PGP is one of the best-known developers of secure messaging and information encryption software. However, despite boasting thousands of corporate Web sites and millions of end-users, the company has walked a rocky road, fighting government regulations and corporate changes.

IT Week: A lot of people will be confused about the status of PGP as a supplier of encryption technology after last year's split from Network Associates [NAI], which acquired PGP in December 1997. As PGP's director of products, can you explain the situation?

Stephan Somogyi: We're not a spin-off, offshoot or anything else from NAI. We purchased the relevant technology and brand assets. The vast majority of management was part of PGP Inc., which was then purchased by NAI. In 1991, Phil Zimmerman released PGP [encryption technology] and made it available to the world because he believed that everyone should be able to protect their data. The US government chased after him and threatened him with incarceration and all sorts of other things. In October 2001, PGP went into maintenance mode when NAI declared it would not continue development.

As a result, Phillip Dunkelberger [now chief executive of PGP] and Jon Callas [now PGP chief technology officer] started talking about what could be done and decided it would be good to purchase the assets of PGP from NAI. Despite the generally hostile attitude [to start-ups in the current economy] we were able to obtain $14m in venture capital.

If PGP is viable, why did NAI take the view that it would no longer develop the line?

Fundamentally, NAI has decided to get out of security and focus on its core antivirus business. PGP at NAI was profitable [and] we have a large customer base in Europe.

What is the product release schedule?

PGP 8.0 is available now with Windows XP support, server-side Notes integration and Macintosh OS X support. People were eyeing Linux very closely but were worried about the lack of a desktop with a real, usable interface. The goal is to bring out new products and we will be there for the long run. We'll have an entirely new product line in the first half of 2003.

There does not seem to be an obvious market leader in encryption. How do you see the competition?

There always has been this very difficult conflict between usability and security. If you look at it, the market leader is nothing, followed by easily guessable passwords, but there is going to be a great deal more requirement for usable encryption capabilities in the wake of Enron. So far, we in the industry haven't succeeded in solving that. We aim to protect everyone, ranging from individuals to the big government entities. We have enterprise tools to deploy PGP to a very broad base.

How do the US rules and regulations that govern encryption export affect PGP?

Regulations that affect exporting cryptography have changed significantly, and [cryptography is] no longer seen as a weapon. Now we're OK for much more of the world.

What is your attitude towards open-source development in security software?

We are providing a source-code release of 8.0 for the express purpose of peer review. It's not open source in the sense of allowing people to grab the source and letting them integrate [it into] their own product. The intellectual property remains PGP's, but it's important that it's reviewable by those that need to do so. There are all sorts of adventurous conspiracy theories, so this is a way to prove [the product]. People are inclined to take a wait-and-see attitude but PGP is not just back - we have concrete long-term platforms.

Have your say: reply to IT Week

ABOUT STEPHAN SOMOGYi

Stephan Somogyi is director of products at PGP , an encryption software company that was formerly part of security tools giant Network Associates.

Somogyi previously worked as a technology journalist for online site ZDNet and elsewhere.