Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Ask Slashdot: Could E-Mail ever Replace Snail Mail? 91

Posted by Cliff from the signs-of-the-next-millenium dept.
dlc asks: "The recent USPS question got me thinking. One of the major things traditional mail has going for it that email doesn't is the fact that, for the most part, signing a letter (marking it as authentic) is easier to do, or, at least, the technology to do so is much more common, and is much more widely understood. Similarly, one of the obstacles standing in the way of universal acceptance of email as a legitimate means of reliable transmission is the fact that it is difficult to verify the sender of a message. Digital certificates and a world wide (or at least wide-spread) public key infrastructure would go a long way towards removing this obstacle. My question for the slashdot population is this: Under what circumstances do you see digital cirtificates, PKI, and encryption in general becoming part of normal email usage, to the point where people have as much confidence in the authenticity of email as they do in regular mail? "
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Could E-Mail ever Replace Snail Mail More

Ask Slashdot: Could E-Mail ever Replace Snail Mail

Comments Filter:

  • I can probably send a nicer e-birthday-card. All I've gotta do is send a Email consisting of:

    Happy Birthday!

    check out http://my.host.com/~me/birthday_card.html for the e-birthday-card I set up for you!

    And have a neat HTMLized card at that address, or you could just send a image as an attachment (PNG or JPEG)

  • So says the Anonymous Coward. Could this have been flame bait?
  • Issue every citizen with a PGP public key pair.
    You don't mean that. Really, you don't. If some agency is in charge of issuing public keys to citizens, that agency generates (and thus knows) P and Q, which determine M (the RSA modulus). This would implement key-escrow from the very beginning.

    Now I'm sure you really didn't mean that, but you should be careful that you truly mean what you say!

  • Well, if I write my sweetie a personalized piece of software with emotional content, that almost gets across the emotional interest. (Judging from reactions.)

    I agree that physical tokens are even more endearing, though; it's like the difference between sending sheet-music for a song you wrote, and singing it yourself.
  • I don't know about you, but I often spend quite a long time writing even a short email (or comment like this one) because i want it to sound good. So I put just as much effort into writing an email as someone else puts into picking out a greeting card. I suppose you could say I'm slow when it comes to writing, but I don't really think so.

    Besides, which would you rather receive? A meaty email or a one-liner greeting card? Personally, I value the former more.

  • I too have done some work with certificates (no book contracts yet :-) )

    In Australia, there has been much noise by government but little action regarding PKI's. Australia Post had a CA scheme going but decided to can it about 3 months back. Your only options now for an Australian CA (other than becoming one yourself, which has its own sociopolitical issues though the technology is there) are a couple of the big accounting/consulting firms, neither of whom seemed to have a clue about what they were trying to do last time I looked.

    If you don't go with Verisign or Thawte, or a few other CA's, who appear as default trusted CA's in MS and Netscape products, you run the risk of scaring techno-illiterates away with those "untrusted authority" dialogs.

    For a server cert, the Verisign signup procedure is not simple, quick or cheap. Particularly for a small company trying to, ahem, "leverage the level playing field of the Internet."

    The US export laws cause problems for anyone trying to write automated secure email programs. for example, RSA's S/MIME toolkits are only available to US and Canadian citizens. And S/MIME is what MS mail software would have you use by default for mail encryption. (Yes I know you can get PGP plugins, I use them myself, but does Joe Average Clueless User?)

    I have written programs to send encrypted email. But I used PGP, which does not use certificates. Finding something for S/MIME using certs was just too hard.

    Oh, yeah. I can't see Dell delivering my next computer electronically any time soon.
  • Snail mail has always given us the benefit of receiving the same object that was mailed. The object is usually signed in some way which verifies it comes from the sender. This could be a handwritten signature or Fedex tracking number. Because of the length of time society has experienced snail mail, there is an implied level of trust associated with the snail mail process. That VISA bill is really from the company that issued you with the credit card that you used to overspend on cooling fans for your overclocked CPU... you get the idea.

    The USPS and Federal mail fraud regulations along with the length of time society has used snail mail have played a part in creating that implied level of trust. But the majority of that trust comes from the relationship between the sender and recipient. Handwriting or letter style of grammer play a part in building that relationship which is why you trust that the message you have received is really authentic. The relationship's trust is also based on the type of message being conveyed:

    • I send you money, you send me goods.
    • It's your birthday so I'll send you a card and present.
    • I just had good news and I want to share it with you.
    • I am a sleazy direct marketer and you really hate me for filling up your mailbox.

    That same implied trust does not exist today with PKI-enabled email. We don't have many of those associations in email to imply the same level of trust. PKI has limitations in that the trust placed in the transportation of the email has nothing to do with the content of the message. It also has nothing to do with the relationship between the sender and recipient. It is purely a clinical way of ensuring either privacy between sender and recipient, or the sender signing the message for non-repudiation. All it ensures is that:

    • The person sending the transaction is actually the originator
    • The person receiving the transaction is the intended recipient
    • Data integrity has been not been compromised

    None of this has anything to do with the content of the message or the relationship between the sender and recipient. PKI trust is effectively sterile.

    Now add onto that the reliability of your regular email provider, your ability to store your keys securely yet have them easily at hand to actually use, add the average IQ of those you trade email with on AOL, and you suddenly realize that none of this is ready for prime-time.

    Several suggestions have been presented to create the infrastructure for PKI. A recent recommendation is to have the DMV issue Smart Card drivers licenses, and an initial certificate which you would use for an electronic signature. This is probably the quickest way to get certs to the unwashed masses, but opens a whole can of worms related to government intervention. Let's look forward to that time (hinted at in the Book of Revelations) when you can only buy and sell electronically using such a cert as your "unique signature ID". If the DMV can revoke your driving privelidges and cert for any reason, then you have no reason to imply any trust in such a system unless you truly believe it can never happen to you. Of course, if you're prone to paranoia....

