Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

Encryption Faces New Hurdles

APZimmerman was threatened with criminal charges when PGP was leaked abroad.
NEW YORK -- Phil Zimmermann knows a thing or two about adversity.

His invention for encrypting e-mail, Pretty Good Privacy, was so good that the U.S. government considered it munitions subject to tough export controls. Prosecutors threatened him with criminal charges when others leaked it overseas.

The government ultimately backed off. But now, the company that makes the most popular version of PGP is the one pulling the plug. It's yet another setback, but Zimmermann isn't rattled.

"PGP has been around for 10 years and has endured incredible obstacles and hardships," Zimmermann said. "Powerful forces have been arrayed to stop PGP, and yet those obstacles were overcome."

PGP's future now lies with a handful of voluntary and entrepreneurial efforts that follow Zimmermann's designs. None carry the PGP name, though, as Network Associates Inc. retains trademark rights.

"People are very concerned about this development and would like to do something about it," Zimmermann said. "A way will be found."

Network Associates, which bought PGP from Zimmermann's PGP Inc. in 1997, sought a buyer last year for its e-mail and file encryption products. The company said it didn't get an attractive offer, so it dropped the products earlier this year.

Though some longtime PGP users insist Network Associates could have marketed the product better, others say the demand simply wasn't there.

"People aren't spending for encrypted e-mail," said Austin Hill, chief strategy officer at Zero-Knowledge Systems Inc. Hill ought to know, his company also dropped plans for PGP.

Encryption is difficult for average users to grasp, products aren't all that easy to use and the threats of not protecting e-mail from prying eyes aren't all that easy to explain, Hill said.

Internet users won't worry about using regular e-mail for credit card numbers, medical discussions and other sensitive information until they are directly harmed or see a well-publicized breach, security experts say. Only then would they understand or care that using unencrypted e-mail is as private as sending a postcard.

Network Associates will fix programming bugs for a year and honor existing service contracts, but it will no longer sell PGP or renew contracts. Though a free version remains available elsewhere, the company won't update it or make it compatible with newer operating systems, like Windows XP.

Having Network Associates aside will encourage others -- particularly volunteers -- to increase development efforts, said Yair Frankel, a cryptography consultant in Westfield, New Jersey.

"Many people believe that PGP from [Network Associates] was the only thing that existed," said Fabian Rodriguez, associate director of business development at Toxik Technologies Inc., a PGP vendor. "Now that it's not there, it sets the ground level equal for everybody."

PGP alternatives include the Gnu Privacy Guard, developed by volunteers under a license that permits anyone to freely use, modify and further distribute the product.

Lok Technology Inc. offers web-based e-mail accounts that use PGP, while Authora Inc. makes PGP work with Outlook e-mail software and any web-based e-mail system.

Toxik handles data sent through online forms.