Some time ago my boss found himself a new pony, named it SECURITAR and decided to ride it around office every other week talking about policies, improvements and all that jazz. I don’t really mind – it is a positive thing actually. He knows we need more of it, but doesn’t really know how exactly is it acquired. I think that at some point there was a plan to set up some hydroponic vats in the parking lot and try to grow it there but I don’t think that panned out well.
So SECURITAR gets brought up every once in a while, everyone full heatedly agrees that we need it and IT gets the job of figuring out how to implement it. Usually this involves, deploying encryption software on all laptops and workstations, training staff how to use it, enforcing strict security policies and smacking around people who don’t want to comply with them. Then directors scratch their heads, say
“Well… That’s a lot of effort and expenses and time… We have a really busy quarter right now, and maybe we shouldn’t rush into that thing just to get more SECURITAR…”
The subject gets dropped like its hot, Snoop Dog style only to be revisited the next time the big boss takes out the pony out of the shed and takes it for a ride.
A while ago someone has recommended PGP. The affair with it was short lived and ended around the time someone soberly said “it costs how much per user???”. Someone else said “I hope that this PGP comes with blackjack and hookers for that price” and I said “Get the fuck out of here Bender, no one asked you for your opinion”. So PGP never got rolled out and we still send emails unencrypted to this day.
Only that every once in a while the topic gets brought up again. Last time around I had some sort of a lapse and I blurted out something about GPG. I mean, it is roughly the same thing – only free, and its from GNU. And as everyone knows the G in GNU stands for Grrreat! At least that’s what Tony the Tiger told me before someone “punched” him in the face with my chair for being a Furry. So somehow I became the person responsible for figuring out how to make the GPG thing work in our Windows based, Outlook obsessed organization.
While G in GNU may stand for great, the NU definitely stands for Not Userfriendly for mere mortals. Don’t get me wrong – I use GPG myself, but then again I fucking hate mere mortals and I secretly hope they all die one day, preferably due to some sort of memetic-plague transferred via reality TV broadcasts and celebrity gossip. The problem is that GPG and Outlook do not play well together.
I downloaded and installed several free Outlook plug-ins that promised GPG integration and the breakdown was pretty much this:
- No longer maintained and last updated in the 1800′s
- PGP – also known as: “Costs Money == No Good”
Normally I’d post links to each and bash each on it’s own terms, but I just don’t feel like doing that. I looked at all the notable ones that I could dig out of Google and they all sucked hard. The interfaces were ugly, buggy and counter intuitive, key management was either nonexistent, clobbered together as an afterthought or required a separate application to run in the task bar and some very unstable communication between it and Outlook. And of course in most cases an encrypted email simply looked like a blank message with a weird attachment which could not be decrypted by double clicking, but rather required the user to save it to the hard disk, and then perform some complex operations involving clicking buttons, dancing, chanting and sometimes even singing the theme song from the Breakfast Club backwards while juggling 7 live poodles above your head. Or rather that’s how my users would describe it to their supervisors if we unleashed these monstrosities upon them.
Here is the thing – personally I think I could use all these applications, but neither one could match something like Enigmail in terms of simplicity, ease of use and level of integration with the mail client. They were all just a bit awkward. Of course when you are dealing with people who are technically half retarded when it comes to computers, bit awkward translates into UNUSABLE.
Now I know how PGP keeps making money even though OpenPGP and GPG are widely used and widely available alternatives. No one else has figured out (or bothered to figure out) how to seamlessly integrate with Outlook.
So here is a question for you. Do you use PGP/GPG at your work? Do you use it with Outlook? Can you recommend a free solution that could be used by a moderately intelligent Chimpanzees and/or regular people? I’m sure I’m missing something here but I’m at a loss. Perhaps we will simply have to suck it in and buy PGP licenses, or just forget about this whole deal. I’d migrate this whole merry bunch to Thunderbird in a heartbeat if this was feasible, but I don’t think that would fly with the management because of that fucking Office Addiction.
[tags]gpg, pgp, gnupg, pretty good privacy, email, outlook, ecryption[/tags]