    Back here on planet earth, most certificates are issued for two years and then automatically expire. After it expires anything you have signed will be no longer be able to be validated by the CA. Legally this is still unknown territory. Can you still trust email that was signed, but the certificate of authority has expired? Or is your trust now based upon the implied trust (context and the relationship) that was established when the cert was valid?

    The conclusion that seems to gathering consensus is the Smart Card route. Whether you would trust VISA/Mastercard more than the DMV to issue you your card, and whether you can add your own certs to your Smart Card remain to be hashed out. Either way the trust relationship we know from snail mail will be different in PKI.

    We can trust who sent and received the message. We can trust the integrity of the message. But we are still no closer to being able to trust the contents of the message any more than snail mail.

  • > You can't send checks. (You can send credit card
    > info. But, dammit, I want a check. None of this
    > credit-card-direct-deposit-get-all-your-cash-from- an-ATM BS.

    Why would you want to send or get checks? Speaking as someone from a society (Finland) where checks have been outdated for close to 10 years now, I think they are old technology. Bank account transactions are the way to go. I can send money to people via a nice web interface to my bank account, at any time of day or night I might want.
    So really, why would anyone need checks in mail? Just let the other person know your account number, and they will do the transaction, and if you have accounts in the same bank then you can see the money on your own account in minutes via the web interface.


    Hmm, my first ever /. post.
  • First off, see the subject. Anyone can receive snail-mail (I've got examples of strange addresses like "Third river bend, second lefthand hut", which owners successfully got their mail), for using e-mail you've to have at least a computer and internet connection. That's why telegraph didn't kill snail mail, for example.

    Second, with snail mail we've got real guarantee that your letter is delivered. That's because with buying postage stamp, placing it on the envelope and then putting the whole package into a postbox you kinda sign contract with that post service, which you can in turn, sue for not delivering the mail (if you happen to know it of course) On the other hand, sending email doesn't sign such a contract. If you complain to your ISP that your e-mail hasn't been delivired, he can just say there are some hackers or servers down or lightning stroke Microsoft office (not that 97, of course) or whatever.

    And last but not least, you just can't send your friend a real souvenir which any postcard is.

  • "but, without my illegibly-scrawled signature" Now I know I have seen many scrawled signatures printed out on laser printers... that's what scanners are for...
  • I've had the opportunity to build client-side certificate systems for two companies now, one customer based (Liberty Mutual Funds) and one intranet (State Street Bank). I've written on the subject a bunch, and our work at Liberty was a case study for a book on digital signatures. Some reasons why they don't work yet:
    • Too much new info coming out of your browser. Typical customers don't understand the deluge of messages they'll get about Certificate Authorities, and accepting things forever, etc... Solution: I don't know. It took a long time (and lots of bad scifi movies) for people to understand the notion of username and password. It's going to take longer to understand the notion of a digital certificate.
    • You're still expected to provide a password (to protect your private keys). In many eyes, this defeats the purpose. Sure, you've reduced a bunch of username/password combinations to one password, but it's still something to remember. Solution: Some sort of biological print, such as iris, or thumbprint. The key being that you don't have to remember anything, you just have to show up. (Of course this brings up all sorts of privacy/security issues about copying that data. I've met people with about $100 in the bank who are afraid of being killed and having someone cut off their thumb. Seriously.)
    • Corporate paranoia. I've seen places where they take out the normal username/password, and put in clientside certificates, and then put BACK a webserver ACL protection. They're paranoid about turning off the passwords. Then they ask, what did we gain from certificates? Well, nothing. Solution: More knowledge usually lessens paranoia. A few companies out in front demonstrating that it can be done, a few Forrester reports or something saying that certificates are ok, and here look, company X is using them without a problem, will start getting the pointy haired bosses interested.
    • Non portable. Although a variety of standards exist for transporting your certificates, see earlier point about the whole process being too confusing for the average surfer. Solution: Smart cards. Put the digital certificate, along with a copy of your thumbprint, on the card. Stick the card in, put your thumb on the scanner, it's you.
    Those are a few of the main problems with certs, in my experience. Of course, each of those has it's own issues and could be an entire thread. But I'm at work doing non certificate related things, so I can't really discuss it all day. :)
  • of course he doesn't mean that.
    he means have a government body sign keys. (go research PGP if you aren't familar with signing keys, its in a nutshell putting your key's reputation on the line verifying that the other key belongs to who they claim to be.)

    That makes more sense..

  • You're right - it's not really what I meant, although I expect it's what some governments would be only too keen to implement.

    I meant, have the government keep a list of every individual's public key, and verify this by requiring you to turn up at a registry office with birth certificate, passport or whatever.

    Having the government sign people's public keys, as somebody suggested below, is a good way of doing things. Of course, you can get them signed by companies as well if you don't trust the government. But I would expect that any company operating within the law is no more trustworthy than the government it operates under.
  • Personally, I haven't bought a stamp in approx. 3 years. I don't even remember how to send snail mail. Everyone I care about communicating with has an e-mail address. (and if I really wanted to get wierd, my pager can send "e-mail" to a phone number through a text-to-speech engine...) the thing is, I don't use encryption and digital sigs all that much, and it doesn't matter too much to me. Yes, I trust them much more than an ink signature. But that doesn't mean that I trust it all that much. Digital sigs I don't need at all, because I generally don't care who an e-mail came from. If it came from my dad, I can generally tell whether it's signed or not. The actual applications that I use these tools for are few and far between. I would prefer it if everyone used encryption, but things are getting better. There's a reasonable level of interworking between the mailers that I and my friends use (outlook, netscape, pgp-elm and eudora) I've had very few problems.

