RE: Carnivore Update - Public Does Not Care

[Roeland Meyer <rmeyer () mhsc com>]

> From: Quark Physics [mailto:meuon () highertech net]
> Sent: Sunday, November 26, 2000 6:43 AM
>
> > extra trouble to install it. The proof is the market 
> penetration of PGP.
> > Only the geeks tend to use it and SSH is only used by SA 
> geeks. The general
> > market DOESN'T CARE!

The following parallels what our marketing department found out (after
launch, unfortunately <sigh>).

> We see roughly several levels of clients:
>
> 70% - "Huh? We're secure, only I have the root password" 
> (actual quote)
>
> 10% - Encryption is hard, how about we ZIP the file we send via FTP?
>       (not bad, it helps...)

These guys, 80% of the market, will not pay for it either. They will not buy
software packages and they will not buy services either. They don't see a
problem. Can we say "myopic"?

> 10% - SSL encrypted XML posts.  
>
> 5%  - SCP (SSH) file transfer, known keys on each side + passwords.

This last 15%, are mostly self-serve and actually know that there is a
problem. But, they wont puchase, they don't need to, they're self-serve.
This is where most of us, on this list, fall.

> 5% - Hardware encryption, leased line, keys for hardware encryption
>      and passwords delivered in seperate parts by different people
>      after identity verification. No physical connections to gateway
>      systems. (Federal Reserve, Chase Manhatten Bank...)

The unknown tier, many of them are banks where minimum security is a
regulatory thing. It's a part of doing business. I'm not sure, that if left
to their own devices, that they wouldn't join the majority in in their
apathy.

> Until real data encryption is built into the Operating Systems and all
> software... --mike--

As long as we have Federal Export restrictions, on encryption products, this
will continue to be an optional add-on (Win2K high-encryption pack ain't
that bad. But, it is an add-on, one has to use the update service to install
it).