PGP and HMG

[Marcus Cole]

> PGP Security last week said it was to supply government
> departments with a 128-bit version of its PGP for HMG
> encryption product.
>
> It said the product would provide encryption technology at the
> approved baseline/ restricted level which would enable
> government bodies and commercial partners to communicate
> securely.
>
> "Any government information that is sensitive is not sent
> electronically, instead it is saved on a disc and physically taken
> to the other department - at the taxpayer's expense," said Mark
> Tucker, sales manager for PGP. The company said version 6.0
> of PGP for HMG will be fully inter-operable with its commercial
> counterpart.

Methinks NAI are (unnecessarily) overselling the product, as the market for
PGP for HMG should be big enough as it stands.

As I understand it, there has never been a problem with moving sensitive
information between government departments using government strength
encryption, so the comment about moving discs is a red herring.

From what CESG have said about the baseline products, the crux of the matter
is to allow the use of commercial software encryption to protect the
official-but-not-hugely-sensitive information when communicating to and from
partner organisations who may not be eligible to receive government strength
encryption.

Marcus