More and more of my accounts are all arriving now with password encrypted PDFs. It’s good that an open standard is being used, but the passwords are really getting complicated as some use my ID number, one uses my bond account number, and some others again use their own unique account numbers. Apart from my ID number, the others I have no easy way of remembering, so it means constantly having to look up what the password is for that particular PDF. This gets worse if you are travelling. Also, it means that when saving the PDF to my computer I want it decrypted for ease of access and searching, so it is another step to print to PDF, for that to happen.
Given that the whole point of this is the protection of private information (in South Africa, the POPI Act) this could have been seamlessly achieved with proper encrypted e-mail being used. That would have been a once-off trust to set up, and after that it just works seamlessly and securely.
But clearly, encrypted e-mail is just way beyond the ordinary business or user… They have been so geared up for using PDF attachments, so now encrypting the PDF was the only easy way to go. I get that encrypted e-mail is a bit of an initial learning curve (unless you use Proton Mail or similar easy to use encrypted e-mail). But think about where all this encrypted PDF stuff is going in the future, and the fact that the rest of the e-mail content is wide open and unencrypted.
Have you ever tried responding to one of the businesses by sending your encrypted PDF form back to them (as it should be)? They don’t then always know how to open it on their side, so you need to e-mail the password to them, which defeats the whole exercise.
The other folly I’ve picked up just today, is I log into a secure portal to download the PDFs that are online in my account, but those are also encrypted with a password! Even my bank has the PDFs unencrypted on the portal, as you’ve just logged in with a password and 2FA to access the PDF statement.
It’s getting messier, and I really do think we should be making the effort in 2024 to move to proper encrypted e-mail. But the reality of it is, that needs every business and every end user to actually be able to use encrypted e-mail. But that would mean also that Microsoft, Google, Apple, the NSA, and other middle-people would not be able to search or read any of those e-mails anymore. That is not in Big Tech or Government’s own interests.
The realist in me says this is just really not going to happen any time soon. We have the technology, but we’ll have to move at the snail’s pace of the lowest common denominator in the chain, in order to get there.