Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Wants Its Own Secure and Self-Destructing Messaging App -- And It's Willing to Pay (bloomberg.com)

Posted by msmash on from the greenback-boogie dept.

Long time reader schwit1 writes: The Defense Advanced Research Projects Agency (DARPA), an agency within the Department of Defense historically known for creating the Internet itself, has published a call for companies to submit proposals to build a robust messaging platform that the military could use for secure communication of everything from intelligence to procurement contracts. "Troops on the ground in denied communications environments would have a way to securely communicate back to HQ and DoD back office executives could rest assured that their logistics system is efficient, timely and safe from hackers," according to the DARPA proposal. The request for proposals, reported earlier by the UK's Telegraph outlet, also says that the messaging platform should incorporate a customized blockchain, the distributed ledger technology that underpins the digital currency bitcoin, for recording messages and contract information. The proposal says such a distributed ledger would allow the military to conduct its business in a more efficient and secure fashion.Motherboard's Lorenzo Franceschi-Bicchierai reports that DARPA is willing to pay people to make this app. "This project falls under the rules of the Small Business Technology Transfer (STTR) program. During the first phase, according to the program's rules, successful applicants might be awarded no more than $150,000 for one year. The companies and researchers who are part of phase one can then be eligible for a phase two award of up to $1 million for two years. Lastly, during phase three, the company or companies can pursue commercialization, and receive no funds from the federal government."

47 of 83 comments (clear)

  1. Startup? by wkwilley2 · · Score: 1

    So basically a government Kickstarter?

    --
    Have you ever fallen asleep at the keybhanusdiog?
    1. Re:Startup? by gurps_npc · · Score: 1

      They want one that they know has not already been cracked opened and p@wned by China and Russia.

      --
      excitingthingstodo.blogspot.com
    2. Re:Startup? by WarJolt · · Score: 2

      More precisely, they want one where only they can retain and decrypt the self destructing messages.

    3. Re: Startup? by easyTree · · Score: 3, Insightful

      As with all competions; we'll sit here with our five dollars whilst you expend twenty dollars of effort each. We'll take all the good ideas for ourselves and gift the winning team (mysteriously led by my wife's cousin) the five dollars.

      --
      Requiem for the American Dream
  2. But... by mwvdlee · · Score: 1

    Bug how will the NSA be able to monitor all the potential terrorists (= civilians)?

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    1. Re:But... by drpimp · · Score: 1

      Considering the RFP suggests its US government use, I don't think your tongue in cheek comment is relevant. Besides you already are implying the NSA is doing as you say ... so yeah!

      --
      -- Brought to you by Carl's JR
    2. Re:But... by AchilleTalon · · Score: 2
      From TFA:

      "The advantages of this decentralized structure is that it would be more resilient, and there would be no centralized server where a spy or hacker could gather metadata, according to Frederic Jacobs, an independent security researcher who has worked as a developer for the encryption messaging app Signal."

      Reading further:

      "The third and last will “focus on commercialization and full-scale implementation,” so DARPA wants this to be out in the open, for everyone to use, eventually."

      --
      Achille Talon
      Hop!
  3. in 5...4...3... by Thud457 · · Score: 1

    FBI Wants p0wn Secure and Self-Destructing Messaging App -- And It's Willing to Pay

    Talk about the left hand trying to chop off the right hand.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  4. Snapchat by PPH · · Score: 1

    n/t

    --
    Have gnu, will travel.
  5. "secure fashion" by fustakrakich · · Score: 1

    Translation: free of public oversight and the threat of whistle blowers exposing corruption

    --
    “He’s not deformed, he’s just drunk!”
  6. Blockchain = LMAO by Anonymous Coward · · Score: 1

    Sure, let's create a messaging protocol that burns electricity like nobody's business and creates a gigantic file that needs downloading before anything works. Great job, kids!

    1. Re:Blockchain = LMAO by dgatwood · · Score: 2

      The entire concept is nonsensical. It's a fairly fundamental truth that information cannot be destroyed. Self-destructing messages are basically the same problem as DRM; you have the data, you have a key, you're allowed to use the data to unlock the key, but only under somebody else's terms. If you trust the endpoint to be absolutely secure against tampering, the problem is trivial, but you don't need anything more than a simple "ask the server whether the data should be wiped before showing it" mechanism. If you don't trust the endpoint to be absolutely secure against tampering, then the problem is basically impossible, because any response from the server can be faked.

      At best, you might come up with some screwball scheme involving a time-stamped response from the server that has to be within the last 30 seconds or else the app refuses to show the message (to prevent replay), but even then, if somebody can tamper with the device, they can patch out the check. Or you can make the app store nothing locally, and depend on the server to either provide the message or not do so, of course, but even then, there's no way to avoid the analog hole.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    2. Re:Blockchain = LMAO by Megol · · Score: 1

      How do you suggest one should go about to burn electricity? Electric charges doesn't readily oxidize...

