Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Suggested Clinton Use A $4,750 Windows CE PDA (arstechnica.com)

Posted by BeauHD on from the free-antivirus-protection dept.

An anonymous reader writes from an article on Ars Technica: When former Secretary of State Hillary Clinton was pushing to get a waiver allowing her to use a BlackBerry like President Barack Obama back in 2009, the National Security Agency had a very short list of devices approved for classified communications. The General Dynamics' Sectera Edge and L3 Communications' Guardian were the two devices built for the Secure Mobile Environment Portable Electronic Device (SME PED) program. They were the only devices anyone in government without an explicit security waver (like the one the president got, along with his souped-up BlackBerry 8830) could use until as recently as last year to get mobile access to top secret encrypted calls and secure e-mail. At the time Clinton was asking for a phone, only the Sectera Edge was available (the Guardian was running behind in development) and it required multiple server-side and phone-side e-mail additions, desktop synchronization software, and other supporting products. The "Executive Kit" version of the Edge, priced for government purchase at $4,750, included: Type 1 Sectera Edge (GSM or CDMA) device plus: Executive Carry Case, Leather Holster Travel Charger, Red/Black USB Cables, Vehicle Charger, Earbud, Stylus 10-pack, microSD Card with User Manual, Spare Battery, Privacy Shield 4-pack, Antivirus Software, Apriva Email Client and Perpetual Rights fee and Office Suite for Windows CE.

53 of 109 comments (clear)

  1. Use this device by Threni · · Score: 5, Insightful

    It's totally safe; we totally can't hack it. Don't get one of those cheap devices, or an iPhone, because we'd be screwed.

    1. Re:Use this device by thegarbz · · Score: 1

      Yep because a gen 2 iPhone from 2009 was a pinnacle of corporate security right?

    2. Re:Use this device by Threni · · Score: 1

      I wasn't expecting a response as lame as that.

  2. And clinton said... by Anonymous Coward · · Score: 5, Insightful

    "No.. I know better than the NSA. I'll use what *i* want and there's nothing you can do about it!"

    And so far... shes right about that last part..

    1. Re:And clinton said... by infolation · · Score: 2

      I'm fuzzy on the whole 'Encryption is bad for the masses' thing.

      On the one hand, the politicians (advised by the NSA) remind us that "Encryption is Bad" for the proles, and it must be outlawed, or some have some kind of backdoor.

      And on the other hand, the NSA are advising what kind of devices people need to prevent their phonecalls/messages from being decrypted because "Encryption is Good" for the elite.

      But please tell me where the prole/elite line is drawn? Is there a law which sets out what kind of person is Elite, and what kind is Prole. Are pop-stars elite? Or actors? Lawyers? Maybe just top Lawyers? Because I'm very interested in knowing about this line.

    2. Re:And clinton said... by PolygamousRanchKid+ · · Score: 4, Insightful

      But please tell me where the prole/elite line is drawn? Is there a law which sets out what kind of person is Elite, and what kind is Prole. Are pop-stars elite? Or actors? Lawyers? Maybe just top Lawyers? Because I'm very interested in knowing about this line.

      If you have to ask . . . you don't belong . . .

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    3. Re:And clinton said... by AHuxley · · Score: 1

      The NSA and GCHQ had two options to get to users. Privacy and anonymity could both be made collection friendly or one part could cover for the total loss of the another.
      The classic ideas was to gift the world tame, junk crypto standards that would revert to plain text for the NSA but be resistant to any in the middle attacks.
      That started to get more tricky into the 1980's. The GCHQ was also trying to collect all communications in and connecting to Ireland and did not want any advancements to network anonymity even if new totally secure crypto was in play.
      So the security services allowed strong crypto but ensured their connections with tame telcos and network providers would make anonymity an impossibility.
      Enjoy any export grade crypto, import it, design in, the message origin would always be trackable. Once found, traditional methods would get around any bespoke crypto (logging, bugs, cameras, unique malware).
      The "Encryption is Bad" was just a useful, busy work, talking point over a decade put out to cover the total loss of network anonymity. Digital users felt safe entering data as the crypto was now really good. The tame networks would always track them down.
      The "elite line is drawn" if a person walks into a safe Tempest secure vault to talk about and then sets policy in person. No notes, paper kept to one of one and collected.
      ie if reading or allowed to set policy on a computer, that person never made the elite and is under constant security service tracking.
      Thats the other side of the "Encryption is Good" for the almost elite part, contractors, leaders who think they made it to the very top, but are under constant watch.
      ie if your allowed on a copy and paste GUI onto another computer and sending and getting party political/mil/gov messages from people globally its been watched and your "digital" security clearance is a long term trap. The allowed or given computer is a decades long honey trap for the user and all their international contacts.
      That can be seen in the high level German gov crypto phone efforts and EU crypto fax efforts. Leaders and top embassy/political staff are handed digital junk hardware and told its "safe" and been fully tested by their own nations best. Every message then gets mirrored to 5 eye nations for free.
      Some reading on the efforts
      New NSA leaks show how US is bugging its European allies (1 July 2013)
      http://www.theguardian.com/wor...
      Embassy Espionage: The NSA's Secret Spy Hub in Berlin (October 27, 2013)
      http://www.spiegel.de/internat...
      That should help with the Elite, Encryption is Good, Encryption is Bad and who gets told what, told a product is secure within their own nation, who tests and signs over what hardware within a nation and what level of leadership then is allowed to "trust" that device or gets a computer system :)

