I am in the “pro email encryption” camp. If encrypting all email communications was easy enough, I would do it. I won’t get into “easy enough” here, but the issue is really about encrypting for a particular recipient, most of whom don’t care about encryption in the first place. I used to routinely digitally sign my emails as well, but stopped doing that for the same reason — most recipients didn’t know what to make of it.
Anyway, I’m coming to this topic now indirectly because of Google’s new “End to End” product / plugin / stance. Sounds cool, and I’m sure I’ll check it out.
In A World without Hearsay, Jon Udell tackles the question of why he used to digitally sign his emails and then discusses an argument made by Yaron Goland in a post with a very long title: Why Google’s support of PGP Mail might not be such a brilliant idea – Or, why I don’t like digital signatures for social networking and how Thali addresses this
In that post, the author likes digital signatures to a roving notary public:
A digital signature is intended to be an authenticator, a way for someone other than us to prove that we did/said something. When we use digital signatures for momentous things that should be on the public record, like mortgage documents perhaps, then they serve a good purpose. But with PGP Mail we suddenly sign… well… everything. It’s like having a notary public walking behind you all day long stamping every statement, note, mail, etc. as provably and irrevocably yours.
I don’t think we want such records to exist. I think we want a much more ephemeral world where the bulk of what we do just quietly vanishes into the ether leaving as little of a trail as possible.
I completely agree that we would be better off in a more ephemeral world, but the notary public analogy is completely wrong.
A notary public does in fact record (in a physical record book) every action, along with a physical signature and a fingerprint (noting that the specifics may differ across jurisdictional boundaries). Signing one’s own email does no such thing. It does not create a record, and does not make cause the email to become more permanent than it was without a signature.
It may be harder to deny that you wrote it; however, the more automated (or easy) it is to make such signatures, the less likely that such emails will have any weight over a non-signed email in a court of law.
To be clear, I’m not harshing on Thali — I have no opinion on that right now — I just don’t think the signature/notary argument has merit.