SAN MATEO, Calif., May 28, 1997 — Pretty Good Privacy, Inc. (,
the world leader in digital privacy and security software, today announced
that the U.S. Department of Commerce has approved the export of Pretty Good
Privacy’s encryption software to the overseas offices of the largest
companies in the United States. This makes Pretty Good Privacy the only
U.S. company currently authorized to export strong encryption technology
not requiring key recovery to foreign subsidiaries and branches of the
largest American companies (see list of companies below).

The approval allows Pretty Good Privacy to export strong, 128-bit
encryption without a requirement that the exported products contain key
recovery features or other back doors that enable government access to
keys. More than one-half of the Fortune 100 already use PGP domestically
to secure their corporate data and communications.

“Now we are able to export strong encryption technology to the overseas
offices of more than 100 of the largest companies in America, without
compromising the integrity of the product or the strength of the
encryption,” said Phil Dunkelberger, President of Pretty Good Privacy, Inc.
“We worked closely with the State Department when they controlled the
export of encryption, and are now working with the Commerce Department.
And we have never had a license application denied.”

The license allows export of strong encryption technology, without
government access to keys, to the overseas subsidiaries and branch offices
of more than 100 of the largest American companies, provided that the
offices are not located in embargoed countries, namely Cuba, Iran, Iraq,
Libya, North Korea, Sudan or Syria.

“As far as we know, Pretty Good Privacy, Inc. is now the only company that
has U.S. government approval to sell strong encryption to the worldwide
subsidiaries and branch offices of such a large number of U.S.
corporations, without having to compromise on the strength of the
encryption or add schemes designed to provide government access to keys,”
said Robert H. Kohn, vice president and general counsel of Pretty Good
Privacy. “Pretty Good Privacy still opposes export controls on
cryptographic software, but this license is a major step toward meeting the
global security needs of American companies.”

The U.S. government restricts the export of encryption using key lengths in
excess of 40 bits. However, 40-bit cryptography is considered “weak,”
because it can be broken in just a few hours. Generally, the U.S.
government will grant export licenses for up to 56-bit encryption if
companies commit to develop methods for government access to keys. For
anything over 56 bits, actual methods for government access must be in

Pretty Good Privacy’s license permits the export of 128-bit or “strong”
encryption, without any requirement of a key recovery mechanism that
enables government access to the data. A message encrypted with 128-bit
PGP software is 309,485,009,821,341,068,724,781,056 times more difficult to
break than a message encrypted using 40-bit technology. In fact, according
to estimates published by the U.S. government, it would take an estimated
12 million times the age of the universe, on average, to break a single
128-bit message encrypted with PGP.

“Pretty Good Privacy, Inc. has been working diligently to ensure compliance
with the export control laws. Clearly, the Commerce Department recognizes
the needs of reputable American companies to protect their intellectual
property and other sensitive business information using strong
cryptography,” said Roszel C. Thomsen II, partner at the law firm of
Thomsen and Burke LLP.

“User demand for strong cryptography is growing worldwide,” said Marc
Rotenberg, director of Electronic Privacy Information Center, and a leading
privacy-rights advocate. “This is just one more example of the need to
remove obstacles to the export of the best products the U.S. can provide.”

Companies that are approved for the export of Pretty Good Privacy’s strong
encryption should contact Pretty Good Privacy’s sales office at
415.572.0430 or visit the company’s web site at Companies
that are not currently on the list of licenses obtained by Pretty Good
Privacy, but would like to gain approval to use strong encryption in their
branch offices and subsidiaries around the world, should also contact
Pretty Good Privacy at 415.572.0430 for information about how to be
included in future government-approved export licenses for PGP.

About Pretty Good Privacy, Inc.
Pretty Good Privacy (, founded in March 1996, is the leading
provider of digital-privacy products for private communications and the
secure storage of data for businesses and individuals. Pretty Good
Privacy’s original encryption software for email applications (PGP) was
distributed as freeware in 1991 by Phil Zimmermann, Chief Technical Officer
and Founder of Pretty Good Privacy, and allowed individuals, for the first
time, to send information without risk of interception. With millions of
users, it has since become the world leader in email encryption and the de
facto standard for Internet mail encryption. Over one half of the Fortune
100 companies use PGP. In order to provide only the strongest encryption
software, Pretty Good Privacy publishes all of its encryption source code
and algorithms for extensive peer review and public scrutiny. The company
can be reached at 415.572.0430;

# # #


Mike Nelson
Director of Corporate Communications
Pretty Good Privacy, Inc.

