Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared,Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Kochs project.
The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.
Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.
"I'm too idealistic," he told me in an interview at a hacker convention in Germany in December. "In early 2013 I was really about to give it all up and take a straight job." But then the Snowden news broke, and "I realized this was not the time to cancel."
Like many people who build security software, Koch believes that offering the underlying software code for free is the best way to demonstrate that there are no hidden backdoors in it giving access to spy agencies or others. However, this means that many important computer security tools are built and maintained by volunteers.
Now, more than a year after Snowden's revelations, Koch is still struggling to raise enough money to pay himself and to fulfill his dream of hiring a full-time programmer. He says he's made about $25,000 per year since 2001 a fraction of what he could earn in private industry. In December, he launched a fundraising campaign that has garnered about $43,000 to date far short of his goal of $137,000 which would allow him to pay himself a decent salary and hire a full-time developer.
The fact that so much of the Internet's security software is underfunded is becoming increasingly problematic. Last year, in the wake of the Heartbleed bug, I wrote that while the U.S. spends more than $50 billion per year on spying and intelligence, pennies go to Internet security. The bug revealed that an encryption program used by everybody from Amazon to Twitter was maintained by just four programmers, only one of whom called it his full-time job. A group of tech companies stepped in to fund it.
Koch's code powers most of the popular email encryption programs GPGTools, Enigmail, and GPG4Win. "If there is one nightmare that we fear, then it's the fact that Werner Koch is no longer available," said Enigmail developer Nicolai Josuttis. "It's a shame that he is alone and that he has such a bad financial situation."
The programs are also underfunded. Enigmail is maintained by two developers in their spare time. Both have other full-time jobs. Enigmail's lead developer, Patrick Brunschwig, told me that Enigmail receives about $1,000 a year in donations just enough to keep the website online.
GPGTools, which allows users to encrypt email from Apple Mail, announced in October that it would start charging users a small fee. The other popular program, GPG4Win, is run by Koch himself.
Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet. Prior to that, powerful computer-enabled encryption was only available to the government and large companies that could pay licensing fees. The U.S. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions.
In 1997, Koch attended a talk by free software evangelist Richard Stallman, who was visiting Germany. Stallman urged the crowd to write their own version of PGP. "We can't export it, but if you write it, we can import it," he said.
Inspired, Koch decided to try. "I figured I can do it," he recalled. He had some time between consulting projects. Within a few months, he released an initial version of the software he called Gnu Privacy Guard, a play on PGP and an homage to Stallman's free Gnu operating system.
Koch's software was a hit even though it only ran on the Unix operating system. It was free, the underlying software code was open for developers to inspect and improve, and it wasn't subject to U.S. export restrictions.
Koch continued to work on GPG in between consulting projects until 1999, when the German government gave him a grant to make GPG compatible with the Microsoft Windows operating system. The money allowed him to hire a programmer to maintain the software while also building the Windows version, which became GPG4Win. This remains the primary free encryption program for Windows machines.
In 2005, Koch won another contract from the German government to support the development of another email encryption method. But in 2010, the funding ran out.
For almost two years, Koch continued to pay his programmer in the hope that he could find more funding. "But nothing came," Koch recalled. So, in August 2012, he had to let the programmer go. By summer 2013, Koch was himself ready to quit.
But after the Snowden news broke, Koch decided to launch a fundraising campaign. He set up an appeal at a crowdsourcing website, made t-shirts and stickers to give to donors, and advertised it on his website. In the end, he earned just $21,000.
The campaign gave Koch, who has an 8-year-old daughter and a wife who isn't working, some breathing room. But when I asked him what he will do when the current batch of money runs out, he shrugged and said he prefers not to think about it. "I'm very glad that there is money for the next three months," Koch said. "Really I am better at programming than this business stuff."
