February 23, 2001, 11:03 AM — Philip Zimmermann, inventor of the widely used Pretty Good Privacy (PGP) encryption protocol, yesterday announced that he has left Network Associates Inc. because he and the company no longer agree about the future of PGP.
The world-renowned cryptographer, who in 1996 founded Pretty Good Privacy Inc. based on the PGP freeware encryption algorithm he invented, will take the post of chief cryptographer at Dublin-based Hush Communications Inc.
Santa Clara, Calif.-based Network Associates acquired PGP Inc. in 1997. The company, now called PGP Security, has continued to release open versions of PGP source code but has also built enterprise applications around it.
"In the past three years, NAI has developed a different vision for PGP's future, and it's time for me to move on to other projects more fitting with my own objectives to protect personal privacy," wrote Zimmermann, who has served as senior fellow at the company since 1997. "New senior management [at Network Associates] assumed control of PGP Security in the final months of 2000 and decided to reduce how much PGP source code they would publish."
In an interview with Computerworld, Zimmermann said he thinks Network Associates will publish some source code, but he just doesn't know how much.
Sandra England, president of PGP Security, said nothing has changed. The company is committed to publishing the encryption algorithms and all portions of the source code related to encryption, she said.
"What we are not publishing is source code that has no value in the encryption world," she said, such as the graphical user interface, management features, personal firewall code and intrusion-detection system code related to NAI products. To do that would be the equivalent of "turning over the crown jewels of our product line," said England.
This June marks the 10-year anniversary of the release of PGP to the public. PGP was originally designed to protect privacy and civil liberties. The issue of back doors -- code inserted surreptitiously to allow third parties to read encrypted e-mail -- and corporate control of PGP's future has been the subject of many heated political battles among users, software engineers and vendors.
Zimmermann this week assured PGP users that all versions of the protocol that he has worked on, including the current release, PGP 7.0.3, are free of back doors. "I can offer only my own assurances that this version of PGP was developed on my watch, and has no back doors," he wrote.
England said, "You have my word that there will never be a back door in PGP."