Meet Edward Snowden's Favorite Encryption Programmer

This 53-year-old German encryption coder helped the U.S. whistleblower stay one step ahead of the NSA. Now, he's getting financial support from some big players to expand his work.

Try "password"?
Try "password"?
Hakan Tanriverdi

ERKRATH Everything Werner Koch needs to prevent the U.S. National Security Agency, NSA, from properly doing its job is right here in a 10-square-meter room in a basement in Erkrath, a small town outside of Düsseldorf.

Koch opens his front door and invites us into his home. The first thing we see are children's drawings plastering the wall. Downstairs is his company "headquarters," all 10 square meters of it. It's a one-man show. And yet financially, things are looking good. "There is finally enough money in my account," he says.

Until a few months ago, that wasn't the case. Everything changed when Koch, 53, attended an event held late last year in Hamburg. He was one of over 3,000 people in a conference hall. Two experts on stage explained in detail how the NSA spies on ordinary citizens and which technological obstacles it can avoid while doing so. All of a sudden, the speaker asked: "Is Werner Koch in the audience? Could you please stand up?"

The audience applauded and cheered him as a stood up. The reason? Because there's one program apparently that the NSA can't decipher. And the person responsible for that program, an email encryption system called Gnu Privacy Guard (GnuPG), is Koch.

GnuPG makes ordinary e-mails unintelligible, even to highly trained computer spies, who only see encrypted codes and word sequences. That's precisely why Edward Snowden, the famous NSA whistleblower, used the program to communicate with journalists.

Labor of love

Koch's basement workshop looks more like a hobby room than a company office. Cables dangle every which way. And yet it was here that he wrote a program in 1997 that trumped the NSA's multi-billion-dollar budget. It is a story that any hacker would love. Evidence that power and money are worthless if pitched against truly clever mathematics.

Werner Koch in 2011 — Photo: Ola Waagen

Koch named his company G10-Code. The name is a symbol of his leftist leanings, which also explain why he does what he does. The name was chosen in relation to article 10 of the German Basic Law. This particular article determines the circumstances under which intelligence services are allowed to circumvent the confidentiality of telecommunications law. Koch's current work is in many ways an attempt to safeguard correspondence law by enabling people to communicate freely but digitally.

After the event in Hamburg, Koch spoke to a U.S. journalist and told her he was very close to abandoning the project altogether. There was not enough funding to be had as GnuPG is freeware. Anyone can download it for free and, if they're so inclined, develop it even further. People can even view the program code to check if Koch or his co-writers made any mistakes.

Being free means the software is distributed effectively, which definitely constitutes an advantage. But it also eliminates the incentive to support Koch financially. He was able to drum up some business. On rare occasions, companies hired Koch to fix potential problems. And at one point, the federal government invested 600,000 euros in Koch's invention. But all of that was a long time ago.

Without enough revenue to pay for a staff, Koch worked by himself, earning less than a standard entry-level programmer's salary. At one point he considered throwing in the towel. But Snowden's disclosures, he says, gave him a second wind by showing him how important the program apparently is. "I am glad that it is being put to good use," he says.

A few decades ago Koch worked as an IT expert. He found his experiences of German corporate culture disturbing. "I designed a very complex consultancy program for our accounts department but it was never used," he recalls. "Not because it wasn't good enough, but because it was only designed out of competition with the other departments, for the sake of bragging rights. That was not a satisfying experience." He is far more enthusiastic about his current pursuit: going head-to-head with intelligence services.

If Koch really had given up, it's unlikely GnuPG could have survived. The program he wrote has 300,000 lines of code and needs constant updating and removal of input errors. No one but Koch himself truly knows everything about it.

Koch does have his critics. Some complain that the email encryption process is too complex. Others see GnuPG as outdated. With that kind of feedback in mind, Koch decided to create a crowdfunding initiative. Money has been pouring in. When the aforementioned U.S. journalist published her article about Koch (on the news site Propublica) donors ponied up 100,000 euros — in just a single day. Contributors said they were concerned that such an elementary function was being undertaken by only one person.

Other donors include Facebook and Stripe, which both pledged $50,000 annually. The Linux Foundation has contributed as well ($60,000). "The willingness to donate is quite high but many people were simply not aware of the need," Koch says.

Koch now wants to hire a new developer. He's also given himself a raise: he now earns an entry-level salary.

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!

