In every org I've worked for Email has been an issue, from requiring people to have two phones, to clumsy apps that sandbox corp email. The fall out is that users will simply go around these (supposedly) more secure hurdles. How is this not a solved problem?
> How is this not a solved problem?<p>It's not because the big 3 (Apple, Google and Microsoft) do not want you to encrypt your email, so they can use it for data mining. If 70% of their gmail users used encryption, I'm sure they'd be turning the service subscription only or (as it's customary for G) shut it down.<p>So, if you need encryption you have use an external "add-on".<p>The problem of <i>secure email</i> is <i>solved</i>, it's just not <i>pushed</i> as a standard because:<p>a) Users don't understand they're being tracked (or don't care)<p>b) It's not promoted (actually it's being demoted) by industry leaders<p>The fact that H. Clinton and her equip didn't use GPG is appalling, doesn't make sense. This group of people had big stakes on the privacy of their communications, they went as far as setting up a mail server and forgot to apply encryption? I just don't get it.
I have witnessed several enterprises move from 100% email to 90% Slack and alternatives while using email primarily for scheduling purposes. I have a feeling corporate email will slowly die off over time.<p>Perhaps using a community messaging tool with built-in end-to-end Signal encryption will be the way to secure lines of communication in the near future.
> How is this not a solved problem?<p>Because we better understand the threat vectors that are imposed on the company from sloppy IT practices and as such are more willing to take security measures to prevent these things from happening.<p>We are also, at the same time, too stupid to realize that not everyone want's 5 applications just to encrypt their mail with a PGP key. When we make it so that by logging into a service with a password your browser can derive a private key and public key and use that to sign and send email we will have larger adoption. This will only be the case if it automatic.<p>Sure it's less secure but less secure is better then unused.
Build end-to-end encryption into the gmail app for Android/iOS.<p>There's no real reason this is not possible, and the benefits are huge. The ease of use of end-to-end encryption in WhatsApp etc shows there's nothing technically impossible about this, and fundamentally, the gmail app is no different to WhatsApp when it comes to sending mail from one gmail account to another.
The existing solutions all fail because they add friction.<p>There is a clear way forward. Add transparency to email clients. For example, i have two emails in my in box right now. Which one was sent in the clear? Which via ssl? I don't know. If i knew, then i might be annoyed by the one that was sent in the clear. And if i'm annoyed i might do something about it.