      --
      Domestic spying is now "Benign Information Gathering"
  3. Of course! by Anonymous Coward · · Score: 1

    You don't really think they spend $5,000 on a toilet seat, do you?

    1. Re:Of course! by Sarten-X · · Score: 5, Funny

      I've worked for a government contractor before.

      Yes, the toilet seat costs $5,000.

      However, every last one of the $5,000 toilet seats will be free from unknown defects, meet the 20-page list of design requirements, fit every model of toilet the government requires (including those from other contractors who won't release their proprietary contracted design spec), be constructed from US-supplied materials by US workers, and every minute of each worker's time will be properly recorded and billed, including the time spent ensuring that the time was recorded correctly, and all of those details will be documented in the truckload of paperwork that accompanies each seat.

      That truck driver also gets paid.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    2. Re:Of course! by sycodon · · Score: 1

      I suspect that the cost of a toilet seat purchased by the government is an artifact of the same accounting methods that charge you $26 for a $.30 pill...if it's administered by a nurse in a hospital.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    3. Re:Of course! by guruevi · · Score: 3, Interesting

      The toilet seat is a quote from a movie (Independence Day?) where the president becomes aware of a secret base (at Area 51 or something) and asks how they manage to keep it invisible to the presidents office and government budgets. The $5000 toilet seat is the answer.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    4. Re:Of course! by Actually,+I+do+RTFA · · Score: 3, Informative

      When you order 87 toilet seats that conform to the inside of a B2, you have to pay for all the tooling required to make the toilet. Which is usually amortized over hundreds of thousands of units.

      --
      Your ad here. Ask me how!
    5. Re:Of course! by Alypius · · Score: 1

      I don't know why this is modded "funny" instead of "informative." Sarten nabbed every block on the Government-Contracting Bingo card except "woman-owned" (yes, a real thing).

    6. Re:Of course! by khallow · · Score: 1

      Yea, right. They wouldn't use the same manufacturing techniques as for large scale production. Even throwing in the costs of testing to milspec, they probably would have made significant profit at a tenth the price.

  4. Re:So, Fuck You , Then by rsborg · · Score: 5, Interesting

    Yeah, pretty much. Couldn't she have escalated to Obama, though?

    "Hi Barak, can you tell me how you got your BB? Cause the NSA is making me WinCE"

    --
    Make sure everyone's vote counts: Verified Voting
  5. Uh, why respect personal email? by mveloso · · Score: 1, Insightful

    Clinton didn't want to read her email on a computer in her SCIF...she wanted her BlackBerry. It was good enough for everyone else in the government, but it wasn't good enough for her.

    1. Re:Uh, why respect personal email? by hawguy · · Score: 2

      Clinton didn't want to read her email on a computer in her SCIF...she wanted her BlackBerry. It was good enough for everyone else in the government, but it wasn't good enough for her.

      Apparently a BlackBerry was good enough for the president -- what's not clear is why it wasn't good enough for the secretary of state.

    2. Re:Uh, why respect personal email? by tnk1 · · Score: 5, Insightful

      A BlackBerry was *not* good enough for the President. A one-off highly modified, custom device that looks and mostly works like BlackBerry was.

      I think the NSA was like: "We hated doing this, but if the President gets this, we can at least get away with saying it is a one-off. If we give it to Clinton, every cabinet member and every person who thinks they are as important as a cabinet member is going to want one. Also, the President is our boss and we have to kiss his ass. She's not our boss, so fuck her entitled ass."

