The NSA Wants Its Own Smartphone

Art Vanderlay writes "Troy Lange might work for one of the more secretive spy agencies in the United States, but he is happy to talk about his work. He is the NSA's mobility mission manager and he has been tasked with creating a smartphone that is secure enough to allow government personnel who deal with highly sensitive information to take their work on the road. At present, the U.S. Government has secure cellphones; they use the government's Secret Internet Protocol Router Network. The problem is that they can only communicate with other devices that are plugged into the network and their use is restricted to top-secret level communications. Lange wants a smartphone that is inter-operable and presumably trusted to deal with even more sensitive information. Lange said that he wanted to see his secure smartphone reach beyond the NSA – ultimately to reach every 'every employee in the Defense Department, intelligence community, and across government.'"

Good enough for them, but not for us huh?

[elrous0]

Oh, so your boys get the privacy protections that you've spent the last 10 years undermining [eff.org] for all the rest of us plebs, huh? I tell you what, I'll be cool with your special phones if, in exchange, the President and NSA Director will issue a public directive to all NSA employees reaffirming the pre-911 NSA policy of not to spying on the phone calls or emails of any American citizen without a court order. You know that policy, right? It's the one we put into law [wikipedia.org] in 1978--the law that you ignored just because the President said so [nytimes.com].

I'll hold my breath.

Re:

[Securityemo]

Who's saying that the employees conversations on these phones won't be tracked?

Re:Good enough for them, but not for us huh?

[FatLittleMonkey]

Who's saying that the employees conversations on these phones won't be tracked?

Yeah, but securely tracked.

Re:

[Anthony Mouse]

Yeah, the NSA has a different security model than Apple.

For one thing, if the thing is really secure, it shouldn't matter that nefarious people get access to one -- that is one of the main things you need it to be secure against.

Of course, the way you do this is pretty obvious. You put plenty of memory in it but only read-only permanent storage which holds the OS and the device's unique private key, and store all other data "in the cloud" (i.e. on the NSA's secure server). You put a hardware AES engine on t

Re:

[Anthony Mouse]

Scenario: Your operative is in an unsecured location preparing for a mission. There is no SCIF in his vicinity. You learn new information which is relevant and must be communicated to him immediately.

It seems obvious that having a communications device which is as secure as practicable under those conditions is preferable to e.g. sending a completely unencrypted text message to his COTS cell phone.

Re:

[icebike]

No amount of encryption will change this. No amount of apps will change this. An text message isn't secure because it has to be typed. So the emission is the keystrokes themselves and that will be intercepted. And in the case of the display, the light, radiation and flow of electricity will be detected and the information reconstructed based on that.

Someone has been watching too many spy movies.

Look, this isn't about deep cover missions inside Iran or China.
(Where merely having a cell phone of unusual manufacture puts you under suspicious).

Its about use in casual every day situations in urban areas where cell phones are common, and you can speak and listen to a conversation without attracting a great deal of suspicion. A street in New York, A bar in Paris, a market in Algeria. 200 people in the same cell triangle on the phone at the same time.

Almost

Re:

[Smallpond]

You are talking about the Tempest [wikipedia.org] standards which have been around since before 1980 (not sure how long before - it's existence was classified then).

Re:

[Jeffrey_Walsh VA]

I agree it would be better if "policy" was for them to not spy on us, but I don't believe that ever stopped them. It just limited what they could do with the information.

Re:

[Ouchie]

The NSA/DOD listening is not as simple as you think. It isn't a bunch of analysts sitting around listening to everyone's phone calls to Pakistan. Computers listen passively to international phone calls looking for keywords and codewords. They score hits based on these usages and push it up for further analysis such as voice identification and stress pattern analysis.

The analysis is multi-level relying on computers for the first few levels until the computer ranks you high enough to warrant an analyst atte

Re:

[Plunky]

Computers listen passively to international phone calls looking for keywords and codewords. They score hits based on these usages and push it up for further analysis such as voice identification and stress pattern analysis

This is myth, not fact.