- COVID-19 Impact on Global Encryption Software Market Report to Share Key Aspects of the Industry with the details of Influence Factors - Scientect - September 4th, 2020
- Encryption Software Market: Regional Overview and Trends Evaluation to 2026 - Fractovia News - September 4th, 2020
- Encryption Software Market is Expected to reach $2.16 billion by 2020| Growing at a CAGR (compounded annual growth rate) of CAGR of 14.27% from 2014... - September 4th, 2020
- WD unveils encrypted ArmorLock SSD that unlocks using your smartphone - 9to5Toys - September 4th, 2020
- Encryption Software Market report, upcoming trends, share report, growth size, industry players and global forecast to 2025 - Galus Australis - September 4th, 2020
- COVID-19 Impact on Global Encryption Software Market: Global Industry Analysis by Size, Share, Growth, Trends and Forecast 2020 2025 - The Daily... - September 4th, 2020
- Hardware Encryption Technology Steady Growth to be Witnessed by 2019-2029 - The News Brok - September 4th, 2020
- Encryption Software Market to Witness Astonishing Growth by 2026 | Dell , Eset , Gemalto and more - The Daily Chronicle - September 4th, 2020
- IIT Guwahati Research team working towards protecting data from cyber attacks - India Today - September 4th, 2020
- Five Security Blind Spots You Might Not Realize You Have - Government Technology - September 4th, 2020
- Cloud Encryption MARKET 2020 BY MANUFACTURERS, REGIONS, TYPE AND APPLICATION, FORECAST TO 2027 - Scientect - September 4th, 2020
- Network Encryption Market Trends, Outlook and Forecasts to 2025 by: Gemalto, Riverbed Technology, IBM Corporation, SolarWinds Inc., Juniper Networks... - September 4th, 2020
- What is the Importance of Encryption in the Business Network - Enterprise Security Mag - September 2nd, 2020
- How to enable end-to-end encryption for the Nextcloud app - TechRepublic - September 2nd, 2020
- The Feds Need to Listen in on Your Encrypted Knowledge. It is "for the Youngsters." - The Shepherd of the Hills Gazette - September 2nd, 2020
- NordVPN review: An encryption powerhouse with the best VPN bang for your buck - CNET - September 2nd, 2020
- Homomorphic encryption: Deriving analytics and insights from encrypted data - CSO Online - September 2nd, 2020
- Encryption Key Management 2020-2025 | Global Market Trends, Applications, Size, Types, Key Manufacturers and Forecast Research - The Daily Chronicle - September 2nd, 2020
- AES Encryption Software Market : Global Strategies and Insight driven transformation 2020 2026 - SG Research Sphere - September 2nd, 2020
- IIT Guwahati researchers develop algorithms to protect information like health data from cyberattacks - EdexLive - September 2nd, 2020
- Global Cloud Encryption Market- Industry Analysis and forecast 2020 2027: By Industrial verticals, Services, and Region. - Galus Australis - September 2nd, 2020
- Data Encryption Market Size 2020 By Global Business Trends, Share, Future Demand, Leading Players Updates and Forecast to 2026 (Based on 2020 COVID-19... - September 2nd, 2020
- Mobile Encryption Technology Market : Global Trends, Analysis and Forecast 2025 - The Daily Chronicle - September 2nd, 2020
- How to Encrypt Files with gocryptfs on Linux - How-To Geek - September 2nd, 2020
- GlobeX Data launches Sekur, its secure, encrypted email and messaging solution - Proactive Investors USA & Canada - September 2nd, 2020
- What to do in the event of a ransomware attack - Charity Digital News - September 2nd, 2020
- Activate these 4 WhatsApp settings NOW to stop snoopers including face-lock and encryption - The Sun - September 2nd, 2020
- TLS Is Only as Strong as Its Weakest Link - Hashed Out by The SSL Store - Hashed Out by The SSL Store - September 2nd, 2020
- Encryption Management Solutions Market Trends, Size, Share, Status, Analysis And Forecast To 2025 - The News Brok - September 2nd, 2020
- Cloud Encryption Market Insights Business Opportunities, Current Trends And Restraints Forecast 2026 - Reports Watch - September 2nd, 2020
- 9 ways to build privacy into cloud applications - Reseller News - September 2nd, 2020
- Russia's New Blockchain Voting System Isn't Ready, but It'll Be Used This Month Anyway - Business Blockchain HQ - September 2nd, 2020
- Encryption and endpoint control: the heroes of post-lockdown data security - TEISS - August 20th, 2020
- Global Encryption Software Market 2020: Industry Analysis by Size, Share, Demand, Growth rate and Forecasts Till 2025 - The News Brok - August 20th, 2020
- Techdirt Podcast Episode 252: The Key To Encryption - Techdirt - August 20th, 2020
- Researchers Develop Attacks Targeting End-to-End Encryption in Emails - Decipher - August 20th, 2020
- Encryption Software Market- Global Outlook and Forecast 2018-2026 - Kentucky Journal 24 - August 20th, 2020
- Analyzing Impacts Of COVID-19 On Data Encryption Market Effects, Aftermath And Forecast To 2026 - The Daily Chronicle - August 20th, 2020
- Commercial Encryption Software Market Analysis And Demand With Forecast Overvie - News by aeresearch - August 20th, 2020
