The World's Email Encryption Software Relies On One

Guy, Who Is Going Broke
from the this-is-unfortunate dept

The man who built the free email encryption software used by whistleblower Edward
Snowden, as well as hundreds of thousands of journalists, dissidents and securityminded people around the world, is running out of money to keep his project alive.
Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since
then has been almost single-handedly keeping it alive with patches and updates from
his home in Erkrath, Germany. Now 53, he is running out of money and patience with
being underfunded.
"I'm too idealistic," he told me in an interview at a hacker convention in Germany in
December. "In early 2013 I was really about to give it all up and take a straight job."
But then the Snowden news broke, and "I realized this was not the time to cancel."
Like many people who build security software, Koch believes that offering the
underlying software code for free is the best way to demonstrate that there are no
hidden backdoors in it giving access to spy agencies or others. However, this means
that many important computer security tools are built and maintained by volunteers.
Now, more than a year after Snowden's revelations, Koch is still struggling to raise
enough money to pay himself and to fulfill his dream of hiring a full-time
programmer. He says he's made about $25,000 per year since 2001 — a fraction of
what he could earn in private industry. In December, he launched a fundraising
campaign that has garnered about $43,000 to date — far short of his goal of
$137,000 — which would allow him to pay himself a decent salary and hire a full-time
developer.
The fact that so much of the Internet's security software is underfunded is becoming
increasingly problematic. Last year, in the wake of the Heartbleed bug, I wrote that
while the U.S. spends more than $50 billion per year on spying and
intelligence, pennies go to Internet security. The bug revealed that an encryption
program used by everybody from Amazon to Twitter was maintained by just four
programmers, only one of whom called it his full-time job. A group of tech
companies stepped in to fund it.
Koch's code powers most of the popular email encryption
programs GPGTools, Enigmail, andGPG4Win. "If there is one nightmare that we fear,
then it's the fact that Werner Koch is no longer available," said Enigmail developer
Nicolai Josuttis. "It's a shame that he is alone and that he has such a bad financial
situation."
The programs are also underfunded. Enigmail is maintained by two developers in
their spare time. Both have other full-time jobs. Enigmail's lead developer, Patrick
Brunschwig, told me that Enigmail receives about $1,000 a year in donations — just
enough to keep the website online.
GPGTools, which allows users to encrypt email from Apple Mail, announced in
October that it would start charging users a small fee. The other popular program,
GPG4Win, is run by Koch himself.

It was free. a play on PGP and an homage to Stallman's free Gnu operating system. But in 2010. In the end. Koch continued to work on GPG in between consulting projects until 1999. who has an 8-year-old daughter and a wife who isn't working. Koch continued to pay his programmer in the hope that he could find more funding. By summer 2013. some breathing room. on the Internet. He set up an appeal at a crowdsourcing website. Stallman urged the crowd to write their own version of PGP. the funding ran out. Koch's software was a hit even though it only ran on the Unix operating system. But when I asked him what he will do when the current batch of money runs out." he recalled. he had to let the programmer go. Prior to that. He had some time between consulting projects.Email encryption first became available to the public in 1991." Related stories: For more coverage. In 1997. ProPublica is a Pulitzer Prize-winning investigative newsroom. "I'm very glad that there is money for the next three months." Koch recalled. The U. Koch won another contract from the German government to support the development ofanother email encryption method. he shrugged and said he prefers not to think about it. Koch decided to launch a fundraising campaign. "Really I am better at programming than this business stuff." he said. read our previous reporting on the Heartbleed bug. The campaign gave Koch. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions." Koch said. when Phil Zimmermann released a free program called Pretty Good Privacy. made t-shirts and stickers to give to donors. In 2005. in August 2012. Koch decided to try. how to encrypt what you can and a ranking of the best encryption tools. export restrictions. who was visiting Germany.S. and advertised it on his website. Koch was himself ready to quit. So. he earned just $21. the underlying software code was open for developers to inspect and improve. Koch attended a talk by free software evangelist Richard Stallman.000. but if you write it. or PGP. But after the Snowden news broke. The money allowed him to hire a programmer to maintain the software while also building the Windows version. "But nothing came. "We can't export it. Within a few months. he released an initial version of the software he called Gnu Privacy Guard. Republished from ProPublica. For almost two years. we can import it.S. and it wasn't subject to U. This remains the primary free encryption program for Windows machines. powerful computer-enabled encryption was only available to the government and large companies that could pay licensing fees. "I figured I can do it. when the German government gave him a grant to make GPG compatible with the Microsoft Windows operating system. Inspired. Sign up for their newsletter. . which became GPG4Win.