First off, anyone who did any GUI development even in completely-unthreaded 16-bit VB3 should be able to understand the basic concepts. DoEvents anyone? Throw a timer control on a form AND handle GUI interaction? Congratulations, concurrency if only at a minor level. Hell, anyone who's written GUI apps that trigger long database queries without hanging the app has dealt with concurrency.
Second, anyone who's done much with *nix command-line processing uses concurrency even if they don't know it. Piping anything through multiple stages? Each of those processes is running concurrently, either waiting for input or processing input possibly while the preceding stage is still chugging along providing more.
Finally, has he done any multi-threaded apps (or passed on that approach for scaling reasons)? At this stage I'd expect him to know what you're talking about, but there's still a noticeable difference between multiple threads and thinking the same way about web apps.
Basically, the shirts had RSA as implemented in 3 lines of unreadable-even-for-perl code, which at the time was illegal to export in machine-readable format (Thanks, ITAR!). I believe there were multiple variations, including barcode versions for extra-crunchy machine-readability and at least one person who attempted to turn himself into a munition by getting it tattooed on. Later on there was a similar movement around DeCSS (not "munitions" related); I still have at least one of the shirts from that.
Seems to me that this is pretty clearly in the same general category.
Oh, and "damn kids"
I'm not so sure that the cable carriers would be heartbroken to see this happen. Right now I suspect they're mostly having to pay Fox for the "privilege" of carrying the over-the-air content, but a change like this might well mean that the network was paying to be carried instead.
Anyone remember a furor not too long ago about assorted "creepershot" forums on Reddit? Google Glass will make creepershots trivial - at least now it's (generally) obvious if you're following people around photographing them.
Hacker News had a great example of that the other day when someone posted "[things I do in my first 5 minutes on a server]". 300+ posts later and that's a pretty informative discussion.
One of the choices people are saying would've been better is removing the requirement that it be for California businesses only, but by doing that they would have had a huge number of California residents who sold a business anywhere filing amended returns as far back as possible to get the no-longer-limited credits.
That's worse than the old Dilbert where the secretary "neglected" to put anything between the announcements of miserable numbers and an increased United Way push.
To give him an impression of the need to update, there are a few things to point out, and hopefully at least one will get through.
* First, among the most dangerous sites on the web these days are church websites - they're created as a volunteer effort by someone who may not even still be with the church (or who graduated HS and moved on in life). They're unmaintained. If they're infected, it may be a long time before someone even notices. In contrast, the "skeevy" sites like porn have a financial incentive to make sure their sites are safe.
* Second, once upon a time malware was written by spotty-faced geeks competing with each other for reputation. Those days are gone and have been gone for 20 years. These days malware is written by professional virus authors who do it for a living.
* Finally, show him the picture from http://www.deependresearch.org/2012/11/common-exploit-kits-2012-poster.html which shows a bunch of *commercially available* malware kits used to create new viruses and some of the security holes they target.