Dear Sir or Madam,

France Maud MP recently asked a Parliamentary question concerning
the compatibility of the popular PGP email encryption software with
MP's email systems.

See;
http://www.theyworkforyou.com/wrans/?id=...

Please could you tell me;

- What is the technical software specification of the Members'
email client and corresponding server systems ? (ie, vendor,
product, version, configuration, deployment)
- What is the specific technical incompatibility that prevents MP's
using PGP?
- Is the Members email system compatible with the S/MIME encryption
standard? If not, what is the specific technical incompatibility
that prevents MP's using S/MIME?
- I would like to encrypt my communications with my MP. What
methods of email encryption are compatible with Members' email
systems?
- Will the Commons provide a directory of the encryption
certificates used by MPs in order that constituents may freely
encrypt their communications with their elected representatives?

There is good cause for concern about the security of MP's email
communications, and the apparent Home Office disinterest in the
privacy of UK communications.

The Damian Green arrest highlighted the risk to the confidentiality
of stored Parliamentary correspondence, and the BT/Phorm mass
surveillance scandal compromised the private and confidential
communications of hundreds of thousands of BT Internet customers
including MPs.

Yours faithfully,
P John

Dear P John

Thank you for your request for information dated 16th November , received by us on the same day, which is copied below.

We will endeavour to respond to your request promptly but in any case within 20 working days i.e on or before 14th december 2009.

If you have any queries about your request, please use the request number quoted in the subject line of this email.

Yours sincerely

Vanessa Cubillo
Freedom of Information Assistant

show quoted sections

Dear P John,

Thank you for your request for information which is copied below.

I am sorry for but we are not able to complete a response to your request by the intended deadline of 14 December 2009. It is being considered as a matter of priority and will be responded to you as soon as possible.

Details of how to make a complaint about the handling of your request will follow with the response.

Yours sincerely

Katarina Ndrepepaj | Freedom of Information Coordinator
Information Rights and Information Security (IRIS) Service | Department of Resources

show quoted sections

Dear Ms Ndrepepaj,

If I don't receive a response in full in 48 hours I will forward
this request to the Information Commissioners Office.

It is simply not acceptable that you should wait until the
afternoon of the day when this information is due to tell me that
you will treat it as a matter of priority, and give me no
explanation for the delay, or even a date when the information
requested will be supplied.

You are presently breaking the law.

Yours sincerely,

P. John

Dear Information Rights and Information Security (IRIS) Service,

I received a reminder today from WhatDoTheyKnow telling me that
your response is now 'long overdue'.

In the intervening time, I have received a copy of a letter from
the ICO including an instruction to your colleague, Mr. Castle,
that a response is required by 28 January 2010.

If I don't receive the requested information before that date, I
will promptly and immediately petition the ICO for a Decision
Notice.

It remains the case, you are breaking the law.

Speaking of which, Lord West of Spithead was recently quoted in the
House of Lords, claiming that 'people seem to think, goodness me,
that the Government are a dreadful bunch, I can tell you what can
be gained by all sorts of other people by looking at people's
emails is horrifying'.

If Lord West's claim were true, then the people who are looking at
email communications without consent are committing criminal
offences (illegal interception).

If illegal interception is widespread in the UK, and communication
privacy law is not enforced by Home Office Ministers like Lord
West, then MPs and their constituents must be able to encrypt their
communications.

I look forward to your prompt reply.

Yours sincerely,

P. John

Dear P.John,

Thank you for your request for information which is copied below. Our response is attached. I am sorry our response is late, details of how to make a complaint are enclosed with our response.

Yours sincerely

Bob Castle
Head of Information Rights and Information Security

show quoted sections

Dear Mr. Castle,

thank you for your reply.

I'm very familiar with the Data Protection Act. In fact the
Information Commissioner says on their web site;
"Q: What security measures should I have in place to protect
personal information on laptops?
A: Where the information held on a laptop or other portable device
could be used to cause an individual damage or distress, in
particular where it contains financial or medical information, they
should be encrypted... If it is brought to the Commissioner's
attention that laptops that have been lost or stolen have not been
protected with suitable encryption he will consider using his
enforcement powers".

I imagine most MPs would agree, their email comprises information
of the utmost sensitivity. Constituent's health concerns, financial
worries, political fears, crime issues to name but a few.

So, if you are concerned to comply with the Data Protection Act
(and I am pleased to hear you are) and you want to avoid the
Information Commissioner using his enforcement powers, I can
confidently recommend encryption to you and Members.

It is tempting at this point to ask for an internal review.

In particular I asked you 'What methods of encryption are
compatible with Member's email systems?', and you haven't provided
an answer.

But instead... for a change... I think I'll leave the mysteries of
your response for politicians, analysts, and historians to muse
over.

Because, technically, it makes no sense. In terms of the Data
Protection Act, it makes no sense.

I imagine our children will look back at these times and wonder in
disbelief at our democratic institutions.

Yours sincerely,

P. John