The UK’s new centre for tackling cybersecurity issues has been opened by the Queen. Officials behind the National Cyber Security Centre (NCSC) say it is going to be more open than its parent organisation, GCHQ.
The NCSC has been said to have an “open approach”. One of its main roles is to collection “national scale data” around cyberattacks and threats so people who don’t have a technical knowledge can understand what problems might arise.
Ian Levy, the technical director of the group has said the group needs to be transparent.
“More importantly, we need to do it transparently,” he said at the end of 2016, according to Diginomica. “Transparency in cyber security is unheard of as far as I can tell. We have never had a national scale data generation defence understanding about what is actually going on.”
The NCSC’s own launch announcement says it will have an “open-door” policy.
However, rather unsurprisingly, the body isn’t subject to the Freedom of Information Act. Having connections to GCHQ has effectively stopped it from being open to the question members of the public have.
“The Freedom of Information Act 2000 (FOIA) allows members of the public to request access to information held by certain public authorities,” the group says on its terms and conditions page. “In legal terms, the NCSC (being a part of GCHQ) is not subject to FOIA, and therefore will not process FOIA requests.”
The way it works, legally, is as follows. Security agencies in the UK – including GCHQ, Mi5, and Mi6 – are not covered by the UK’s Freedom of Information Act. Any requests made to them do not have to be answered.
As well as this, there’s section 23 of the FOI Act. It says information is exempt from disclosure “if it was directly or indirectly supplied to the public authority by, or relates to” the security bodies.
Therefore, information from and about the NCSC is exempt under FOI. So, even if you’re requesting information about the NCSC from the Home Office (or any other body covered by FOI), it isn’t likely to be disclosed.