      Secure equipment is no joke. It's understandable that no one wants a shitty, overpriced Windows CE phone, but it would be even more expensive to just ignore the program and give everyone what they want, creating one-offs for whoever. These are supposed to be civil *servants*.

    3. Re:Uh, why respect personal email? by Plus1Entropy · · Score: 1

      ... it would be even more expensive to just ignore the program and give everyone what they want...

      Maybe, it depends. Spending extra on equipment can allow people to work more efficiently. If she's already familiar with a BB (which I think was the reason mentioned in a previous article) then it could actually save time (read: money) to give her one. Rather than having her have to be trained/learn to use a new device, and then take a lot of time to get comfortable with it.

      Our civil servants, especially at that level, should get special perks if it makes them better able to do their job. I doubt Obama has to buy his own groceries, but I'm OK with that since I'd rather not have him running down to Piggly Wiggly every week to get milk.

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
    4. Re:Uh, why respect personal email? by currently_awake · · Score: 1

      Why doesn't the US government spec out a secure phone? They can specify the hardware and software and ensure it meets all their needs perfectly. And then have some (friend of the government) contractor make half a million of them (for a high price).

    5. Re:Uh, why respect personal email? by hawguy · · Score: 2

      Why doesn't the US government spec out a secure phone? They can specify the hardware and software and ensure it meets all their needs perfectly. And then have some (friend of the government) contractor make half a million of them (for a high price).

      The FBI seems to think that iPhones are completely unhackable even with all of the resources of the US government, so that might be a good place to start.

    6. Re:Uh, why respect personal email? by bloodhawk · · Score: 1

      BB wasn't good enough for the president either. They had to highly customise it a special version just for him so he could use it.

    7. Re:Uh, why respect personal email? by bloodhawk · · Score: 2

      UMMM, they did. Did you not even read the summary? they have two phones at the time that adhered to that spec.

  6. I'm no fan of Clinton, but by barc0001 · · Score: 5, Interesting

    This totally sounds like the NSA's IT people were just being dicks for the sake of being dicks, and like in many companies, when a C level exec gets screwed around by red tape they step around it. I mean FFS, they have "too many Blackberries" to manage but the POTUS gets one and the Secretary of State does not?

    1. Re:I'm no fan of Clinton, but by bloodhawk · · Score: 1

      The president got a one of custom built BB to meet the security requirements.

  7. TWO USB Cables? by 14erCleaner · · Score: 4, Funny

    Damn, no wonder it was so expensive.

    --
    Have you read my blog lately?
    1. Re:TWO USB Cables? by Anonymous Coward · · Score: 2, Informative

      the edge was so expensive because it's basically two phones jammed in one shell - one that never touches an unsecure network or unsigned anything and another that's just a phone.

      Literally the majority of the subsystems are physically separated. Easiest and dumbest way to do it. That's why the thing was so heavy and unwieldy

    2. Re:TWO USB Cables? by Plus1Entropy · · Score: 3, Funny

      Honestly, I'd rather just have 2 phones, like a drug dealer.

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
  8. RIM job by DigiShaman · · Score: 1

    Guess the next POTUS will be using an iPhone 7 - assuming Tim Cook prevails in the fight against the very government looking for approved devices. I guess too secure is a problem, no?

    --
    Life is not for the lazy.
  9. Oh please by Anonymous Coward · · Score: 1

    Could we please not have US political party bickering fucktardation on slashdot? Go back to Fox News, maybe someone there gives a fuck about this artificial piece of who-gives-a-shit non-news brainfart.

  10. That might actually be pretty impressive... by fuzzyfuzzyfungus · · Score: 4, Insightful

    I'm having trouble locating the exact requirements the device had to fulfill to satisfy the SME PED program; but depending on what levels of physical tamper resistance and software quality assurance were involved, $4,750/unit for a fairly low volume device might actually be a pretty decent price.

    Mainstream winCE devices were pretty much extinct, or in the later stages of twitching and gasping, by 2009; but as a point of comparison you could find yourself spending ~$500 for a high-end Pocket PC device back in the 2005ish period, sometimes without any sort of cellular connectivity and obviously without the SCIF mode and keyfill ports and stuff. Prices for equivalent hardware had certainly fallen in the mass market by 2009; but I'm guessing that this thing's development time left it with hardware much more akin to that of older models than to that of whatever cellphones were hot off the presses in 2009.

    If the requirements were more about knowing how to land contracts and tick feature checkboxes, then the price is on the high side. If the "trusted" label on various parts of the device, and whatever modifications to stock WinCE were necessary to get safe coexistence of the high and low security sides of the device, imply a substantial amount of very exacting software development; then I'm actually more surprised that they cost that little.