I believe the GP, since there was even a proof of concept [softpedia.com] trojan for Android that would listen to your calls and detect you speaking credit card information..

Thats why I always wear a tinfoil hat

Re:Good enough for them, but not for us huh?

[bsDaemon]

I would be willing to bet that the people who will have this phone issued to them will have even less personal privacy on the device than normal cell phone users. After all, what good is securing the device from evesdropping by foreign intelligence if you can't catch people who are spying from the inside? State security and personal privacy aren't the same thing, not that the difference justifies fucking us, as citizens, over in the name of stopping turrerism.

Re:

[kevinNCSU]

What are you rambling on about? You can 100% guarantee that a phone given to you by the NSA capable of accessing classified information is going to be heavily and regularly monitored by the government without court orders required. There would be 0% expectation of privacy with such a phone.

Re:

[nabsltd]

What are you rambling on about? You can 100% guarantee that a phone given to you by the NSA capable of accessing classified information is going to be heavily and regularly monitored by the government without court orders required. There would be 0% expectation of privacy with such a phone.

Except for the fact that there won't be many people who are cleared to hear all the secure phones, so the personnel required might make monitoring impossible, and for phones held by people with exceptionally high clearance, it's possible that nobody but the phone holder would be cleared for everything he might talk about.

Add to that the fact that many truly "this didn't happen" operations need guarantees that nobody else knows means that routine monitoring of these sorts of phones is probably unlikely.

Re:

[muckracer]

> There would be 0% expectation of privacy with such a phone.

As opposed to....?

Re:

[erroneus]

The thing is, they KNOW how bad it is with governments forcing businesses to share information with them. This is true for seemingly all governments and all businesses. But because that sword cuts both ways, they have essentially created a situation where the technologies and devices are no long trustworthy. So now, they have to create their OWN stuff and not depend so much on contractors (read: cronies).

I can't say I didn't see this coming, but I can say I'm surprised it has taken them this long to real

mmm fat consulting $$$$ (that's four dollar signs)

[Thud457]

The Android equivalent of SELinux and properly locked down phones?

Re:

[LucidBeast]

And made in china components...

For what it's worth, the NSA DOES own its own fab

[jpstanle]

They certainly don't have the capacity to mass produce a smartphone, but they make plenty of silicon in-house [theregister.co.uk]

Not China, and it will cost

[DragonHawk]

The current STE (Secure Terminal Equipment, the rename of the STU (Secure Telephone Unit) series) costs around $3500 for the basic model. The technology in it is rather inferior my contemporary geek standards. One of the big reasons it costs so much is all the critical technology is sourced within the US from trusted sources. (Well, that's the theory, anyway.)

The NSA goes to considerable lengths and expense to protect their supply chain. (It's easy to spare no expense when you're spending others' money.

Re:

[malevolentjelly]

An Android-based phone? You really don't know much about how this security stuff works, do you?

If a phone that needs to pass any level of non-casual security certifications is to be linux-based, it's going to imprisoned behind an extremely restrictive hypervisor. If the only thing separating the interface from the hardware is linux, it will never pass the requisite security certifications. No device like that has and none ever will lest Linux cease being Linux.

Re:

[gorzek]

Indeed. This has "multi-billion-dollar boondoggle" written all over it.

Re:

[GameboyRMH]

Encrypted partitions + well-secured lock screen with anti-bruteforce + case intrusion detection systems (to prevent cold boot attack) + self-destruct systems (remote wipe + dead man's switch) = really fucking good security.

Re:

[bberens]

Good luck with that. Let me design and build your CPU, I appreciate you wasting battery/cpu by encrypting all your data... it stops my customers from getting your data from anyone but me.

Re:

[GameboyRMH]

You realize that many off-the-shelf phones you can buy right now support and commonly use full-"disk" encryption? WP7 forces it on microSD storage.

Re:

[GameboyRMH]

Then use an on-screen keyboard with a randomized layout for password entry. Assuming a layer of rubber padding behind the keyboard circuit isn't good enough.

