I’m at the ABA TechShow seminar on E-mail Ethics listening to a discussion about the use of E-mail encryption. Speaker Tom Mighell asked the audience if anyone out there was actually using E-mail encryption. About seven hands went up, maybe more, from lawyers who use PGP encryption. I’m not surprised to find lawyers who actually use encryption, not surprised because the ABA TechShow is a watering hole that draws lawyers who are extremely tech-savvy. The willingness of some of these techie-attorneys to learn how to use cutting edge technology is obviously high. But they don’t represent the typical lawyer, not even the typical lawyer-who-is-interested-in-technology (i.e. people like me).
I think it is a given that PGP encryption is not a mainstream technology. If you need proof go to any law firm and start knocking on doors and ask the lawyers if they know what “PGP” stands for. Ignore the blank stare and then follow up with an easier question; ask them if they know what “E-mail encryption” is and offer to give them $1,000 if they can name one person they have met that knows anything about E-mail encryption. Then, for laughs, offer to give them $1 million dollars if they know what a “hash function” is or what the “Diffie-Hellman protocol.”
I tried to use the PGP encryption technology with a tech-savvy friend once. I won’t describe the whole process but if you are interested click here. The important thing to understand is that, even if you can figure out how actually encrypt and decrypt emails, part of the process involves creating a special private/public key. In short, it’s a pain in the ass to encrypt emails, even if you know what you are doing. After having done it myself I have come to the conclusion that the only people who are routinely encrypting emails are either uber-geeks or criminals/terrorists.
In fact, I noticed something interesting when I used the PGP program and then registered my ‘public key.’ I noticed as I browsed through the list of names of people who had registered their public keys that there were a lot of entries for Osama bin Laden. I suppose that is a popular name to use when you register your PGP key in the same way that certain baby names get popular at certain times. Or maybe the real Osama bin Laden actually took the trouble to register his public key.
I guess the good news is that if Osama ever manages to get a law degree he won’t have to worry about being charged with violating an ethical duty to encrypt email. And the good news for the hoards of lawyers who don’t use encryption is that they probably won’t be charged with terrorism.
Update: CNN has a nice article on encrypting email, including a profile of a new (and supposedly easier to use) system called Hushmail. And, best of all, the system is free –at least for now.