Users are notoriously called out as the weak link in security systems, especially when it comes to encryption and data protection systems. We often hear about “user education” and “user error” but are we looking in the wrong direction? This session will examine traditional encryption APIs and argue that they are logically broken, and it is they, not users, that need to be fixed.