Feeds

BT cranks VoIP & BlackBerry Enigma machine

UK spooks don't believe the hype

Secure remote control for conventional and virtual desktops

BT is crowing for the second time in two weeks about how its products have been security certified by GCHQ, the government's main listening station.

Snag is, they've been certified for "restricted" communications, which are only slightly more secure - in military terms - than shouting in a crowded pub.

Today's announcement from BT is of a pre-existing hosted and "highly secure" VoIP product developed with Nortel aimed at public and private sector organisations. It's being made available to more customers after successful trials with a single client.

Investigations by GCHQ's "Information Assurance" arm, the Communications Electronics Security Group (CESG) have led to the kit winning approval for Restricted traffic.

The basic UK military "protective marking" scheme for communications runs as follows:

  • Unclassified - information which can be shouted in a pub or put in a press release.
  • Restricted - in theory such info should pass only via internal MoD phone/intranet, and now by BT VoIP and secure BlackBerry too. Any document at all which isn't an actual press release will be Restricted: this is the default marking for ordinary internal material.
  • Confidential - almost any information of interest will be marked at this level or higher: for instance a document giving details of more than one military unit's planned diary for the next year, or internal assessments of terrorist threat levels worldwide. In theory, such info should pass only via specialist secure landline systems or encrypted signals channels. BT's new products don't qualify.
  • Secret - personnel must have been vetted and cleared to have routine sight of Secret-marked information. Sheets of hardcopy with Secret or higher information on them must be accounted for individually, with every photocopy or shredding witnessed and countersigned. Secret manuals or books have their pages checked against the contents at regular intervals to make sure none are missing - a hated task. Often additional caveats will be applied, such as "UK/USA/AUS/CAN/NZ Eyes Only" - eg not to be released to NATO, only to people who will probably keep it secret. Secret marking is arguably massively overused, frequently being applied to military-intelligence assessments culled from media sources. It is the lowest level of marking seen as much different from pub-shouting by many in the military and intelligence communities.
  • Top Secret - much like Secret, but routine access to Top Secret material requires a further and more intrusive level of vetting, covering sexual and financial history in some depth. This is the highest level of non-compartmentalised marking, e.g. where you can often see this material simply because of who you are rather than because you need to see it. Top Secret tends to be the default marking for any information at all emanating from secret-intelligence organisations like SIS/MI6, no matter how rubbish it may be.
  • Codeword - this is sensitive information which might cause major trouble if it got into the wrong hands: for instance the planned route of a submarine sent on a spying mission into foreign territorial waters, or intel which might identify a highly-placed traitor in an overseas government. Usually there will be a specific list of people or offices which can receive information marked with a given codeword, chosen at least theoretically because they need the info in order to do their jobs.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.