To print: Click here or Select File and then Print from your browser's menu
        This story was printed from ZDNN,
        located at
PGP is dead! Long live PGP? Maybe
By Stephan Somogyi
March 5, 2002, 4:20 AM PT

COMMENTARY--A week ago, on Feb. 26, Network Associates (NAI) sent an e-mail to some of its customers announcing that it had killed the PGP Desktop Security product line. This, ladies and gentlemen, is very grim news indeed. Why do I care about PGP Desktop? Because it's a critical software package for me, and presumably for many of you as well.

Pretty Good Privacy has long been assimilated into Network Associates, but its roots as a countercultural tool are still widely known. Some had considered NAI's rendition of the PGP products tainted by their commercial association, especially after Phil Zimmerman, PGP's progenitor, left the company. But the products have remained very good, and they fill a need.

IN SOME RESPECTS, the PGP Desktop package had no competition. It was the only product that offered file encryption, standards-based e-mail encryption, standards-based IPSec VPN client and peer-to-peer capabilities, and a secure encrypted file system--all in one coherent package.

I spoke with NAI President Gene Hodges late last week to get the company's side of the story. He said NAI has been trying since last October to sell the PGP Desktop products, but that the effort was unsuccessful. The decision to look for a buyer originally stemmed from the product line failing to generate enough profit.

After not finding a buyer, the products have now been put into "maintenance mode," which means that existing support contracts will be honored until they run out, at which point they will not be renewed. New versions of PGP Desktop will not be released.

I confess that PGP Desktop's lack of revenue doesn't surprise me, since I can honestly say that I never once saw it marketed. I also vividly remember, when working on a review of PGP Desktop a little over a year ago, being told by NAI that it wasn't a retail product, then that it was, then that it cost several hundred dollars per seat. It was as if NAI didn't want to sell single copies of the product, an experience recounted to me by readers after the review appeared in print.

As best I can tell, NAI not only didn't spend much effort getting the word out, it seemed to be, well, actively inert when it came to promoting PGP. If the company had wanted to make money from PGP Desktop, I'm convinced it could have.

FORTUNATELY, however, my conversation with Hodges left me with some hope for PGP's future. He was adamant that NAI would like to see PGP's evolution continue, though it wasn't clear how that might happen. While it didn't seem likely to me that NAI would be willing to release the source code for the PGP Desktop products, Hodges said that he was open to suggestions.

Further hope is engendered in me by historical precedent. Back when threw a wrench into the works and made it difficult for people to use SSH-based technology, OpenSSH was born. Since its introduction in December 1999, OpenSSH has developed an impressively large user base, as the OpenSSH usage stats show. One crucial difference, however, is that OpenSSH is free, whereas it seems unlikely that NAI would part with the PGP intellectual property without some monetary recompense.

But all this is hypothetical until, as Hodges put it, a "valid party" comes forward and makes NAI a palatable offer.

Apple would make a good candidate. It has already shown a penchant for buying interesting apps in order to make them compelling reasons to adopt Mac OS X, viz SoundJam's transformation to iTunes. Acquiring PGP Desktop would allow Apple to make standards-based e-mail, file, and disk encryption, as well as VPN technology, an integral part of its new OS. Now would be a particularly good time for Apple to make such a move, given Microsoft's troubles with security of late.

But existing Windows PGP Desktop users, especially the large number of multi-seat licensees at the U.S. Government's various TLAs, must be feeling the pain of this announcement as well. This is a good product that will be hard to replace.

SMALLER COMPANIES seem not to have found it worthwhile to enter this market as long as NAI was putatively present. However, now that NAI's position is unambiguous, perhaps someone will pick up the slack. Still, since developing a comparable product from scratch would take quite some time, if existing PGP users are to avoid being stuck in purgatory in the interim, some way must be found for NAI to pass on the software it has today, so that those who want to buy and use it can do so.

Since NAI clearly isn't going to derive any more revenue from PGP Desktop sales, the company should now focus on how best to support its erstwhile customers. The best thing would be for NAI to aggressively work to make PGP Desktop's source code available quickly, either freely to spur an OpenSSH-like development effort, or to release it under license to an entity that could continue development.

What should NAI do with PGP Desktop? Should Apple buy it? Should NAI release it as open source? TalkBack to me.