    I guess my general answer is that it's happening already, and encryption is not an obstacle. Encryption is more secure than any snail mail you can send, and easier than your average certified mail.
  • Seeing first hand the many problems less computer savy people have with email (from friends to co-workers) there is a much simpler reason than encryption/verification of sender... too damn easy to lose. I see people delete mails all the time, forget the can undo and lose it for good. I see people delete entire mail folders on accident... imap stores crash... pst files get corrupted. Paper for all its faults is a pretty easy medium to hold onto and not lose.

    ---
    Openstep/NeXTSTEP/Solaris/FreeBSD/Linux/ultrix/OSF /...
  • I have a stack of birthday and Christmas cards from since I was a baby. Not nostaligic or anything, but most of these cards are all that are left of friends who have moved away (or in one case, died), my great-grandmother - gone as well. What a smile it brings to my face each time I see her old, creaky handwriting :-)


    I have several collections of letters written by many authors. One of them is (natch) Hunter Thompson. He was carbon-copying his letters from the time he was a teen. What a fascinating read! Now how many people keep their email like that?


    Taking the time to go thru letters and cards is fun and reminds us that we're human, rather than hi-lighting and hitting delete delete delete


    OTOH, I'd take spam over regular junk mail any day. I'm sick of those crappy two-bit pizza places that have to advertise in green in pink!

  • One of the major things traditional mail has going for it that email doesn't is the fact that, for the most part, signing a letter (marking it as authentic) is easier to do, or, at least, the technology to do so is much more common, and is much more widely understood.

    I'm out several hundred dollars because someone cashed my IRS refund check three months after I reported it missing. In the three or so years following the initial loss, the only response from the IRS to them having me fill out the same form over and over again ("no, I did not benefit from the cashing of this check." etc) was them sending me a photocopy of the cashed check.

    On the back of the photocopied check was my name, signed in a hand that in no way resembled mine.

    I'm hard pressed to imagine that written signatures mean a d*mn thing. The bank that cashed this check certainly didn't perform authentication of my identity. So I while the "technology to do so is much more common", it certainly is not "much more widely understood".

  • >Just let the other person know your account number, and they will do >the transaction, and your own account in minutes via the web >interface.

    Idoit. What if I don't want *WANT* to let the other person know my account number? Forget paying bills by email or any other of the crap people like you seem to be fond of, it's stupid and you have no real control over it. I'ld rather buy a money order from the post office for the exact amount *I* want to *PAY* on a bill rather than go through that "electronic banking" bullshit that's basically a consumer rip-off.
  • is not the end all be all of communication. In order for e-mail to completely replace good old snail mail it would have to be something everyone had access to. But that is not something that everyone has, the internet is basically a toy for those able to afford it. How many households with a low income do you suppose have a computer and if they do do they have an e-mail address? Some things are more important than the internet-clothes, food, a warm place to sleep-that some people don't realize because they're able to take technology for granted. If I have a mailbox, I can get mail. Mailboxes come free with your house and paper is damn cheap. Computers can write email but are expensive (when you're living paycheck to paycheck even a 300$ computer is expensive) oops to send that email you've written you need an ISP which will cost you some more money. Oh lets also pay bills over the computer...oh wait, I need a credit card to do that. Until a viable virtual check is available that idea doesnt work, not everyone has a credit card either. The closest thing I have to a credit card is a debit card I got free with my checking account, but I won't probably ever get a regular credit card. It's fine if some parts of the snail mail is taken up by confusers, I like the idea of buying postage by the stamp and printing it with my printer which means it's read much faster by the machines at the processing center. When you give everyone access to e-mail you can suggest replacing snail mail.
  • There are several companies looking to "Bank" on the bulk of the postal mail delivered today. I cannot quote the exact number, but it is very believeable that over 70% of the Postal Mail in the United States is the sending or a payment of a bill.

    As Online banking takes it's hold (as it has already begun doing) Intuit [intuit.com] is responding with software like Quicken, Quickbooks, and Turbo Tax. (Along with a small Redmond Ba$ed Company [microsoft.com]). And it has become a goal of these companies to absorb the bulk of this large portion of postal mail usage. (And with the resources that that are inplace, online checking is on the verge of dawning on the electronic finance field.)

    My timetable for a purely electronic mail system is quite short (at least for my position) - since bills are the only thing that I use postage stamps for.

    *Carlos: Exit Stage Right*

    "Geeks, Where would you be without them?"

  • > What if I don't want *WANT* to let the other person know my account number?

    Why not? It's like saying "why would I want to give out my email address to people? I don't want them to know my address." You can do it, but it will inconvenience you. And it's not like they can do anything with the number except send money to it, AFAIK. Maybe your account is different though.

    > Forget paying bills by email or any other of the crap people like you seem to be fond of, it's
    > stupid and you have no real control over it.

    I've never paid bills by email, and I don't think there's any technique like that available for me. As for the rest, I can view my account information, current balance, and complete whatever transactions I wish. It's exactly the same things you can do otherwise too, only the "interface" is different. I don't see how I don't have real control. I actually feel I have more control over my account since I can check it much more easily than I normally could.

    > I'ld rather buy a money order from the post office for the exact amount *I* want to *PAY* on
    > a bill rather than go through that "electronic banking" bullshit that's basically a consumer
    > rip-off.

    Well, for me, when I pay a bill via the web form I enter the recipient (account number & name), the sum, the date and the code number (not sure how to translate that term) for the bill, if any. I have complete control over the sum and time of payment, I can choose any amount I want too.

