok.

On the positive side, Apple's Mail client has built in signing/encrypting functions which let me skip a painful step of adding various PGP or GPGP hacks to Mail. The interface to signing and encrypting is a nice friendly couple buttons, and the encryption one remains greyed out for most recipients, but for some reason the option is presented to me on all replies, even if they don't have a cert and I'll get an error.

The tutorial is pretty good if a bit outdated with regards to the current thawte site (redesigned since the tutorial's screenshots were taken) and Mail in 10.4.4, and I would have never remotely figured out how to do this without it. Still, even with a nice friendly step-by-step tutorial, it was a bumpy road.

There are several places this process could have been streamlined. The Thawte site could deal with better explainations, support more email clients/browsers, and overall not make the process resemble pulling teeth. It would be nice if Firefox told you when it was downloading certificates, and it would be doubly nice if exporting them was a bit easier. The Mac OS level integration is good, but it would be nice if other OSes and email clients could work so smoothly once you finally get a certificate, and it would be nice if email clients were smart enough to only offer encryption options to people that can accept them.

Finally, I must admit that I don't have an absolute need for email encryption, but it'd be nice to have in a "citizens of a free republic should be able to use it for everyday communication" sort of way. I don't see the adoption of email encryption going up anytime soon, given the tedious process requried and I expect the same sort of users to continue using encrypted email (mostly CS geeks that can figure all this crap out and know what various levels of encryption mean and what the standards are). Still, it would be nice to someday see this being quite a bit easier to use. until that happens, there's no way the general public will ever touch this.