    Anyone know how these are supposed to stack up in EAL/CC/FIPS140-2 terms or any other measures that would be more helpful in drawing comparisons than membership in a group that only one other device was ever part of?

    1. Re:That might actually be pretty impressive... by whoever57 · · Score: 3, Informative

      I'm having trouble locating the exact requirements the device had to fulfill to satisfy the SME PED program; but depending on what levels of physical tamper resistance and software quality assurance were involved, $4,750/unit for a fairly low volume device might actually be a pretty decent price.

      Perhaps the requirements are based on campaign contributions from the seller?

      In this case, $4,750 is an utterly trivial amount to secure the communications of a secretary of state. It's a fraction of the price of a Vertu phone.

      --
      The real "Libtards" are the Libertarians!
  11. POTUS SecState by mveloso · · Score: 1

    The math is simple. Even the VP is more important than SecState.

  12. Re:And not all that secure even then. by NatasRevol · · Score: 2

    It already had the NSAKEY built in...

    --
    There are two types of people in the world: Those who crave closure
  13. Re:So, Fuck You , Then by Anonymous Coward · · Score: 5, Informative

    She had her personal server already set up before this whole thing with the NSA.

    The personal email server was clearly about avoiding FOIA requests and not a reaction to the NSA refusing to give her an expensive device.

    I'd post links in support of my claims, but last time I posted about Hillary and email with lots of references, I got moderated Troll. So I'll just post it anonymously without references.

  14. I know this phone by Verdatum · · Score: 5, Interesting

    I worked in mobile telecom in 2009, I wrote code for Mobile Switching Centers (MSCs). We purchased that Windows Phone to verify that our equipment properly handled everything needed to allow all the protocols to work as required. The phone was just horrible. It was extremely unfriendly to use, it devoured batteries, and it had effectively zero application development going on for it. I seem to recall the hardware aspects of it were at least pretty sturdy.

    1. Re:I know this phone by thegarbz · · Score: 1

      and it had effectively zero application development going on for it.

      I seem to recall that this was less than a year after the concept of applcation development actually became a thing. We're talking about a the year after the very first iPhone came out. Prior to that the idea of an "app" was non-existent and that's hardly a Windows phone's fault. I remember it being a pain in the arse phone, but a decent sort of calendar which was easy enough to use.

    2. Re:I know this phone by Verdatum · · Score: 1

      You are correct in that there wasn't much of an "app" as Apple wants you to think of it. But "applications" predates "app" by decades; it is synonymous with "program". The point is, there were almost none. Keep in mind, this was EIGHT YEARS after the development of Windows CE, which the phone of the time was based upon. That entire time, MS happily released the SDK to allow programs written for it. Appstore or no, no-one bothered to write for it, and that was an unfortunate clash to the realm of Windows Desktops, and the newly growing world of iPhone Apps.

    3. Re:I know this phone by Verdatum · · Score: 1

      Yes. It had a pocket version of MS Outlook.

  15. Re:So, Fuck You , Then by rsborg · · Score: 3, Interesting

    She had her personal server already set up before this whole thing with the NSA.

    The personal email server was clearly about avoiding FOIA requests and not a reaction to the NSA refusing to give her an expensive device.

    I'd post links in support of my claims, but last time I posted about Hillary and email with lots of references, I got moderated Troll. So I'll just post it anonymously without references.

    I have as well and not only on this forum. But why not post refs even if you're anon?

    --
    Make sure everyone's vote counts: Verified Voting
  16. $4,750 by PPH · · Score: 1

    And then they hit you up for the optional extended warranty.

    Covers you for parts and labor beyond the current administration's term.

    --
    Have gnu, will travel.
  17. Hillary said... by Anonymous Coward · · Score: 1

    ..."naw...too expensive. To save that money, I'll just hire and IT guy, buy a server and some hosting services and to save even more money, I'll keep in a bathroom closet."

  18. Isn't a secure smartphone just standard equipment? by swb · · Score: 1

    ...for the Secretary of State? As I've read this on Slashdot (which means I read some of the summary and comments, so I'm probably way off), I seem to remember that they only offered this phone and it was expensive.

    First of all, does she have to buy it personally? That seems dumb, the Secretary of State is #4 in the line of succession and usually one of the highest profile members of the Federal Government and a phone using whatever's necessary to secure her communications isn't just standard?

