Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared,Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Kochs project.
The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.
Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.
"I'm too idealistic," he told me in an interview at a hacker convention in Germany in December. "In early 2013 I was really about to give it all up and take a straight job." But then the Snowden news broke, and "I realized this was not the time to cancel."
Like many people who build security software, Koch believes that offering the underlying software code for free is the best way to demonstrate that there are no hidden backdoors in it giving access to spy agencies or others. However, this means that many important computer security tools are built and maintained by volunteers.
Now, more than a year after Snowden's revelations, Koch is still struggling to raise enough money to pay himself and to fulfill his dream of hiring a full-time programmer. He says he's made about $25,000 per year since 2001 a fraction of what he could earn in private industry. In December, he launched a fundraising campaign that has garnered about $43,000 to date far short of his goal of $137,000 which would allow him to pay himself a decent salary and hire a full-time developer.
The fact that so much of the Internet's security software is underfunded is becoming increasingly problematic. Last year, in the wake of the Heartbleed bug, I wrote that while the U.S. spends more than $50 billion per year on spying and intelligence, pennies go to Internet security. The bug revealed that an encryption program used by everybody from Amazon to Twitter was maintained by just four programmers, only one of whom called it his full-time job. A group of tech companies stepped in to fund it.
Koch's code powers most of the popular email encryption programs GPGTools, Enigmail, and GPG4Win. "If there is one nightmare that we fear, then it's the fact that Werner Koch is no longer available," said Enigmail developer Nicolai Josuttis. "It's a shame that he is alone and that he has such a bad financial situation."
The programs are also underfunded. Enigmail is maintained by two developers in their spare time. Both have other full-time jobs. Enigmail's lead developer, Patrick Brunschwig, told me that Enigmail receives about $1,000 a year in donations just enough to keep the website online.
GPGTools, which allows users to encrypt email from Apple Mail, announced in October that it would start charging users a small fee. The other popular program, GPG4Win, is run by Koch himself.
Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet. Prior to that, powerful computer-enabled encryption was only available to the government and large companies that could pay licensing fees. The U.S. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions.
In 1997, Koch attended a talk by free software evangelist Richard Stallman, who was visiting Germany. Stallman urged the crowd to write their own version of PGP. "We can't export it, but if you write it, we can import it," he said.
Inspired, Koch decided to try. "I figured I can do it," he recalled. He had some time between consulting projects. Within a few months, he released an initial version of the software he called Gnu Privacy Guard, a play on PGP and an homage to Stallman's free Gnu operating system.
Koch's software was a hit even though it only ran on the Unix operating system. It was free, the underlying software code was open for developers to inspect and improve, and it wasn't subject to U.S. export restrictions.
Koch continued to work on GPG in between consulting projects until 1999, when the German government gave him a grant to make GPG compatible with the Microsoft Windows operating system. The money allowed him to hire a programmer to maintain the software while also building the Windows version, which became GPG4Win. This remains the primary free encryption program for Windows machines.
In 2005, Koch won another contract from the German government to support the development of another email encryption method. But in 2010, the funding ran out.
For almost two years, Koch continued to pay his programmer in the hope that he could find more funding. "But nothing came," Koch recalled. So, in August 2012, he had to let the programmer go. By summer 2013, Koch was himself ready to quit.
But after the Snowden news broke, Koch decided to launch a fundraising campaign. He set up an appeal at a crowdsourcing website, made t-shirts and stickers to give to donors, and advertised it on his website. In the end, he earned just $21,000.
The campaign gave Koch, who has an 8-year-old daughter and a wife who isn't working, some breathing room. But when I asked him what he will do when the current batch of money runs out, he shrugged and said he prefers not to think about it. "I'm very glad that there is money for the next three months," Koch said. "Really I am better at programming than this business stuff."
