"You do understand that people don't trust technology?": Explaining Trusted Execution Environments to Non-Experts
For researchers and practitioners communicating security concepts to users, this work provides insights into effective explanation strategies but shows that understanding alone may not address privacy concerns.
The study evaluated text-based explanations of Trusted Execution Environments (TEEs) for non-experts, finding that non-technical explanations highlighting specific threats improved understanding most, but had little effect on willingness to use TEE-enhanced technology.
Trusted Execution Environments (TEEs) protect confidentiality and integrity of trusted applications by creating an isolated environment for executing code. Prior work has shown that users may feel more comfortable sharing data when they know it will be protected by a TEE, especially if they understand what a TEE is. In this study, we evaluated text-based explanations introducing TEEs to non-experts. We analyzed existing TEE explanations to develop candidate explanations and evaluated them via vignette scenarios with 966 crowdworkers. The explanations that enhanced understanding most were non-technical ones that highlighted specific threats that can be prevented by a TEE. Surprisingly, even the explanations that enhanced understanding had little effect on willingness to use the TEE-enhanced technology. These results provide insights into ways to communicate technical security concepts more effectively but also suggest that explaining security technology might not be enough to address users' privacy concerns.