Re:

[GameboyRMH]

Do you think the US and Canadian governments, at the very least, can't get access to any data that passes through RIM's servers not using a custom user-generated key?

Re:

[icebraining]

What for? Blackberry devices, at least those not using a private BES, use the same key for every device. You don't need a back door, just sniff it the message and decrypt it with the key present in any phone.

PIN-to-PIN transmission security: PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic âoekeyâ that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the âoeBlackBerry Solution Security Technical Overviewâ [1] document published by RIM specifically advises users to âoeconsider PIN messages as scrambled, not encryptedâ.

http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57b-eng.html [cse-cst.gc.ca]

I thought they had end-to-end encryption, PGP-like. But no, they're less secure than sending an email to a GMail account (at least they use TLS). What a joke

There already is one, the sectera

[Anonymous Coward]

It's from General Dynamics:

http://www.gdc4s.com/content/detail.cfm?item=32640fd9-0213-4330-a742-55106fbaff32 [gdc4s.com]

Blackberry is very good, it currently holds many certifications (but not top secret):

http://us.blackberry.com/ataglance/security/certifications.jsp [blackberry.com]

Fundamentally, there is a problem with mobile access for top secret communications - you don't know who is looking over the shoulder of the authorized user. Or if someone is pointing a gun at the head of an authorized user. These problems are reduced when you make the user come in to the office.

Re:

[markbark]

SME-PED will bring SIPRNet to your hip, but the thing's a brick (35 mm thick and weighs half a kilo!) ....and don't get me started on the two hour battery life.

Re:

[GameboyRMH]

Well since feds were never big on fashion I don't think they'll care about the size or weight. The battery life's obviously a problem, and the other problem I see is that you apparently have to choose whether you want a cell modem or a wifi adapter installed, but that's not even a huge problem.

So is that 2 hours of active use or 2 hours of standby? Even my N900 will get 3-4 hours of active use if I really abuse it (say, playing a movie with a non-GPU-accelerated codec). I'd say an N900 has about the minimum

Re:

[markbark]

That's two hours active use. But when you're going secure in the field it's because the shit has hit the fan and you need to weigh getting the mission done vs. possible leaks. Dunno why these things eat batteries. Maybe the crypto ASICs are particularly hungry?

Re:

[Securityemo]

Maybe you could program a stealthy mechanism to have the phone send a "help, my user is having a gun to his head" message, like entering and leaving a set of menus in a certain order?

More likely it'l be forgotten or stolen, ovbiously, but if it contains no information but a password-encrypted VPN or authentication key by itself and the password is of proper length it should be practically safe anyway? And the data it has access to is presumably really, really limited and segregated?

Re:

[markbark]

Well... the forgotten or stolen problem is solved by the fact that you can do a remote wipe with a few keystrokes at the admin console.

Re:

[Securityemo]

Exactly my point; as long as you can delay cracking the password on the auth key to well beyond the time required to remove access privileges from the key the system should be safe in a practical sense. A remote wipe wouldn't be neccessary since it would be obviously unsafe for the phone to store or cache information - you could defeat remote wipe by putting the phone in a signal-proof container and taking it somewhere safe to view the data on it.

Re:

[Securityemo]

Okay, actually reading the feature list of the sectera it looks like it manages stuff that's not "secret" as well, like mailing lists and contacts and such and that's stored with "type 1 encryption" which wikipedia defines as being the designation for protection of "classified" data.

Re:

[RobertLTux]

and if signal blocking is that much of a problem you have a Auto-Redaction Circuit with its own battery that redacts the phone (thermite charge or similar)) if it loses signal for more than 5 minutes and is not tethered to an authorized repair terminal.

Re:

[GameboyRMH]

The bad guys (or should I say other guys? ;) ) have Faraday bags for that. You need some kind of dead man's switch. Don't enter a password every 12 hours and it wipes itself and then maybe overvolts itself. Have a special "coercion password" that will self-re-image the phone and then unlock it, giving the bad guys a working but useless phone.

