After playing around with creating myself an OpenPGP compatible key and mucking around with sending / receiving some encrypted emails with some mates I’ve been thinking about a few things.
The concept of email encryption isn’t new but it has never really taken off because the barriers to using it for everyday users are too great. I’ve ranted before about companies that send out emails with personal information that just shouldn’t happen.
Now that companies are rolling out 2-factor authentication, will there be companies that allow users to nominate their public key to be used in encrypting emails that the system sends them? This would help to drive adoption of email encryption in general and doesn’t really require a major impost on the part of the service provider.
What obstacles are holding this back?
- Cost to implement?
- Lack of demand?
- Risk averse companies not wanting to be involved in legal / privacy implications?
- Variety of encryption techniques?
- All of the above?
From the users perspective it’d be just another ‘setting’ you configured. In addition to your email address, provide the URL to your public key or copy / paste it.
If you’ve got an examples of companies that currently do this please let me know.