Decision

Advice Letter: Gaven Smith, Board Advisor, Interrupt Labs

Published 11 June 2024

1. BUSINESS APPOINTMENT APPLICATION: Gaven Smith CB FReng, former Director General Technology GCHQ - paid appointment with Interrupt Labs. 

Mr Smith sought advice from the Advisory Committee on Business Appointments (the Committee) under the government’s Business Appointments Rules for Former Crown Servants (the Rules) on his proposal to work with Interrupt Labs. 

The purpose of the Rules is to protect the integrity of the government. The Committee has considered the risks associated with the actions and decisions Mr Smith made during his time in office, alongside the information and influence he may offer Interrupt Labs. The material information taken into consideration by the Committee is set out in the annex.

The Committee’s advice is not an endorsement of the appointment - it imposes a number of conditions to mitigate the potential risks to the government associated with the appointment under the Rules.

The Rules[footnote 1] set out that Crown servants must abide by the Committee’s advice. It is an applicant’s personal responsibility to manage the propriety of any appointment. Former Crown servants are expected to uphold the highest standards of propriety and act in accordance with the 7 Principles of Public Life.

2. The Committee’s consideration of the risks presented

Interrupt Labs has a commercial relationship with the National Cyber Security Centre (NCSC)[footnote 2], which is part of Mr Smith’s former department (GCHQ). GCHQ confirmed Mr Smith did not meet with, nor make any decisions specific to the company during his time in service - as this was outside his area of responsibility within the NCSC . As such, the Committee[footnote 3] considered there is no reason it might be perceived this appointment is a reward for decisions made or actions taken in office. 

As Director General Technology, Mr Smith would have had access to a range of particularly sensitive information, including that which relates to technology within the sector Interrupt Labs operates in. However, the Committee noted the information he had access to could be relevant to any number of companies, and the risk is broad, not specific to Interrupt Labs. 

Mr Smith planned with GCHQ to have a break from his time in office before taking up an outside role. He therefore stepped aside from his role as Director General Technology on 3 November 2023 and he has had no access to information since. 

Additionally, Mr Smith will have amassed a wide range of contacts within government and the intelligence community - including in commercial technology, software and AI firms during his time at GCHQ.  As a result, there is a risk he could use his networks to unfairly influence government or to gain business/investment prospects for the company. 

3. The Committee’s advice 

The Committee determined that the risks identified in this application can be appropriately mitigated by the conditions below. These make it clear that Mr Smith cannot make use of information or influence gained from his time in Crown service to the unfair advantage of Interrupt Labs. 

Additionally, alongside the standard conditions preventing Mr Smith from using his contacts within government to unfairly advantage Interrupt Labs, the Committee imposed a restriction on lobbying contacts he made in other governments and organisations outside of GCHQ and the UK government for the purpose of securing business for Interrupt Labs.

Mr Smith has exercised his role as Director General Technology since 3 November; and has been on leave from GCHQ since. This will create a gap of four months between his access to information and his proposed start with Interrupt Labs. In the circumstances of this application, the Committee deemed this an appropriate gap.

The Committee advises, under the government’s Business Appointment Rules, that Mr Smith’s appointment with Interrupt Labs be subject to the following conditions: 

  • he should not draw on (disclose or use for the benefit of himself or the persons or organisations to which this advice refers) any privileged information available to him from his time in Crown service;

  • for two years from his last day in Crown service, he should not become personally involved in lobbying government or any of its arm’s length bodies on behalf of Interrupt Labs (including parent companies, subsidiaries, partners and clients); nor should he make use, directly or indirectly, of his contacts in government and/or Crown service to influence policy, secure business/funding or otherwise unfairly advantage Interrupt Labs (including parent companies, subsidiaries, partners and clients); 

  • for two years from his last day in Crown service, he should not provide advice to Interrupt Labs (including parent companies, subsidiaries, partners and clients) on the terms of, or with regard to the subject matter of, a bid with, or contract relating directly to the work of the UK government and its arm’s length bodies; and

  • for two years since his last day in Crown service, he should not become personally involved in lobbying contacts he developed during his time in office in other governments and external organisations for the purpose of securing business for Interrupt Labs. 

The advice and the conditions under the government’s Business Appointment Rules relate to Mr Smith’s previous role in government only; they are separate from rules administered by other bodies such as the Office of the Registrar of Consultant Lobbyists, the Parliamentary Commissioner for Standards and the Registrar of Lords’ Interests[footnote 4]. It is an applicant’s personal responsibility to understand any other rules and regulations they may be subject to in parallel with this Committee’s advice.

