US banks that can send PGP/MIME e-mail

[Robert J. Hansen]

On 02/24/2013 03:27 PM, Jay Sulzberger wrote:
> Ship a device.

Meaning what, exactly?  At first blush you seem to be trading one
problem for another: people don't know how to use GnuPG, so ship a
device and now they don't know how to use the device.

> Your argument seems to show that, in order to get more people
> using encrypted email, we should use part of the system you think
> is superior...

Cheaper, not superior.

To a first approximation, MBAs and bean-counters divide a business's
operations into revenue and overhead.  They'll go to great lengths to
maximize revenue, and they'll go to great lengths to minimize expenses.
 Security doesn't directly generate revenue -- at best it indirectly
facilitates it, but that's difficult to quantify and plug into a
spreadsheet.  That means security gets viewed as an overhead expense:
something to be minimized at all costs.

People keep on thinking in terms of "wouldn't it be nice if," but that's
not how business thinks.  Business thinks in terms of, "what will
maximize revenue and minimize overhead?"

OpenPGP users account for probably less than a thousandth of all
computer users.  99.9% of all banking users have no real desire to see
OpenPGP used for their statement delivery.  If the 0.1% of customers who
want OpenPGP produce so much revenue for a bank that they cannot be
ignored, and are willing to leave their current bank for one that will
provide OpenPGP, then we can expect to see banks deploying OpenPGP-based
solutions.

But until then, no.

This is not a technological problem.  It's a business problem.  To think
otherwise is to commit serious category error.