> What you *aren't* hearing is: [good points snipped]
Shirley Gaw's 2006 paper addresses these factors dead-on. http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf It's worth reading. A major additional factor Gaw found inhibiting adoption was the fear of being seen as paranoid. The following excerpt talks about various employees (all under pseudonyms) at an environmental-action NGO which participated in a variety of illegal direct action campaigns. You'd think these people would view paranoia as a good thing, but the reality was quite different. A couple of passages are _underlined_ to reflect italics in the original text. ===== "Many of the employees interviewed at [this NGO] had limits to their willingness to be more secure. In fact, moving beyond that limit was seen as abnormal or paranoid. While Woodward was especially vigilant, even the technical support staff admitted he might be excessively protective. Was the effort justified? Was it reasonable precaution? Abe explained how someone could 'go overboard' when he described how a representative of the PGP Corporation visited [the NGO]. Instead of a typical password authentication, the representative took off his necklace and used a removable flash drive that held his private key. The demonstration discouraged Abe: 'It was too over-the-top and definitely too complicated... it was like a movie.' He saw the presenter as paranoid. He went on to say: 'Yeah, I admire him because he comes in and puts his passphrase ... every single day, three times a day, so that's very dedicated to his stuff. He must either be very scared or very motivated.' He was not sure whether this vigilance was justified. In fact, he associated it with being fearful, perhaps irrationally fearful. Abe reiterated this when asked to speculate on why a colleague sent every e-mail message encrypted. He figured this man has an automated system for encrypting e-mail 'or he's nuts.' When Sandra was asked why she said her e-mail communications were not anything people were 'dying to get their hands on,' she explained: 'I'm not paranoid enough to think the CIA is monitoring my emails or anything to that effect.' Not only was encrypting messages excessive for someone who had no secrets, it was _paranoid_ _behavior_ to assume anyone would be interested in eavesdropping on her communications. Jenny also thought it was abnormal to encrypt non-secret information. When the interviewer abstractly explained that people in security suggest all users encrypt all messages, Jenny was baffled: 'So you're saying that ... people should just--even _normal_ people? That you're sending e-mail to ... your mom, like "hey, things are going ...", that you should encrypt your e-mail? That people should do all that?' Jenny emphasizes 'normal people.' _Normal_ _people_ wouldn't encrypt normal messages." _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users