Obstacles to the Adoption of Secure Communication Tools

The computer security community has advocated widespread adoption of secure communication tools to counter mass surveillance. Several popular personal communication tools (e.g., WhatsApp, iMessage) have adopted end-to-end encryption, and many new tools (e.g., Signal, Telegram) have been launched with security as a key selling point. However it remains unclear if users understand what protection these tools offer, and if they value that protection. In this study, we interviewed 60 participants about their experience with different communication tools and their perceptions of the tools' security properties. We found that the adoption of secure communication tools is hindered by fragmented user bases and incompatible tools. Furthermore, the vast majority of participants did not understand the essential concept of end-to-end encryption, limiting their motivation to adopt secure tools. We identified a number of incorrect mental models that underpinned these beliefs. • Low Quality of Service (QoS) is an obstacle to adoption. Participants assessed the reliability and security of a communication tool by the QoS of voice calls and messages they experienced. Low QoS not only hinders adoption, but also creates general doubts about how reliable and secure the tool is. • Sensitivity of information does not drive adoption. Perceived sensitivity of information should drive the adoption of secure communication tools, but this was not the case with our participants. Instead, they used voice calls (regardless of the tool) and other obfuscation techniques to exchange sensitive information. • Secure communications were perceived as futile. Most participants did not believe secure tools could offer protection against powerful or knowledgeable adversaries. Most participants had incorrect mental models of how encryption works, let alone more advanced concepts (e.g., digital signatures, verification fingerprints). If the perception that secure communications are futile persists, this will continue to hinder adoption. • Participants' security rankings of tools were inaccurate. We asked our participants to rank the tools they have used in terms of how secure they are. Many participants ranked the services (e.g., voice calls, messages) offered by the tools, rather than ranking the tools first. They perceived calls more secure than messages. Furthermore, they based their rankings on how large the tool's user base is, QoS, social factors and other criteria, rather than assessing the security properties a secure tool offers. • Participants did not understand the EFF Secure Messaging Scorecard. The scorecard contains seven security properties. Four of these were misunderstood: participants did not appreciate the difference between point-to-point and E2E encryption, and did not comprehend forward secrecy or verification fingerprints. The other three properties reflecting open design (documentation, open-source code and security audits) were considered to be negative security properties, with participants believing security requires obscurity. Our findings suggest not only a gap between users' understanding of secure tools and the technical reality, but also a gap between users' communication priorities and what the security research community imagines them to be.