Wednesday, March 04, 2009

Encryption and Parliament - PGP says "WTF?"?

Following on from yesterday's post about alleged incompatibility with Parliamentary systems and PGP, the good guys at The Register spotted my post and have followed up with PGP.
We asked PGP for comment on the compatibility of its technology with VPN software in general and the parliamentary system in particular. The firm said there's nothing about PGP that ought to preclude its use with VPN software, a different class of security application. It's still looking into the specifics of the interaction between PGP and parliamentary systems.

"VPN Technology is a network transport technology, and PGP desktop is a piece of software that provides an encryption platform application," explained PGP marketing manager Jamie Cowper.

"The only interaction we have with a VPN, is to transport standard TCP/IP communications. As an application, we are not involved with any part of the VPN process (initiation, key exchange, management etc)."

Quite why Parliament's remote access software might be compatible with an alternative encryption package but not PGP - a widely-used package that's been available for over a decade - remains unclear. The more paranoid among you might say that the other (unknown) product might be easier to eavesdrop upon.

You may well think that. We couldn't possibly comment.
I couldn't comment too but I have my tinfoil hat prepared and ready to deploy at a moment's notice.


Richard said...

It's almost unbelievable that some MPs are paying to have their offices swept for bugs yet they don't take basic security steps like encrypting email. Bit like buying a top of the range burglar alarm and not locking your front door.

Anonymous said...

It's as ludicrous as saying a zipped file is incompatible with VPN.
I'm sure they all have the key written on a post-it stuck on the screen anyway.

Anonymous said...

They wouldn't happen to be using an encryption software associated with Micro$oft would they?

Anonymous said...

Having worked in Parliament I can assure you there is nothing to preclude PGP working correctly - in MP's offices, the PCs have very few restrictions in place, and you can pretty much install anything you want. This means you can easily install PGP or crypto-add-in for Outlook or similar... this would certainly work if all MPs collaborated for internal communications, but other than PGP signing, there is not much point in using it for emails with constituents, most of whom will never have heard of it.

I don't think there are dubious reasons why PICT says it's not possible (as some have suggested political intervention) - I just think it is sheer incompetence. It wouldn't surprise me if the person who worded the answer to Francis Maude was someone who wasn't particularly technical-minded.