Network Associates Gives Up Search for PGP Buyer

nakhla writes: "I came across this article which states that Network Associates has given up the search for a buyer for its PGP division. The company has laid off 18 workers, and plans to continue to maintain the product for one year. It's a good thing that there are still products like GnuPG and others out there for people who need cheap, reliable encryption."

Re:What difference will it make?

[Boiling_point_]

Is there any hope? I'd like to think so, but only if it becomes the default in hotmail and MS Outlook will it become widespread, and what are the odds of that?

That's the trouble with encryption, and security in general. It takes effort to be secure. You can trust an algorithm with your life, but do you trust the piece of software you installed on the computer you assembled out of parts you bought off the shelf? Sadly, strong encryption built as a default into something like Outlook might cause more trouble than its worth, in misplaced trust.

Most Outlook users wouldn't know how to tell if their private key had been compromised by some email malware. If they're using email for tasks that SHOULD be kept private because they trust that Outlook will make it safe, then where will we be?

Encryption and the masses

[EschewObfuscation]

There are, IMHO, two things that keep the average email user from using encryption:

First, it has to be absolutely transparent. It can't put more of an overhead on a standard email send-and-receive than already exists. Key management would have to become at least as easy as address book management (say, having addresses and keys automatically integrated into your keyring). While this would present a security hole, most users aren't going to want to go and verify keys. They're also not going to want to type their password every time they send an email. Most users of apps like Outlook just store their passwords on their PCs anyway, because they can't be bothered logging in once per session (ever deal with someone who didn't remember their password because they never type it in anymore?). IIRC, PGP had several of these features, but with some apps you still had to encrypt to the clipboard and then paste the encrypted message back into your document.

Second, to even get people to do this minimum, and to demand it in products, they have to see the need for it. Phil put it best, I think, when he drew an analogy in the docs for PGP. I can't remember the exact wording, but it was something along the lines of "So you're not saying anything illegal. What would you think if the government outlawed envelopes, and all mail had to be sent on postcards?

Most people don't believe how easy it is to read email, because they have no idea how to go about it. Instead, they shrug and say that they don't care. If instead you ask them how they'd feel about having all of their corporate correspondence and private letters going out on postcards, they'd think twice, and (hopefully) bite the bullet and start using something like PGP. There can be a huge market for applications like PGP, but it has to be sold to people with the right message, and it has to, even at the expense of some security (and yes, I realize the implications of that, and know the argument that no security is better than flawed security), be easy to use.