Slashdot Mirror
NAI to Sell Off PGP Product Line
An Anonymous Coward writes: "Network Associates announced today that they are ceasing development of most of the PGP product line, including PGPMail and PGP Desktop Encryption software. This was apparently due to disappointing sales of the products. See the FAQ for more information on what's being killed and what's being kept." Another anonymous and unverified submitter says, "The entire PGP Business Unit was axed more or less wholesale. I guess selling encryption doesn't really make money. I worked there up until today and somewhere around 250 of the 300 employees were clipped."
The biggest potential users of this would have been the Slashdot types, and we're known for being fierce advocates of open-source and free (as in beer) software. The kind of "Why pay for something when you can write it yourself?" mentality is what helped kill it.
The people that are most concerned about encryption are those least willing to pay for it.
This product never ceased to amaze me. PGP 7.1 included, among other things:
- an encrypted IPSEC/IKE compliant VPN
- encrypted hard drive software (public key or shared secret encryption)
- Encrypted Email with multiple mail client integration
- Myriad windows hooks, like "encrypt clipboard"
- A secure file and hard drive wiper
- A full-blown INTRUSION DETECTION SYSTEM with email alert that would attach itself below the NDIS level.
...all for $30. I'm not a big fan of buying software, but I bought this religously because it was a steal, just for the IDS. I always wondered how they could afford to put so much top-notch development into such a cheap product (I never found a serious bug, and I've worked it over hard. That's a rare thing to be able to say about a windows networking application).
The answer appears to be that they were dumping serious development funds into this product and got were expecting massive sales. If you asked me to point a finger at the cause of death, I'd say they were overambitious. Too many developers building too much functionality made it far too expensive. All anyone ever really wanted was encrypted email. And perhaps if that's all they developed, supply would have matched demand.
Then again, hindsight is 20/20.
How many among even the savy group here maintains a valid PGP key that is available online? Of those, how many maintain their key in a searchable index? I presume the answer is less than 2%.
How many of you have received an email either signed or encrypted in such a fashion and then actually used the sender's public key to decrypt/verify?? Probably 10% of readers here or less.
And that folks, is why PKI and hence PGP are dead-ends.
There are two kinds of encryption users...
1) There are ordinary folks who want an easy-to-use encryption solution out of the box, and don't want to read a manual to get that level of security. While NAI's software has been getting better and easier-to-use over the years, it's still not 'easy'. Concepts like 'ring of trust' & 'key signing' might still too academic for ordinary folks, and NAI has not made much of an effort to explain why these ideas are important.
2) There are encryption-geeks, who don't really trust the security of a closed-source product, or who are happy enough with ssh, pgpi, gpg, etc.
OK, I guess there is a third type of encryption user, the user who wants an easy to use encryption product for her business, and isn't concerned about fears like 'FBI backdoors' in their product, but they're probably a small segment of the market.
"Can of worms? The can is open... the worms are everywhere."
It's very interesting to notice that a majority of people indicate that they do not care about personal encryption, primarily for their electronic mail communication. I recall reading in the PGP readme, when I first discovered it - version 2.x or 3.x at the time, I think - how it made perfect sense to use encryption to ensure your privacy. After all, did you not prefer to send your most personal thoughts using letters within envelopes rather than postcards?
However, when I try to advocate encryption to those I know and hope to influence, they all seem to indicate that they aren't all that concerned about their email. And yet those same people never fail to be annoyed when I walk up to their computer and pretend to read their email in order to prove my point.
Perhaps most people are unaware of how easy their email can be intercepted and read? After all, an email address might appear to be like a telephone number - a direct link to whomever one might wish to contact. And we're comfortable with the phones - after all, wiretaps seem hard (or at least laboureous) to obtain, and we suspect that capacity prevents wiretaps from being universally applied. Not so with email, though - it's child's play to intercept any SMTP communication that passes through your network. And if you happen to be centrally located, in a network topological sense, there's no theoretical limit to the amount of communication you can eavesdrop on.
I must admit that I'm not being entirely altruistic when I advocate encryption - my wish for broad adoption of personal encryption technology is first and foremost self-serving. To tap again into the old PGP readme files; sending mail in "sealed" envelopes is not currently suspicious due to the fact that the practice is so widespread. Untill encryption becomes commonplace it remains far too easy to label it suspicious behaviour.
Here's to hoping that free encryption will carry on where the commercial offerings have failed. Cheers.
*laughs*
Well, yes, it's quite true that PGP had disappointing sales. The company had a nasty tendancy of attempting to bundle about four other products with PGP and *refusing* to negotiate with any company, no matter how large, about perhaps a more reasonable package.
It's funny that I have this exact story from so many different sources that nobody can say I'm compromising internal information. Go ask your friendly IT Purchasing agent about any adventures they had trying to get a site license for PGP. This was mandate from upper management: Either all the stripes make some cash, or none at all.
NAI consistently chose the latter. Now, as for all the conspiracy theories...never attribute to malice...
--Dan
www.doxpara.com