PGP Rediscovers Open Source, Sort of

The recent re-acquisition of the Pretty Good Privacy product line by PGP Corp. comes as welcome news to all those who read with dismay last March that Network Associates would no longer sell Phil Zimmerman's much admired encryption product.

PGP has not lived in a profitable market. The product has a long history of being desirable but too cumbersome for us mere mortals. It's a pain to read the e-mail of anyone with whom you have not exchanged public keys. As a matter of fact, when you use the product, you face the very real possibility that the receiver has never heard of PGP.

There is also a rampant belief in the industry that PGP's origins as freeware mean that any derivative work would also be free. I beg to differ. The very people who wanted PGP for their personal privacy -- who wanted it so badly they would deal with its hassles -- are the same people who did not want their names in a database of product owners. This expectation is not likely to change. Fortunately, the management at PGP Corp. was smart enough to figure that out. It has announced that there will be a free, individual user version.

That's a good PR move, but it won't help your enterprise. What will help is what I will call PGPFMM: PGP for Mere Mortals. PGP Corp. says it hopes to release versions of the product that are more enterprise- and user-friendly by year-end. If it delivers the goods, you should check them out.

Today, anyone with a little knowledge and a mail server can send an e-mail message that looks to the end user like it came from your CEO. You and I could prove it false, but the average user isn't going to ask us to do so. For every person who bothers to call the company to ask about a fake e-mail, there are 2,000 who won't. This would make any risk manager want to leap out a window.If PGP Corp. can come up with a solution that lets you easily interface with your customers -- easily for the customer, that is -- take it. Run with it. But no solution I'm aware of addresses this issue and the solutions offered by PGP Corp. won't either -- not this year, anyway.

Watch PGP just the same. It may surprise us. If it does, our entire industry will be better off.
--Donald MacVittie, [email protected]