Feeds

Ex-GCHQ superspook can lobby MoD on crypto

No rules broken

Secure remote control for conventional and virtual desktops

Thales UK, the French-owned defence giant that hired recently-retired GCHQ chief Sir David Pepper as an advisor, is bidding for a massive government cryptography system that GCHQ has been closely involved in designing - including under Pepper.

The firm is leading one of just two industry consortia vying to implement the Ministry of Defence's CIPHER Programme at a price understood to be hundreds of millions of pounds.

Pepper - 12 months ago the UK's most senior electronic spy with direct authority over the technicalities of government information security - will be allowed to lobby for the contract on Thales' behalf immediately. The MoD does not plan to award the deal until early 2011, so the firm's bid will enjoy the benefit of his support, contacts, and recent experience for more than a year.

There is no suggestion that Pepper's intervention would break any rules on former civil servants working in the private sector.

GCHQ has been involved in CIPHER via its Communications-Electronics Security Group (CESG), the government's authority on cryptographic technology. It advises other departments and agencies on information security.

CIPHER has been running commercially since at least January 2008, when the MoD brought in engineering firm Atkins to help manage the programme. At that time, Pepper was in charge of GCHQ, and the strand of CIPHER that CESG is most involved with - creating centralised oversight of cryptography across government to allow "firewalls, cryptographic functions and authentication servers, to be initialised, configured, updated and managed in a trusted, secure way" - had already been in development for years under him.

An MoD spokeswoman said CIPHER was created in 2007 by integrating projects already up and running, so Pepper had ultimate responsibility for the elements of the programme GCHQ was involved in for at least a year. Officials haven't arrived at a final cost estimate for the programme, the MoD spokeswoman added.

The other strands of CIPHER are the MoD Interoperable Electronic Key Distribution Project and the MoD Future Crypto Programme. According to CESG's 2006 annual report, it was already playing an "integral role" in the latter.

Pepper left GCHQ in October 2008 following a three-month handover period working alongside his successor Iain Lobban. The following month Thales Team was selected to bid for the CIPHER contact.

According to civil service rules, senior officials such as Pepper must seek ministerial approval for any commercial appointments for two years after they leave the service. Scrutiny is carried out by the Advisory Committee on Business Appointments (ACBA), a quango appointed by the Prime Minister and physically located in the Cabinet Office.

Pepper's Thales UK appointment was announced last week. The ACBA advice panel, composed of peers and former senior servants, said: "Approved subject to the condition that, for 12 months from his last day of service, he should not become personally involved in lobbying UK government ministers or Crown servants, including special advisers, on behalf of his new employer."

Given Pepper did not take up his advisory role until exactly 12 months had passed since he retired from GCHQ's Concrete Doughnut in Cheltenham, (although according to documents held by Companies House, he set up a consultancy firm to collect fees from such work in February 2009). The condition has no bearing on any lobbying he might do for Thales UK, including on the CIPHER contract.

Sir David Pepper

ACBA exists in part "to avoid the risk that a particular firm might gain an improper advantage over its competitors by employing someone who, in the course of their official duties, has had access to technical or other information which those competitors might legitimately regard as their own trade secrets or to information relating to proposed developments in government policy which may affect that firm or its competitors."

A spokesman for Serco, one of the firms involved in the other consortium competing for CIPHER, declined to comment on Pepper's appointment. Messages left at the Thales UK press office were not returned by time of publication.

Any other commercial relationships between Thales UK and GCHQ, around its core communications spying function, are unknown because the all of the agency's own technology contracts are secret. ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.