Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Navy Develops World's Worst E-reader

Posted by timothy on from the I-want-one dept.

First time accepted submitter Dimetrodon (2714071) writes "It is an unspoken rule of military procurement that any IT or communications technology will invariably be years behind what is commercially available or technically hobbled to ensure security. One case in point is the uncomfortably backronymed NeRD, or Navy e-Reader Device, an electronic book so secure the 300 titles it holds can never be updated. Ever."

14 of 249 comments (clear)

  1. In the navy by Anonymous Coward · · Score: 5, Insightful

    security > usability

    No sir, that's just my Kindle. I didn't load classified files on to it, I swear!

    What? Our secret base was compromised because Private Biff's iPad, which tracked everywhere we went, was stolen by a hooker at the last port?

    1. Re:In the navy by Shoten · · Score: 4, Informative

      security > usability

      No sir, that's just my Kindle. I didn't load classified files on to it, I swear!

      What? Our secret base was compromised because Private Biff's iPad, which tracked everywhere we went, was stolen by a hooker at the last port?

      Actually, on a nuclear-powered, nuclear-armed vessel with the ability to start World War III, I would argue that for the purposes of recreational reading, security is more important than usability. Consider the failure modes of usability for an e-reader meant for recreation. Now consider the failure mode of security on a nuclear missile submarine.

      I've tried to think of a way to make it updatable...including strong crypto that you'd need a keyloader to manage, so that only trusted devices could update or manage content on the readers. But ultimately, I couldn't find a way to make it so that the device wouldn't have to be considered a controlled asset...and that's essentially the situation they're trying to avoid in the first place. The sub is basically a gigantic SCIF, so if there's any doubt at all as to the device's capability for carrying data out of the environment, it becomes a lot harder to manage. And the OP speaks to it in terms of comparison to an e-reader like we'd have out in the open world; that's not what this is meant to be. It's meant to make it possible for sailors on the boat to have more books than they are used to having. It's a step forward.

      --

      For your security, this post has been encrypted with ROT-13, twice.
  2. There's a reason books can't be updated by hawguy · · Score: 5, Insightful

    It's not like they "forgot" that users might want to add new books, the inability of any updatable storage was a design requirement to prevent it from being used for espionage or as a channel to inadvertently bring malware aboard a ship.

    This is to prevent it being used to smuggle secret military data ashore, take illicit photos, introduce computer malware or record covert conversations.

    Though it seems that there are so many ways for a person to smuggle a MicroSD card into a secure area that an eReader is probably not a huge concern.

    1. Re:There's a reason books can't be updated by Richard_at_work · · Score: 5, Interesting

      Getting data onto that MicroSD card would be an issue.

      The main reasons for the lockdown on the device is stray EM emissions which can give away a ships position - and that includes peripherals, so no ports. I have no doubt that its cheaper to replace the readers with new ones every year than it is to build in a way to securely updateable.

    2. Re:There's a reason books can't be updated by jythie · · Score: 5, Insightful

      Heh. This summary strikes me as an example of consumers applying their needs to other industries. Here we have a device that is built for a specific but niche use case. Some people are reacting with the idea that as average consumers it does not meet their needs very well therefor it is useless or inferior.

    3. Re:There's a reason books can't be updated by arth1 · · Score: 4, Insightful

      Though it seems that there are so many ways for a person to smuggle a MicroSD card into a secure area that an eReader is probably not a huge concern.

      I'd think it would be more of an issue with someone potentially editing or replacing the books, changing vital details in operation manuals. If you cannot change the books, at least you know exactly what they contain.

    4. Re:There's a reason books can't be updated by jcochran · · Score: 4, Interesting

      EM emissions in what is effectively a huge Faraday cage? I don't think so.
      The ebook lockdown is intended to prevent ex-filtration of security information. I'm rather surprised at the rather restricted number of titles they provide. And it seems that they could have designed it to permit updating of the contents while on shore. Say perhaps with a special loader that cryptographically signs the new content and the actual data transmission path being near field interactions. If such devices were only available at shore bases, it would be cumbersome, but would still allow for the updating of contents while preserving the security aspects of the readers.