Re:

[Securityemo]

I know of TEMPEST and such, and the wikipedia article [wikipedia.org] lists some designations used by NATO and the US; it seems like they thought of the problem. I always thought that the only practical attack like that was being able to roughly read the images off of monochrome screens from a distance?

Re:

[GameboyRMH]

Huh didn't know Truecrypt had that feature, interesting...

Re:

[fluffy99]

The Sectera is the one mentioned, that uses VOIP over SIPR. It's still quite large, poor battery life, and you have to treat the unit as classified at all times. The Blackberry is not authorized for classified at all, just sensitive but unclass.

What they really want is the cell phone equivalent of the STU/STE deskphones with the size and battery life of a current modern cell phone.

Re:

[MobileTatsu-NJG]

General Dynamics? With Fargo in charge at least we know that the top minds are on the case.

Re:

[Shompol]

President Obama... if he wants to do secret government business he'll need one of two Windows CE smartphones [pcmag.com]

Because Windows CE is the most secure Windows CE on the planet! No so much when compared to other platforms, but hey, it's the Government so it has to come from Microsoft!

Re:

[GameboyRMH]

Why not just let the NSA create a certification standard and let commercial phones design for that standard?

Because that's little more than a gentleman's agreement. Oh Foxconn promises they won't let the Chinese government put any firmware backdoors in the NSAphone, pinky promise!

Secure right up until...

[shoppa]

And the information will remain highly secure - right up until someone takes a non-secure camera and points it at the secure smartphone so they can get their job done.

Re:

[GameboyRMH]

I think the use of a privacy screen-type coating on the phone would be a given...

That makes no sense

[js3]

wouldn't the value of security be gone if it is allowed to communicate with other phones? Don't these people learn anything?

Re:

[EdZ]

Yeah, I'm wondering how adding a few hundred thousand links between the public network and SIPRnet is meant to be a good idea..

Re:

[mlts]

The ARM platform supports protections on the instruction level between subsets or "worlds". This was originally meant for DRM, but I'm sure a well written hypervisor can use this to keep work and home content separated, even if one VM got compromised somehow.

meanwhile... somewhere in a bar in California

[Anonymous Coward]

hey look! someone left their phone.

Re:

[Thud457]

Obviously these would be hard-paired to the person's bio-chip so the phone would notify them if they moved too far out of range. sheeesh!

contradiction per se

[kubitus]

on the one hand they want to spy on each and everything

on the other hand they want to keep their turf secret

Does one have to be schizophrenic to work there?

if not mandatory, it sure would help!

Re:contradiction per se

[kevinNCSU]

I don't think there's anything inherently contradictory about wanting to keep the enemy's knowledge of you to a minimum while maximizing your knowledge of the enemy. Both stem from the idea that knowledge/information is power, and in the information battle, just like the physical battle, you're not interested in a level playing field.

Re:

[kubitus]

the contradiction lies in :

.

on one side developing secure technology

and on the other hand you want to eavesdrop

.

you ain't need to explain that the NSA wants to eat the cake and keep it too!

and I'll bet that the ideas, if not the whole technology will land in the hands of those the NSA wants to spy on.

Re:

[kevinNCSU]

Are you saying ordinary Americans are trying to break encryption on NSA smart phones in order to intercept their communiques? Neither my post nor GP's mention ordinary Americans btw.

Re:

[tqk]

I don't think there's anything inherently contradictory about wanting to keep the enemy's knowledge of you to a minimum while maximizing your knowledge of the enemy.

So, ordinary Americans are 'the enemy,' at least in the eyes of our own government?

Nah, that's overstating it. Instead, think of your least appreciated manager, the idiot who was always sticking his nose into your business when least wanted, the guy who never should have had the job (due to absence of skills) and never would understand what you were being paid to do for the employer. That's the "ordinary American" you're talking about. "Gahddamned Constitution, rasafrackin', jiggafriggen, ... kroshnit!"

I agree with the poster above: Nokia N900. Lange is re-inventing the wheel.

