PGP will live on despite NAI, says inventor

Pretty Good Privacy (PGP) will go on, despite a move by Network Associates (NAI) to shelve the encryption product after it failed...

Pretty Good Privacy (PGP) will go on, despite a move by Network Associates (NAI) to shelve the encryption product after it failed to find a buyer, according to PGP inventor Phil Zimmermann.

Although Zimmermann sold PGP to NAI in 1997, the protocols for the encryption code are open to all on the Internet.

"PGP is an institution," Zimmermann said. "It is larger than any single code base from any single company. There are a lot of very concerned people from the PGP user community who want to try to find a solution to fill this niche."

NAI embarked on a plan to trim its product line last October and has been looking for a buyer for its PGP products. However, Jennifer Kevney, vice president of corporate communications at NAI, confirmed that the company had dropped its plans to sell PGP.

"Obviously, we didn't get the offer we thought represented the value [of PGP]," she said.

The products will now be placed into "maintenance mode". This means that although they will not be developed any further, NAI will continue to honour current service contracts until the end of their terms. The company will also release fresh bug fixes as needed for up to a year.

Despite this, Zimmermann said, PGP will continue and will probably re-emerge in time. "A lot of people are worried about PGP, and with enough political will, something will be done," Zimmermann said. "That does not necessarily mean buying the business from NAI."

Since the 11 September terrorist attacks on the US, Zimmermann said there was an even greater need for a publicly available secure encryption protocol. Companies need to be able to protect themselves from attack, and individuals need to be able to protect their own civil liberties, he added.

Zimmermann fell foul of the US government in the early 1990s because federal authorities felt that the worldwide dissemination of PGP violated anti-terrorism laws. The government dropped its case in 1996.

"We're going through hard times, and we've got to hang onto this thing," Zimmermann said. "Our civil liberties are likely to be eroded by this whole experience; that increases the need to keep our hands on strong crypto and keep a hold of it."

Development of PGP began in the 1980s and early 1990s. Zimmermann said a lot of people came together to help develop the encryption protocols and to create an industry standard for all to use. NAI was an active participant in creating that standard.

That public standard would allow other companies or individuals to create new PGP products. Zimmermann said he was hopeful that someone would pick up the challenge.

Read more on IT risk management