    As for rip-off, I think that banks shouldn't charge for this kind of service but they do, so that part is true. Mind you, they charge for every other kind of service so it's no more a rip-off than the other "services" they provide. It's also true that this form of customer service reduces the costs for the bank, but I don't care about that since I feel it also provides me with better and more convenient method to take care of my account and transactions.
  • and people should have confidence in snail mail? how do you know where it came from?
  • This touches on two talks I had the pleasure of hearing at yesterday's USENIX Security Symposium. The first dealt with the usability of PGP 5 for the Macintosh. The results of the study clearly showed that for crypto to be used by the masses, it must be able to pass the so-called "parent test." The second talk was on US Crypto policy. AFAIK, only California has a law that recognizes digital signatures. This must change. Even if the US continues its idiotic crypto policy they must recognize unforgable digital signatures if they want electronic commerce to take off. Regarding US Crypto policy: Much of it is built on exaggerations, lies, and misinformation. Regardless of its basis, it must change to allow all people to feel as secure sending email as they are sending a letter if email is to be an important mode of everyday communication for everyone the world over.
    Andrew G. Feinberg
  • First of all, a major problem with email (just as with snail-mail) is that it is unreliable. You send an email out and in the general case you have no clue whether it reached its destination or some host on the way folded, spindled and mutilated it, and then discarded it.

    The same could be said of snail mail, no?


    -witz

  • Under what circumstances do you see digital cirtificates, PKI, and encryption in general becoming part of normal email usage, to the point where people have as much confidence in the authenticity of email as they do in regular mail?

    One thing I've learn is that it won't happen until most people already have the tools to make it easy. I use a mailer that integrates with PGP (SeriousVoodoo); you just check off if you want the mail signed and/or encrypted. But when I send PGP'ed mail to a friend, if they have to tell elm to save it to a file, and then they manually run PGP on it, it is too much of a pain in the ass. So they tell me, (paraphrasing) "Quit encrypting your emails unless it's something important." (*groan* I don't want to just encrypt the "important" stuff! I wanna overwhelm the snoopers. Let 'em spend a few years decrypting my "Let's go to the movies on Saturday" message.)

    The tools have to get out there first, before people will start using it a lot. Old mailers need to be updated or replaced.


    ---
    Have a Sloppy day!
  • Comment removed based on user account deletion
  • Being a young person, I've moved (and foresee moving) often (college, work, etc) and it is difficult to maintain an email address. (It's difficult to switch 40 friends and relatives every few months.) So I just toughed it out and suffered through Hotmail. (It was fine before they were bought by you-know-who.)

    Outlook Express integration of Hotmail is one of the major things keeping me with Win95 and IE5 (don't laugh, it's useful!) Now that feature hasn't worked for several days. I guess that's what "limited Beta" means. Another straw on the camel's back. Time to shop for a hardwareModem... and a distro again...hehe

    I'll still use postal mail for small packages, special letters, and bills that i dont trust to electronica.

    ** Oh, anyone else think the "Submit" button oughta be removed so previewing is mandatory and we won't have the "oops, blank/incomplete post" phenomenon? *cough* ;-)

  • Hmm... (Score:2)

    by Kaa ( 21510 )
    First of all, a major problem with email (just as with snail-mail) is that it is unreliable. You send an email out and in the general case you have no clue whether it reached its destination or some host on the way folded, spindled and mutilated it, and then discarded it. Some MUAs offer delivery receipts, but generally they require that you run the same mail client on both ends. We really need an RFC (maybe there is one?) for mail delivery receipts and have it implemented in all MUAs.

    As regards to authentication and encryption, this is a bigger issue. The general answer, I would say, would be: the general population will use authentication and encryption when it will be build into all mail tools, switched on by default, and work transparently. I am rather pessimistic about more than 1% of computer users doing something proactive to use encrypted email. And from personal experience I know that trying to communicate by encrypted email with people who don't understand either encryption or the need for it is a pain in the ass.

    Authentication (i.e. digital signatures) is a complicated topic with the key problem of correlating a digital signature with a real-world or an online identity. There are two major approaches -- one uses centralized certificate authorities that vouch for the key-identity correspondence, and another (PGP) uses what it calls a web of trust. Both have significant problems and are not in widespread use.

    I guess my answer is 'don't hold your breath'. Security is complicated by nature and people are generally unwilling to spend the time and effort to work it out and set it up. Another answer, which the /. community will like even less is that authentication and encryption will become widespread when they will become default settings in Microsoft Outlook [ducks, quickly pulling on his asbestos long johns...]


    Kaa
  • I don't think that there is going to be true acceptance of email as a replacement for snail mail. The reason is not the lack of security, or the conflicting standards, or whatever, the problem is that if it has to do with a computer, some people are going to be wary of it.

    Another problem is the lack of personality of a regular email, the lack of humanity. There is only so much personalization that you can do with an email. You have the regular emoticons, and strange fonts; but they just aren't the same as big loopy handwriting, with smily faces dotting the "i's".

    Until there is some way to do something like this, I believe that the USPS will still be in business for a good deal longer. What really needs to be done, is to have some "datapad" type deal, that allows you to access your email easily, let's you write in your own handwriting (maybe translating it if it is atrocious like mine). Think of a Palm VII with a nasty crack habit.

    Well, umm, I am just tossing ideas out, so this is the end :)

    --This was not spellczeched. So leve me bee...
  • I think the technique is already there. In order to use them, there will have to be standardization and new laws. The laws should provide legal status to emails. Right now it is hard to claim things if it is not written down on paper. Digitally signed documents need to be treated in the same manner so we can use them to replace paper contracts and letters.