- Cloud Encryption Market Estimated to Experience a Hike in Growth by 2026 - Scientect - August 20th, 2020
- Why it's important to encrypt everything, everywhere, all the time - SecurityBrief Asia - August 20th, 2020
- Optical Encryption Market with Brief Introduction, Industry Overview, Scope, Size and Forecast Analysis 2025 - Scientect - August 20th, 2020
- What is On-the-Fly Memory Encryption? - Electropages - August 8th, 2020
- AFP says it made three requests for assistance in breaking encryption in 2019-20 - iTWire - August 8th, 2020
- Blue Canyon Technologies Tapped to Build QETSSat Encryption Satellite - Via Satellite - August 8th, 2020
- Encryption Software Market Report to Share Key Aspects of the Industry with the Details of Influence Factors- 2024 - Owned - August 8th, 2020
- Exorcist Ransomware and CIS Exclusion - Security Boulevard - August 8th, 2020
- Beyond Krk: Even more WiFi chips vulnerable to eavesdropping - We Live Security - August 8th, 2020
- Comprehensive Analysis on Endpoint Encryption Software Market based on types and application - The Daily Chronicle - August 8th, 2020
- This hardware-encrypted USB-C drive is rugged, inexpensive, and can run Windows - TechRadar UK - August 8th, 2020
- Zoom's COO is not concerned by app bans in India, says end-to-end encryption for all by year end - Economic Times - August 8th, 2020
- Jihadi Use Of Bots On The Encrypted Messaging Platform Telegram - Middle East Media Research Institute - August 8th, 2020
- Thoughts on encryption legislation - and the real 'link' between 5G and coronavirus - Cloud Tech - July 21st, 2020
- Twitter Urged To Beef Up Encryption 07/20/2020 - MediaPost Communications - July 21st, 2020
- Encryption Software - Market Share Analysis and Research Report by 2025 - CueReport - July 21st, 2020
- Encryption Management Solutions Market 2020 Global Share, Growth, Size, Opportunities, Trends, Regional Overview, Leading Company Analysis And... - July 21st, 2020
- Research Report on Data Encryption Service Market by Current Industry Status, Growth Opportunities, Top Key Players, and Forecast to 2025 -... - July 21st, 2020
- Bill That Mandates Cyber Backdoors Will Leave Front Doors Wide Open - CPO Magazine - July 21st, 2020
- These encrypted iStorage hard drives and flash drives are the ultimate peace of mind for your data - Boing Boing - July 21st, 2020
- Virtual and face-to-face connect to coexist: Zoom COO - Fortune India - July 21st, 2020
- Facebook's Rolling Out Touch ID and Face ID Lock Options for Messenger - Social Media Today - July 21st, 2020
- Global Cloud Encryption Technology Market Expeted To Reach xx.xx mn USD With growth Rate of xx by 2025| Pandamic Impact Analysis : Gemalto, Sophos,... - July 21st, 2020
- Encryption Software Market 2020 Comprehensive Analysis With Top Trends, Size, Share, Future Growth Opportunities & Forecast By 2027 - Connected... - July 21st, 2020
- Cryptocurrencies Have 'No Way' to Comply With US Anti-Encryption Bills - CoinDesk - CoinDesk - July 17th, 2020
- Encryption Key Management Market: Find Out Essential Strategies to expand The Business and Also Check Working in 2020-2027 - Jewish Life News - July 17th, 2020
- Email Encryption Market Worth $9.9 Billion by 2025 - Exclusive Report by MarketsandMarkets - PRNewswire - July 17th, 2020
- Encryption Software Market Overviews With Key Players, Size Growth Drivers As Well As Industry Challenges Opportunities To 2027 - Connected Lifestyle - July 17th, 2020
- Encryption Software Market 2020 | Covid-19 Impact Analysis and Industry Forecast Report Till 2024 - 3rd Watch News - July 17th, 2020
- Encryption Software Market 2020 Overview by Size, Share, Financial Services, Applications, Sales Data and Investment Opportunities till 2025 - Apsters... - July 17th, 2020
- Flash drives and hard drives with military-grade encryption on sale - Mashable - July 17th, 2020
- Hardware Encryption Market: Size, Share, Analysis, Regional Outlook and Forecast 2020-2025 - Express Journal - July 17th, 2020
- IoT Security Solution For Encryption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Endpoint Encryption Software Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Global Hardware-based Full Disk Encryption (FDE) Market Report 2020 by Key Players, Types, Applications, Countries, Market Size, Forecast to 2026... - July 6th, 2020
- Explained: WhatApp calls End-to-End Encrypted, but what does it mean for you? - India Today - July 6th, 2020
- The booming business of encrypted tech serving the criminal underworld - Telegraph.co.uk - July 6th, 2020
- Hardware Encryption Devices Consumption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Network Encryption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Encryption Software Market Worth $20.1 Billion by 2025 - Exclusive Report by MarketsandMarkets - Yahoo Finance - June 18th, 2020
- Zoom says free users will get end-to-end encryption after all - The Verge - June 18th, 2020