Spy Blog - SpyBlog.org.uk

".gsi.gov.uk" is the Government Secure Intranet (GSI), which was originally subcontracted to Cable & Wireless, and is currently run by Energis.

There are GSI - Internet email and web browsing gateways, with firewalls etc., with email spam and computer virus filtering provided MessageLabs.. There are interconnects with other UK Public sectors networks e.g. the NHS, MOD etc. as well as internal video conferencing, voice over IP etc.

Connection to the GSI is formally accredited by the UK Government's IT security experts at CESG It is rated as being ok to transmit Protectively Marked emails or documents up to the (low) level of Restricted. i.e. Unclassified and Restricted only. Restricted documents are not allowed to be sent via the Internet unencrypted.

There is also a ".GSX.gov.uk" "community" which is mostly non-central Government departments e.g. Local Authorities, the Royal Household, the Probation Service etc, who sometimes, but not routinely, need to send Restricted level documents.

There is also a Government Secure Extranet, for commercial subcontractors and suppliers: "GSE.gov.uk"

However, Number 10 Downing Street, the Cabinet Office etc. tend to use the "x.gsi.gov.uk" sub-domain. This is part of the same system, except that X.GSI employs extra encryption, and audit trail logging, and is rated as being secure to transmit documents classified as Protectively Marked up to the (medium) level of Confidential i.e. Unclassified (or Not Protectively Marked), Restricted, and Confidential, of course only to other X.GSI users. It is not suitable on its own, for transmitting Secret or Top Secret or compartmentalised security data (i.e. restricted to members of a particular project or operation team).

Obviously X.GSI users can send Restricted or Unclassified documents to other GSI users, and Unclassified documents out to Internet email accounts.

We have never seen anybody with both an X.GSI account as well as a lower classification GSI account, since these seem to be allocated on a departmental rather individual basis.

See the Office of Government Commerce Buying Solutions GSi Frequently Asked Questions

As with many of these things, it is a bureaucratic status symbol to show that you are "close to the centre of power" to use an X.GSI email account, rather than a GSI or a GSX one, even if you spend all your time receiving or sending Unclassified emails e.g. a group email account which is meant for general enquiries from the public or for Freedom of Information Act requests, or spin doctors and public relations civil servants sending out Government Press releases and briefings etc.

See the Evidence to the Hutton Inquiry for examples of "x.gsi.gov.uk" email addresses used by No. 10 Downing Street insiders.

There does not appear to be much to prevent No. 10 Downing Street insiders from using an external internet web mail account like Hotmail (they could easily get permission to have the firewall rule filtering changed by the IT support people) or, as Guido Fawkes is now speculating, a private Labour Party email gateway via the GSI internet gateways, but there will be log files of their activities. There is nothing to prevent them from using such systems from home or from other locations, apart from at Number 10 Downing Street.

The speculation in this previous Guido Fawkes thread about the possible use of a Lotus Notes based system may be a reference to the Knowledge Network designed by KPMG., which is used to distribute briefing papers and policy documents etc. This is not technically an "email system", but could be used by criminal conspirators or by people who have convinced themselves that they are doing nothing wrong, to communicate with each other.

It is also possible that there is private internet connectivity via modem or ADSL line or fax line, or via mobile phone data network card, which is air gapped from and completely separate from the internal No. 10 Downing Street computer network infrastructure, which has been used by the apparatchiki to send each other emails or instant messages or SMS text messages etc. Presumably some of the apparatchiki have access to mobile email devices like a BlackBerry, even if it is only so that they can pose in bars, and convince themselves that they are working in the "West Wing" tv series, rather than for NuLabour.

These connections might be technically against the IT security policy rules, and against common sense, but, given the arrogance of those in power, and those hanging around those in power at Number 10 Downing Street, it would not be a surprise if they had chosen to ignore these rules, especially if they were breaking the law anyway.

Given Tony Blair's incompetence with personal computers, it seems unlikely that there will be any "smoking gun" email evidence directly from him, in the loans for honours scandal.