  3. makes sense by Anonymous Coward · · Score: 5, Insightful

    "The company has already delivered similar gadgets to members of the US Army and other military personnel.
    The brainchild of the Navy's General Library Program, the electronic ink Kindle-alike has no internet capability, no removable storage, no camera and no way to add or delete content. This is to prevent it being used to smuggle secret military data ashore, take illicit photos, introduce computer malware or record covert conversations."

    Actually makes sense to me.....

    1. Re:makes sense by schnell · · Score: 4, Informative

      You mean photos of illicit activities.

      No, he means take illicit photos. Not to get in the way of a good conspiracy theory, but there are many highly sensitive areas on a US nuclear submarine that certain foreign powers would love to get pictures of for competitive intelligence purposes. That's what they're worried about, not some coverup of the Navy heartlessly waterboarding harp seals or giving blue whales torpedo enemas.

      --
      "95% of all Slashdot .sig quotes are incorrect or completely fabricated." -Benjamin Franklin
  4. Titles? by RDW · · Score: 4, Interesting

    The WSJ is marginally more informative on the contents:

    "The content consists mainly of newer bestsellers and public-domain classics, as well as titles from the Navy reading list and other texts for professional development. Since publishing partners include Simon & Schuster, HarperCollins, Hachette and Random House, the lineup is impressive, ranging from contemporary fiction such as A Game of Thrones and The Girl with a Dragon Tattoo, bestselling non-fiction such as The Immortal Life of Henrietta Lacks, and bonafide nerd favorites including The Lord of the Rings series, Orson Scott Card's Ender's Game, and Stephen King's The Stand."

    Anyone have a list, or is it classified? Is 'Mutiny on the Bounty' allowed?

  5. Better Headline by Chillas · · Score: 5, Insightful

    "Navy Invents E-reader that is Secure, Meets its Needs; Hated By People Who Will Never See or Use It"

    --
    --- Math illiteracy affects 8 out of every 5 people.
    1. Re:Better Headline by sootman · · Score: 5, Funny

      Next on Slashdot: "Army tanks are uncomfortable, get horrible mileage."

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  6. Very bad summary title by davidwr · · Score: 5, Insightful

    This is not the "Worst" e-Reader ever.

    Why do I say that?

    Because it is working as designed.

    Frankly, for certain high-security situations this kind of "immutable" device is the only kind of device that would be allowed in. So it's either something like this, or books-on-tape/CD/paper/something else.

    For slightly less-but-still-very-secure situations you could allow some type of external read-only, no-processor-chip-onboard "expansion pack" memory so that the book content could be switched out without getting a whole new device. I wouldn't use USB though, as that requires a processor on the stick itself.

    Also, I'd make very sure the data format was really "data only" not something that could, in theory, be a vector for "code." This would rule out PDF and PostScript. In other words, it would be pretty limited.

    The things you absolutely do not want for this type of device in a high-security environment are:
    * Any ability to "run code"
    * Any wireless
    * Any ability to export data other than through the screen (you can't stop someone from photographing the screen)
    * Any ability to "hack" the device without physical access and accessing it in a non-standard way (e.g. with a screwdriver). This means the software must be proven to never do anything "bad" other than "just die, requiring a reboot" if the operator is tricked into giving it even carefully-crafted/designed-to-do-bad-things bad data.

    In some cases, you do not want it displaying anything other than what is "whitelisted." This can be done by either only displaying properly-digitally-signed files or, as in this case, by only providing a limited set of files and "sealing" the device.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. Re:I'm sure it's perennial thrillers by FilmedInNoir · · Score: 4, Funny

    Ironically the last two sound more sexually charged then the first one.

    --
    Sig. Sig. Sputnik