Feeds

BT cranks VoIP & BlackBerry Enigma machine

UK spooks don't believe the hype

Secure remote control for conventional and virtual desktops

BT is crowing for the second time in two weeks about how its products have been security certified by GCHQ, the government's main listening station.

Snag is, they've been certified for "restricted" communications, which are only slightly more secure - in military terms - than shouting in a crowded pub.

Today's announcement from BT is of a pre-existing hosted and "highly secure" VoIP product developed with Nortel aimed at public and private sector organisations. It's being made available to more customers after successful trials with a single client.

Investigations by GCHQ's "Information Assurance" arm, the Communications Electronics Security Group (CESG) have led to the kit winning approval for Restricted traffic.

The basic UK military "protective marking" scheme for communications runs as follows:

  • Unclassified - information which can be shouted in a pub or put in a press release.
  • Restricted - in theory such info should pass only via internal MoD phone/intranet, and now by BT VoIP and secure BlackBerry too. Any document at all which isn't an actual press release will be Restricted: this is the default marking for ordinary internal material.
  • Confidential - almost any information of interest will be marked at this level or higher: for instance a document giving details of more than one military unit's planned diary for the next year, or internal assessments of terrorist threat levels worldwide. In theory, such info should pass only via specialist secure landline systems or encrypted signals channels. BT's new products don't qualify.
  • Secret - personnel must have been vetted and cleared to have routine sight of Secret-marked information. Sheets of hardcopy with Secret or higher information on them must be accounted for individually, with every photocopy or shredding witnessed and countersigned. Secret manuals or books have their pages checked against the contents at regular intervals to make sure none are missing - a hated task. Often additional caveats will be applied, such as "UK/USA/AUS/CAN/NZ Eyes Only" - eg not to be released to NATO, only to people who will probably keep it secret. Secret marking is arguably massively overused, frequently being applied to military-intelligence assessments culled from media sources. It is the lowest level of marking seen as much different from pub-shouting by many in the military and intelligence communities.
  • Top Secret - much like Secret, but routine access to Top Secret material requires a further and more intrusive level of vetting, covering sexual and financial history in some depth. This is the highest level of non-compartmentalised marking, e.g. where you can often see this material simply because of who you are rather than because you need to see it. Top Secret tends to be the default marking for any information at all emanating from secret-intelligence organisations like SIS/MI6, no matter how rubbish it may be.
  • Codeword - this is sensitive information which might cause major trouble if it got into the wrong hands: for instance the planned route of a submarine sent on a spying mission into foreign territorial waters, or intel which might identify a highly-placed traitor in an overseas government. Usually there will be a specific list of people or offices which can receive information marked with a given codeword, chosen at least theoretically because they need the info in order to do their jobs.

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.