This paper appears at the IEEE European Symposium on Security & Privacy (2017). Confidante: Usable Encrypted Email A Case Study With Lawyers and Journalists Ada (Adam) Lerner*, Eric Zeng*, Franziska Roesner University of Washington flerner, ericzeng,
[email protected] Abstract—Email encryption tools remain underused, even by Design and Prototype of Confidante. In this paper, we take people who frequently conduct sensitive business over email, another look at usable encrypted email. We design and im- such as lawyers and journalists. Usable encrypted email has plement Confidante, an encrypted email client that explores remained out of reach largely because key management and a new point in the design space. Motivating Confidante’s verification remain difficult. However, key management has design are two observations. First, we observe that many of evolved in the age of social media: Keybase is a service that the core usability pitfalls with encrypted email stem from allows users to cryptographically link public keys to their social problems with key management, sharing, and verification. media accounts (e.g., Twitter), enabling key trust without out- As we find in our user study, and echoing past findings of-band communication. We design and prototype Confidante, (e.g., [8, 11, 12, 25, 26]), asking users to reason about key an encrypted email client that uses Keybase for automatic key management wastes time and risks critical mistakes. management. We conduct a user study with 15 people (8 U.S. Second, we identify an opportunity to make new lawyers and 7 U.S. journalists) to evaluate Confidante’s design progress on this long-standing challenge by leveraging decisions.