    One major obstacle has been the US position on encryption keys for the past few years. As long as that has not been resolved, it will be hard to get useful standards.

    So yes I think email will replace snailmail in the long term. There is no technical issues here and I think laws and standards will show up eventually.

    Since I'm not a legal expert nor an encryptionb expert perhaps somebody else can point out if there are any major flaws in my reasoning.
  • see title. As a sidenote, the monitor just doesn't look as good as a real postcard even if you ues flash.

    CY
  • I know that most Slashdot readers think the government should stay out of the Internet, but I think there is one useful thing that governments could do - which would also make email more widespread:

    Issue every citizen with a PGP public key pair. The problem with current PGP keys is that you have no way of knowing that the 'real' person got the keys in the first place. Your lovingly encrypted / signed communications may be going to an interloper. What's needed is an agency that will require physical authentication, as well as a passport and maybe other ID, before issuing a key, and then provide an easy way to look up the public key of each individual.

    I know that there's not a snowball's chance in hell of this happening in countries like France, the US or Britain, but governments of more enlightened countries, who don't want the NSA tapping their citizens' messages, might go in for such a plan.

    And before you all complain, I know that you can't trust the government in matters like these. However, I think this would provide a little more security than just looking at a public key server. You could of course do both.
  • There are two ways we can look at this.

    On one level, mail as a way of passing information from a to b. Here e-mail could well win, ultimately, in terms of security, speed, and convenience. It works! You can send and receive text and graphics.

    But on another level, you cannot hold an e-mail in your hand. You can't have somebody elses creation, as they had it, on your mantelpiece.
    Sure, you can print it out. But you can't lift that printout up to your nose to smell your girlfriend's perfume. You can't receive an e-mail you can run your hands over because somebody has chosen special paper for you. You can't receive an e-mail that's been handpainted. Perhaps you can digitize it. But then its just not the same object.

    While we're receiving information, the value of snail mail will become less, with electronic mail becoming more commonplace. While we're receiving emotion, the value of snail mail will grow, as simply something more special.

    Comments? Anybody disagree?

  • This is exactly what i was going to say. Its pretty common to get mail through the door that you are unable to trace and not only that even snail mail can be made to look like it has come from someone other than the actual sender.
  • Hasn't this topic already been covered in Ask Slashdot?

    http://slashdot.org/askslashdot/99/07/22/0139252 .shtml

    Granted it's not the identical question, but pretty much the same concept....
  • Comment removed based on user account deletion
  • ...if ever, before email replaces snail mail. Reasons? Okay, here ya go:

    1. It can't happen until pretty much everyone has email. EVERYONE. Worldwide. What percentage of people in Africe today have email? Hell, what percentage of people in the US have email today?

    2. There are still a lot of things you can't do through email. You can't send birthday cards to your friends. Your SO can't send you a letter with lipstick marks in the shape of a mouth puckered up for a kiss on the flap of the envelope (or you can't do so, if you're the one in the relationship inclided to do so). You can't send checks. (You can send credit card info. But, dammit, I want a check. None of this credit-card-direct-deposit-get-all-your-cash-from- an-ATM BS. (Okay, I do get all my cash from an ATM, but I like having the option to talk to an actual teller.))

    3. Lack of a physical address. Just because my email is @something.demon.co.uk doesn't mean I'm actually in the UK. I could be in Germany. Or Canada. Or New Zealand. Or Antartica (I'll grant that it's unlikely, but...). Companies, for some reason, frequently want to know where you are. Some will only ship to the billing address on your credit card. Those companies might not like the idea of sending something to an @{ISP name}.nz address if the billing address is Boston, Mass.

    So: email will not snail mail because of it's not universal, it's can't carry all the things that snail mail can, and, in some cases, disparities between physical and email addresses.

    Just my 1/50 of a dollar.

    -Ender
  • I agree. I don't buy packs of stamps because I usually only need 1 about every 6 months or so. I only snail mail checks and small objects that are urgent. I don't recommend the computer illiterate totally ditching snail mail, but for the techie I guess I subconciously am anyway.

  • CNBC is going to have some information on this topic this evening, i wonder where they got the initial idea..? ~Roach~
  • Techno babble forsooth! Enough. This is not really an issue of supporting technology or of the general public's trust of that technology. The rules of trust are the same, no matter the media. I use email extensively for business. I trust emails that are: 1). from a known source. 2). within the context of our current ongoing discussions, etc. 3). reasonably accurate in it's presentation of facts. These same criteria apply to snail-mail, fax, email, voice messages, all of it. But I don't use those methods, in that manner, to document a contract for work. Our concepts of developing trust around a contract trace back to ancient customs. Way back when, before cell phones even, 3 copies of a contract were written. These were certified to be identical, witnessed, and one copy was sealed inside a jar. The sealed copy could be brought out (by breaking the jar) in the event that there was a dispute. (Like, say, someone had altered the contract.) Do these things sound familiar? Sure. We do similar things every day. Keep in mind, many people in our world can't read. They depend upon the reliability of witnesses to establish trust. How do we make email useful for contracts? Easy. provide a means to: 1). duplicate the contracts. 2). "seal up" one copy in a secure location. (can we say encryption?) 3). provide a permanent, meaningful way to reference each copy to the sealed copy. (i.e. no email contract could be valid without a reference signature that would uniquely identify the contract and all copies.) Then people will trust the email, and they won't care what media it was written on. IMHO.

  • Well, for me, anyhow. It can't replace either one entirely.

    Since my parents and most of my friends from college now have an e-mail address, I send e-mail when I need to get something responded to reasonably quickly but not THIS SECOND.

    There are certain situations that I don't think call for e-mail or for telephone calls -- good old-fashioned snail mail is the only polite option. Wedding invitations and sympathy cards come immediately to mind.

