US banks that can send PGP/MIME e-mail

Sun Feb 24 21:27:43 CET 2013

On Sun, 24 Feb 2013, Robert J. Hansen <rjh at sixdemonbag.org> wrote:

> On 02/24/2013 08:21 AM, Anonymous wrote:
>> You seem to imply that Americans are less capable or less interested
>> in PGP-protected mail.
>
> Oh, please.  This is pure projection.
>
>> The German bank "1822 Direkt" sends PGP encrypted bank statements to
>> their customers.  Someone mentioned another German bank that does
>> this.  Why does the business case work in Germany?
>
> It doesn't.  It works for one particular bank.  It doesn't work for
> Germany as a whole.  Different banks have different clienteles and
> different incentives for how they deal with their clientele.
>
>> Anyway, I don't accept the idea that the business case is lacking.  In
>> an industry that is willing to pay upwards of $150 to entice new
>> customers into opening an account, a bank could easily gain majority
>> market share of all self-respecting nerds in the country at a fraction
>> of that cost.  I call it a missed opportunity.
>
> And as soon as a customer is on the phone with tech support for two
> hours trying to get GnuPG to work on their system, that's about $100 the
> bank has now spent trying to retain this customer.  That's a lot.  The
> only way to make the user profitable in such a case is to raise service
> fees, in which case that bank will hemorrhage business to their competitors.

Ship a device.

>
> If I were a banker and I had a choice between SSL-secured HTTPS that 99%
> of my internet banking customers would approve of, which requires no
> special training or experience on their part, which requires no
> additional special training on the part of my tech support staff, or
> adding OpenPGP-secured statement delivery that would appeal to 1% of my
> userbase and each one of those users would have tech support costs
> orders of magnitude greater than the users as a whole, the presence of
> that 1% would require expensive training and retraining on the part of
> my tech support staff...
>
> Honestly, if I was advising a consumer bank about this, I'd tell them to
> avoid OpenPGP.  I don't see the business case for it.  And until you can
> show me either (a) radical improvements in ease-of-use, (b) radical
> reductions in technical support costs, or (c) explosive demand from the
> users, you really can't show me the business case for it, either.

Your argument seems to show that, in order to get more people
using encrypted email, we should use part of the system you think
is superior, namely the browser with whatever crypto stack your
banks use.  If such a superior system for easy delivery of well
encrypted stuff exists I would like to learn about it.

ad a: Yes, of course, Gnupg is today for many people very
difficult to set up.  Why is the browser plus crypto system
easier to use?

oo--JS.