CHI NL Meet: Merel Brandon on Security by Design

Image of Merel Brandon, who does a PhD on usable and persuasive email encryption at Radboud University and teaches Communication and Multimedia Design at HAN University of Applied Sciences.

Merel, you are currently doing research on encrypted emails. Could you tell me a little more about where you stand now with your research?
Sure! Since November 2020 I have researched email encryption at the Radboud University in Nijmegen. The problem with the technology of email encryption is that although it already exists a long time, it’s not being used very often. So I am searching for the reasons behind that and what we can do about the fact that email encryption is rarely being used.

One of the things that was described in studies by others is that the problem lies with the usability of email encryption. The technology is too difficult for most people, and that’s why they don’t want to use it or use it in a wrong way. And there are, according to other
studies, also a lot of other barriers that keep people from using encryption. For example: they also don’t see why they should use email encryption.

Maybe you could answer that question yourself. Why should people use encryption for their emails? And how dangerous is it to not use encryption?
When it comes to digital security, it’s always difficult to tell how dangerous something is. When your wallet gets stolen on the street, you’ll probably notice it after a little while. But when it comes to IT security, then it’s often not visible to see what really happens. It’s like
a black box. Standard email does not provide some important security guarantees. Emails could be read by others beside the intended recipients, emails could be tampered with, and you can not be sure who the actual sender of the email is. But actually, a more
important question to ask is: Why wouldn’t people want to make use of email encryption? There is no one who thinks it’s great that their emails possibly could be read by a third party.

Now you are developing an application for encrypted emailing. Is the main challenge of developing this app to make it more accessible for the user?
Usability is important because it can help the user understand how to use the tool. But you can also use the interface to influence people’s behavior. Think about a nudge in a specific direction or text-framing. With both usability and persuasiveness, you can
influence actual security, the security in practice provided by the application.

Could you tell me a bit more about the application you’re currently working on?
The application we’re working on is an add-on for existing email applications. So if you use Outlook, for example, you could install our add-on for Outlook. This add-on gives you the possibility to encrypt and decrypt your emails within the email client you use. The
application is still in progress. I’m working on these add-ons together with the “Encryption for all”-team.

Why is it that widely used email applications such as Outlook and Gmail do not have easy to use and persuasive encryption options like your add-on?
I can’t know for sure what the reasons behind that are, but i suspect two things. One of those things is that their own interest doesn’t necessarily lies there, and second of all; their users don’t ask for email encryption either. I think that if Outlook and Gmail decided that they wanted to increase the security and privacy of email by providing an easy-to-use and compelling end-to-end email encryption option, that many people would start using it. So
I think it is in their power to make a change.

Yes, exactly, It’s like you said before: who wouldn’t want to email with maximum security?
Yes, but people do have to put a little extra effort into sending a secure email. Thus, it remains a question of how much effort they are willing to put into sending encrypted emails. There might be tension with other values of people, like efficiency.

What does the user of your application have to do to use email encryption?
We don’t ask a lot of effort from our users. It also depends on how secure the users want their emails to be. With the system we are developing now, only the recipient has to scan a QR code once in a while if he wants to decrypt the emails that someone has send to
him. By scanning the QR code with an authentication app the recipient proves that he is allowed to decrypt the email. We use the IRMA app for this. This is an app that is really focussed on privacy, with which you can easily identify yourself or show that you have
specific attributes, like having a certain email address or phone number.

Now you are progressing with your research and the design of the application, do you have tips for other researchers or companies who want to build an application based on human values?
Well, one of the things we noticed when we let the experts look at our own design and other existing encryption applications, was that although these applications aim for more security and privacy, some design decisions had in practice or in the long term a negative
effect on those values. For example, the experts mentioned that some of the applicationstaught the users behavior that is not secure, by asking them to open an attachment or click on a link in an email. Therefore, I think it is important to list the values and project
specific value related design principles that you want to focus on in your project, and to consequently look at those values and design principles before every choice you make during the design process. And the evaluation with experts also helped us a lot!

CHI NL Meet is a regular feature on the CHI NL blog, and currently looking for a Lead Blog Editor. Please reach out if you’re interested in this role.

Get updates about HCI activities in the Netherlands

CHI Nederland (CHI NL) is celebrating its 25th year anniversary this year, and we have much in store to acknowledge this occasion. Stay tuned!