[svlug] Security & PGP: "Why Johnny Can't encrypt"

Scott DuBois rhcom.linux at gmail.com
Sat Jan 31 14:55:39 PST 2015

On Sat, Jan 31, 2015 at 02:36:55PM -0800, Mark Weisler wrote:
> Very few and very few are at all interested in encrypting even when they have material they should keep private.

Is this because people find encryption too daunting? Or because people just
don't believe their 'threat' model' is high enough to justify the added effort?

> I don't believe there are any U.S. laws against genuine, strong encryption. 
> On the contrary, when I left off working in the security industry two years ago, the use of encryption and supporting organizational policy stating that encryption should be used can be considered legal due diligence on the part of said organization to keep computing secure.

I was thinking along the lines of government auditing. However, if strong
encryption is suggested then organizations only have their own security teams
technology deployments to blame.

In the case of Joe Mail User, the similar is true. If they don't believe their
'threat model' justifies the added burden of cryptography then they will
obviously not care. Only once they have good reason to suspect their privacy is
being violated and they consider that violation serious enough, then they will
do something about it.

Or, plead with the tech giants to provide meachnisms that allow for end-to-end
by 'default' instead of the _exception_ which is where we are now.

Google: "Why Johnny Can't encrypt" using search tools: past year.


EFF ID: 1731778

"The difference between stupidity and genius is that genius has limits."
-- Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
Url : http://lists.svlug.org/archives/svlug/attachments/20150131/daacb219/attachment.bin

More information about the svlug mailing list