Feeds

Ex-GCHQ superspook can lobby MoD on crypto

No rules broken

High performance access to file storage

Thales UK, the French-owned defence giant that hired recently-retired GCHQ chief Sir David Pepper as an advisor, is bidding for a massive government cryptography system that GCHQ has been closely involved in designing - including under Pepper.

The firm is leading one of just two industry consortia vying to implement the Ministry of Defence's CIPHER Programme at a price understood to be hundreds of millions of pounds.

Pepper - 12 months ago the UK's most senior electronic spy with direct authority over the technicalities of government information security - will be allowed to lobby for the contract on Thales' behalf immediately. The MoD does not plan to award the deal until early 2011, so the firm's bid will enjoy the benefit of his support, contacts, and recent experience for more than a year.

There is no suggestion that Pepper's intervention would break any rules on former civil servants working in the private sector.

GCHQ has been involved in CIPHER via its Communications-Electronics Security Group (CESG), the government's authority on cryptographic technology. It advises other departments and agencies on information security.

CIPHER has been running commercially since at least January 2008, when the MoD brought in engineering firm Atkins to help manage the programme. At that time, Pepper was in charge of GCHQ, and the strand of CIPHER that CESG is most involved with - creating centralised oversight of cryptography across government to allow "firewalls, cryptographic functions and authentication servers, to be initialised, configured, updated and managed in a trusted, secure way" - had already been in development for years under him.

An MoD spokeswoman said CIPHER was created in 2007 by integrating projects already up and running, so Pepper had ultimate responsibility for the elements of the programme GCHQ was involved in for at least a year. Officials haven't arrived at a final cost estimate for the programme, the MoD spokeswoman added.

The other strands of CIPHER are the MoD Interoperable Electronic Key Distribution Project and the MoD Future Crypto Programme. According to CESG's 2006 annual report, it was already playing an "integral role" in the latter.

Pepper left GCHQ in October 2008 following a three-month handover period working alongside his successor Iain Lobban. The following month Thales Team was selected to bid for the CIPHER contact.

According to civil service rules, senior officials such as Pepper must seek ministerial approval for any commercial appointments for two years after they leave the service. Scrutiny is carried out by the Advisory Committee on Business Appointments (ACBA), a quango appointed by the Prime Minister and physically located in the Cabinet Office.

Pepper's Thales UK appointment was announced last week. The ACBA advice panel, composed of peers and former senior servants, said: "Approved subject to the condition that, for 12 months from his last day of service, he should not become personally involved in lobbying UK government ministers or Crown servants, including special advisers, on behalf of his new employer."

Given Pepper did not take up his advisory role until exactly 12 months had passed since he retired from GCHQ's Concrete Doughnut in Cheltenham, (although according to documents held by Companies House, he set up a consultancy firm to collect fees from such work in February 2009). The condition has no bearing on any lobbying he might do for Thales UK, including on the CIPHER contract.

Sir David Pepper

ACBA exists in part "to avoid the risk that a particular firm might gain an improper advantage over its competitors by employing someone who, in the course of their official duties, has had access to technical or other information which those competitors might legitimately regard as their own trade secrets or to information relating to proposed developments in government policy which may affect that firm or its competitors."

A spokesman for Serco, one of the firms involved in the other consortium competing for CIPHER, declined to comment on Pepper's appointment. Messages left at the Thales UK press office were not returned by time of publication.

Any other commercial relationships between Thales UK and GCHQ, around its core communications spying function, are unknown because the all of the agency's own technology contracts are secret. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.