Matt Haughey has written about the poor user experience provided by email encryption. And in doing so he hits the nail on the head:
I’ve often heard prominent computer scientists lament the low uptake of email encryption — that in the age of many gigahertz machines we still send plain text to each other (usually) over non-secure connections. Every couple years, just for the sake of my personal freedom and curiosity, I make an attempt to try and use encryption for a few days. Every time I do this, I am disappointed.
Late last year, I installed GnuPG and Enigmail again to see if the experience would be much better than last time. It certainly has improved, but it’s got a long way to go. A newbie user would struggle to even follow these step-by-step instructions and it involves lost of commands in a command prompt window which really end users should not have to do. Even if you follow these instructions to the book, you will only have GnuPG set up for email – to use it for verifying and encrypting files or the clipboard contents you need to download other programs like WinPT and GPGee as well, and configure them. It’s a lot of work and not a whole lot of benefit, really. It’s a bit different with PGP as the interface is much better, but PGP is now a commercial product.
Someone needs to come up with some kind of security suite for Windows, which integrates with all common email programs (Outlook, Outlook Express, Thunderbird and Eudora) and also Internet Explorer and Firefox, and provides a common user interface for working with GnuPG. There should be wizards for key generation and any complicated tasks and seamless integration with Windows Explorer, too. Is that so much to ask?