Doesn't really matter
Where's the point of encrypting your correspondence, when they can force you to reveal the key by threat of jailtime?
MPs have been told once again that they can't use PGP to encrypt their email because of supposed compatibility problems between the encryption software and VPN remote access software installed on parliamentary computers. PGP explains that this prohibition by parliamentary technicians stemmed from a snag in using the PGP email …
...assuming that less than 1% of parliamentary representatives are either tortured into releasing their keys or imprisoned becuase they refuse to.
Meantime, just about 100% of people who are represented by these bloody political ignoramii can be assured that their dealings with parliamentiary officials and elected representatives don't end up splattered all over the tabloid scandal press because some snotty little IT tech decided to run a tcpdump on the SMTP feeds passing through a gateway on the way
Care to divulge your deepest secrets Frank? If you're so despondent about any encryption why don't you just post your daily affairs here so everyone can pass comment on them.
Email encryption end-to-end form the masses is LONG overduebut has been available in the form of the OpenPGP standard since 1998 - yet do you see that In MS Windows? Nope. Why?
OK, who installed their "incompatible" system, and who told them it was incompatible?
Would that be one of the Usual Suspects for taking an unending stream of taxpayer millions to deliver dysfunctional systems with high-wall vendor lock-in to the public sector? EDS, Accenture, ....???
As for being incompatible ... was that some support technician on minimum wage told them? Or some pointy-haired contract manager who knows less than the intern about compatibility?
This response and attitude it simply typical of your average IT department. Rather than do something that the customer actually wants or needs they hide behind jargon, obscurity and half truths. Why didn't PICT do an evaluation of the latest version of their VPN software with the latest version of PGP. Probably because they were too f*cking lazy. So they banned the offending software instead. It's about time IT got their house in order and got of their @rses to deliver what their customers actually want and need, not what they can be bothered to support.
As for the MPs, firstly they need to fire the head of PICT, and then lock him up in the Tower. Some of them should also be educated in matters IT / IT Security so that they can hold these people to account.
The NHS was persuaded that PGP or GPG would be bad in some unspecified way, and GCHQ kindly offered a system they had worked out called Red Pike, which they said was ever so very secure.
Ross Anderson and others rechristened it Red Herring, and somehow it never caught on. nor did the NHS get PGP or PKI.
Now the NHS boasts "end to end" encryption on its webmail.
It isn't, since the SSL encryption is from client to central server - one system for the whole NHS - and then from central server to any other client, but this is being simply denied or ignored.
The DoH is well known to be junior to Defence and the Home Office, but the House should not be.
Biting the hand that feeds IT © 1998–2021