Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Publishes Blueprint For Top Secret Android Phone

Posted by samzenpus on from the you-keep-using-that-word-I-do-not-think-it-means-what-you-think-it-means dept.

mask.of.sanity writes "The National Security Agency has designed a super-secure Android phone from commercial parts, and released the blueprints(Pdf) to the public. The doubly-encrypted phone, dubbed Fishbowl, was designed to be secure enough to handle top secret phone calls yet be as easy to use and cheap to build as commercial handsets. One hundred US government staff are using the phones under a pilot which is part of a wider project to redesign communication platforms used in classified conversations."

10 of 172 comments (clear)

  1. Double Encryption??? by msgmonkey · · Score: 5, Funny

    Wow sounds very secure, hopefully they did n't decide to go with ROT-13 twice.

    1. Re:Double Encryption??? by Dunbal · · Score: 5, Funny

      Watches the contrails of the age-old ROT-13 twice joke go streaming by far, far above AC's head.

      --
      Seven puppies were harmed during the making of this post.
  2. Will it fit... by ackthpt · · Score: 5, Funny

    In a shoe?

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Will it fit... by Maintenance+Goof · · Score: 5, Funny

      Since this is not a secure channel, I think we should use the cone of silence!

  3. Re:I want one. by Dunbal · · Score: 5, Funny

    Surely you mean all three sides of the conversation...

    --
    Seven puppies were harmed during the making of this post.
  4. transparent case and dip switches... by jdogalt · · Score: 5, Interesting

    All I've really wanted for christmas for the last 10 years is a phone easily disassemblable, with a transparent case, and user facing dip switches for the mic, the antennas, the battery, and these days, the power line going to the camera. Or alternately for the camera, a physical piece of plastic that slides to expose/cover the camera. Also the dip switches should be placed in such a way that it is reasonably convincing to technical users that they are in fact breaking the relevant physical traces/wires.

    Maybe in 10 more years...

  5. Microsoft about to sue government? by JonahsDad · · Score: 5, Funny

    Just wondering when Microsoft sues the NSA for patent infringement for using Android.

  6. fishbowl !=blowfish by optimism · · Score: 5, Interesting

    re: "The doubly-encrypted phone, dubbed Fishbowl"

    A strange combination of clever and ironic.
    Fishbowl is an anagram of Blowfish, though I dunno if they use that cipher.
    However to most folks, a fishbowl is something in clear view, under close observation.
    Quirky.

  7. Not a good article by Anonymous Coward · · Score: 5, Informative

    I was at the talk yesterday (at the RSA Conference) where NSA IAD director Margaret Salter presented this information. While the linked article is mostly factually correct, it glosses over or misses quite a few things. In no particular order:

    * NSA's goal was to produce a spec for how to use commercial devices and commercial carriers yet still meet the requirements for SECRET or higher classified comms *without* forcing every user to be a COMSEC custodian. IMO, this represents a *huge* change in NSA's outlook on COMSEC and security in general. In the past, their focus has always been "security first, regardless of the impact on usability." Fishbowl's goals are an intriguing departure from this mindset.
    * The selection of Android was not a starting point, but the outcome of a selection process that included requirements like "we have to be able to get the OS tweaked to meet our needs." The relative openness of Android played well against this requirement.
    * Fishbowl currently only works on one handset. Salter declined to say which one, but it was clearly a Motorola product. Again, this was related to technical requirements around customization, boot loaders, etc
    * The article gets it right about IPSEC vs SSLVPN but falls short of detailing the laundry list of things NSA wanted but was ultimately unable to obtain. It's clear that as the landscape evolves, NSA will update the fishbowl spec. For example, if someone made available an Android that supported Suite B, I think that would appear on the spec immediately.
    * Salter did address the issue of rogue apps directly. She said that Fishbowl basically required policy support for locking out unapproved app installs, and that only NSA approved apps from the NSA enterprise app store would be allowed. "we don't want to be in the business of accrediting Angry Birds" is as close a quote as I can manage from memory.
    * The best question from the audience was when someone asked if, by publishing a spec on how to do encrypted secure comms on an Android, her division hadn't made the job of the SIGINT spooks impossibly more difficult. She somewhat artfully dodged/refused to answer, and simply said that her job was to protect the data and communications of the US Government. My take: draw your own conclusions about NSA's ability to break IPSEC.

    The talk was interesting, well presented, and completely sold out. I got one of the last 5 or 6 seats before they stopped letting people in the room.

  8. They are smarter than that by Sycraft-fu · · Score: 5, Interesting

    MS knows that the government controls patents and that national security is a grounds that the government can take a patent away and make it public domain.

    Interestingly enough the NSA has special status when it comes to patents. They can file secret patents that remain classified until someone tries to patent the same thing. At such time their patent is revealed and is valid from that date of revelation.