Paying tribute to the victims of the attack in Kongsberg

Terje Bendiksby/NTB Scanpix/ZUMA
Carl-Johan Karlsson

The bow-and-arrow murder of five people in the small Norwegian city of Kongsberg this week was particularly chilling for the primitive choice of weapon. And police are now saying the attack Wednesday night is likely to be labeled an act of terrorism.

Still, even though the suspect is a Danish-born convert to Islam, police are still determining the motive. Espen Andersen Bråthen, a 37-year-old Danish national, is previously known to the police, both for reports of radicalization, as well as erratic behavior unrelated to religion.

Indeed, it remains unclear whether religious beliefs were behind the killings. In an interview with Swedish daily Dagens Nyheter, police attorney Ann Iren Svane Mathiassens said Bråthen has already confessed to the crimes, giving a detailed account of the events during a three-hour interrogation on Thursday, but motives are yet to be determined.

Investigated as terrorism 

Regardless, the murders are likely to be labeled an act of terror – mainly as the victims appear to have been randomly chosen, and were killed both in public places and inside their homes.

Mathiassens also said Bråthen will undergo a comprehensive forensic psychiatric examination, which is also a central aspect of the ongoing investigation, according to a police press conference on Friday afternoon. Bråthen will be held in custody for at least four weeks, two of which will be in isolation, and will according to a police spokesperson be moved to a psychiatric unit as soon as possible.

Witnesses have since described him as unstable and a loner.

Police received reports last year concerning potential radicalization. In 2017, Bråthen published two videos on Youtube, one in English and one in Norwegian, announcing that he's now a Muslim and describing himself as a "messenger." The year prior, he made several visits to the city's only mosque, where he said he'd received a message from above that he wished to share with the world.

Previous criminal history 

In 2012, he was convicted of aggravated theft and drug offenses, and in May last year, a restraining order was issued after Bråthen entered his parents house with a revolver, threatening to kill his father.

The mosque's chairman Oussama Tlili remembers Bråthen's first visit well, as it's rare to meet Scandinavian converts. Still, he didn't believe there was any danger and saw no reason to notify the police. Tlili's impression was rather that the man was unwell mentally, and needed help.

According to a former neighbor, Bråthen often acted erratically. During the two years she lived in the house next to him — only 50 meters from the grocery store where the attacks began — the man several times barked at her like a dog, threw trash in the streets to then pick it up, and spouted racist comments to her friend. Several other witnesses have since described him as unstable and a loner.

The man used a bow and arrow to carry the attack

Haykon Mosvold Larsen/NTB Scanpix/ZUMA

Police criticized

Norway, with one of the world's lowest crime rates, is still shaken from the attack — and also questioning what allowed the killer to hunt down and kill even after police were on the scene.

The first reports came around 6 p.m. on Wednesday that a man armed with bow and arrow was shooting inside a grocery store. Only minutes after, the police spotted the suspect; he fired several times against the patrol and then disappeared while reinforcements arrived.

The attack has also fueled a long-existing debate over whether Norwegian police should carry firearms

In the more than 30 minutes that followed before the arrest, four women and one man were killed by arrows and two other weapons — though police have yet to disclose the other arms, daily Aftenposten reports. The sleepy city's 27,000 inhabitants are left wondering how the man managed to evade a full 22 police patrols, and why reports of his radicalization weren't taken more seriously.

With five people killed and three more injured, Wednesday's killing spree is the worst attack in Norway since far-right extremist Anders Breivik massacred 77 people on the island of Utøya a decade ago.

Unarmed cops

As questions mount over the police response to the attack, with reports suggesting all five people died after law enforcement made first contact with the suspect, local police have said it's willing to submit the information needed to the Bureau of Investigation to start a probe into their conduct. Police confirmed they had fired warning shots in connection to the arrest which, under Norwegian law, often already provides a basis for an assessment.

Wednesday's bloodbath has also fueled a long-existing debate over whether Norwegian police should carry firearms — the small country being one of only 19 globally where law enforcement officers are typically unarmed, though may have access to guns and rifles in certain circumstances.

Magnus Ranstorp, a terrorism expert and professor at the Swedish Defence University, noted that police in similar neighboring countries like Sweden and Denmark carry firearms. "I struggle to understand why Norwegian police are not armed all the time," Ranstorp told Norwegian daily VG. "The lesson from Utøya is that the police must react quickly and directly respond to a perpetrator during a life-threatening incident."

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!