Re:

[GameboyRMH]

Ignoring the fact that the N900 is out of production and assuming the NSA would make their own software to allow for full-disk encryption etc, the N900 has no case intrusion detection and would be susceptible to a cold boot attack, which is a real possibility considering the resources that will be available to those who would like to break into this phone.

Re:

[tqk]

Ignoring the fact that the N900 is out of production ...

Easily fixed.

... and assuming the NSA would make their own software to allow for full-disk encryption ...

Linux distros routinely offer full disk encryption installs. You want better crypto than Linux offers? There's the source.

... the N900 has no case intrusion detection and would be susceptible to a cold boot attack ...

Oh, come on. Physical access has always meant vulnerable. Nothing new there. So don't store info locally if it's that important. It's a networked cell-phone, FFS!

Pedestrians.

Re:

[BJ_Covert_Action]

So, ordinary Americans are 'the enemy,' at least in the eyes of our own government?

I figure there are probably some folk in agencies like the NSA that have a skewed enough world view that they figure most people are criminals and, therefore, most Americans are, indeed, the enemy. That may not be the common mindest, but, yet, some folks in the NSA probably do see Americans as the enemy.

Re:

[petermgreen]

It's a simple rule of intelligence, the more people know something and the less well vetted those people are the greater the chance that one of those people is working for either a current enemy or at least a potential future enemy.

Re:

[denis-The-menace]

schizophrenic ? No.

Hypocrite? YES

Re:

[Bob9113]

on the one hand they want to spy on each and everything
on the other hand they want to keep their turf secret

Does one have to be schizophrenic to work there?

I believe a more apt term would be megalomaniacal; believing oneself to have absolute moral superiority -- in this case, over a craven race of incipient terrorists, pedophiles, and copyright infringers.

I object to that remark!

[DragonHawk]

I believe a more apt term would be megalomaniacal; believing oneself to have absolute moral superiority -- in this case, over a craven race of incipient terrorists, pedophiles, and copyright infringers.

Hey now! Do you have any evidence at all that any copyright infringement is going on?

It isn't hidden in a shoe but

[sgt scrub]

This should be perfect [diervek.com]

yeah, because...

[FudRucker]

AT&T and the mass media propaganda machine spys on everyone's cellphones as it is now, (kind of makes that cell blocked 800MHz scanner thing a red herring)

Secure spying

[vvaduva]

There has to be a way for the Patriot Act spying to go mobile...you can't just have people spying on Americans from a cubicle somewhere when they can do it from the privacy of their own government-owned car...

Wow...

[Anonymous Coward]

what a load of crap. There are no TS data of any kind on or connected to SIPR. The current slate of smart phones that can carry classified comms do NOT connect to SIPR (they are point to point only and use PKI or Shared Secret keys to stand up a P2P secure channel). This article is regarding the Fort's effort to come up with a TS SMEPED as they're known.

Gah

[lightknight]

*facepalms*

How can they ask for something like this after doing everything in their power to ensure something like this can't be created?

Well, sure Mr. NSA, we can cobble together a secure phone for you...we'll just throw in an encryption / decryption chip and a process that prompts for a password every 5 minutes. And your agents will hate it, it will become compromised (journalists are so irresponsible), and it will become a waste of tax-payer money.

Did I mention it won't be secure? But don't worry; someone will tell you it can be done, and you'll pay them a lot of money, only to realize they lied.

Re:

[dkleinsc]

How can they ask for something like this after doing everything in their power to ensure something like this can't be created?

This all makes perfect sense when you consider what the NSA's desired state of affairs is:
* The NSA, and only the NSA, are technically capable of spying on everybody and anybody at the drop of a hat.
* Nobody can spy on US government officials, and especially nobody can spy on the NSA.

It's worth pointing out that both of these activities are very much within the stated mission of the NSA.

Confirmation bias + Dunning–Kruger effect

[luis_a_espinal]

*facepalms*

How can they ask for something like this after doing everything in their power to ensure something like this can't be created?.

