US banks that can send PGP/MIME e-mail

Tue Feb 26 14:36:18 CET 2013

On 02/25/2013 05:10 PM, Anonymous wrote:
> Ing in Netherlands distributes software (windows, mac, and linux
> versions) - so apparently it's easy enough for enough average joe's to
> figure out how to install an app.

Figuring out how to install an app is not the problem.  Figuring out how
to *use OpenPGP* is the problem.  The app is not the same as the amount
of specialized knowledge required to use the app successfully.

OpenPGP has a learning curve like the Matterhorn.  This is a long-known
and long-lamented fact.  If you can fix that, then maybe things will
change.  As things stand, though, I doubt they will change.

> take the bait.  Such an app could embed an email client that does
> everything the advanced users would do, and hide everything possible.
> Such an app could even hide the email address, and hide the fact that
> email is used at all, if they wanted.

Then why bother at all with email and OpenPGP?

> They're not good at it.

On the contrary, many of them are phenomenally good at it.  Operations
Research is part of the business school in most universities, and the OR
geeks tend to be astonishingly good at what they do -- which is maximize
efficiencies and cut inefficiencies.

(ObDisclosure: I'm a contributor to COIN-OR, the Computational
Infrastructure for Operations Research, and have assisted with a couple
of papers in the field.  I have been deeply, thoroughly impressed by
virtually everyone I've met in OR.)

> Moreover, the nerds among them are a very different variety of nerd
> than that which would understand or appreciate the needs of a comp
> sci/math/software nerds.

OR nerds -- who are the B-schoolers who focus most heavily on
efficiencies -- are serious math and CS nerds.  Look up George Danzig
sometime.

http://en.wikipedia.org/wiki/George_Dantzig

I understand that many geeks like to look down our noses at people in
the B-schools, but really, that's a shallow prejudice that we as a
community need to get over.  There are some alarmingly sharp people over
there.

> A bank forward-thinking enough to cater to nerds with ssh for
> transactions and openpgp for statements would spend the least amount
> on security

I'm going to have to ask to see the business study you're using to back
this up.  This is your prejudice, nothing more.  It's just as credible
to claim that a bank probably wouldn't want to cater to seriously
tech-savvy people because of the risk of bad apples.

If 0.01% of your customers have the capability to defraud your bank,
that's a much different situation from 1% having that same capability.
It affects the business logic considerably.  They might wind up spending
the *most*.

> The average American has ~14 bank/credit card accounts.  I shit you
> not.  So it's not just one account they must "go pickup" their
> statement from.  You could not make a convincing claim that only 0.01%
> of Americans would appreciate their statements *delivered*
> automatically.

Which is why I didn't make that claim.  I said that probably <1% (and my
suspicion is <0.1%) of all users would want OpenPGP to be used to secure
delivery.

For example, I'm in the ranks of people who don't care.  I genuinely
don't.  I want some sensible technology to be used, but I have zero
interest in specifying which technology should be used.