Viewable With ANY Browser

Note: My Web pages are best viewed with style sheets enabled.


A Letter to Symantec

Copyright © 2011 by David E. Ross

Another issue — much more important than the points raised in the following letter — is the lack of access to the source code of PGP. The source code has always been available so that independent inspections can verify the lack of a "back door" or other vulnerability. Without those independent inspections, users should not trust new versions of PGP.

letterhead with my name, E-mail address, city and state

6 February 2011

Enrique Salem, President
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

Mr. Salem:

I have been a user of PGP encryption software since at least 1997, from the time Phil Zimmermann owned and distributed the PGP product. As a non-commercial individual, I have always used PGP freeware versions, sometimes termed "evaluation" or "trial" versions. That use has always been within the constraints imposed by the various software licenses.

Of course, freeware versions of PGP generally have reduced capabilities compared with purchased versions. As an individual using PGP at home, however, the following basic capabilities have always been sufficient for my needs:

My experience with freeware versions of PGP served me well in my long career as a software test engineer. That experience allowed me to use purchased versions of PGP to transfer sensitive, proprietary data securely between unlike hosts across a data line shared with a competing company.

Since Symantec purchased the PGP Corporation, it seems that PGP Desktop (the latest term for the basic PGP product) will no longer be maintained and distributed as freeware for individual, non-commercial use. I reached this conclusion because of these three situations:

I am requesting feedback whether my conclusion is correct, that even very basic PGP products are no longer available as freeware for non-commercial, individual use. If my conclusion is wrong, then I request information on how to obtain the latest basic PGP product without purchase and without the Unsigned Data-Injection Vulnerability.


David E. Ross

Posted to my Web site 14 February 2011

Valid HTML 4.01