Europe’s affection for open source software, and its suspicion of encryption standards policed by the US’ National Security Agency (NSA), has prompted the German Federal Ministry of Economics and Technology to fund a home grown alternative to the Pretty Good Privacy (PGP) encryption standard. GNU Privacy Guard (GnuPG), the work of German programmer Werner Koch, has become the center piece of a German project to encourage widespread use of encryption, backed by the German Unix User Group (GUUG), and open source software vendors.
Koch’s GnuPG is a full implementation of OpenPGP, the US-originated free security program, which was first released as an open source product last September. However, since its first full release in last September, it has been pounced on by local software companies and user groups, which now want to use it as the basis for a Europe-wide effort to build an encryption culture independent of US export restrictions and government monitoring.
In a statement published to support its role in the foundation of the GnuPG, Munich-based Linux distributor, LinuxLand, said PGP’s technical credentials were not in doubt, but argued that Germany, and the rest of Europe, could not rely on having unconstrained access to the strongest PGP software.
PGP is a product developed and implemented in the US. Because of the strict export restrictions and other US laws, PGP is unsuitable for many areas outside the US. Although the source code to PGP has been published it is not complete and it is unknown whether future versions of PGP will be shipped with access to the source code, the statement said.
LinuxLand also suggested that foreign oversight of PGP might also make it a difficult product to market to wary Europeans. All current versions of PGP support some form of third party access to cryptographic keys. This ‘feature’ has lead to a decrease of faith in the software, LinuxLand claimed.
A more general lack of faith in e-commerce security in general is actually something that LinuxLand and its GnuGP project partners hope to exploit. Now that the group is among the first of what may turn about to be a string of open source initiatives which the German government has signalled its willingness to back, it is gearing itself to make German and European business aware of the need for heightened security as a platform for e-commerce growth, and in particular the desirability of electronic signatures, which GnuGP is designed to enforce.
The group says its aims include the development and distribution of tools to support GnuGP integration with e-commerce systems, and wider policy of publicising the huge economic potential of free open source) software. Certainly the groups founding members have not overlooked the economic potential for themselves of seeding interest in open software in general, and of GnuGP in particular, and all the founders said the expect to build businesses around the support and maintenance of GnuGP-based products and services.
LinuxLand will now join with fellow German open source companies G-N-U Gmbh and Werner Koch Softwaresysteme in a marketing and awareness campaign.
