In 1997, German software developer Werner Koch was sitting in an audience, listening to GNU Project founder Richard Stallman discussing the future of free software. During the speech, Stallman urged the audience to come up with ideas on how to create e-mail encryption software that could be shared around the world.
It had been tried before, though rather by accident: in 1991, Phil Zimmerman released Pretty Good Privacy (PGP), a cryptosystem designed to help U.S. political activists share their views without fear of reprisals. They were aware of legal restrictions to the international distribution of encryption technology, so they marked the download as ‘U.S. only’. Little did they realise, the marker did not actually restrict download capability. PGP went global, and 18 months later Zimmerman became the target of a criminal investigation for munitions export without a license. While he was never convicted (he avoided doing so by publishing the source code), the damage was done, and PGP became a commercial product in order to avoid further legal issues.
Koch took Stallman’s call to action to heart, and in 1999 released GNU Privacy Guard (GPG).
It went on to become the basis for the most popular e-mail encryption programs: GPGTools for Mac, Mozilla Thunderbird’s Enigmail, and GPG4Win, which Microsoft hired Koch to develop for Windows.
His work became the frontline of defence for whistleblowers, journalists, and security-minded individuals worldwide, but in the years that followed, Koch struggled to stay afloat. He made only $25,000 a year as the sole GPG developer, receiving minor donations for his work that barely covered the cost of keeping the source-code available for download. The software became bloated as he struggled to keep it updated without any kind of support.
Koch is a keen example of the lack of attention granted to internet security protocol, even at a time when governments are implementing new laws to crack down on individual privacy, and security issues like doxing and the Heartbleed exploit are becoming more prominent.
Koch was close to giving up and finding a corporate job when, in 2013, news broke that Edward Snowden had managed to leak NSA documents by covering his tracks with GPG.
It was the kind of motivation he needed to continue his work. So long as people like Snowden lead the crusade for truth, he would provide them a shield to bear.
Last year, when Koch’s plight was made public, his received donations totalling $137,000, providing him a proper income, and allowing a second developer to come onto the team. He also received a $60,000 grant from the Linux Foundation’s Core Infrastructure Initiative, and an agreement for $50,000 a year from Facebook and online payment processor Stripe.
It’s enough to keep the project going, if only for a little while. And when the money runs out? Who knows what the future of internet security looks like.
You can download the GPG, or donate to Werner Koch, via the official website.