The Government Communications Headquarters (GCHQ), the agency behind the UK's security services, has made history by publishing its first open-source package to GitHub: Gaffer.
Best known for having a hand in shady cryptographic back doors
, spying on Amnesty International
, and stealing SIM card encryption keys
, GCHQ has been on something of a charm offensive of late. The agency has begun a major recruitment drive using on-street graffiti created by power-washing paving slabs through stencils and recently released an app for kids
designed to teach cryptographic concepts using historical ciphers like Enigma and Vigenère. Now, it's going a step further with the release of an internal software package under an open source licence.
Uploaded to the agency's newly-formed GitHub repository
, Gaffer is described as a framework for the storage of large-scale graphs - a tool, in short, which makes it easy to process large databases, such as those created by a government communications spying programme. The group responsible for the code claims that it is suitable for machine learning applications, requires a minimal amount of coding to use, and allows 'quick retrieval of data on nodes of interest
' while also offering multiple security levels for accounts given access to said data.
The package has been made available under the Apache Licence 2.0, making it suitable for reuse, while the agency has stated that it is currently working on an improved version dubbed Gaffer2. Thus far, GCHQ has not indicated whether it plans to release any other internal tools.