The big reason to encrypt even non-sensitive data is that it increases the overall amount of encrypted data. Even if the gov (or whoever you want privacy from) has the immense computing resources needed to crack *some* encrypted traffic, by encrypting everything, you make it difficult for them to decrypt anything of value.

I agree that we don’t currently have the tools to make encryption and key management easy. That situation is improving.

Most people are not willing or able to never email anything sensitive. From business information to legal documents to personal missives, there are a lot of good reasons to want privacy, at least some of the time. Besides, do you really want the NSA reading even your non-sensitive email? As things stand, they are.

And I’ve never bothered to set it up, at all, ever. Why? Because I have exactly zero need to, in that I never email anything sensitive.

A “network effect’ of people encrypting (rather than signing) their mail will just cause me to ignore their email. And, really, considering how bad people are at backups and computer maintenance? Do you want to deal with updating people’s public keys every week? Worrying about how your archived mail can’t be read because the keys are changed/lost/confused?

The wisdom of the people really seems to have already spoken; the only people who encrypt are people who are 1) crazies (and I mean that for the most part affectionately, not so much seriously as a literal accusation of mental imbalance) and 2) people who are actually emailing sensitive information.

(The same sort of problem in the penulutimate paragraph above applies to disk encryption; if you’re competent, sure, it’s fine. But people who can barely remember their own password, having all their data encrypted? They’re just going to lose it all and then never encrypt again. Then again, why even encrypt most of a filesystem? It’s useless overhead to encrypt pretty much anything that isn’t your sensitive data, after all…)

If you have a gmail account, you can access it like any other POP account. So you can get your mail delivered to you in Thunderbird or Outlook or any other email client. If you do it like that, you can get your gmail delivered to a program that can do GPG (i.e. Thunderbird) and then using GPG in that context is like any other.

But, if it is encryped, they can’t scan it, and they can’t block out words, and they can’t “not deliver” if a scan determines it to be “hate mail”. In a way, encryption could be the only way to ensure truly free communications. I doubt Google would volunteer for a feature like that.

But – on the other hand – I just had a whacko idea.
What if you had a blog (or other website), that required an encryption key to read?
It would (obviously) decrease the readership, but if – in order to get the encryption key – the reader simply needed to create an account with a valid e-mail address, then the site would send an applet that would decrypt the site – it would allow a person to put anything they wanted on the site without fear of “offending” anyone. It would cut down on the search engine hits, but who finds blogs that way anyhow? However, if someone were to write a blog AND an FireFox extension that worked with the blog encryption, that would be even easier – and better.

Yes, I took my medicines and I’m feeling frisky right now….
(oooh look – pretty buttons: bold, Italics, link,

quote

, code, and strike!. I dunno what ‘lookup’ is….

What I can’t figure out is how they could do it without having a copy of your secret key. You would have privacy from everybody except Google.

Key exchange is easy and relatively automated wih public keyservers.

The goal is to entrench the technology. Have everybody use it for everything. The end-to-end encrypted net is one that is safe from prying eyes.

And I agree with you that it’s important to encrypt disks too. It’s incredibly easy to do. On Linux systems, it’s completely transparent. On other systems, only slightly less so.

I don’t think I’d have much luck getting my friends or relatives to deal with the hassle of PGP for emailing me. They’d just stop emailing me instead. Easier solution: don’t email sensitive information. Truth is, most people aren’t emailing information they care enough about protecting to encrypt, which is why almost no one bothers.

I sell security software and hardware for a living, including PGP. Most organizations use it for securely transmitting select information from a specific sender to a specific receiver with specific security policy goals in mind, rather than as a general security talisman.

Financial institutions are finally catching on to its use for financial data, and one of the requirements for the VISA/MasterCard Cardholder Information Security Program is to encrypt data sent over public networks. Most companies are using PGP’s Command Line product to comply. (And FWIW, I think it’s odd that CISP only requires that the data be encrypted during transmission. Smart programmers encrypt on disk, too, since that laptop, drive, or backup tape could fall into the wrong hands.)