Uh, there is nothing preventing a US citizen or legal resident from creating a device that can handle information at different security levels, even TS. You are prevented (and rightly so) from having one already created *for them*, or to create a device that circumvent *their* information handling. But there is nothing that prevents you from creating one from scratch, even a more powerful (though it would be unlikely that you can market one of such from-scratch devices to them after building it outside of t

Re:

[aaaaaaargh!]

Uh, there is nothing preventing a US citizen or legal resident from creating a device that can handle information at different security levels, even TS.

I wouldn't be so sure about that. Officially, yes, you may by now create a phone that does secure voice encryption without any backdoor or key escrow. Some data-channel apps out there claim to do that. But if you implement such an app on your own, I wouldn't be surprised if somebody had a long talk with you...

Don't forget that there is the PATRIOT act -- as long as it is in place no US-made encryption device can be considered secure.

Re:

[luis_a_espinal]

Uh, there is nothing preventing a US citizen or legal resident from creating a device that can handle information at different security levels, even TS.

I wouldn't be so sure about that. Officially, yes, you may by now create a phone that does secure voice encryption without any backdoor or key escrow. Some data-channel apps out there claim to do that. But if you implement such an app on your own, I wouldn't be surprised if somebody had a long talk with you...

Don't forget that there is the PATRIOT act -- as long as it is in place no US-made encryption device can be considered secure.

Can you quote the precise piece of the PATRIOT act that deals specifically with this, and that will get the MiB to show to my house if I'm building such a device? I'm not a fan of the act, but I think you are attributing an interpretation to it that simply does not follow even in the paranoid sense.

Re:

[aaaaaaargh!]

Can you quote the precise piece of the PATRIOT act that deals specifically with this, and that will get the MiB to show to my house if I'm building such a device? I'm not a fan of the act, but I think you are attributing an interpretation to it that simply does not follow even in the paranoid sense.

*Specific* passages? -- Have you *ever* read any law? There are barely ever any *specific* passages in laws...

Anyway, Patriot Act Title II, sections 201, 202, 204, 209, 210, 211 are the relevant passages.

I'm not saying that the issue is crystal-clear or that the "MiB" could use the PATRIOT act to *rightfully and constitutionally* force you to implement a backdoor. I've just said that someone might have a long talk with you as the implementor of a voice encryption device, not that the threats you will hear i

Re:

[luis_a_espinal]

Can you quote the precise piece of the PATRIOT act that deals specifically with this, and that will get the MiB to show to my house if I'm building such a device? I'm not a fan of the act, but I think you are attributing an interpretation to it that simply does not follow even in the paranoid sense.

*Specific* passages? -- Have you *ever* read any law? There are barely ever any *specific* passages in laws...

Anyway, Patriot Act Title II, sections 201, 202, 204, 209, 210, 211 are the relevant passages.

Section 201 deals with the government powers for intercepting communication related to terrorism. Section 202 deals with similar powers but in the context of computer fraud. How do section 201 and 202 that prevent me from building a TS-capable communication device? How are these two sections relevant to the discussion at hand?

Section 204 deals with limitations on communication interceptions (including electronic communication) by a party other than authorized government agencies. This is no way precludes

Re:

[aaaaaaargh!]

Can you quote the precise piece of the PATRIOT act that deals specifically with this, and that will get the MiB to show to my house if I'm building such a device? I'm not a fan of the act, but I think you are attributing an interpretation to it that simply does not follow even in the paranoid sense.

*Specific* passages? -- Have you *ever* read any law? There are barely ever any *specific* passages in laws...

Anyway, Patriot Act Title II, sections 201, 202, 204, 209, 210, 211 are the relevant passages.

Section 201 deals with the government powers for intercepting communication related to terrorism. Section 202 deals with similar powers but in the context of computer fraud. How do section 201 and 202 that prevent me from building a TS-capable communication device? How are these two sections relevant to the discussion at hand?

"deals with...." could you be a tad bit more unspecific??

