I feel like some kind of PGP authentication system would be very useful for private government to citizen communications. It would require some training on users parts however.
The problem is that governments, banks etc. don't and can't credibly commit to doing the right thing. E.g. banks in my previous company are furious because just when they'd finally managed to convince most people to never open a link from a text message, the government sent out a text message with a link to a COVID-19 information page.
