(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Muffett versus MI5

2022-01-02 18:37:53+00:00

Note: this was originally posted on my Facebook feed in 2014, but since some of my friends consider the site to be toxic, I am reposting it here. Visitors should also check out Heather’s blogpost which inspired me to dig this out.

So, a long time ago* I used to work for Sun Microsystems; at a specific time I worked for Sun’s “EMEA Professional Services” team where I was “Chief Security Architect” – a fancy way of saying that I designed things, made enterprise-grade pattern decisions, and helped foster/mentor new security geeks throughout Europe, as far afield as Scotland, Italy, Sweden and Israel.

One day a lovely, near-retirement chap – I’ll call him “X” – who was ex-services and head of European corporate security, came to me and said words to the effect:

X: “Alec, there’s some changes in rules about getting [UK] government security clearance and it might be helpful to business to get you cleared. Plus there’s some people at Thames House [NB: MI5, UK Security Service] who say they’d like to talk to you about something?”

Me: “Uuuuuuuhhhh…”

The reason I was hesitant was that quite a lot of my friends of the time had gone off to work for DERA, the “Defence Evaluation & Research Agency” – a civil-service-backed defence contractor. Frankly a lot of them had turned into nervous, neurotic and rather uptight creatures, telling me that they were in it for neither the (poor) salary nor the (dubious) patriotism, but largely because of the quiet, competition-free working conditions and the index-linked civil-service pension which meant they could retire at 50-ish and buy a cottage or travel the world.**

Some of them used to get even more uptight when I referred to them as “Spooks” in public. Can’t think why anyone would take offence at that. Anyway, with this in mind I considered the matter, and asked X:

Me: “Did they say what they want? Can I just send someone?”

X: “No. They just asked for you. By name.”

Me: “Strange. Any hints why?”

X: “No.”

I thought about it a bit more, and decided that I was first and foremost an employee of Sun Microsystems Professional Services and so – being a proud whore – I asked if this was a paid consultancy they were pursuing? Given my role I could be billed to a customer at quite an extortionate rate and this was important to me if only to keep score with my (then) peers:

Me: “Is this a gig?”

X: “Apparently not.”

Me: “Fuck’em.”

X: “I’ll leave the paperwork here just in case you change your mind.”

Over the next few months X returned a few times, always jolly, always the same exchange:

X: “It’s strange, I’ve not seen anything like this before. They keep asking to talk to you by name.”

Me: “If it’s not a gig, fuck’em.”

Towards the end of the summer, months after the first contact, X returned:

X: “I’ve found out what it is; don’t worry, it’s not a problem. Some new junior operations officer at [MI5] found out about your research on password cracking and decided that if they could get you to get a clearance they could then ensure that you run any future publications of Crack and other tools though them for approval, first. They don’t want the Russians to get ahold of it…” – [NB: I am not making this up, X actually said that] – “…and it’s why it had to be you personally, rather than a company thing.” – [NB: Crack was personal open-source, not Sun software] – “He won’t be bothering you again.”

Me: “Fuck that.”

I decided at that time never to open myself up to regulation or censorship by getting a clearance for any employer; over the subsequent 14..15 years I occasionally softened and flirted with the idea of changing jobs, getting a clearance and donning a suit, but between what I’ve observed of how such folk live, what they do, what working conditions they’re faced with, and how they act in public and in private … I now strongly believe that life is a lot more pleasant when you are not encumbered by a security clearance.

So, verb sap, dear friends. Take note if you’re inclined.

Any why do I bring this up now?

In a long-ignored stack I’ve just found the blank Sun forms:

“Discussions on Internet with MoD / Defence sources –

SC occasional access to “secret”

Footnotes

*Fellow Sun geeks, this would have been in the tail-end of the WMP2 days, so that would be what… 1999/2000? Also, if you know who X is, don’t say.

**Unsurprisingly, when DERA was broken up and privatised as Qinetiq & DSTL, and when the pension opportunity vanished, rather a lot of them decided on career-changes. Some emigrated, though not all of that was down to work, for some it was love.

2022 Footnote: X (qv) was the lovely and avuncular Lt. Col Barry Hughes-Jones OBE, RMP.

2022 Postscript: for a little more on how the Government works behind the scenes to mess-up open-source efforts surrounding cryptography, see the YouTube video, attached below, especially re: the guy threatened for writing a USENET archiver which republished everything including crypto code…
[END]

[1] URL: https://alecmuffett.com/article/15680
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.