    Likewise, if there is an emergency and next of kin need to be notified, you better believe I'm using the telephone, at least as a first attempt. If that proves ineffective, THEN I might send an e-mail saying "please call" or something similar.

    E-mail is the best option if you need to send out the same news to a lot of people that live in a wide geographic area. Individual phone calls are time-consuming and expensive, and for some reason form snail mail is much more irritating than multiple "TO" e-mail. That could just be a personal quirk, though.

    For average, ordinary, mundane communication with friends and family, I tend to use e-mail because it's convenient and cheap and I don't have to remember where I put my stamps. :) However, any one of the three is an acceptable option.

    And don't forget, the computer was supposed to bring us the "paperless office." Yeah right, like THAT will ever happen. :P
  • there are other free email options :) I'm pretty fond of freeshell.org...also, there are quite a few companies offering $5/month email/web accounts (no dial up, but it's easier to swap dialup stuff than email and web address, in my experience)..he.net is one, and they run linux and are generally quite clued (my email/web stuff has been with them since the end of last year, and I got to meet them earlier this year while doing some consulting work for a customer of mine who had a colo there...) hotmail is evile :)
  • I never used the USPS for anything other than bills and such. The ease of email has allowed me to send little notes to people that I would never have used the USPS for. I have not sent any less mail through the USPS than normall although I sent about 20 emails a day.

    If there is one company that is losing out on my email, its the phone company, not the USPS.

    USPS will always be around...I have yet to be invited to a wedding through email.

  • I think letters and basic paperwork will change over to electronic form w/in the next couple years and expect to see it intergrated into the IM infrastructure as new more powerful standards become popular. I think IM's will begin to come w/ encryption/signing built-in and most likely will only require the user click an 'Update and Secure' button to download the crypto plugin from a server off in X country. IM's do to electronic messages what the WWW did to Gopher, essentially simplifying the process and interface to give more powerful features and still make them accessible to the average person.

    On the other hand.. I think package delivery will increase. If the U.S. Gov't really wants to start making profits they should stop worrying about taxing email or increasing the cost of stamps and instead lower the rate to ship packages, make packages better insured to reach their destination quickly, and make a free interface that e-stores can use to figure up shipping costs, schedule package deliveries, etc. Not only could this keep the Postal Service in business it could also help pay for the Internet infrastructure w/out adding any new taxes.
  • I believe the great problem we will have to deal is that by analogy with the real world, individual certificates and keys are a right in the digital age. The same way you don't have to "buy" your signature, you shouldn't need to pay for a certifying agency to have your digital identity. I'm not quite sure how this problem should be approached. Perhaps the government should issue certificates to it's people, but of course this is hard to the government and big bussiness for companies. Otherwise, privacy will be exclusive of the "have"s while the "have not"s will have no access to crypto and digital security in general.
  • It already has for me, just ask anyone who does not send me a self addressed, return postage paid, request for anything via snail-mail they get nothing in return. Ask anyone who expects a reply to an e-mail, they always get someting back, even if it's a "duhhhh, I don't know".
  • I don't think so, at least not for a long time. This is because in order for it to be effective you'd have to have pretty much everybody who uses mail switched over, and there are billions of people in the world who have not ever used a telephone, let alone a computer. But, those billions still get paper mail.

    This questioner sounds very U.S.-centric. You've got to think in a wider view.


    ...phil
  • Disclaimer: This answer is not definitive, and I know that the innocent word 'trust' has been turned into a buzzword, or at least it's close to it now ... but FWIW;)

    In discussing the concept of "trust" / "authenticity," etc. context changes everything, and when people talk about trusting email vs. trusting snail mail, I think there's sometimes the impression that people ever (or often, say) rely on either of these methods in complete isolation.

    In my job, I sometimes request and receive publication permissions for logos and quotes via email; it's usually the most reliable way to reach people in my industry (I work in advertising for personal computers that rhyme with "Smell").

    Now, since the email originates with me for the most part, and there is usually some level of phone contact, the occasional fax, etc, I have no real problem with presenting the resulting replies as permission to our client, though usually we also get paper copies in the mail as well.

    If someone with the email address "EdMcMahon@whitehouse.gov" wrote email to say that I'd won a million dollars and simply needed to mail him $10 to cover the shipping on the winnings, I would be ... suspicious. If my mom wrote to say that my sister will be home for a certain week next month, I would probably not be.

    Point is, spoofing someone into thinking that *any* communication (phone, fax, email, snail mail, smoke signals, whatever) is legitimate when it is not requires that it be innocuous seeming and have enough clues indicating authenticity that they would never question its legitimacy. It's not just putting on a Halloween mask and saying "I'm Papa Smurf!" -- you actually have to at least make the other person think that you are only 3 apples tall, blue, etc.

    And another thing to point out is that people seem to have a lower threshold of trust for paper mail (because everyone knows you can't trust that dang in-ter-net), so perhaps it's easier to actually fool someone with it. In fact, that's my opinion, at least in business contexts.

