General
I went to SVLUG with Marc and Biella on Wednesday.
A slashdot article on user interface, teaching, and Linux usability is fascinating for the culture clashes the discussion exposes. It's especially fascinating after I today (Friday) gave a presentation to the EFF Board about e-mail encryption.
The story we're now telling about e-mail encryption goes something like this: Once some great technologists like DH, RSA, and PRZ invented some cool stuff. Then we fought legal and political battles to make sure that the public would be allowed to use it. Nowadays the public is allowed to use it, but it's still too difficult for most people, so we now have to re-think how we present e-mail encryption, to be sure that it will be useful to everyone, even if it isn't optimally secure.
The story I'm more accustomed to telling goes like this: Once there was one-time-pad cryptography, which was infeasible because of the irritating key exchange and key security problems (you had to ship a CD-ROM to everybody you wanted to communicate with, and, what's worse, CD-ROMs weren't even invented yet!). Then some clever people invented conventional symmetric key block ciphers, and so now you only had to meet people in person to exchange a short key and then could have almost ideally private conversations. But the trouble was that you still had to meet them -- so what would you do if you had to communicate without pre-arrangement, as in an emergency, or at a great distance, or with someone you had never met?
So then, the story continues, Diffie and Hellman and Merkle and Rivest and Shamir and Adleman and Phil (just humble Phil) provided public key cryptography, and an implementation of it, so all of a sudden the capability existed to "communicate securely with people you have never met", which is practically a miracle. Public key cryptography could let you do key exchange over a public channel and still have a private conversation later on! The only difficulty was the need to authenticate the identity of the owner of a particular key, because how could you tell that the person who claims to be Seth Schoen is really Seth Schoen?
So therefore people invented PKI in all its multifarious forms, which is to say that they invented the idea of CAs and webs of trust as well as of individual face-to-face key exchange, which was the old standard for conventional cryptography. Webs of trust would let you do transitive trust to reach the identities of people you had never met in person; CAs would let them present credentials, like showing a driver license to prove who you are. These models were complementary, in a sense; if you were a radical decentralist sort, you could use webs of trust, and if you were a moderate and mainstream person, you could use a CA. But either way, you had a technique to authenticate people. Now you had technology to make your e-mail truly private, even when corresponding with people you'd never communicated with in any other context. Now your e-mail would be private.
That's where the older story ends, and there's a remarkable clash which develops between people to whom the "end of the story" is the key (no pun intended), and people for whom the story is still continuing in a significant and interesting way. (This reminds me of my poem "Deeper Still" which talks about the Narnia stories, fate, and "she who's an end to stories". "Are you out there, can you hear this?")
For some people, the story ended when the technology was invented and published (and its legal status assured, if somewhat tentatively) -- after that, the responsibility for using the technology to achieve privacy is purely and wholly with the users, and if any users fail to use it, it's their own individual error and perversity, far beyond the purview of The Story of Public-Key Cryptography, and How It Brought Privacy to E-mail.
For others, the story is just as live and present as ever, and the usability patterns and experiences are as much a part of it as anything else. The availability of the software, legally and technically, was only a preliminary chapter or a prologue. The end-users are characters in the story in their own right, and it's meaningless or counterproductive to dismiss their problems as "their own problem" (or to wait or work for the future time, the promised paradise, in which all users are fully educated and competent in the use and features of the technology).
... so an idealistic and compassionate programmer could maintain: "I will not enter nirvana until all sentient users do so!"
The slashdot article I mention shows a parallel conflict of stories. For some people, we have The Story of Microsoft's Undeserved Dominance, and the Pollution and Dissipation of the Users' Natural Curiosity and Capabilities. Here Microsoft wrote some pretty bad software which took away responsibility and power from the users -- took away what was rightfully theirs -- and then beguiled them with GUIs, with cartoons, with advertising, to the tune of billions of dollars spent, not making the users more powerful, but making them more dependent, more accepting of their lot as envisioned by Microsoft, less able to remember another time and another world. Linux and free software then come to challenge them by offering the users a new golden age, in which they are once again educated, capable, powerful, enjoying self-determination, in a democratic (some say: anarchist) community.
Others have The Story of Users' Evolving Expectations, and How the Diversity of Operating Systems Met Them, or Failed to Meet Them. Here, the golden age included only a minority of prospective computer users, who enjoyed their own private paradise while the rest of the public was completely mystified and completely unable to use computers, or completely unwilling. Then vendors, in and through a complex ecology, developed new systems which gradually came to appeal to the general public; as they accustomed themselves to them, they became willing to make computers a bigger and bigger part of their lives. In return, the users acquired progressively higher and higher expectations around familiarity, ease of use, and the direct and immediate suitability of computers for the users' own chosen purposes. This soon meant that old systems were effectively irrelevant, and the entire industry was caught up in a race as to who could best serve consumers.
The clash between these stories is an amazing thing to behold: one faction sees users as deceived, captive, ignorant, servile, and to be freed and raised up and educated. Another faction sees that view as elitist or patronizing or arrogant, and sees users as independent, mature, and responsible, in charge of deciding for themselves precisely which technologies they prefer for their own purposes, subservient to no one else's preferences. And there are other stories at work and angles I'm missing or skipping over. (Compare the impassioned plea of the tank-building commune members in In the Beginning Was the Command Line and the ordinary car dealership's responses.)
It's difficult for me to avoid thinking about stories about love in connection with these debates; where else do stories collide with so much passion? I'm not kidding, and I want to say that this is what is at stake, that I am what is at stake.
