BT is crowing for the second time in two weeks about how its products have been security certified by GCHQ, the government's main listening station. Snag is, they've been certified for "restricted" communications, which are only slightly more secure - in military terms - than shouting in a crowded pub. Today's announcement …
Back in the 1950s in Washington it used to be said that the security levels were
Secret: Only we and the Russians know it.
Top Secret: Only the Russians know it.
Nothing new here
A good example of a press release actually not being news at all - I work for a defence company, I have a blackberry linked to my Email, and the network has been cleared for UK restricted email traffic for the past 2 years.
A bit sad...
... that BT want to make a song and dance about scoring a rating so low. I'd be gutted.
But hey, maybe THEY want us think that the encryption is rubbish, so we won't use it.
Word to the wise, is all.
This must be the pride before the fall
I seem to remember MS shouting loudly about the US govt. giving windows NT4 some great security rating back in the 90s (just before tinternet took off and it's sift-like protective shield started to leak profusely!)
Not too accurate
The description of protective marking levels and their impact is pretty inaccurate, for example the idea that having a clearance at a level automatically gives you access to any info of that level is just wrong. Its still on a need to know basis, even at restricted. And IT systems are just a bolt-on to all this, they are not the basis for it.
And as a previous poster said, this is hardly news, and not something to be that proud of on BT's part. There have been off-the-shelf certified solutions available means of doing this for a long time.
Not accurate at all...
There are too many ways to count how the article is wrong.
Just for starters,
* The protective marking scheme misdescribed here is promulgated by the Cabinet Office for all of the civil service, not just military use.
* UNCLASSIFIED is not cleared for release so shouting it in the pub is still a security breach.
* RESTRICTED isn't a default marking, but most MOD networks operate as if everything were RESTRICTED; there's a subtle difference.
* You have to be "vetted" (not the right term) for access to any MOD network at RESTRICTED or above.
The proper definitions of protective markings are not widely available, apparently, but do form Appendix A to this document:
ANd what about all the COMMINT and SIGINT levels of security.
e.g A Restricted COMMINT OR SIGINT Signal is generally handled as a normal Secret or Top secret Signal, and securtiy levels all go upwards form there. If you want to know about GCHQ/NSA read a book called The Puzzle Palace. Dont worry, all the information in this post is in the public domain ( I think)...
:o) *sigh* takes me back to the *Cold* war ( and believe me, camped out on the East German border in December is COLD)
missed a few
Above Top Secret. (Omega) This is the classification reserved for information which concerns ongoing intelligence operations. Also used for information relating to reverse engineered alien technology, such as the Rendlesham Forest crash.
Such information is restricted to a handful of GCHQ members, merely acknowledging the existence of said classification is in itself a breach.
Any faulty media (including PC RAM) which may have been used at any time to store this data) is incinerated at a secure location before disposal, and GCHQ has ongoing arrangements with IT vendors to honour warranties on such equipment,
Accidental breaches have occurred, including members of the public taking pictures of experimental aircraft, in most cases they are too blurred and distorted to be useful. However high quality pictures are removed from the Internet where posted, and replaced with blurred copies.
It appears you know too much. High quality tinfoil-hat wearing GHCQ fanboys are also removed from the internet and replaced with Korean gamers. Be aware.