    3. Re:Blockchain = LMAO by Szeraax · · Score: 1

      Agreed it sounds trivial. That's why they are only spending up to a million for it. This is a little project and yes, I believe that they can secure their access terminals. They just need the program made to do it all.

    4. Re:Blockchain = LMAO by JeffreyBPetersen · · Score: 1

      Proof-of-stake and light clients render those concerns moot, you're behind the times

  7. Buzzword bingo by Qzukk · · Score: 1

    So they want a messaging system and it must use a blockchain and it must allow messages to be deleted?

    They're going to have a hard time.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
    1. Re:Buzzword bingo by sexconker · · Score: 1

      Pretty much. "Self-destructing" and "blockchain" don't go together.

    2. Re:Buzzword bingo by Actually,+I+do+RTFA · · Score: 1

      They're going to have a hard time.

      It's a DARPA project. It should be really, really hard.

      --
      Your ad here. Ask me how!
    3. Re:Buzzword bingo by U2xhc2hkb3QgU3Vja3M · · Score: 1

      "Self-destructing" and "blockchain" don't go together.

      As in "Self-destructing" and "blockchain" are complete opposites.

      Fixed it so that when the people at DARPA read your comment, they really understand their idiocy.

    4. Re:Buzzword bingo by Megol · · Score: 1

      Destroy the one-time-pad, destroy the message.

    5. Re:Buzzword bingo by sexconker · · Score: 1

      How are you generating, distributing, and storing the one-time pads?
      If you're doing it inside the blockchain, then lol.
      If you're doing it outside the blockchain, then the blockchain piece of the project is pointless, as all security has to cover the generation, distribution, and storage of the one-time pads.

    6. Re:Buzzword bingo by Kevin+by+the+Beach · · Score: 1

      Thanks, my cognitive dissonance was getting in the way when I first read the article. If they are asking for mutually exclusive components are they really asking for anything? Or, is this a fishing trip to see if they can get a new perspective on something?

    7. Re:Buzzword bingo by CoolCash · · Score: 1

      Could have a self-destructing private key, that way the data is not accessible. Possible tag that public key as destroyed so it won't sync in future blockchains.

    8. Re:Buzzword bingo by AchilleTalon · · Score: 1

      Damn! I shouldn't have comment on this thread and lost my privilege to mod you up.

      --
      Achille Talon
      Hop!
    9. Re:Buzzword bingo by KGIII · · Score: 1

      You're probably not the best person to ask but I'll try it. Is it possible for the blockchain to be stored in a central repository where it's then trimmed and only certain devices get access to certain segments, in real time?

      That would do nothing for the analog hole or interception, some of those can be reduced in risk levels.

      --
      "So long and thanks for all the fish."
  8. Re:Don't Make It Too Good by Archangel+Michael · · Score: 1

    From that article, I can easily surmise the probable application of the patent. Underwater Fiber Taps. Once you have the general scope of the application, the specifics are completely unneeded. The Government doesn't want people to know, what everyone already suspects (and is vaguely confirmed) that they are tapping underwater Fiber to spy on people.

    Just my opinion.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  9. Re:An app apping app for apping apps! by Megol · · Score: 1

    Apps?

  10. Re:better idea by cdrudge · · Score: 2

    But it could work for within the US borders as well. All levels of government could benefit from a messaging system that was secure against against snooping investigations and other government oversight, but also to securely be deleted should those investigations progress and journalists or the public in general.

  11. No, but yes. by jxander · · Score: 3, Insightful

    "You must make weaker encryption so law enforcement can do it's job... hey, can you make some nice strong encryption for us? The military needs that to do its job."

    --
    This signature is false.
    1. Re:No, but yes. by Anonymous Coward · · Score: 1

      Well, to be fair, those aren't mutually exclusive positions.

      Law enforcement has a need to find out what people said and to whom as part of determining who the guilty part is in a criminal investigation, and the military has a need to communicate without the enemy hearing it as part of conducting combat operations.

    2. Re:No, but yes. by Macdude · · Score: 1

      You're phrasing it wrong...

      The government needs to find out what the people are doing to identify those individuals who are violating societal rules.

      The people need to find out what the government is doing to identify those individuals in government who are violating their positions.

      It's exactly the same thing, the only difference is who are the watchers and who are the watched.

      --
      "Grab them by the pussy" -- President of the United States of America
    3. Re: No, but yes. by Anonymous Coward · · Score: 1

      Good! I can live in that world. A second amendment challenge would be easier to win than a first amendment or fourth amendment challenge on the matter.

    4. Re:No, but yes. by Anonymous Coward · · Score: 1

      This is exactly what I don't understand....

      Just earlier today, there was a discussion about how the NSA was complaining about Snowden's actions are speeding up the adaption of encryption. https://yro.slashdot.org/story...

