Feeds

Ex-GCHQ superspook can lobby MoD on crypto

No rules broken

Secure remote control for conventional and virtual desktops

Thales UK, the French-owned defence giant that hired recently-retired GCHQ chief Sir David Pepper as an advisor, is bidding for a massive government cryptography system that GCHQ has been closely involved in designing - including under Pepper.

The firm is leading one of just two industry consortia vying to implement the Ministry of Defence's CIPHER Programme at a price understood to be hundreds of millions of pounds.

Pepper - 12 months ago the UK's most senior electronic spy with direct authority over the technicalities of government information security - will be allowed to lobby for the contract on Thales' behalf immediately. The MoD does not plan to award the deal until early 2011, so the firm's bid will enjoy the benefit of his support, contacts, and recent experience for more than a year.

There is no suggestion that Pepper's intervention would break any rules on former civil servants working in the private sector.

GCHQ has been involved in CIPHER via its Communications-Electronics Security Group (CESG), the government's authority on cryptographic technology. It advises other departments and agencies on information security.

CIPHER has been running commercially since at least January 2008, when the MoD brought in engineering firm Atkins to help manage the programme. At that time, Pepper was in charge of GCHQ, and the strand of CIPHER that CESG is most involved with - creating centralised oversight of cryptography across government to allow "firewalls, cryptographic functions and authentication servers, to be initialised, configured, updated and managed in a trusted, secure way" - had already been in development for years under him.

An MoD spokeswoman said CIPHER was created in 2007 by integrating projects already up and running, so Pepper had ultimate responsibility for the elements of the programme GCHQ was involved in for at least a year. Officials haven't arrived at a final cost estimate for the programme, the MoD spokeswoman added.

The other strands of CIPHER are the MoD Interoperable Electronic Key Distribution Project and the MoD Future Crypto Programme. According to CESG's 2006 annual report, it was already playing an "integral role" in the latter.

Pepper left GCHQ in October 2008 following a three-month handover period working alongside his successor Iain Lobban. The following month Thales Team was selected to bid for the CIPHER contact.

According to civil service rules, senior officials such as Pepper must seek ministerial approval for any commercial appointments for two years after they leave the service. Scrutiny is carried out by the Advisory Committee on Business Appointments (ACBA), a quango appointed by the Prime Minister and physically located in the Cabinet Office.

Pepper's Thales UK appointment was announced last week. The ACBA advice panel, composed of peers and former senior servants, said: "Approved subject to the condition that, for 12 months from his last day of service, he should not become personally involved in lobbying UK government ministers or Crown servants, including special advisers, on behalf of his new employer."

Given Pepper did not take up his advisory role until exactly 12 months had passed since he retired from GCHQ's Concrete Doughnut in Cheltenham, (although according to documents held by Companies House, he set up a consultancy firm to collect fees from such work in February 2009). The condition has no bearing on any lobbying he might do for Thales UK, including on the CIPHER contract.

Sir David Pepper

ACBA exists in part "to avoid the risk that a particular firm might gain an improper advantage over its competitors by employing someone who, in the course of their official duties, has had access to technical or other information which those competitors might legitimately regard as their own trade secrets or to information relating to proposed developments in government policy which may affect that firm or its competitors."

A spokesman for Serco, one of the firms involved in the other consortium competing for CIPHER, declined to comment on Pepper's appointment. Messages left at the Thales UK press office were not returned by time of publication.

Any other commercial relationships between Thales UK and GCHQ, around its core communications spying function, are unknown because the all of the agency's own technology contracts are secret. ®

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.