    I would think on orientation day it would be like first thing they give you after the coffee cup with 'WORLDS GREATEST SECRETARY OF STATE" and your door badge.

    And if just her "office" has to buy it, is $5k some kind of major strain on the Secretary of States office budget? Was it like "oh shit, we stocked up on inkjet cartridges and K-cups and blew the budget?" or "Well shit, everyone got Aeron chairs and now we can't give the Secretary a secure phone."

  19. Cost is irrelevant by mveloso · · Score: 1

    State would have bought it for her, and she didn't want it. It's not like she couldn't have approved the expense.

  20. Re:So, Fuck You , Then by Anonymous Coward · · Score: 1

    why not post refs even if you're anon?

    Just angry, I guess. I never troll... that's deliberately wasting other peoples' time and I don't think that's funny. Being falsely slapped down for trolling makes me less willing to go the extra mile and write solid posts with references.

    But I'll start pretending to be a grownup again. Here are some references.

    "clintonemail.com" was registered on January 13 2009, 8 days before she was confirmed as Secretary of State.

    https://sharylattkisson.com/hillary-clintons-email-the-definitive-timeline/

    NSA email discussion was in February 2009.

    http://www.cbsnews.com/news/emails-show-nsa-rejected-hillary-clinton-request-for-secure-smartphone/

    Q.E.D. She did not set up clintonemail.com as a response to not getting a secure phone; she set it up for some other reason. And I can't prove what she was thinking but the obvious one is to dodge FOIA requests.

    She has claimed that she went to the unusual trouble of setting up her own personal email server because she wanted the convenience of carrying only one device; she must have forgotten that she already said, in public, that she routinely carries an iPad, an iPad Mini, an iPhone, and a Blackberry.

    http://washington.cbslocal.com/2015/03/11/hillary-clinton-last-month-i-have-an-ipad-a-mini-ipad-an-iphone-and-a-blackberry/

  21. security waver by edittard · · Score: 1

    What's a security waver? Does it move it up and down, or from side to side?

    --
    At the bottom of the /. main page it says 'Yesterday's News'. Well they got that right.
  22. Re:Real origin by drinkypoo · · Score: 1

    They last 50 years and the government was only planning to keep a hundred or so of the planes... So a contractor had to build, set up and tear down an industrial mold for a production run of 20 units. That gets expensive.

    Tear down? You mean dismount the mold from the injection machine? SO HARD it might take four or even six bolts!

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  23. Re: Cry me a river, bitch. by um...+Lucas · · Score: 1

    Forgive my for being naive, but when did the terrorists break into her email?

  24. Shut up and paint by iamacat · · Score: 1

    There are monthly news of publicly available iOS and Android exploits that give attacker access to device data, location and microphone. NSA itself snooped on cell phone of German head of state. Do we really want a likelihood that foreign intelligence agencies and even resourceful journalists are able to eavesdrop on everything top US government officials do? And the newer and "smarter" a technology is, the harder it is to be confident that it doesn't contain security weaknesses. Windows CE was probably the right way to go at that time, apparently a modified Galaxy S4 is used now.

  25. Re:paperwork.. by Nethead · · Score: 1

    This. I work in aerospace. We turn a 10 cent screw into a $10 screw because of the QA, Flam & Cert needed. You don't even want to know how much a sticker that says No Smoking costs to put on an airplane.

    Be glad it's this way. You don't want to be stuck in a metal tube with fire.

    --
    -- I have a private email server in my basement.
  26. Re:Real origin by Sarten-X · · Score: 1

    Yes, six bolts... And a person using a wrench, and a supervisor to assign the task and manage the person with the wrench, and a contract manager to ensure that the job was done, and a material supervisor to take the government-funded mold and ship it to a government storage facility, and of course that truck driver, too, and the accountants to make sure all of the costs are properly documented.

    It'd be a lot cheaper if the government didn't require contracts to be so thorough, but in an effort to completely eliminate fraud, government contracts require excessive attention to detail, and that drives up the cost of every step of the process. There are a good number of companies out there that simply refuse to do government business, for exactly that reason... and a large number of contractor companies who exist solely to deal with the bureaucracy and pass the actual work on to subcontractors.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  27. Re:paperwork.. by khallow · · Score: 1

    It's the disinterested customer that costs the money. The contractor will bill whatever they can get away with.

  28. Good thing they're trying to outlaw it! by wardrich86 · · Score: 1

    could use until as recently as last year to get mobile access to top secret encrypted calls and secure e-mail

    Good thing they're trying to outlaw encryption! The Government will save so much money by no longer needing secured devices.