CMU study: Explaining TEEs boosts understanding but not user trust

A new study from Carnegie Mellon University (McKenna McCall, Carolina Carreira, Miguel Flores, and Lorrie Faith Cranor) explores how to explain Trusted Execution Environments (TEEs) to non-experts. TEEs are isolated hardware environments that protect the confidentiality and integrity of running code, often used in cloud computing to secure sensitive data. The researchers analyzed existing TEE explanations, developed candidate texts, and tested them via vignette scenarios with 966 crowdworkers. They found that non-technical explanations that highlighted specific threats (e.g., "a TEE prevents even the cloud provider from reading your data") led to the greatest improvement in understanding.

However, the study's most surprising result: even after understanding what a TEE does, users were no more willing to use TEE-enhanced technology than before. This suggests a disconnect between technical comprehension and behavioral trust. The authors argue that simply explaining security features isn't enough—companies must also address users' broader privacy concerns, transparency, and perceived control. The findings have direct implications for how tech firms communicate privacy-preserving technologies like confidential computing and secure enclaves.