The fact of the shock that the world's mail encryption depends on only one man and the development fund has become zero

GNU Privacy Guard (GPG) is a free email encryption software used by journalists and security-sensitive people around the world, as well as whistleblowers such as Edward Snowden . Mr. Werner Koch has been developing this encryption software by himself since 1997, and ProPublica reveals the harsh situation he is in.

The World's Email Encryption Software Relies on One Guy, Who is Going Broke-ProPublica

Software engineer Koch started the development of GPG in 1997, and since then almost alone has been developing software and software from his German home. Mr. Koch is currently 53 years old, but at 10 am on February 5th when Mr. Koch's article was posted on ProPublica, the development funds have already been used up.

When ProPublica's Julia Angwin reporter interviewed Mr. Koch at a hacker rally in Germany in December 2014, Mr. Koch said, “I am too idealist. `` I was really trying to get GPG development and other jobs, but at that time Snowden's news was revealed and I thought it was not time to quit. '' .

Like other engineers developing security related software, Mr. Koch offers the best way to prove that the basic software code is released free of charge but does not have a backdoor etc. It seems to be thinking. Since open source software can't sell software and make money, it seems difficult for general companies to work on, and most important security tools used on computers are inevitably maintained by volunteers. The current situation seems to be.

More than a year has passed since Mr. Snowden's whistle-blowing, but now Mr. Koch is pushing forward with the project and struggling to raise money for his dream of “hiring a full-time programmer”. Mr. Koch's annual income seems to be about 25,000 dollars (about 2.9 million yen) at the present time, so there is no financial margin to realize the dream of `` employing a full-time programmer '' so funds We are collecting.

Therefore, Mr. Koch has been collecting donations since December 2014, and it seems that he collected $ 43,000 (about 5 million yen) by February 5 when the article was published in ProPublica. However, Mr. Koch's short-term target is 137,000 dollars (about 16 million yen), and with this amount of money, he will be able to pay his own salary and hire a full-time programmer.

If you want to help Koch's GPG development, you can donate by credit card or PayPal from the following page.


As Mr. Koch's case, the problem of not having sufficient financial resources for Internet security software is getting bigger day by day. In 2014, a vulnerability called “ Heartbleed Bug ” was discovered in OpenSSL . OpenSSL is an encryption program used on various Internet services from Amazon to Twitter, but it became clear that it was maintained by only four programmers due to the discovery of the Heartbleed Bug, and four more It has also been found that only one person has been dedicated to the development of OpenSSL.

Despite the discovery of such a serious bug, the United States still spends more than $ 50 billion (about 5.9 trillion yen) annually on espionage and information agencies, and almost all funds are spent on Internet security there is no status quo that has followed.

You can read more about the Heartbleed Bug by reading the following article.

A serious bug is found in OpenSSL used by about 66% of sites on the net-gigazine

The email encryption program developed by Mr. Koch is used as encryption software such as “ GPGTools ” for Mac OS X, “ Enigmail ” for browser expansion, and “ GPG4Win ” for Windows. “One of the nightmares I fear is that Werner Koch will be unable to develop,” says Enigmail developer Nikolai Justice. Enigmail is an extension for encryption maintained by two engineers, both of them have other full-time jobs, and it seems that they are developing Enigmail between work.

Enigmail is also looking for donations, but about $ 1000 (about 120,000 yen) is collected annually. “GPGTools” is an encryption software for Mac OS X, and a charge for the service was announced in October 2014, and it can be said that all software development is being carried out in a difficult financial situation.

Mail encryption was first made available to the general public in 1991, which was made possible by Phil Zimmerman's free “ Pretty Good Privacy (PGP)”. PGP was an encryption software that anyone could use, but it was difficult to export due to export restrictions of the US government at that time.

And in 1997, Koch went to listen to free software developer Richard Stallman's performance, and Stallman said to the audience, “Please make your own version of PGP. We can't export PGP, but you can import it if you write it, 'he said.

Koch started the GPG development inspired by this word. Koch developed the initial version of GPG in the first few months after the performance, which was a software that only worked on Unix-like operating systems, but it was a big hit. And the basic part of the source code was released free of charge and was not subject to US export restrictions.

Later, in 1999, we received a subsidy from the German government to create a Windows compatible version of GPG, completing GPG4Win. In 2005, we are working on the development of other encryption methods with the assistance of the German government.

However, it seems that all the development funds gathered with these aids have been used up in 2010, and for the next two years, paying salaries to full-time programmers based on the idea that 'somehow funds should be collected ...' However, in August 2012, there was not enough room for it, and it was decided to continue development alone.

In addition, after an article about Mr. Werner Koch was published in ProPublica, a subsidy of 60,000 dollars (about 7 million yen) was paid from the Core Infrastructure Initiative of Linux Foundation .

in Software, Posted by logu_ii