    Just thoughts,

    timothy


  • I think California recently passed a law which treats digital signatures as legally binding. I'm not sure if this only applies to written digital signature (ie, when you sign on the UPS pad) but even if it does, it might provide a precident for using other forms of digital "signatures."
  • E-mail has its set of advantages over US Snail, consider the time it takes to e-mail someone on the other side of the continent, or across the world compared to the time it takes to send a hardcopy letter. As far as bills are concerned, I prefer mail, yes, you can have bills paid via electronic draft of a bank account: not a bad thing, fairly reliable. Now what about official legally bound documents? Two points that I whole heartedly agree with from previous posts are such that Digital Sigs and Encryption do need to be widely spread and accepted as everyday options before the postal service can be challenged, not only that, but who is to be the 'trust' for holding on to the table of data linking RealPeople(TM) to their digital signatures? The various governments need to rethink their policies on encryption, and we the users need to rethink it all as well: an envelope does not stop someone with prying eyes from viewing your mail. and someone determined enough to view your email most likely will--if it's the government or some nut who wants to know what your Visa balance is, it does not matter. Right now the technology is available, but the laws are not right for it. Besides, how am I to receive the care package from Mom and Dad...printing out that box of stuff just doesn't work, but then they could use UPS I suppose or FedEx ;) and yes, a physical card from Hallmark is so much more personal than the e-mail of birthday congratulations you could get...
  • A few months back, a letter to Crypto-Gram [counterpane.com] pointed out that people use security measures that they believe in. People trust ink-on-paper signatures, even though security experts know how easy it is to forge a signed paper document; therefore, the authorization mechanisms that actually exist in our society rely heavily on such signatures.

    Some day, I hope, every junior-high-school student will learn the basic cryptographic concepts behind PGP and its kin. Then, most people will know enough about cryptography to evaluate products that use published cryptographic protocols and shun products that don't. (I can dream, can't I?) Until then, most people will continue to trust ink on paper more than anything else, and the field of commercial cryptography will be littered with buggy software, snake oil, and Trojan horses.

  • (just as with snail-mail) is that it is unreliable. You send an email out and in the general case you have no clue whether it reached its destination or some host on the way folded, spindled and mutilated it, and then discarded it.

    The same could be said of snail mail, no?

    Thats what the man said!. No offense but,
    *slaps you with a large trout*
  • Absolutely. And I hate the "only encrypt important items" mentality -- hasn't anyone ever heard of traffic analysis? A lot of information can be gained simply by observing who's talking to whom, when, and by what means...

  • Much to my surprise, I actually like this idea. I would much rather give my public key than my SSN to get a Linux Fund credit card [linuxfund.org], or anything else for that matter. (Do you know how hard it is to convince companies that they do not need, and have no right to your SSN?)

  • Shipping packages will only increase. (Score:3)

    by grappler ( 14976 ) on Friday August 27, 1999 @09:59AM (#1722442) Homepage
    While snail mail will obviouly never go away completely, I think package shipping has pretty much got it made.

    Snail mail is typically a delivery of INFORMATION, which can now be better done in other ways. With packages, you are sending a THING, and until some star-trekkish system goes into widespread use, more and more packages will be shipped through FedEx, UPS, etc.

    I used to almost never have things shipped to me - I'd go buy them. But since I can now easily do price comparison shopping and find good deals online, I have ordered things shipped to me every week or so.

    So THAT service is definately on the increase.
  • Instead of nitpicking over the details of the current email system, look at the fundamental way computers can move - and authenticate - information.

    You can be sure email was delivered and unread if you encrypt it, digitally sign it, and send it, and then get back an encrypted, digitally signed confirmation from the reciever that they got it.

    This level of security and authentication could never be claimed by snail mail.
  • The people you describe as having never used a phone (underclasses of india, china, etc) most certainly do not receive physical mail regularly.

    Perhaps not, but I didn't say anything about 'regular'. The paper mail mechanism is there, for them to use if they have the need. If you convert to all e-mail then you have to give them at least the same access to computers, reliable networks, and reliable electricty. Good luck.

    Most of these probably don't have birth certificates or pay income taxes either.

    Yet another U.S.-centric view. Is having a birth certificate a world-wide requirement?


    ...phil
  • I've been working with signatures and PKI at my company for more than two years now, and I've seen a lot of the things that kill it. There are three main reasons that the average joe doesn't want to have anything to do with it:

    (1) The average user doesn't know what signatures or certificates are, or what they do (i.e. they're too obscure), so why do they care?

    (2) Too complex and too much of a hassle (why pay Verisign or someone else for something that you'll probably never be able to use anyway). Most security UIs are overly complex, and no average user will want to deal with it. It is also difficult to manage certs. What if Alice wants to send an encrypted email to Bob, but she doesn't have Bob's cert? Without a lot of common LDAP servers and other such things getting people's certs will be a hassle, and so nobody but us geeks will bother.

    (3) For those people who care enough to figure out the complexity, and deal with the hassles, there is still an issue of trust. How do I know that IE5's implementation of S/MIME is secure? They could be storing things on my system insecurely, or perhaps Netscape (even though it is open source, the security areas of the code are not) has a bad security implementation. Granted that I trust that once things hit the network, that they are secure because I trust the S/MIME and the involved algorithms, but on my own system I'm not so sure. If I was to be really paranoid about security, I would still use PGP (or my own custon S/MIME implementation) so that I knew that what was going on was secure. For the average user who can't (or won't) use PGP or their own software, trust is a major issue, and perhaps a roadblock.

    So all of that being said, what can be done to fix it? There are three things (again, three, hmmmm...) that I think could move things a very long way.

    (1) This is the biggest. Since good certificate systems usually tie a certificate to an email address, and you get your email address from your ISP, I think that if when you got your ISP account a certificate/keypair were created automatically (without much in the way of user interference), then things would be much easier. Like with all certificate authorities today, the keypair and cert request would be generated on your machine, and then sent to your ISP. They in turn would create your certificate, and send it back. Just as secure as todays systems, but the advantage is that it would happen automatically when you first set up the ISP connection (maybe custom software from the ISP?). Imagine if ISPs acted as certificate authorities (or proxies for CAs) (listen up AOL). If that happened, most people with home internet accounts would have certificates. This is the most crucial thing: making sure that everybody has a certificate/keypair, and that there is no hassle for the user in getting this. If this service were part of the cost of the ISP connection, it would be no big deal. (Verisign charges something like $10 for their basic level 1 cert, and that works out to less then a dollar/month, so it wouldn't be too expensive for ISPs I wouldn't think, especially if they only acted as secondary CAs and didn't have to handle the physical security of a root cert)

    (2)Biometric security devices standard as part of new computers. This isn't totally necessary, but it has the potential to make things a lot more secure in general. If I remember right, Compaq started shipping a thumbprint scanner with one of their lines sometime last year. If this became common (or if smartcards to store keypairs became common), security would mean a lot more.

