Encouraging email security.

Graham graham.todd@ntlworld.com
Sun May 18 15:06:02 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 18 May 2003 12:18 pm, Jean-David Beyer wrote:

[snipped]
> I do not know how to get around this cultural gap. But until the
> majority start using encryption for everything, not just sensitive
> stuff, those of us who do will just attract the attention of the very
> busybodies whose attention we wish to avoid.

This is the very point that Phil Zimmerman underlined in the early days=20
of PGP.  By encrypting only sensitive stuff you single out the=20
sensitive stuff and people only need to use their resources to tackle=20
those emails.  If you encrypt everything then you do not single out the=20
sensitive stuff.

But this requires encryption technology to be used by the recipient, be=20
it PGP, GnuPG or S/MIME, and most don't bother.  Its not a matter of=20
difficulty (from my perspective PGP and GnuPG are easy to use, and=20
S/MIME is freely available and even the certificates are free [from=20
Trustcenter.GB and Thawte]); they just can't be bothered to use the=20
tools and to understand how they work.  So the encrypted emails can't=20
be read and are ignored.

Its not so much a cultural gap, as computer illiteracy.  Many users just=20
want to press the power button and instantly be in touch with email,=20
usenet, or the web; even my wife gets frustrated waiting for files to=20
download and we're on cable broadband!  These users don't want to know=20
the hows and whys, they want everything available at the flip of a=20
switch.  This is (after all) how they are sold their computer systems:=20
all completely ready to go once they've pressed the power button, even=20
though it might not be completely accurate.

ALL security software, from firewalls through virus checkers, and=20
encryption software are often seen by this type of user as complicating=20
the issue.  They don't really care about privacy, or securing their=20
system from outside eyes, because the internet is seen as a system they=20
access, not one of which they are intimately a part like a node on a=20
vast computer network.  That is the problem.

[I hereby end my rant :-)]

- --=20

Graham
GPG Keys at encryption.keys@ntlworld.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy

iD8DBQE+x4a5IwtBZOk1250RAo/HAJ9rSTj79DOueSpYuaBxoPfF+hbZoACeJ0sy
o/doegyv4OoEAukxkd/Jdk0=3D
=3DXtXz
-----END PGP SIGNATURE-----