By ‘privileged information’ we mean official information to which a minister or Crown servant has had access as a consequence of his or her office or employment and which has not been made publicly available. Applicants are also reminded that they may be subject to other duties of confidentiality, whether under the Official Secrets Act, the Ministerial Code/Civil Service Code or otherwise.

The Business Appointment Rules explain that the restriction on lobbying means that the former Crown servant/Minister “should not engage in communication with Government (Ministers, civil servants, including special advisers, and other relevant officials/public office holders) – wherever it takes place - with a view to influencing a Government decision, policy or contract award/grant in relation to their own interests or the interests of the organisation by which they are employed, or to whom they are contracted or with which they hold office.”

Mr Smith must inform us as soon as he takes up this work or if it is announced that he will do so. Similarly, he must inform us if he proposes to extend or otherwise change his role with the organisation as depending on the circumstances, it might be necessary for him to seek fresh advice. 

Once this appointment has been publicly announced or taken up, we will publish this letter on the Committee’s website.

4. Annex- material information 

4.1 The role

Mr Smith wishes to take up a paid, part-time role as Board Advisor for Interrupt Labs. Mr Smith stated that he knows how to review and explain strategy at Board level, and has offered to support the CEO in his work with Interrupt Labs’ Board. He confirmed his role will not involve contact with government. 

Interrupt Labs is a vulnerability research (VR)[footnote 5] tech company. Its website states it works across sectors such as telecoms, banking, government and others. It also states that it distils the VR process into three main stages:

  • Reverse Engineering – figuring out how the target works
  • Vulnerability Discovery – seeing if the target can be made to do something it’s not intended to do
  • Exploit Development – turning that knowledge into a reliable proof of concept exploit

Mr Smith wanted to let the Committee know that he has been explicit to prospective employers that he will not engage in any business development with government, or the intelligence agencies; nor will he provide access to his network. 

Mr Smith stated he is an engineer[footnote 6] with a wide range of experience and skills in technology.

4.2 Dealings in office 

Mr Smith informed the Committee that Interrupt Labs has a commercial relationship and is a small supplier with the National Cyber Security Centre - which is a part of his former department, GCHQ. He advised the Committee that he did not meet with Interrupt Labs while in service and was not involved in any decisions relating to Interrupt Labs. 

Mr Smith told the Committee he did not have any involvement in any relevant policy development nor did he have access to sensitive information relevant to Interrupt Labs.

Mr Smith said that as Director General Technology at GCHQ, he was responsible for very little technology policy. That is because policy is either owned by the operational policy team in GCHQ or by other departments in government e.g. DSIT, and ultimately set by the National Technology Council and National Security Council. Mr Smith said his role in office was heavily leadership and delivery focused - being responsible for GCHQ’s technical capability that enables it to deliver its mission and for driving the innovation to meet future technological challenges - rather than policy based.

4.3 Departmental Assessment 

GCHQ confirmed the details in Mr Smith’s application. It stated that Mr Smith has no access to information of commercial sensitivity or that would attract criticism for this role. 

GCHQ confirmed that Interrupt Labs has a contractual relationship with the National Cyber Security Centre (NCSC), which is a part of GCHQ. It stated that its contractual dealings with the company was under £1 million. The department confirmed Mr Smith had no oversight or involvement in this, as it sat with the NCSC. 

GCHQ said Mr Smith has a strong understanding of the vulnerability research field. However, it considered none of this knowledge was commercially sensitive. It did not consider he would offer Interrupt Labs an unfair advantage in this role. 

GCHQ recommended that this application be approved subject to the standard conditions. It saw no risk of improper reward or conduct, unfair competitive advantage, either directly or indirectly.

  1. Which apply by virtue of the Civil Service Management Code, The Code of Conduct for Special Advisers, The King’s Regulations and the Diplomatic Service Code. 

  2. https://www.gchq.gov.uk/section/mission/cyber-security 

  3. This application for advice was considered by Andrew Cumpsty; Isabel Doverty;Hedley Finn OBE; Sarah de Gay; The Rt Hon Baroness Jones of Whitchurch; Dawid Konotey-Ahulu CBE; The Rt Hon Lord Eric Pickles; Michael Prescott; and Mike Weir. 

  4. All Peers and Members of Parliament are prevented from paid lobbying under the House of Commons Code of Conduct and the Code of Conduct for Members of the House of Lords. 

  5. Vulnerability research is the process of researching vulnerabilities to determine if any of them affects an organisation’s systems 

  6. https://raeng.org.uk/about-us/fellowship/new-fellows-2022/gaven-smith-freng