US Navy Develops World's Worst E-reader

First time accepted submitter Dimetrodon (2714071) writes "It is an unspoken rule of military procurement that any IT or communications technology will invariably be years behind what is commercially available or technically hobbled to ensure security. One case in point is the uncomfortably backronymed NeRD, or Navy e-Reader Device, an electronic book so secure the 300 titles it holds can never be updated. Ever."

In the navy

security > usability

No sir, that's just my Kindle. I didn't load classified files on to it, I swear!

What? Our secret base was compromised because Private Biff's iPad, which tracked everywhere we went, was stolen by a hooker at the last port?

Re:In the navy

I'm just shocked to learn that squids can read.

Re:In the navy

[Shoten]

security > usability

No sir, that's just my Kindle. I didn't load classified files on to it, I swear!

What? Our secret base was compromised because Private Biff's iPad, which tracked everywhere we went, was stolen by a hooker at the last port?

Actually, on a nuclear-powered, nuclear-armed vessel with the ability to start World War III, I would argue that for the purposes of recreational reading, security is more important than usability. Consider the failure modes of usability for an e-reader meant for recreation. Now consider the failure mode of security on a nuclear missile submarine.

I've tried to think of a way to make it updatable...including strong crypto that you'd need a keyloader to manage, so that only trusted devices could update or manage content on the readers. But ultimately, I couldn't find a way to make it so that the device wouldn't have to be considered a controlled asset...and that's essentially the situation they're trying to avoid in the first place. The sub is basically a gigantic SCIF, so if there's any doubt at all as to the device's capability for carrying data out of the environment, it becomes a lot harder to manage. And the OP speaks to it in terms of comparison to an e-reader like we'd have out in the open world; that's not what this is meant to be. It's meant to make it possible for sailors on the boat to have more books than they are used to having. It's a step forward.

Re:In the navy

[Noah+Haders]

honestly, no big deal if you can't update it. every 6 months just send out new updated ones. You can collect the old ones for reuse / refurbishment.

Re:In the navy

[SuricouRaven]

Easy. Don't bother to secure it. Just make it harmless.

Screen. Five button keypad. SD card slot. So what if some attacker manages to root it? They can't do a thing from there: No radio interface to report back, no USB to compromise connected devices, no microphone or camera for spying. The worst you can do is find out what the crew are reading, with no way to report it back. Maybe you could imply their schedules a little. The very worst a compromised device could do is write some sort of virus to an SD card - which isn't going near any secure systems anyway.

There's a reason books can't be updated

[hawguy]

It's not like they "forgot" that users might want to add new books, the inability of any updatable storage was a design requirement to prevent it from being used for espionage or as a channel to inadvertently bring malware aboard a ship.

This is to prevent it being used to smuggle secret military data ashore, take illicit photos, introduce computer malware or record covert conversations.

Though it seems that there are so many ways for a person to smuggle a MicroSD card into a secure area that an eReader is probably not a huge concern.

Re:There's a reason books can't be updated

[Richard_at_work]

Getting data onto that MicroSD card would be an issue.

The main reasons for the lockdown on the device is stray EM emissions which can give away a ships position - and that includes peripherals, so no ports. I have no doubt that its cheaper to replace the readers with new ones every year than it is to build in a way to securely updateable.

Re:There's a reason books can't be updated

[jythie]

Heh. This summary strikes me as an example of consumers applying their needs to other industries. Here we have a device that is built for a specific but niche use case. Some people are reacting with the idea that as average consumers it does not meet their needs very well therefor it is useless or inferior.

Re:There's a reason books can't be updated

[arth1]

Though it seems that there are so many ways for a person to smuggle a MicroSD card into a secure area that an eReader is probably not a huge concern.

I'd think it would be more of an issue with someone potentially editing or replacing the books, changing vital details in operation manuals. If you cannot change the books, at least you know exactly what they contain.

Re:There's a reason books can't be updated

[Zordak]

I actually thought the same thing, but according to the article, these aren't full of manuals. They've got 300 popular books and literary classics. It's a lightweight, standardized, secure library for sailors who are bored and want to read. While this would be a terrible consumer device, I think it makes sense for the use case. If you're deployed on a ship for six months, having 300 books to choose from is a lot better than having zero books to choose from.

Re:There's a reason books can't be updated

[jcochran]

EM emissions in what is effectively a huge Faraday cage? I don't think so.
The ebook lockdown is intended to prevent ex-filtration of security information. I'm rather surprised at the rather restricted number of titles they provide. And it seems that they could have designed it to permit updating of the contents while on shore. Say perhaps with a special loader that cryptographically signs the new content and the actual data transmission path being near field interactions. If such devices were only available at shore bases, it would be cumbersome, but would still allow for the updating of contents while preserving the security aspects of the readers.