David Krane
Niehaus Ryan Group

Companies approved for export of Pretty Good Privacy encryption software
Aetna Life & Casualty (NYSE:AET)
Albertson’s (NYSE:ABS)
Alcoa (NYSE:AA)
AlliedSignal (NYSE:ALD)
Allstate (NYSE:ALL)
American Express (NYSE:AXP)
American Home Products (NYSE: AHP)
American International Group (NYSE:AIG)
American Stores (NYSE:ASC)
Ameritech (NYSE: AIT)
Amoco (NYSE:AN)
Anheuser-Busch (NYSE:BUD)
Archer Daniels Midland (NYSE:ADM)
Atlantic Richfield (NYSE:ARC)
BankAmerica Corp (NYSE:BAC)
Bechtel National, Inc.
Bell Atlantic (NYSE: BEL)
BellSouth (NYSE:BLS)
Boeing (NYSE:BA)
Bristol-Myers Squibb (NYSE:BMY)
Catepillar (NYSE:CAT)
Chemical Banking Corp.
Chevron (NYSE:CHV)
Chrysler (NYSE:C)
Cigna (NYSE:CI)
Citicorp (NYSE:CCI)
Coca-Cola (NYSE:KO)
Columbia/HCA Healthcare (NYSE:COL)
Compaq Computer (NYSE:CPQ)
ConAgra (NYSE:CAG)
Dayton Hudson (NYSE:DH)
Delta Air Lines (NYSE:DAL)
Digital Equipment (NYSE:DEC)
Dow Chemical (NYSE:DOW)
E.I. Du Pont de Nemours (NYSE:DD)
Eastman Kodak (NYSE:EK)
Estee Lauder Companies (NYSE: EL)
Exxon (NYSE:XON)
Fed. Natl. Mortgage Assn (NYSE:FNM)
Federated Department Stores (NYSE:FD)
Fleming (NYSE:FLM)
Ford Motor (NYSE: F)
GE Capital Aviation Services
General Electric (NYSE:GE)
General Motors (NYSE: GM)
Georgia-Pacific (NYSE:GP)
Goldman, Sachs & Co.
Goodyear Tire & Rubber (NYSE: GT)
Hewlett-Packard (NYSE:HWP)
Home Depot (NYSE:HD)
ITT Hartford Group (NYSE:ITT)
International Business Machines (NYSE:IBM)
International Paper (NYSE:IP)
J.C. Penney (NYSE:JCP)
J.P. Morgan & Co. (NYSE:JPM)
Johnson & Johnson (NYSE:JNJ )
Kimberly-Clark (NYSE:KMB)
Kmart (NYSE:KM)
Kroger (NYSE:KR)
Lehman Brothers Holdings (NYSE: LEH)
Lockheed Martin (NYSE:LMT)
Loews (NYSE:LTR)
MCI Communications (NASDAQ:MCIC)
May Department Stores (NYSE:MAY)
McDonnell Douglas (NYSE:MD)
McKesson (NYSE: MCK)
Merck (NYSE:MRK)
Merrill Lynch (NYSE:MER)
Metropolitan Life Insurance
Minnesota Mining & Mfg. (NYSE:MMM)
Mobil (NYSE:MOB)
Morgan, Lewis & Bockius
Motorola (NYSE:MOT)
NationsBank Corp. (NYSE:NB)
New York Life Insurance (NASDAQ: MONY)
PepsiCo (NYSE:PEP)
Philip Morris (NYSE:MO)
Phillips Petroleum (NYSE: P)
Photronics, Inc. (NASDAQ: PLAB)
PriceCostco (NASDAQ: COST)
Proctor & Gamble (NYSE:PG)
Prudential Ins. Co. of America
RJR Nabisco Holdings (NYSE:RN)
Rockwell International (NYSE:ROK)
SBC Communications (NYSE:SBC)
Safeway (NYSE:SWY)
Sara Lee (NYSE:SLE)
Sears Roebuck (NYSE:S)
Sprint (NYSE:FON)
State Farm Group
Supervalu (NYSE:SVU)
Texaco (NYSE:TX)
Texas Instruments (NYSE: TXN)
Travelers Group (NYSE:TRV)
United Parcel Service
United Technologies (NYSE:UTX)
Wal-Mart (NYSE: WMT)
Xerox (NYSE:XRX)