bradley13 writes "Like practically everyone on Slashdot, I often play "free consultant" for friends. The most recent inquiry: local law will soon require small companies that send accounting information electronically, to do so "securely". Many small businesses outsource their accounting; correspondingly, some accounting companies handle the accounts of dozens of small businesses. Lots of sensitive information is sent by email — which ought to be encrypted.
So my friend asked me — from the perspective of one of these accounting companies — how they can exchange encrypted email with their customers. The problem: businesses to small to handle their own accounts are certainly too small to have read IT — some cousin set up a couple of off-the-shelf computers. This means: the solution has to be (a) easy for a non-technical person to set up and (b) has to work with people who use Outlook, or Gmail, or whatever else their company happens to use.
By now, one might think that there would be point-and-click solutions to this sort of problem. But no — you need certificates, implementations are platform specific, set up requires IT expertise. About the best thing available seems to be PGP (but who wants to do business with Symantec? Anyway, when did they buy PGP — that is just sad).
Can easy-to-use, secure, cross-platform email encryption really still be an unsolved problem? What do other Slashdotters use?"