[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) Keeping e-mail encryption alive

------- Forwarded message follows -------
Date sent:      	Sun, 21 Apr 2002 23:29:01 -0400
To:             	Digital Bearer Settlement List <dbs@philodox.com>,
	dcsb@ai.mit.edu, mac-crypto@vmeng.com, cryptography@wasabisystems.com
From:           	"R. A. Hettinga" <rah@shipwright.com>
Subject:        	Keeping e-mail encryption alive


Keeping e-mail encryption alive

NEW YORK (AP) --Phil Zimmermann knows a thing or two about adversity.

His invention for encrypting e-mail, Pretty Good Privacy, was so good
that the government considered it munitions subject to tough export
controls. Prosecutors threatened him with criminal charges when others
leaked it overseas.

The government ultimately backed off. But now, the company that makes
the most popular version of PGP is the one pulling the plug.

It's yet another setback, but Zimmermann isn't rattled.

"PGP has been around for 10 years and has endured incredible obstacles
and hardships," Zimmermann said. "Powerful forces have been arrayed to
stop PGP and yet those obstacles were overcome."

PGP's future now lies with a handful of voluntary and entrepreneurial
efforts that follow Zimmermann's designs. None carry the PGP name,
though, as Network Associates Inc. retains trademark rights.

"People are very concerned about this development and would like to do
something about it," Zimmermann said. "A way will be found."

Network Associates, which bought PGP from Zimmermann's PGP Inc. in
1997, sought a buyer last year for its e-mail and file encryption
products. The company said it didn't get an attractive offer, so it
dropped the products earlier this year.

Though some longtime PGP users insist Network Associates could have
marketed the product better, others say the demand simply wasn't

"People aren't spending for encrypted e-mail," said Austin Hill, chief
strategy officer at Zero-Knowledge Systems Inc.

He ought to know. His company dropped plans for PGP as well.

Encryption is difficult for average users to grasp, products aren't
all that easy to use and the threats of not protecting e-mail from
prying eyes aren't all that easy to explain, Hill said.

Private as a postcard

Internet users won't worry about using regular e-mail for credit card
numbers, medical discussions and other sensitive information until
they are directly harmed or see a well-publicized breach, security
experts say.

Only then would they understand or care that using unencrypted e-mail
is as private as sending a postcard. Without encryption, network
administrators at Internet service providers, employers, intelligence
agencies and hackers can snoop on e-mail in transit.

Network Associates will fix programming bugs for a year and honor
existing service contracts, but it will no longer sell PGP or renew
contracts. Though a free version remains available elsewhere, the
company won't update it or make it compatible with newer operating
systems, like Windows XP.

Having Network Associates aside will encourage others -- particularly
volunteers -- to increase development efforts, said Yair Frankel, a
cryptography consultant in Westfield, New Jersey.

"Many people believe that PGP from (Network Associates) was the only
thing that existed," said Fabian Rodriguez, associate director of
business development at Toxik Technologies Inc., a PGP vendor. "Now
that it's not there, it sets the ground level equal for everybody."

PGP alternatives include the Gnu Privacy Guard, developed by
volunteers under a license that permits anyone to freely use, modify
and further distribute the product.

Lok Technology Inc. offers Web-based e-mail accounts that use PGP,
while Authora Inc. makes PGP work with Outlook e-mail software and any
Web-based e-mail system. Toxik handles data sent through online forms.

Other encryption methods exist, but none has PGP's popularity.

Alternative answers?

The alternatives still need work.

Authora, for instance, lacks compatibility with non-Microsoft e-mail
software such as Eudora and Lotus Notes.

Gnu is only a command-line program and needs a graphical interface to
be attractive to the vast majority of users. A few interfaces,
including Windows Privacy Tray, have been developed but none are as
versatile or simple as Network Associates' program.

The Gnu project "is the thing that comes close to what PGP from
(Network Associates) was, and it's really not there yet," said David
Del Torto, executive director of the CryptoRights Foundation, which
promotes encryption for human rights workers.

Zimmermann, who chairs the OpenPGP Alliance and works with some
commercial distributors, thinks any viable alternative will also need
extensive marketing. And if the PGP user base is to expand, he said,
tools must be easier to use.

John Miller, Lok's chief operating officer, described the Network
Associates move as "a double-edge sword" for alternatives.

"They are leaving a hole in the marketplace, but when you're out there
trying to get venture capital, backers and clients, they say, 'If a
big company like (Network Associates) couldn't pull it off, what makes
you think a smaller company could?"' Miller said.

Even if a viable PGP alternative comes along, whether e-mail
encryption will ever grow in usage is another matter.

PGP developers believe there is growing interest in privacy, given new
federal regulations governing financial and medical data.

But so far, PGP is limited primarily to niche markets, like human
rights and organized crime -- authorities say mob suspect Nicodemo S.
Scarfo Jr. used it to encode gambling records.

"I don't think it's going to die," said Bruce Schneier, chief
technology officer for Counterpane Internet Security Inc. "It will
just be what it is, a niche security product. (Network Associates)
apparently felt the niche wasn't large enough."

R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44
Farquhar Street, Boston, MA 02131 USA "... however it may deserve
respect for its usefulness and antiquity, [predicting the end of the
world] has not been found agreeable to experience." -- Edward Gibbon,
'Decline and Fall of the Roman Empire'

The Cryptography Mailing List Unsubscribe by sending "unsubscribe
cryptography" to majordomo@wasabisystems.com
------- End of forwarded message -------

To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de