Original URL: https://www.theregister.com/2007/09/26/bt_secure_tin_cups/
BT cranks VoIP & BlackBerry Enigma machine
UK spooks don't believe the hype
Posted in Networks, 26th September 2007 13:22 GMT
BT is crowing for the second time in two weeks about how its products have been security certified by GCHQ, the government's main listening station.
Snag is, they've been certified for "restricted" communications, which are only slightly more secure - in military terms - than shouting in a crowded pub.
Today's announcement from BT is of a pre-existing hosted and "highly secure" VoIP product developed with Nortel aimed at public and private sector organisations. It's being made available to more customers after successful trials with a single client.
Investigations by GCHQ's "Information Assurance" arm, the Communications Electronics Security Group (CESG) have led to the kit winning approval for Restricted traffic.
The basic UK military "protective marking" scheme for communications runs as follows:
- Unclassified - information which can be shouted in a pub or put in a press release.
- Restricted - in theory such info should pass only via internal MoD phone/intranet, and now by BT VoIP and secure BlackBerry too. Any document at all which isn't an actual press release will be Restricted: this is the default marking for ordinary internal material.
- Confidential - almost any information of interest will be marked at this level or higher: for instance a document giving details of more than one military unit's planned diary for the next year, or internal assessments of terrorist threat levels worldwide. In theory, such info should pass only via specialist secure landline systems or encrypted signals channels. BT's new products don't qualify.
- Secret - personnel must have been vetted and cleared to have routine sight of Secret-marked information. Sheets of hardcopy with Secret or higher information on them must be accounted for individually, with every photocopy or shredding witnessed and countersigned. Secret manuals or books have their pages checked against the contents at regular intervals to make sure none are missing - a hated task. Often additional caveats will be applied, such as "UK/USA/AUS/CAN/NZ Eyes Only" - eg not to be released to NATO, only to people who will probably keep it secret. Secret marking is arguably massively overused, frequently being applied to military-intelligence assessments culled from media sources. It is the lowest level of marking seen as much different from pub-shouting by many in the military and intelligence communities.
- Top Secret - much like Secret, but routine access to Top Secret material requires a further and more intrusive level of vetting, covering sexual and financial history in some depth. This is the highest level of non-compartmentalised marking, e.g. where you can often see this material simply because of who you are rather than because you need to see it. Top Secret tends to be the default marking for any information at all emanating from secret-intelligence organisations like SIS/MI6, no matter how rubbish it may be.
- Codeword - this is sensitive information which might cause major trouble if it got into the wrong hands: for instance the planned route of a submarine sent on a spying mission into foreign territorial waters, or intel which might identify a highly-placed traitor in an overseas government. Usually there will be a specific list of people or offices which can receive information marked with a given codeword, chosen at least theoretically because they need the info in order to do their jobs.
We suspect the single Restricted-VoIP customer so far isn't GCHQ, then. We're closer to "protective marketing" territory than protective marking.
A couple of weeks ago BT also made heavy media play around its new BlackBerry Enterprise Server offering for defence types, which is also deemed suitable only for Restricted traffic by CESG. This despite the fact that in commercial terms the device is solidly secure, using encryption validated by the American NSA and allowing admins to remotely shut down or wipe lost handsets.
The Reg spoke to Jon Stoker, director of BT Defence at the DSEi mayhemware expo in London. Stoker felt that the Restricted BlackBerry would still be useful to the Ministry of Defence, despite the low level of information which can be passed on it.
"At the moment you have to be at your desk to handle almost all official information," he said. "The new BlackBerry changes that."
Asked who might use it, he felt that senior managers such as Army colonels in charge of operational regiments might find it useful, as they need to be away from the office a lot.
In fact, the reality of the Ministry of Defence is that frustrated officers with no access to approved channels frequently break security rules and discuss Secret or even Top Secret matters on ordinary cellphones, send such information using unencrypted email, etc.
In an environment like this, the takeup of a device which isn't even rated for Confidential traffic could be limited. Stoker was reluctant to comment on internal MoD security-vs-useability issues - despite an extensive background in Army communications. Nor would he admit to any frustration at the low level of clearance accorded to his product. He said the BlackBerry's rating "could go higher in future," and that even a Restricted clearance for a mobile device indicated "a willingness to move forward" on the part of CESG.
At first, the Restricted BlackBerrys will be used only in the UK. There isn't any plan at present for rugged hardware, which makes a certain amount of sense as soldiers in the field - not to mention sailors in coastal waters - have been known to rely on their personal mobiles when official gear has a bad day. If they can keep an ordinary Nokia and a paper map functional, they'll be able to preserve a regular BlackBerry too.
All in all, it's fair to say that private mobile devices - or ones bought with local budgets - have already penetrated the MoD: but Stoker and BT may have a hard road ahead in persuading the security types to give approval to what's already happened. CESG's reluctance to clear commercial platforms for use may not be unrelated to their GCHQ Sigint parentage. When you know just how easy it is to listen in on mobile comms - even mobile comms that many would consider secure, perhaps - you prefer to put your head in the sand and pretend that nobody on your own side is using them. ®