Managing Access to Confidential Documents: A Case Study of an Email Security Tool

Elham Al Qahtani, Yousra Javed (), Sarah Tabassum, Lipsarani Sahoo and Mohamed Shehab
Additional contact information
Elham Al Qahtani: Department of Software Engineering, University of Jeddah, Makkah 23445, Saudi Arabia
Yousra Javed: School of Information Technology, Illinois State University, Normal, IL 61761, USA
Sarah Tabassum: Department of Software Information Systems, University of North Carolina, Charlotte, NC 28223, USA
Lipsarani Sahoo: Department of Software Information Systems, University of North Carolina, Charlotte, NC 28223, USA
Mohamed Shehab: Department of Software Information Systems, University of North Carolina, Charlotte, NC 28223, USA

Future Internet, 2023, vol. 15, issue 11, 1-23

Abstract: User adoption and usage of end-to-end encryption tools is an ongoing research topic. A subset of such tools allows users to encrypt confidential emails, as well as manage their access control using features such as the expiration time, disabling forwarding, persistent protection, and watermarking. Previous studies have suggested that protective attitudes and behaviors could improve the adoption of new security technologies. Therefore, we conducted a user study on 19 participants to understand their perceptions of an email security tool and how they use it to manage access control to confidential information such as medical, tax, and employee information if sent via email. Our results showed that the participants’ first impression upon receiving an end-to-end encrypted email was that it looked suspicious, especially when received from an unknown person. After the participants were informed about the importance of the investigated tool, they were comfortable sharing medical, tax, and employee information via this tool. Regarding access control management of the three types of confidential information, the expiration time and disabling forwarding were most useful for the participants in preventing unauthorized and continued access. While the participants did not understand how the persistent protection feature worked, many still chose to use it, assuming it provided some extra layer of protection to confidential information and prevented unauthorized access. Watermarking was the least useful feature for the participants, as many were unsure of its usage. Our participants were concerned about data leaks from recipients’ devices if they set a longer expiration date, such as a year. We provide the practical implications of our findings.

Keywords: access control; confidential emails; email security tool; end-to-end encryption; user study (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2023
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/15/11/356/pdf (application/pdf)
https://www.mdpi.com/1999-5903/15/11/356/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:15:y:2023:i:11:p:356-:d:1269385

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().