Understanding User Tradeoffs for Search in Encrypted Communication

Abstract

End-to-end message encryption is the only way to achieve absolute message privacy. However, searching over end-to-end encrypted messages is complicated. Several popular instant messaging tools (e.g., WhatsApp, iMessage) circumvent this inconvenience by storing the search index locally on the devices. Another approach, called searchable encryption, allows users to search encrypted messages without storing the search index locally. These approaches have inherent tradeoffs between usability and security properties, yet little is known about how general users value these tradeoffs, especially in the context of email rather than instant messaging. In this paper, we systematize these tradeoffs in order to identify key feature differences. We use these differences as the basis for a choice-based conjoint analysis experiment focused on email (n=160), in which participants make a series of choices between email services with competing features. The results allow us to quantify the relative importance of each feature. We find that users indicate high relative importance for increasing privacy and minimizing local storage requirements. While privacy is more important overall, local storage is more important than adding additional marginal privacy after an initial improvement. These results suggest that local indexing, which provides more privacy, may often be appropriate for encrypted email, but that searchable encryption, which limits local storage, may also hold promise for some users.