February 27, 2001, 2:19 PM — The inventor of Pretty Good Privacy e-mail encryption last week left Network Associates, Inc. -- the company he joined after selling it the rights to PGP in 1997 -- to become chief cryptographer at a company planning to do battle with NAI.
Phil Zimmermann, who fought the U.S. Department of Justice in the early 1990s to help win freer use of e-mail encryption, says he is no longer confident that NAI will develop PGP the way he thinks best.
Rather, he sees the future of PGP at Hush, an Irish firm that later this year plans to release a version of its HushMail product based on the IETF's Open PGP standard.
NAI markets a commercial version of PGP, which comes bundled with antivirus, intrusion-detection and firewall capabilities, but also makes a freeware version available on its Web site. There are uncounted numbers of PGP freeware users around the world, and NAI provides a certificate server for users to store their PGP public keys for free. It now holds more than one million PGP certificates.
He expressed concern that PGP's freeware future may be in doubt, pointing to the fact that NAI last month refused to publish the source code for the latest version, PGP 7.0.3, as it has done for all previous versions. Zimmermann, who had been a consultant at NAI, says PGP 7.0.3 contains no secret back doors -- at least to his knowledge -- but he adds that the open source process would help assure the masses on that score.
Sandra England, president of NAI's PGP Security business, counters that there will never be back doors in PGP. She says the company had not gotten around to posting the source code, though she offered no date when it might. England adds that NAI has no plans to discontinue PGP freeware or its free certificate storage.
"NAI has a different vision for PGP's future," says Zimmermann, who says he will safeguard PGP freeware at Hush.
For its part, the privately held Hush, which also has offices in the U.S., says it offers freeware, but has moved aggressively into the commercial market with a product called HushMail Private Label. The next version, expected around midyear, will be based on Open PGP. Zimmermann says his job will be to oversee HushMail Open PGP, and to ensure it works with NAI's PGP -- with which it also will compete.
