Feeds

Ex-GCHQ superspook can lobby MoD on crypto

No rules broken

Next gen security for virtualised datacentres

Thales UK, the French-owned defence giant that hired recently-retired GCHQ chief Sir David Pepper as an advisor, is bidding for a massive government cryptography system that GCHQ has been closely involved in designing - including under Pepper.

The firm is leading one of just two industry consortia vying to implement the Ministry of Defence's CIPHER Programme at a price understood to be hundreds of millions of pounds.

Pepper - 12 months ago the UK's most senior electronic spy with direct authority over the technicalities of government information security - will be allowed to lobby for the contract on Thales' behalf immediately. The MoD does not plan to award the deal until early 2011, so the firm's bid will enjoy the benefit of his support, contacts, and recent experience for more than a year.

There is no suggestion that Pepper's intervention would break any rules on former civil servants working in the private sector.

GCHQ has been involved in CIPHER via its Communications-Electronics Security Group (CESG), the government's authority on cryptographic technology. It advises other departments and agencies on information security.

CIPHER has been running commercially since at least January 2008, when the MoD brought in engineering firm Atkins to help manage the programme. At that time, Pepper was in charge of GCHQ, and the strand of CIPHER that CESG is most involved with - creating centralised oversight of cryptography across government to allow "firewalls, cryptographic functions and authentication servers, to be initialised, configured, updated and managed in a trusted, secure way" - had already been in development for years under him.

An MoD spokeswoman said CIPHER was created in 2007 by integrating projects already up and running, so Pepper had ultimate responsibility for the elements of the programme GCHQ was involved in for at least a year. Officials haven't arrived at a final cost estimate for the programme, the MoD spokeswoman added.

The other strands of CIPHER are the MoD Interoperable Electronic Key Distribution Project and the MoD Future Crypto Programme. According to CESG's 2006 annual report, it was already playing an "integral role" in the latter.

Pepper left GCHQ in October 2008 following a three-month handover period working alongside his successor Iain Lobban. The following month Thales Team was selected to bid for the CIPHER contact.

According to civil service rules, senior officials such as Pepper must seek ministerial approval for any commercial appointments for two years after they leave the service. Scrutiny is carried out by the Advisory Committee on Business Appointments (ACBA), a quango appointed by the Prime Minister and physically located in the Cabinet Office.

Pepper's Thales UK appointment was announced last week. The ACBA advice panel, composed of peers and former senior servants, said: "Approved subject to the condition that, for 12 months from his last day of service, he should not become personally involved in lobbying UK government ministers or Crown servants, including special advisers, on behalf of his new employer."

Given Pepper did not take up his advisory role until exactly 12 months had passed since he retired from GCHQ's Concrete Doughnut in Cheltenham, (although according to documents held by Companies House, he set up a consultancy firm to collect fees from such work in February 2009). The condition has no bearing on any lobbying he might do for Thales UK, including on the CIPHER contract.

Sir David Pepper

ACBA exists in part "to avoid the risk that a particular firm might gain an improper advantage over its competitors by employing someone who, in the course of their official duties, has had access to technical or other information which those competitors might legitimately regard as their own trade secrets or to information relating to proposed developments in government policy which may affect that firm or its competitors."

A spokesman for Serco, one of the firms involved in the other consortium competing for CIPHER, declined to comment on Pepper's appointment. Messages left at the Thales UK press office were not returned by time of publication.

Any other commercial relationships between Thales UK and GCHQ, around its core communications spying function, are unknown because the all of the agency's own technology contracts are secret. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.