Encouraging email security.
Graham
graham.todd@ntlworld.com
Sun May 18 15:06:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 18 May 2003 12:18 pm, Jean-David Beyer wrote:
[snipped]
> I do not know how to get around this cultural gap. But until the
> majority start using encryption for everything, not just sensitive
> stuff, those of us who do will just attract the attention of the very
> busybodies whose attention we wish to avoid.
This is the very point that Phil Zimmerman underlined in the early days=20
of PGP. By encrypting only sensitive stuff you single out the=20
sensitive stuff and people only need to use their resources to tackle=20
those emails. If you encrypt everything then you do not single out the=20
sensitive stuff.
But this requires encryption technology to be used by the recipient, be=20
it PGP, GnuPG or S/MIME, and most don't bother. Its not a matter of=20
difficulty (from my perspective PGP and GnuPG are easy to use, and=20
S/MIME is freely available and even the certificates are free [from=20
Trustcenter.GB and Thawte]); they just can't be bothered to use the=20
tools and to understand how they work. So the encrypted emails can't=20
be read and are ignored.
Its not so much a cultural gap, as computer illiteracy. Many users just=20
want to press the power button and instantly be in touch with email,=20
usenet, or the web; even my wife gets frustrated waiting for files to=20
download and we're on cable broadband! These users don't want to know=20
the hows and whys, they want everything available at the flip of a=20
switch. This is (after all) how they are sold their computer systems:=20
all completely ready to go once they've pressed the power button, even=20
though it might not be completely accurate.
ALL security software, from firewalls through virus checkers, and=20
encryption software are often seen by this type of user as complicating=20
the issue. They don't really care about privacy, or securing their=20
system from outside eyes, because the internet is seen as a system they=20
access, not one of which they are intimately a part like a node on a=20
vast computer network. That is the problem.
[I hereby end my rant :-)]
- --=20
Graham
GPG Keys at encryption.keys@ntlworld.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy
iD8DBQE+x4a5IwtBZOk1250RAo/HAJ9rSTj79DOueSpYuaBxoPfF+hbZoACeJ0sy
o/doegyv4OoEAukxkd/Jdk0=3D
=3DXtXz
-----END PGP SIGNATURE-----