TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD

Quake help not fast enough, says Indian PM

U.S.

Bush: No help from Washington for California power crunch

POLITICS

Bush signs order opening 'faith-based' charity office for business

LAW

Prosecutor says witnesses saw rap star shoot gun in club

ENTERTAINMENT

Can the second 'Survivor' live up to the first?

HEALTH

Heart doctors debate ethics of testing super-aspirin

TRAVEL

Nurses to aid ailing airline passengers

FOOD

Texas cattle quarantined after violation of mad-cow feed ban

ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)

MAINPAGE WORLD U.S. WEATHER BUSINESS SPORTS

TECHNOLOGY

computing personal technology

SPACE HEALTH ENTERTAINMENT POLITICS LAW CAREER TRAVEL FOOD ARTS & STYLE BOOKS NATURE IN-DEPTH ANALYSIS LOCAL
EDITIONS:
CNN.com Europe change default edition
MULTIMEDIA:
video video archive audio multimedia showcase more services

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

Should you encode your e-mail?

From...

June 16, 2000
Web posted at: 8:57 a.m. EDT (1257 GMT)

by Elinor Abreu

(IDG) -- Determined to succeed where others have failed, Hush Communications President Jon Gilliam is announcing this week a free e-mail encryption system for consumers. The question is, do consumers care?

For the past two years, Hush has been creating encryption software so powerful that the firm was forced to shift development to an office on Anguilla, British West Indies, to avoid the U.S. government's restrictions on export of strong encryption. So far, 210,000 people have used the 1,024-bit encryption via Hush's Web site at www.hushmail.com. Now, the company is offering HushPOP (post office protocol), a Java-based downloadable version that will let people encrypt messages using their own e-mail program.

MESSAGE BOARD

Online privacy

ALSO

Secret code, Mac style

Personal encryption hasn't taken off, experts say, because consumers don't think it's worth the trouble. "The real need for privacy hasn't been demonstrated yet for consumer-to-consumer [e-mail]," says Jonathan Penn, a senior industry analyst at Giga Information Group.

Many free e-mail programs are targeting consumers, including 1on1mail, LokMail, PrivacyX.com and ZixMail. But the industry's longtime darling has been Pretty Good Privacy, which nearly landed creator Phil Zimmermann in jail for violating export regulations. PGP, which Zimmermann sold to Network Associates in 1997, now boasts about 7 million users. Most of them, however, are "die-hard Phil fans and encryption gurus," says Allison Taylor, PGP director of product marketing for Network Associates.

MORE COMPUTING INTELLIGENCE

IDG.net home page

The Standard.com

TechInformer: The Thinking Internaut's Guide to the Tech Industry

Your own secret code, Mac style

Disappearing e-mail finally appears

Reviews & in-depth info at IDG.net

E-BusinessWorld

Industry Standard email newsletters

Questions about computers? Let IDG.net's editors help you

Industry Standard daily Media Grok

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

"Most people don't care about encrypting their e-mail," says Bruce Schneier, author of Applied Cryptography and CTO at Counterpane Internet Security. "You lock your front door now because you care. Your grandparents didn't."

Gilliam demurs, maintaining that if encryption were easier to use it would attract a critical mass of people. "Ever tried to use PGP?" he asks. "It's just too much for the average user."

Indeed, a 1998 study by Carnegie-Mellon found that two-thirds of study subjects failed when given 90 minutes to send a message with PGP. The study concluded that PGP 5.0 was "not efficiently usable to provide effective security for most users."

PGP users must exchange their public keys (used to encrypt messages) with each other via e-mail attachments, or use the software to look them up on a key server. To ensure they are sending to the desired recipients, users must verify each others' "fingerprint," or unique 16- to 24-digit number, over the phone or in person. With Hush, the public key is exchanged automatically by the company's servers.

Unlike PGP, which stores private keys (used to decrypt messages) on users' machines, Hush's private keys are stored on the company servers. When users want to access encrypted mail, they enter a password, and the private key is automatically downloaded.

Acknowledging that PGP's user interface could be simplified, Zimmermann says it's still a more private form of communication than HushPOP. "In PGP you get to choose who you trust to sign the keys," he says. "Hushmail signs the keys. That might make things easy, but it also means you have to trust Hushmail."

Is there a profitable business model in free encrypted e-mail? Network Associates maintains the free version of PGP but makes money off a corporate version with more features.

Gilliam expects to move in the same direction, and plans to offer a corporate version. "Corporations will love it," he says -- begging the question of whether we'll all one day be sending out encoded e-mail.