Strategies and Perceived Risks of Sending Sensitive Documents

Authors: 

Noel Warford, University of Maryland; Collins W. Munyendo, The George Washington University; Ashna Mediratta, University of Maryland; Adam J. Aviv, The George Washington University; Michelle L. Mazurek, University of Maryland

Abstract: 

People are frequently required to send documents, forms, or other materials containing sensitive data (e.g., personal information, medical records, financial data) to remote parties, sometimes without a formal procedure to do so securely. The specific transmission mechanisms end up relying on the knowledge and preferences of the parties involved. Through two online surveys (n=60 and n=250), we explore the various methods used to transmit sensitive documents, as well as the perceived risk and satisfaction with those methods. We find that users are more likely to recognize risk to data-at-rest after receipt (but not at the sender, namely, themselves). When not using an online portal provided by the recipient, participants primarily envision transmitting sensitive documents in person or via email, and have little experience using secure, privacy-preserving alternatives. Despite recognizing general risks, participants express high privacy satisfaction and convenience with actually experienced situations. These results suggest opportunities to design new solutions to promote securely sending sensitive materials, perhaps as new utilities within standard email workflows.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {274590,
author = {Noel Warford and Collins W. Munyendo and Ashna Mediratta and Adam J. Aviv and Michelle L. Mazurek},
title = {Strategies and Perceived Risks of Sending Sensitive Documents},
booktitle = {30th {USENIX} Security Symposium ({USENIX} Security 21)},
year = {2021},
isbn = {978-1-939133-24-3},
pages = {1217--1234},
url = {https://www.usenix.org/conference/usenixsecurity21/presentation/warford},
publisher = {{USENIX} Association},
month = aug,
}

Presentation Video