Getting people to use real crypto is easy; but only real crypto systems that, perhaps, trust certain parties who don’t really deserve it…
SSL/TLS, for instance, have mostly been a gigantic success, in terms of making sniffing the wire useless to any casual attacker with a copy of wireshark and a malicious open access point. It’s also dead simple for even users who wouldn’t recognize it by name to use.
Against a sophisticated or state-powered attacker with access to certs generated (by covert infiltration or by legal demand) by a trusted CA, though, SSL is toast.
Email is in a far more primitive state, in terms of level of rollout; but the tradeoffs are pretty similar: If you want crypto so easy that even a noob can do it, your corporate/institutional IT department can probably roll out hierarchical PKI and S/MIME, all handily enforced by policy, in fairly short order. But, of course, that just means that anybody who wants to read your email can get everything they need in one place. Getting everybody to use GnuPG and carefully safeguard their own keys, and the web of trust? Much safer; but Good Luck With That.
