This is really a rhetorical question. People often ask why security is so hard to understand. Why can’t we just make it easy for people?
Well, here’s a challenge:
Explain the legal system of <insert country of choice>, in 100 words or less,
using language that a high-school-educated and completely uninterested person could understand.
Even if you could do that, would you want someone to defend you in a court case after reading only that one paragraph?
Understanding computer security is hard because, like most systems built by humans, it’s rather complex. You start out with some pretty basic ground rules, but then all these nasty edge cases start to slip in…
Even thinking about “real world” security, things are complex. You learn basic rules when you are a child — don’t take candy from strangers; cross the road at the pedestrian crossing; always tell the truth; etc. — but as you get older you learn that these rules can (and sometimes must) be broken in order for you to function as a normal member of society. You learn to assess risk and make informed decisions appropriate to the situation at hand in the real world, but nobody wants to do it on-line.
Hopefully soon I’ll have something to say about the old “Don’t take candy from strangers” cliché…