PGP and HMG

Owen Lewis oml at eloka.demon.co.uk
Mon, 7 May 2001 13:37:08 +0100 

-----Original Message-----
From: ukcrypto-admin@chiark.greenend.org.uk
[mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Marcus Cole
Sent: 04 May 2001 20:33
To: ukcrypto@chiark.greenend.org.uk
Subject: RE: PGP and HMG

* PGP Security last week said it was to supply government
> departments with a 128-bit version of its PGP for HMG
> encryption product.
>
> It said the product would provide encryption technology at the
> approved baseline/ restricted level which would enable
> government bodies and commercial partners to communicate
> securely.
>
> "Any government information that is sensitive is not sent
> electronically, instead it is saved on a disc and physically taken
> to the other department - at the taxpayer's expense," said Mark
> Tucker, sales manager for PGP. The company said version 6.0
> of PGP for HMG will be fully inter-operable with its commercial
> counterpart.

Methinks NAI are (unnecessarily) overselling the product, as the market for
PGP for HMG should be big enough as it stands.

As I understand it, there has never been a problem with moving sensitive
information between government departments using government strength
encryption, so the comment about moving discs is a red herring.

From what CESG have said about the baseline products, the crux of the matter
is to allow the use of commercial software encryption to protect the
official-but-not-hugely-sensitive information when communicating to and from
partner organisations who may not be eligible to receive government strength
encryption.
*
* That's about the size of it.
*
* One should not expect to find PGP or any other commercial cryptosystem
used with highly classified traffic. However, such systems are attractive
for processing the mass of information which is
commercially/personally/departmentally sensitive but has little of no
bearing on national security.  Information in this category - indeed the
offices creating and processing it - may have no need of regular access to
govt cipher systems designed for purposes of national security- hence
comments about the physical transportation of sensitive material.
*
* Owen

Marcus