When Phil Zimmermann published Pretty Good Privacy, one of the first encrypted e-mail programs, in 1991, he had no idea it would become the most popular product of its kind. Nor did he know that it would spark a three-year investigation by the U.S. government into whether he had broken federal laws against exporting strong encryption. Having come through the inquiry unscathed, Zimmermann eventually sold his company, PGP Industries Inc., to Network Associates Inc. and stayed on at the software concern to oversee the development of future versions of his program. Last week, Zimmermann left NAI for Hush Communications Inc. Senior Writer Dennis Fisher talked with Zimmermann about why he left NAI and his plans for the future.
eWeek: Why did you decide to leave Network Associates now?
Zimmermann: Ive had a long-standing position on publishing source code for crypto software. They didnt necessarily agree with that. Ive been working on the same project [PGP] for 10 years, and as long as I continued to work there, they would own everything I do. I cant stay there forever.
eWeek: Is there a sense of sadness at all now that you wont be working on PGP anymore?
Zimmermann: There is a sense of sadness, but Ive been carrying the project for a long time. I have a special attachment to it. But, Im not going to end my relationship with PGP. I talked to some of the engineers there just today. And Ill be helping Hush implement the OpenPGP standard. Ive taken PGP as far as I can at NAI. They have a very different application at Hush. I have to get on with my career.
eWeek: When you first wrote PGP, did you ever think encrypted e-mail would become as popular as it has?
Zimmermann: I thought it might become important, but what I didnt anticipate was the interest the government would take in it. Honestly, I was hoping it would be bigger than it is, but I think the ease-of-use factor has held it back.
eWeek: Thats been one of the criticisms of PKI [public-key infrastructure] in general for a long time. Do you think that has hurt its growth?
Zimmermann: Its tough for anyone to roll out PKI in a big enterprise. Thats what I find interesting about Hush: If you have Web-based mail, you dont have to install anything on the workstation. Thats a lot easier from the IT managers perspective.
eWeek: What other projects are you working on now?
Zimmermann: Im working on a secure phone. Its written totally in Java. I did one before in C, but it never went anywhere because IT managers werent interested in it. It became an orphan product, and when NAI bought my company, they didnt even know they had it. It should be out sometime in the spring. Were starting to put the crypto in now. Thats the easy part for me; the telephony is the hard part.