    (3) If a big name like the USPS, or Verisign got involved with being a central repository of certificates (using LDAP or whatever) and application developers made lookups to this database invisible to the user, it wouldn't matter if you already had a cert or not. Your application could simply fetch it from the repository if you didn't already have it. On a similar note, if a body was formed to certify products as secure, that would also help. If I knew that some trusted thrid party had verified the security of Netscape's, or Microsoft's, mail programs, I would feel a lot better about using them. I suspect other users would feel the same.

    In the end, the answer is: security will be used when all the average John (or Jane) Doe has to do is click the Signing or Encryption button on their outgoing mail, and the rest is taken care of for them. If security is supremely easy to use, then everybody will use it (there will be no reason not to).
  • people once declared the death of books when TV came along, but there are more books sold now than at any other point in history. people once declared that pocket calculators were dead when personal computers became available. yet computers have not displaced the pocket calculator. there are more calculators in use now than when they were invented. i am pretty well living a paperless existence. i use email for business, and for rapid correspondence with friends and family. yet, when i want to send someone a letter that is important to me, i will type it out on my computer, and then transcribe it onto paper BY HAND. why? simply because it is more special when you know someone has taken the trouble to write you something by hand. for work, this personal touch is not called for. but for my friends, its a way of saying that i care enough to give them an original piece of handwritten correspondence. its says that i took time and sweated over what i wrote them without the option of a backspace key. a handwritten is simply more trouble to produce. and sometimes this very trouble is worth the aggravation, because the medium itself tells something about the message. the more prevalant rapid-efficient electronic communication becomes, the more special it will be to recieve a handwritten message from someone personally. that is why old mail will never die.
  • Comment removed based on user account deletion
  • letters are much more personal, especially hand-written ones. i get flooded with near a hundred email messages a day, mostly from mailing lists, but many from friends or project partners or whomever. so when i get a nice hand-written letter--with either illegible chicken-scratch (like my handwriting) or nice big, smooth, loopy, pretty cursive (which only girls seem to have a natural talent for)--it really makes my day. i like to think others feel that way too. and to that end, i try to write a nice, thoughtful letter everyonce and awhile to friends that i don't see that often. sure, e-mail would work just fine, and be quite a bit quicker, but it just isn't as personal.

    in short, i agree completely. regular postal mail is definately more special. and that is why e-mail will never completely replace it.

  • not everyone has a computer, you know (Score:1)

    by Anonymous Coward
    The discussion about email security and authentication is interesting, but I don't see the need to extrapolate the consequences to THE END
    OF SNAIL MAIL. Snail mail has distinct advantages, like the fact that all you need is a pen, paper, and a stamp. Until we live in a Star-Trek world where money is abolished, not everyone is going to
    have instant access to a computer all the time.

    Besides, why should you need something as complicated as a computer to write something as simple as a letter? I love email, but the option
    of just writing should always be there. Technology is supposed to help us, but there's no advantage to becoming completely dependent on it (even though modern society IS dependent on it - I'm just saying that dependence is a by-product, not a goal).

    Finally, I don't personally consider email to be very permanent. I've lost lots of mail when I've changed schools, just because I left it on some account somewhere. I only bothered to translate about half my mail from one email program to the other when I made my last big switch. It's not always trivial to read documents that were written several years ago, purely because programs change their file formats all the time, and not every translator is 100% effective. I'll never have to worry that my eyes won't be compatible with the letters on a printed page (unless I go blind, but that's a different story).

    In short, I don't think printed mail will ever be obsolete.
  • What's needed is an agency that will require physical authentication, as well as a passport and maybe other ID, before issuing a key, and then provide an easy way to look up the public key of each individual.

    Why does it have to be a government agency? Would you trust a pair of keys given to you by the government?

    A private agency would have a reputation to worry about. Better yet, why not have a couple of private agencies who would provide this service for a fee? A couple of private agencies would not only give us a choice, but give each agency an incentive to be very careful about authentication, and making sure that when you walk out with your keys no one else has a record of them.

    And before you all complain, I know that you can't trust the government in matters like these.

    So let's not. Let's let the private sector do it. They can do it better, faster, more reliably, and cheaper than any government agency could.

    Sounds like a good dotcom business. Is there a venture capitalist in the house? I only need twenty or thirty million.

  • What about those lovely care packages from mommy and daddy. what about all that lovely hardware we order from the net...so until we get those cool printers like on the commercial that can print out physical items...snail mail will stay. I did read about something in wired that said that e-mail comprises about 50% in like 94 where in 84 snail mail was that much plus some.

    JediLuke

  • Hmmm (Score:1)

    by Kalil ( 67667 )
    I think it will probably take a long time before snail mail is replaced. Besides the authenticity issues, there is also issues of regulation. If we start making email authentic, it would start being regulated by someone like the USPS. So what happens then? If someone was stuffing a 100 envelopes in your mail box, or reading your snail mail, it would probably be a Felony. It sure would give more of a reason to charge people who messed with your email or authenticated online materials. :)

Slashdot Top Deals

If you think the system is working, ask someone who's waiting for a prompt.

Close