- Why the US government is questioning WhatsApp's encryption - CNBC - February 25th, 2020
- No Backdoor on Human Rights: Why Encryption Cannot Be Compromised - Bitcoin News - February 25th, 2020
- Backdoor to encryption back on agenda in absurdly named bill - 9to5Mac - February 25th, 2020
- Signal is the European Union's encrypted messaging app of choice - Cult of Mac - February 25th, 2020
- cloudAshur, hands on: Encrypt, share and manage your files locally and in the cloud - ZDNet - February 25th, 2020
- ASIO: Relentless advance of technology was outstripping our capabilities - ZDNet - February 25th, 2020
- Cygilant to Highlight the Need for Encrypted Traffic Visibility at RSA Conference 2020 - Business Wire - February 25th, 2020
- Encryption Software Market 2020 Emerging Trends, Growing Demand, Leading Companies, Applications, Overview and Regional Analysis 2026 - News Times - February 25th, 2020
- US bill seen threatening encryption on tech platforms - EJ Insight - February 25th, 2020
- AES Encryption Software Market to Witness Increased Incremental Dollar Opportunity During the Forecast Period 2020 2026 | Dell, Eset, Gemalto, IBM,... - February 25th, 2020
- Malware and HTTPS a growing love affair - Naked Security - February 25th, 2020
- Hardware-based Full Disk Encryption Market To Witness Growth Acceleration During 2020-2026 | Western Digital Corp, Samsung Electronics, Toshiba,... - February 25th, 2020
- Encryption Software Market are anticipated to lucrative growth opportunities in the future by Product Type, Structure, End-user and Geography to 2027... - February 25th, 2020
- Proposed Bill Could Threaten Apple, Facebook Messaging Platforms - MSSP Alert - February 25th, 2020
- Zettaset to Participate in Cybersecurity Forum at Annual HIMSS 2020 Conference - Business Wire - February 25th, 2020
- Cloud Encryption Technology Market Analysis with Key Players, Applications, Trends and Forecasts to 2025 | Gemalto, Sophos, Symantec - Nyse Nasdaq... - February 25th, 2020
- US legislation to fend off end-to-end encryption of Facebook, Google and others - Financial World - February 25th, 2020
- Encryption on Facebook, Google, others threatened by planned new bill - Reuters - February 22nd, 2020
- What Is an Encryption Backdoor? - How-To Geek - February 22nd, 2020
- Sophos Takes On Encrypted Network Traffic With New XG Firewall 18 - CRN: Technology news for channel partners and solution providers - February 22nd, 2020
- Last Week In Venture: Eyes As A Service, Environmental Notes And Homomorphic Encryption - Crunchbase News - February 22nd, 2020
- CIA Encryption Meddling and Chinese Espionage Allegations Make It Clear: We All Need Strong Data Protection - Reason - February 12th, 2020
- Congress, Not the Attorney General, Should Decide the Future of Encryption - Lawfare - February 12th, 2020
- The code breakers: This vault is the epicenter in law enforcement's battle to unlock encrypted smartphones - USA TODAY - February 12th, 2020
- Enea Announces New Smart Tools to Identify Encrypted and Evasive Network Traffic - Yahoo Finance - February 12th, 2020
- Encryption Vs. Decryption: What's the Difference? - Techopedia - February 12th, 2020
- Labor Bill to fix Australian encryption laws it voted for hits second debate - ZDNet - February 12th, 2020
- Encryption Software Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - News Parents - February 12th, 2020
- Mobile Encryption Market to Grow Massively (2020-2025) By Size, Share, Price, Trend and Forecast | Blackberry, T-Systems International, ESET, Sophos,... - February 12th, 2020
- Child-Welfare Activists Attack Facebook Over Encryption Plans - The New York Times - February 9th, 2020
- How Attorney General Barr's War On Encryption Will Harm Our Military - Techdirt - February 9th, 2020
- Strong Opinions on Whether Police Calls Should be Encrypted - Government Technology - February 9th, 2020
- The EARN IT Act is the latest clueless attack on encryption, do not fall for it - Privacy News Online - February 9th, 2020
- Republican Senator Lindsey Graham introduces bill that threatens end-to-end encryption - World Socialist Web Site - February 9th, 2020
- Activists write to Facebook against encryption, says it will dent bid to curb child pornography - Hindustan Times - February 9th, 2020
- BBB Offers the Following Tips for National Clean Out Your Computer and Safer Internet Day WKTN- A division of Home Town Media - WKTN Radio - February 9th, 2020
- Optical Encryption Market Booming by Size, Revenue, Trends and Top Growing Companies 2026 - Instant Tech News - February 9th, 2020
- Federal government warning of voter coercion, foreign election interference through private messaging services - CBC.ca - February 9th, 2020
