Ex-GCHQ superspook can lobby MoD on crypto
No rules broken
Thales UK, the French-owned defence giant that hired recently-retired GCHQ chief Sir David Pepper as an advisor, is bidding for a massive government cryptography system that GCHQ has been closely involved in designing - including under Pepper.
The firm is leading one of just two industry consortia vying to implement the Ministry of Defence's CIPHER Programme at a price understood to be hundreds of millions of pounds.
Pepper - 12 months ago the UK's most senior electronic spy with direct authority over the technicalities of government information security - will be allowed to lobby for the contract on Thales' behalf immediately. The MoD does not plan to award the deal until early 2011, so the firm's bid will enjoy the benefit of his support, contacts, and recent experience for more than a year.
There is no suggestion that Pepper's intervention would break any rules on former civil servants working in the private sector.
GCHQ has been involved in CIPHER via its Communications-Electronics Security Group (CESG), the government's authority on cryptographic technology. It advises other departments and agencies on information security.
CIPHER has been running commercially since at least January 2008, when the MoD brought in engineering firm Atkins to help manage the programme. At that time, Pepper was in charge of GCHQ, and the strand of CIPHER that CESG is most involved with - creating centralised oversight of cryptography across government to allow "firewalls, cryptographic functions and authentication servers, to be initialised, configured, updated and managed in a trusted, secure way" - had already been in development for years under him.
An MoD spokeswoman said CIPHER was created in 2007 by integrating projects already up and running, so Pepper had ultimate responsibility for the elements of the programme GCHQ was involved in for at least a year. Officials haven't arrived at a final cost estimate for the programme, the MoD spokeswoman added.
The other strands of CIPHER are the MoD Interoperable Electronic Key Distribution Project and the MoD Future Crypto Programme. According to CESG's 2006 annual report, it was already playing an "integral role" in the latter.
Pepper left GCHQ in October 2008 following a three-month handover period working alongside his successor Iain Lobban. The following month Thales Team was selected to bid for the CIPHER contact.
According to civil service rules, senior officials such as Pepper must seek ministerial approval for any commercial appointments for two years after they leave the service. Scrutiny is carried out by the Advisory Committee on Business Appointments (ACBA), a quango appointed by the Prime Minister and physically located in the Cabinet Office.
Pepper's Thales UK appointment was announced last week. The ACBA advice panel, composed of peers and former senior servants, said: "Approved subject to the condition that, for 12 months from his last day of service, he should not become personally involved in lobbying UK government ministers or Crown servants, including special advisers, on behalf of his new employer."
Given Pepper did not take up his advisory role until exactly 12 months had passed since he retired from GCHQ's Concrete Doughnut in Cheltenham, (although according to documents held by Companies House, he set up a consultancy firm to collect fees from such work in February 2009). The condition has no bearing on any lobbying he might do for Thales UK, including on the CIPHER contract.
Sir David Pepper
ACBA exists in part "to avoid the risk that a particular firm might gain an improper advantage over its competitors by employing someone who, in the course of their official duties, has had access to technical or other information which those competitors might legitimately regard as their own trade secrets or to information relating to proposed developments in government policy which may affect that firm or its competitors."
A spokesman for Serco, one of the firms involved in the other consortium competing for CIPHER, declined to comment on Pepper's appointment. Messages left at the Thales UK press office were not returned by time of publication.
Any other commercial relationships between Thales UK and GCHQ, around its core communications spying function, are unknown because the all of the agency's own technology contracts are secret. ®
Sponsored: Network DDoS protection