Osama bin Laden and email

Dan Goodin, The Register:

Osama bin Laden didn't have a phone or internet connection, but for years he was a prolific user of email who frustrated Western efforts to track him by saving messages to a thumb drive and having them sent from a distant internet cafe (...) The process was so tedious that even veteran intelligence officials have marveled at the al-Qaida chief's ability to maintain it for so long (...) Bin Laden would type the messages on a computer that had no connection to the outside world and then instruct a trusted courier to drive to a cafe so they could be emailed. The courier would then save messages addressed to bin Laden to the same drive and bring it back so his boss could read them offline.

in How bin Laden thwarted US electronic surveillance.

When security is important, and when our perception of the actual risk tells us it is high, the controls, however difficult and costly, will ultimately be adopted.

The problem of (in)security today is that the general perception of risk is not aligned with reality. It is obvious that the overwhelming majority of people aren't exposed to the same type of threats that bin Laden was. Yes, obviously. But our online experience, and the information we send, personal and professional information, exposes us to relevant threats if some of that confidential information is compromised.

Should we adopt a similar practice? In 99% of cases, no, of course not. But using encryption to protect our communications, and in some cases not even sending the information over the Internet, yes, I think so. The criteria must be defined by either the individuals or the organizations. But it must exist. The criteria and the practice.