First: I didn't say anywhere that these sections of the PATRIOT Act prevent you from building a voice encryption device that does not have any backdoor. I said that nowhere. Learn how to read. Really. I said the PATRIOT Act provides all the means to scare developers into implementing such a backdoor (be that ultimately lawful or not) and I wouldn't be surprised if it were used for that purpose. (And nobody might ever know because of so-called gag orde

The NSA is smarter than you think

[DragonHawk]

But don't worry; someone will tell you it can be done, and you'll pay them a lot of money, only to realize they lied.

The NSA employs more mathematicians than any other organization in the world. I don't know you from Adam, but it's still a near-certainty that they have people much smarter than either of us working for them. They often fab their own silicon, build their own hardware, write their own software -- all from the ground up.

Whether or not this particular project will be a success is an open question -- the NSA is hardly immune to the Dilbert-style failings of any large bureaucracy, and "National Stupidity Agenc

Small article error that changes the context a lot

[Anonymous Coward]

"Secret Internet Protocol Router Network"

  "use is restricted to top-secret level communications"
This article contradicts it self, SIPR is only up to secret.

Re:

[RobertLTux]

i think above TS you get into "special access" things where there is an actual list of who has a copy of the data (with sometimes even the NAME of the project can get you SHOT).

I Do Not Currently Hold Top Secret Clearance (but do have dogtags).

Been there, done that.

[markbark]

http://www.gdc4s.com/content/detail.cfm?item=32640fd9-0213-4330-a742-55106fbaff32 [gdc4s.com]

Looks like a Blackberry, but it's about an inch and a half thick and weighs about a pound.
Never before have I seen such hatred heaped upon an inanimate object by its user base.

Wireless, secure, cheap, reliable -- pick two.

Correction

[kevin_conaway]

SIPRNet only allows SECRET information and below. You need to be on JWICS to access Top Secret information.

A colossally bad idea

[RandCraw]

First of all, in order to take classified data out of a secure area, you have to seal it in an approved manner -- triple wrap it, stow it in a lockable opaque container, sign for it, and basically chain it to your body until it reaches its next secure location. That's been the rule in the DoD for over 50 years. Obviously a cell phone, even one with a password, doesn't meet any of these criteria.

Second, how are you going to access this device while maintaining secure surroundings? Based on the way people

Re:

[kevinNCSU]

First of all, in order to take classified data out of a secure area, you have to seal it in an approved manner -- triple wrap it, stow it in a lockable opaque container, sign for it, and basically chain it to your body until it reaches its next secure location. That's been the rule in the DoD for over 50 years

You know for Secret level stuff you can simply mail it right? As in regular post office right next to your post card to Aunt Jenny.

Re:

[Runaway1956]

You are exaggerating just a little. Yes, there are some rather tedious steps involved in removing classified documents from a secure area. But, the procedure you describe would be enforced on things one level above top secret. Mere Top Secret can be shoved into a standard, lockable briefcase, and toted to a car, and driven between bases. The shackles are totally unnecessary. Levels below top secret are handled much more casually, in my experience. Ship's movement schedules, for instance, are routinely

Uh, wut?????

[luis_a_espinal]

"Troy Lange might work for one of the more secretive spy agencies in the United States, but he is happy to talk about his work. He is the NSA's mobility mission manager and he has been tasked with creating a smartphone that is secure enough to allow government personnel who deal with highly sensitive information to take their work on the road. At present, the U.S. Government has secure cellphones, they use the government's Secret Internet Protocol Router Network. The problem is that they can only communicate with other devices that are plugged into the network and their use is restricted to top-secret level communications. Lange wants a smartphone that is inter-operable and presumably trusted to deal with even more sensitive information. Lange said that he wanted to see his secure smartphone reach beyond the NSA – ultimately to reach every 'every employee in the Defense Department, intelligence community and across government.'"

More sensitive than TS? Maybe the article is poorly referring to handling of less sensitive data at the secret level, or beyond that, configuration of the device to handle (or refuse to handle) information transfer at a particular security clearance according to context (keys, location, clearance at each end point, whatever) as opposed to just TS-level information.