Re:There's a reason books can't be updated

[CrimsonAvenger]

I don't see Navy ships dedicating a lot of space to libraries.

A long time ago, I was on a submarine. We had a ship's library. It fit into a locker that was slightly smaller than a typical file cabinet drawer.

Re:There's a reason books can't be updated

[Pieroxy]

If you're deployed for six months and you like to read you've brought your own e-reader loaded with books you want to read with you.

Or not... Or your e-reader can go berserk, borken or otherwise unusable. Shit happens. Having 300 books around is *much* better than nothing.

Re:There's a reason books can't be updated

[SJHillman]

For the same of variety, I'm hoping they didn't stock a lot of large print books...

Re:There's a reason books can't be updated

[X0563511]

Sure, if you're towing an antenna capable of sending a buttload of power with a wavelength measured between 10 and 100 kilometers...

Those high frequency emissions that any consumer digital device would emit (even when being tortured with a car battery) aren't going to make it very far with any appreciable strength.

You'd be better off trying to detect the sub by looking for magnetic flux disturbances (eg large conductive object moving within the earth's magnetic field) - they mount them to helicopters.

Re:There's a reason books can't be updated

[whoever57]

I would guess that many of the e-books on the reader are rules, manuals and procedures for current military hardware and practices which are unlikely to change in the next few years.

Clearly you followed /. tradition and did not RTFA, since it makes no mention of non-fiction. t appears that these e-readers are simply a method to provide a library of fiction to keep the sailors entertained.

Re:There's a reason books can't be updated

[Sentrion]

And don't forget the screen doors. The EM emissions just pass through like water through a sieve.

Only three hundred titles?

[CRCulver]

Assuming that all the books are in the MOBI or EPUB formats, which are quite compact, one can only assume that the designers really skimped on memory. My Kindle has hundreds more books with plenty of room left. And as this is a technology made to a military contract, one can assume that this device inferior to off-the-shelf consumer items costs much more than them.

Re:Only three hundred titles?

[CRCulver]

Read the article. The book isn't just for manuals, it also has plenty of reading for pleasure material. If one wants to offer a good representation of both the English canon and contemporary publications, one very quickly exceeds 300 titles.

However, the other reply to my comment which states that some of the manuals may be unusually large, may explain the small amount of titles on this device.

makes sense

"The company has already delivered similar gadgets to members of the US Army and other military personnel.
The brainchild of the Navy's General Library Program, the electronic ink Kindle-alike has no internet capability, no removable storage, no camera and no way to add or delete content. This is to prevent it being used to smuggle secret military data ashore, take illicit photos, introduce computer malware or record covert conversations."

Actually makes sense to me.....

Re:Makes sense

[Minderbinder106]

Anyone on a submarine who likes to read brings their own Kindle with them.

Re:makes sense

[schnell]

You mean photos of illicit activities.

No, he means take illicit photos. Not to get in the way of a good conspiracy theory, but there are many highly sensitive areas on a US nuclear submarine that certain foreign powers would love to get pictures of for competitive intelligence purposes. That's what they're worried about, not some coverup of the Navy heartlessly waterboarding harp seals or giving blue whales torpedo enemas.

O RLY?

[CanEHdian]

I bet with all this slashvertising these things are going to become collector's items; every hacker will want one to see if they *can* change the content.

Makes sense

Can't have machines capable of transporting unauthorized files or tracking your fleet location on board. Would be idiotic.

This provides a way to give sailors a decent library of books to read without having to find a place to have a dead tree library on a cramped ship.

The concept is perfectly sound, despite obvious failings in the design/specs (only 300 books, and probably thousands of dollars each, hah)

Titles?

[RDW]

The WSJ is marginally more informative on the contents:

"The content consists mainly of newer bestsellers and public-domain classics, as well as titles from the Navy reading list and other texts for professional development. Since publishing partners include Simon & Schuster, HarperCollins, Hachette and Random House, the lineup is impressive, ranging from contemporary fiction such as A Game of Thrones and The Girl with a Dragon Tattoo, bestselling non-fiction such as The Immortal Life of Henrietta Lacks, and bonafide nerd favorites including The Lord of the Rings series, Orson Scott Card's Ender's Game, and Stephen King's The Stand."

Anyone have a list, or is it classified? Is 'Mutiny on the Bounty' allowed?

It doesn't seem so bad to me.

[mark_reh]

I think they could have put a larger library on it relatively cheaply, but other than that, it makes perfect sense that it can't be connected to a computer network.

Nope. Not so bad at all.

Better Headline

[Chillas]

"Navy Invents E-reader that is Secure, Meets its Needs; Hated By People Who Will Never See or Use It"

Re:Better Headline

[sootman]

Next on Slashdot: "Army tanks are uncomfortable, get horrible mileage."

Very bad summary title

[davidwr]

This is not the "Worst" e-Reader ever.

