what is killing PKI?

[Robert J. Hansen]

> P.S.1. Having an occasion now, I just want to say to you, Robert, a 
> big and sincere "Thank You!" for your articles on this mailing list.

Uff da meg.  "Articles."  If my posts have reached that level of
wordcount, then I definitely need to work on making them shorter.  :)

> The impulse for writing my first post in this thread was frustration
>  about a "technological" treatment that privacy often receives, and 
> about a lobby that tries to tell everybody to encrypt everything,

I don't doubt the existence of this part of the community, but I don't
share in their views.  In fact, I think those views are genuinely
harmful to the advance of privacy and confidentiality.

My position is simple: I want people to understand the realities of
electronic communication, the risks they're facing, what technologies
and methods exist to mitigate these risks, and the prices of these
technologies and methods.  Few people are responsive to a would-be nanny
telling them what they should be doing.

My doctor tells me that my cholesterol is on the high side and I should
rethink my meat intake: I sometimes think about him as I'm eating a
hamburger.  Same thing with privacy advocates who tell people what they
should be doing.  I think the best that can be done is to give people
information, and let them draw their own conclusions.

This, unfortunately, means that most of your post is -- it's not
irrelevant or ill-considered or anything else like that.  It's just that
we're coming at it from such divergent perspectives there's not much I
can really say about it.  My position is simple: provide information and
let people make their own calls.  What people should do, or what we as a
community should be advocating, is really not my lookout.

> For this writing, I have read all the other articles mentioned in
> someone's earlier post.

Thank you -- seriously.  As I said above, I think that information and
education is the best thing we can do.  That applies to ourselves as
well.  :)

> It might sound paradoxical, but openness is what protects us in our 
> lives.

I generally agree with you here.  If you haven't read David Brin's _The
Transparent Society_, I think perhaps you'd enjoy it: it covers a lot of
these subjects (and many more) in detail.  I don't agree with Brin, but
he definitely has ideas worth considering.

Personally, I side more with those who believe that a proper balance
between privacy and transparency is what protects us.  The problem here
is that my interest in transparency may conflict with your interest in
privacy -- making it an extraordinarily difficult interaction of
interests to balance.  Schneier's _Liars and Outliers_ discusses this in
more detail: again, you might enjoy it.

> Do we really have evidence people can't encrypt?

Although anecdotes are not the same as data:

My first year of teaching I was assigned to a freshman (university
first-years, for those outside the United States) Computer Literacy
course.  On the first day of class I asked thirty-five freshmen if
anyone had brought a computer to class.  Three hands went up.  I then
asked if anyone brought a cell phone to class.  Thirty-five hands went
up.  I asked one student at random, "So why isn't a cell phone a
computer?"  His answer was, "Because it can only surf the Web.  You
can't write a term paper on it or anything like that."

When I asked for a show of hands for who agreed with that statement,
probably two-thirds of the class agreed with it.

In my experience -- which is absolutely *not* the same as peer-reviewed
research, don't mistake me -- most people don't even know what a
computer is, except in a very superficial "it's a box with a keyboard
and a monitor attached" sense.  So, yes, given the truly dismal state of
computer literacy today, I think it's reasonable to conclude most people
can't encrypt.

Close to the end of that semester I taught the students about S/MIME
(not OpenPGP -- S/MIME is much better supported by email clients).  The
majority were able to get S/MIME certs and install it in their email
clients, but it did take four hours of classroom lecture to get them to
understand what encryption was, what a signature was, and so on.

> Can you imagine a responsible person exchanging sensitive 
> information, while not being certain what he does is safe?

Happens all the time.  Today I had to give my Social Security Number to
a government agency over the telephone: I had no way of verifying the
person I was talking to really was a government employee.  For all I
know he was working with a Chechen organized crime syndicate.  But,
after reflecting on the risks, I decided to accept the risk and go on.

So, yeah, I can imagine it quite easily.  The problem isn't the lack of
certainty that what we're doing is safe: the problem is the incorrect
certainty that we are safe, that what we're doing can never come back to
bite us.

> As I said, for me to be able to use encryption means more than
> knowing which buttons to click.

Sure, but in their defense, they weren't interested in seeing which
users were capable of walking on their own -- they were interested in
seeing which users were capable of standing on their own.  Have to learn
to stand before we learn to walk, learn to walk before we learn to run,
and all that.