Or maybe the article is trying (again poorly) to refer to compartmentalization. That is, the device not only has a notion of TS, but also of c

Great idea

[malraid]

And they should name the device the telescreen!!

governments should not have secrets

[Anonymous Coward]

governments should not have secrets

Simple solution.

[LWATCDR]

1. Create a nation wide LTE network using IPv6.
2. Use end to end encryption on all devices and only use VOIP for voice.
3. Allow the rest of the nation to use the network in the same way.
4. Place highly accurate time bases in all LTE towers so where you have tower overlap you can get extremely precise locations even indoors.
5. When overlap is not available use the LTE tower in the aGPS mode to provide the ephemeris data almanac as well as improved location based on differential GPS with the LTE tower as a ba

Where Could You Use This

[theManInTheYellowHat]

So lets say that you have this super secret network smartphone and you had a super secret topic that you wanted to talk about with another super secret person. Where could you have this discussion and should you even be talking out loud? Wouldn't you need to be in a building somewhere that has sound insulation, or some other mechanism to keep your voice from being picked up from some other microphone than the one on your super secret smart phone? Or is it a fancy camera phone and not meant for voice? I

Re:

[Chris Mattern]

Where could you have this discussion and should you even be talking out loud? Wouldn't you need to be in a building somewhere that has sound insulation, or some other mechanism to keep your voice from being picked up from some other microphone than the one on your super secret smart phone?

That's what the Cone of Silence is for!

Re:

[GameboyRMH]

If they use IM instead, they just have to make sure nobody can see the thumb keyboard or do a TEMPEST-type attack on the phone (easy to shield against, if it's possible at all).

No problem!

[Lumpy]

Several china manufacturers will gladly make you these phones.

Inherently doomed

[Beryllium Sphere(tm)]

Phones get lost and stolen All The Time. Then the bad guy has unfettered physical access to the device. Normally that means Game Over. Suppose they try to make it tamperproof, ignoring the lessons of history. A targeted pickpocket will deliver it into the hands of a national intelligence agency.

You'd have to have a design that makes local storage impossible, which would make for a very strange smartphone.

Re:

[GameboyRMH]

You'd have to have a design that makes local storage impossible, which would make for a very strange smartphone.

There's nothing wrong with that if you just need to access some plaintext. The only limitation to remote storage is bandwidth.

Thales did this for the french gov.t one year ago

[Herve5]

all is in the title, indeed... capable of working both the normal GSM way and with various levels of encryption...
Various evolutions and models since then, like for instance
http://www.thalesgroup.com/Press_Releases/Markets/Security/2011/Thales_launches_Every_Talk,_the_first_ruggedized_high-speed_smartphone_for_security_forces/?pid=15928 [thalesgroup.com]

their own security is good

[KingAlanI]

whatever you say about security theater and such, the government does seem serious about securing its own stuff.

Re:

[Smallpond]

Are you joking?
http://www.tgdaily.com/security-features/51469-dhs-fails-cyber-security-audit [tgdaily.com]

The NSA may know something about security, but the government as a whole certainly doesn't.

Y.O.U.

[muckracer]

So what about us normal and decent folks? What options exist for us to end-to-end encrypt calls and messages (at minimum)? Anything open-source out there, that let's you do that?

Re:

[blueg3]

For one, the NSA probably doesn't plan on exporting it.

For another, there are plenty of standard encryption libraries that are already approved for export from the US and implement Top-Secret-level encryption. That's probably because we don't significantly restrict export of cryptography any more.

Re:

[tqk]

Lange said that he wanted to see his secure smartphone reach beyond the NSA â" ultimately to reach every 'every employee in the Defense Department, intelligence community and across government.

Yeah, so the NSA has a backdoor into every government worker's phone.

I have no problem with that. That's already the situation in the private sector. You want privacy, buy your own phone/computer/...

Re:

[MobileTatsu-NJG]

Hopefully the NSA won't $RECENTAPPLEHEADLINE.

Re:

[PPH]

So, no BlueTooth?