Back in March I posted about how the Parliamentary IT Network was saying that Pretty Good Privacy encryption, a desktop application, was not compatible with the Parliamentary VPN and so members were advised not to install it and install the recommended software instead.
The IT news website, The Register followed up the story as they too were slightly confused by the response. PGP told them that they couldn't see why their desktop application was incompatible. John Callas, the CTO of PGP left comments, which is common for him to do, on my blog and elsewhere stating,
We look forward to talking to PICT or any other PGP user to resolve any deployment issues and use PGP effectively in their environment. We welcome PICT or anyone else to contact PGP Corporation's technical support directly, or to contact me personally and I will direct the appropriate people to resolve this issue.We look forward to talking to PICT or any other PGP user to resolve any deployment issues and use PGP effectively in their environment. We welcome PICT or anyone else to contact PGP Corporation's technical support directly, or to contact me personally and I will direct the appropriate people to resolve this issue.I remind you of all this because the story has developed some more as Francis Maude has been asking some follow up questions. First he asked whether members could use PGP to encrypt their emails and the PICT said,
PICT's encryption services do not cover Members' emails once they have left the parliamentary network. Members' ability to install their own email encryption software was covered in the answer referred to above.Now I don't get this answer at all. As was said, PGP is a desktop application which you use to encrypt emails that are plain text. once encrypted the email is still plain text but if you open it without decrypting the text first its gibberish. The suggestion here seems to be that you can't send gibberish over the PICT VPN - which to me sounds like errr... gibberish.
Next Francis Maude asked for the technical reason that PGP was not compatible with the PICT VPN. Apparently,
PICT was advised by Pretty Good Privacy Corporation that their product was not compatible with the versions of VPN software in use by Parliament.That's funny, PGP seemed to tell the Register, and their CTO comments seemed to imply, that this was the first they had heard of it. Is someone lying here or has a call centre script-based support monkey told them some rubbish? The plot thickens! Finally, Francis Maude asked the PICT what the technical encryption standard int he software they recommended MPs to use was,
Following industry practice and as a policy PICT does not disclose information about the security products in use within Parliament.OK, I understand why you might say something like, but then again, this is a network that allows anyone to plug remote device in so can MPs really rely on the PICT security policy?