- Mobile Encryption Market 2020 Recent Industry Developments and Growth Strategies Adopted by Top Key Players Worldwide and Assessment to 2025 -... - February 9th, 2020
- Well-meaning charities urge Facebook to halt encryption plan to protect kids - 9to5Mac - February 6th, 2020
- How the B-Team watches over Australia's encryption laws and cybersecurity - ZDNet - February 6th, 2020
- Kids Need End-to-End Encryption for Protection Against Corporations - The Mac Observer - February 6th, 2020
- Encryption Backdoors: The Achilles Heel to Cybersecurity? - Techopedia - February 6th, 2020
- US Lawmakers Seeking to Ban Companies From Using End-to-End Encryption With a New Draft Bill - Bitcoin Exchange Guide - February 6th, 2020
- United States: a invoice towards end-to-end encryption? - Sahiwal Tv - February 6th, 2020
- TLS 1.0/1.1 end-of-life countdown heads into the danger zone - The Daily Swig - February 6th, 2020
- How Would a US Ban on End to End Encryption Affect Cryptocurrency? - Bitcoinist - February 5th, 2020
- Officials Ask Public to Weigh in on Encrypting Police Calls - Government Technology - February 5th, 2020
- Bluefin and FroogalPay Partner to Provide PCI-Validated Point-to-Point Encryption (P2PE) - Benzinga - February 5th, 2020
- Facebook to allow parents to monitor their kids' chat messages - Sussex Express - February 5th, 2020
- Hardware-based Full Disk Encryption Market To Boom In Near Future By 2027 With Industry Key Players - Science of Change - February 5th, 2020
- New ransomware with '.SaveTheQueen' extension discovered by Varonis - Information Age - February 5th, 2020
- The Best Encryption Software for 2020 | PCMag - February 2nd, 2020
- Encryption - What It Is, Types, Algorithms, & More ... - February 2nd, 2020
- A Beginner's Guide to Encryption: What It Is and How to ... - February 2nd, 2020
- Encryption | Internet Society - February 2nd, 2020
- Best encryption software tools of 2020: Keep your data ... - February 2nd, 2020
- What is 256-bit Encryption? How long would it take to crack? - February 2nd, 2020
- A new bill could punish web platforms for using end-to-end encryption - The Verge - February 2nd, 2020
- How to encrypt email (Gmail, Outlook iOS, OSX, Android ... - February 2nd, 2020
- Researchers showcase all-optical encryption tech to keep data hidden and safe - The Times of Israel - February 2nd, 2020
- The U.S. government's been trying to stop encryption for 25 years. Will it win this time? - Tom's Guide - February 2nd, 2020
- Apple's end-to-end encryption threatened by new proposed bill - AppleInsider - February 2nd, 2020
- With Streaming Becoming More Prevalent in 2020, it would be better to connect to the Internet with a VPN - gotech daily - February 2nd, 2020
- nCipher Security: More Americans trust encryption than know what it is - Security Boulevard - January 30th, 2020
- Encryption Software Market 2020 Analysis by Current Industry Status, Key Manufacturers, Industry Drivers and Forecast to 2024 Dagoretti News -... - January 30th, 2020
- Emerging Opportunities in Hardware-based Full Disk Encryption Market with Current Trends Analysis - Dagoretti News - January 30th, 2020
- Scientists from Israel have developed the worlds first optical encryption technology Stealth - The Times Hub - January 30th, 2020
- Government Report Reveals Its Favorite Way to Hack iPhones, Without Backdoors - VICE - January 30th, 2020
- How to Get the Most Out of Your Smartphone's Encryption - WIRED - January 30th, 2020
- Forensics detective says Android phones are now harder to crack than iPhones - Android Authority - January 30th, 2020
- Options to End the End to End Encryption Debate - Infosecurity Magazine - January 30th, 2020
- Remember the Clipper chip? NSA's botched backdoor-for-Feds from 1993 still influences today's encryption debates - The Register - January 30th, 2020
- Why Public Wi-Fi is a Lot Safer Than You Think - EFF - January 30th, 2020
- There is no legislation mandating encryption of private information - Kamloops This Week - January 30th, 2020
- Apple Watch rewards, iCloud encryption, and WhatsApp hacks on the AppleInsider Podcast - AppleInsider - January 30th, 2020
- Apple Wanted the iPhone to Have End-to-End Encryption. Then the FBI Stepped In - Popular Mechanics - January 27th, 2020
- Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes - Gizmodo - January 27th, 2020
- Deployed 82nd Airborne unit told to use these encrypted messaging apps on government cell phones - Military Times - January 27th, 2020
- The FBI doesn't need Apple to give it a backdoor to encryption, because it already has all the access it needs - Boing Boing - January 27th, 2020