"We're never really going to have widespread end-to-end encrypted email," says Kenneth White, director of the Open Crypto Audit Project. Purely internal email encryption systems can have as many protections and as much oversight built in as the company wants. "But as soon as you're interacting with a third-party system, you just have an email address," he says. "You have to think about whether everyone on the list has the same system, and that's just a non-starter for the vast majority of organizations."
Defaulting to a link inside the email that takes external recipients to a secure website works, he says. "But then it's a web application, it's a website. It's not email. I for one, and the others in the security field, don't see that there's ever going to be any kind of [general use] encrypted email."
Sign up for Computerworld eNewsletters.