Why do I say that?

Because it is working as designed.

Frankly, for certain high-security situations this kind of "immutable" device is the only kind of device that would be allowed in. So it's either something like this, or books-on-tape/CD/paper/something else.

For slightly less-but-still-very-secure situations you could allow some type of external read-only, no-processor-chip-onboard "expansion pack" memory so that the book content could be switched out without getting a whole new device. I wouldn't use USB though, as that requires a processor on the stick itself.

Also, I'd make very sure the data format was really "data only" not something that could, in theory, be a vector for "code." This would rule out PDF and PostScript. In other words, it would be pretty limited.

The things you absolutely do not want for this type of device in a high-security environment are:
* Any ability to "run code"
* Any wireless
* Any ability to export data other than through the screen (you can't stop someone from photographing the screen)
* Any ability to "hack" the device without physical access and accessing it in a non-standard way (e.g. with a screwdriver). This means the software must be proven to never do anything "bad" other than "just die, requiring a reboot" if the operator is tricked into giving it even carefully-crafted/designed-to-do-bad-things bad data.

In some cases, you do not want it displaying anything other than what is "whitelisted." This can be done by either only displaying properly-digitally-signed files or, as in this case, by only providing a limited set of files and "sealing" the device.

Re:Hmmm, So its like a book?

[Wonko+the+Sane]

Manuals generally can't be updated unless new sections are added or pages added.

Actually most technical manuals onboard ships that are still kept in paper form are designed to be easily updated. The pages aren't glued in place - they are three-hole punched and kept in binders. When an update to the manual comes out, they only need to distribute the specific pages which have changed. Each page has a revision number on it, and the manuals will contain a "List of effective pages" noting the most current version of every page in the manual.

This means you can now assign people to do nothing but go through paper manuals page-by-page and verify that every page is present and at the correct revision.

They have email, but no books?

[JavaBear]

IIRC Email is far more insecure than any ebook reader.

Re:Hmmm, So its like a book?

[gstoddart]

This is not too different from commercial aircraft.

Take a Boeing 747. They've been in production for almost 50 years, been through dozens of iterations and tweaks, man different variations, and quite possibly no two are exactly alike.

You essentially need to be able to get the full manual as it applies to any given aircraft, because over time there's been upgrades, changes, recalls, and everything else you can imagine.

When you have a few million parts flying in formation, making sure you know which specific parts are in which specific plane is a Very Important Task.

This means you can now assign people to do nothing but go through paper manuals page-by-page and verify that every page is present and at the correct revision.

And, compared to the cost of, say, an aircraft carrier of a submarine, the cost of that is pretty insignificant.

Dear Berenice Baker....

[Razed+By+TV]

NeRD is not a backronym. A backronym is when you take an existing word/name (Fiat) and create an acronym for it (Fix It Again Tony). I really doubt the Navy just stumbled on the name NeRD and later found the words to affix to it.

Also interesting to note, the submitter submits things from the same group of sites...
Naval-technology.com
Power-technology.com
Army-technology.com
Offshore-technology.com
Pharmaceutical-technology.com
Hydrocarbon-technology.com

There are articles about NeRD going back days. I guess these days news is more about rehashing someone else's news and getting traffic to your site.

I'm sure it's perennial thrillers

[swschrad]

like "The Importance of Avoiding Sexually-Transmitted Diseases In Port," "Heavy Maintenance On Carrier Launchers: Packing Steam Pistons," and "Don't Throw That Wrench."

Re:I'm sure it's perennial thrillers

[FilmedInNoir]

Ironically the last two sound more sexually charged then the first one.

Re:I'm sure it's perennial thrillers

[geminidomino]

It's a long assumption that the sun will live long enough, at the pace GRRM writes...

Re:More choices!

[hey!]

Yeah, which Bible? Which Koran?

Actually, there *are* no alternate versions of the Koran -- or at least there's not supposed to be. Any translation of the Koran is not considered an actual "Koran" for purposes of Islamic law or worship. Anyone who wants to read or recite from the Koran is obliged to learn seventh century Arabic.

So there are no disputes in Islam equivalent to Christian disputes over whether the King James or the Revised Standard Version are more accurate; whether 1 Maccabees or the Epistles of Clement are divinely inspired; on whether to base the Old Testament on Hebrew sources or the Septuagint (the 2nd Cenury BCE Koine Greek translation that Jesus himself would have used). There's just one version of the Koran, the one authorized by Caliph Uthman in 650 CE, and believed to be compiled by Abu Bakr two years following the Prophet's death.

Yet oddly this has not prevented radically different versions of Islam from arising. The cheerful liberal Sufi imam at the local mosque has about as much in common with Wahabbist firebrands recruiting for Al Qaeda as the local gay Congregational minister has with the Aryan Nation affiliated Christian churches. There might even be *less* in common.