Why Johnny Can't Encrypt: A Brief Discussion
In 1999, Alma Whitten and J. D. Tygar released a paper called “Why Johnny Can't Encrypt”(WJCE)1). It is about the usability of software that performs a security function. The important point made is that the effective use of such software can require some amount of fundamental understanding of the security system employed. A well designed graphical user interface might not be enough.
This is an obvious point in the general case. A program intended to aid in the design of electronics, for example, is going to require some understanding of the principles of electronics to use effectively. Such a user might be motivated to spend a few years in college to learn such principles. That same user is unlikely to be motivated to spend any time in a classroom learning the principles of the security scheme embodied in the software they use. Usability for security has to be approached in some different way.
The study picked PGP 5.0 as an example of a security program that has a good user interface, but is still not usable without some understanding of the underlying principles. This is fortunate for those interested in designing encrypted messaging systems based on public key cryptography. There are a lot of examples of the errors that users make in such an situation. This more or less makes reading and understanding Why Johnny Can't Encrypt a prerequisite for the design of such a system. The definition of usability proposed by WJCE can be used as a checklist for such an endeavour:
Security software is usable if the people who are expected to use it:
- Are reliably made aware of the security tasks they need to perform
- Are able to figure out how to successfully perform those tasks
- Don't make dangerous errors
- Are sufficiently comfortable with the interface to continue using it
While WJCE does not provide any define solutions, there are some suggested approaches:
… To begin with, it is clear that there is a need to communicate an accurate conceptual model of the security to the user as quickly as possible. The smaller and simpler that conceptual model is, the more plausible it will be that we can succeed in doing so. …
After a minimal yet valid conceptual model of the security has been established, it must be communicated to the user, more quickly and effectively than has been necessary for conceptual models of other types of software. …
It's been 23 years since WJCE has been published. I am not sure that there has been much progress made for the usability of encrypted messaging. This seems to remain an outstanding challenge.