Tuesday, March 03, 2009

Encryption but only on our terms?

Without wanting to sound like a tinfoil hat wearing paranoid loony, I've just stumbled upon a rather good question in Hansard tabled by Francis Maude which has receved a response fromt he House of Commons Commission via Nick Harvey, and I have to say the least both exclaimed "what a load of bollocks" followed by "hmmm that sounds awfully iffy".

Francis Maude asked whether or not MPs are permitted and able to install Pretty Good Privacy encryption on their Parliamentary computers. He was told that yes, they could if they wanted to, hwever if it restrcited suopport access to the machine it would mean no support from the Parliamentary ICT department. The response then said,
PICT has recently completed an evaluation of encryption software and Pretty Good Privacy (PGP) was found to be incompatible with Parliament’s current version of VPN (remote access) software. Therefore, this product is not recommended for users of that service. As part of the evaluation PICT has identified another product that can be deployed to Members’ loaned machines by PICT at no cost to Members. The software can also be acquired by Members at their own cost, if they wish to have it installed on machines that they have purchased through PICT.
So the first point here is that PGP is "incompatible" with the VPN software. This answer caused me to say "bollocks". Whilst I can theorise about possible ways this could be true, it seem highly unlikely and dubious.

What bothered me more though was the second part of the answer which stated there was some other encryptiopn product that MPs could use that is provided by the Parliamentary authorities. Would that be a product that the authorities could easily decrypt perhaps? Note that this is the paranoid moment.

I would hope perhaps that Francis Maude might follow up the question with a supplementary asking the PICT to provide the detailed technical explanation of how the VPN software is incompatible with what is an industry standard system that has been around for absolute years. The answer can always be placed in the Library of the House.


dcw said...

Well, possibly. Or the support mob might be thinking of the optional PGP VPN client rather than the base file/disk encryption stuff.

Oldrightie said...

I would suggest this identifies how deep Labours' control freakery reaches. For Parliamentary Authorities read Snotty's Stazi.

Not a sheep said...

Come on the Parliamentary authorities are hardly going to let the honourable members keep secrets from the Labour government are they. I do like the idea of using privacy software issued by Parliament, sounds both insecure and probably prone to failure.

RobertD said...

Like you I am very suspicious. Given the increasingly heavy handed action of Mr Plod and his mates I would hope that all opposition MP's encrypt their files to the maximum extent permitted by law.

Dizzy perhaps you could run a course to show them how to do it as a public service.

cassander said...

Hahahaha - just look up Clipper chip on Wikipedia or elsewhere, and I think you will see where this is headed...

Jon Callas said...

It is always difficult to do customer support by long distance, and especially difficult when the problem report is coming in through a news story. PGP is established, long-standing technology. We use it with VPNs ourselves, as do millions of customers including a large number in the UK government. We firmly believe that this is an issue that can be solved with a support call or a short support visit.

We are committed to helping all of our customers resolve their configuration issues. We look forward to talking to PICT or any other PGP user to resolve any deployment issues and use PGP effectively in their environment. We welcome PICT or anyone else to contact PGP Corporation's technical support directly, or to contact me personally and I will direct the appropriate people to resolve this issue.


Jon Callas, CTO and CSO, PGP Corporation

Anonymous said...

I fail to understand the problem. PGP is an encryption tool - it essentially scrambles the data part of a message. The transport data is left "in clear".
VPN is a transport mechanism, which is transparent to the data content. To the VPN, data is nothing but a byte stream, between preamble and postamble data.

This smacks of political intervention rather than technical
difficulty. Even more so, if you consider that the Govt has not made any attempt to discuss the problem with PGP.

Dave Howe said...

PGPNet was part of the full suite last time I bought a copy - as was their disk encryption product.

It is also reasonable that the support org won't try to "discuss" issues with 3rd party vendors - you could make a fairly large rod for your own back by doing that, and even a fairly generous admin will only say "prove to me it won't cause us additional support overhead" when discussing non-supported packages being added to supported laptops by non-technical users.

perhaps it could be retabled as "can I use GPG4WIN?" :)