      The NSA would seemingly rather have weak encryption to catch violent terrorists while simultaneously making it easier for financial terrorists to thrive with weak encryption protections.

      Now we've got the DARPA branch of the DoD basically taking Swowden's stance by encouraging private industry to create stronger encryption!

      Meanwhile, we have corrupt COWARDS like Petraeus and Hillary Clinton out there bypassing encryption all together with nothing more than a slap on the wrist while millions of cleared government employees and contractors (such as myself) who actually HONOR OUR OATHS to keep our nations secrets secure have our fingerprints and SF86 information out there for the world to read because they were too damn reckless with our data to begin with.

      And now these fuckers want to have a system of self destructing messages to skirt around Freedom of Information Act requests to avoid prosecution when they do illegal shit.

      Maybe the Amish were right all along.

  12. Re:Don't Make It Too Good by Megol · · Score: 1

    The article spells it out but that doesn't mean that's what it is about. It also sounds fishy: why would they tell the inventor that his device passed the testing and would be used and then say "we will not pay"? It doesn't make any sense, licensing the invention would keep the use a secret.

  13. this message will self destruct in 5 seconds by Joe_Dragon · · Score: 1

    this message will self destruct in 5 seconds

  14. Re:Don't Make It Too Good by marklark · · Score: 1

    It wouldn't be as subtle as the tap used in Operation Ivy Bells and the like: https://en.wikipedia.org/wiki/...

  15. Re:signal? by mlts · · Score: 1

    I'd say Signal is almost perfect for this task. Some other items that would be useful:

    1: Forward secrecy implemented in a fairly easy to use package.
    2: To handle self-destructing items, have a private key that needs to be gone by a certain time encrypted by a second key. Have this second key split amongst x out of y nodes, via Shamir's Secret Sharing algorithm. Each node, once the expiration date passes, destroys the second key, so even if there are some nodes that are hacked to retain it, unless the system is so compromised that most of them keep the key and not expire it, the private key will be not recoverable.
    3: Maybe consider going independent of the messaging system, and modify OpenPGP, perhaps with Saltpack's extensions. This way, secure messages can be sent via E-mail, SMS, WoW /whispers, FB PMs, carrier pigeons, or any other transport method.
    4: Use blinding factors, similar to Chaum's eCash, so that entries can be made on the blockchain, but the identity of the transaction is protected.

  16. Re:signal? by mlts · · Score: 1

    Depends on the attacks. Done right, with forward secrecy [1], the best an attacker could do is block communication. If an attacker gains control of an endpoint, it becomes much harder to ensure integrity.

    However, protecting endpoints is a solved problem... Apple TV, and present gen consoles show that one can make a device extremely secure. Endpoint-wise, the application could be placed in the secure "world" of an ARM CPU with its keys, perhaps run on the equivalent of a "secure desktop" where no applications normally running on the OS can interfere with the messaging app or intercept the display or tapes.

    I do agree, it would take more than just installing signal. At the minimum, it would take a custom ROM, ideally hardware that is vetted (and not made in a country where the chip masks get extra "features" added on that the maker didn't desire.)

  17. I want a pony by easyTree · · Score: 1

    A solid diamond pony and I'm going to sit here with my five dollars until someone makes me one.

    --
    Requiem for the American Dream
  18. They could have just used Skype. by jcr · · Score: 1

    Back in the days before Microsoft fucked it up, Skype was a reliable, secure communications platform. Dissidents routinely used it in countries ruled by totalitarian regimes.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  19. Re: better idea by easyTree · · Score: 1

    That would be a tacit admission that Michael Moore was right. No government would allow such a conclusion, not whilst there are still countries operating free of US meddling.

    --
    Requiem for the American Dream
  20. Christ on a crutch, just use iPhones by TigerPlish · · Score: 1

    Just use iPhones and other iToys. Im' sure bought in bulk they can get 'em for 50Â per unit.

    They're so well encrypted the government is on a whaaaambulance about it, no?

    Well, fucking put your money where your noise-hole is, and use that very same uncrackable* technology the turrrirrrists are using! **

    * /. readers know there's no such thing as uncrackable

    **./ readers know so far nothing super cray-cray incriminating has been found on that San Berdnadino phone. I'm sure it was helpful for parallel construction, tho.

    --
    The "Civilized World" jumped the shark ca. 1973.
  21. Re:An app apping app for apping apps! by KGIII · · Score: 1

    He'd chuck as much apps as an appchucker could if an appchucker could chuck apps.

    D'uh! Everyone knows that.

    --
    "So long and thanks for all the fish."
  22. Re:signal? by KGIII · · Score: 1

    Yeah, there's the potential (assuming it's a juicy enough target) to intercept when output hits the screen. Controlling the hardware would seem a must and controlling the OS that it runs on would be important. I'm thinking ground-up build for this to be as good as they're hoping. I'm honestly not sure there's enough in the budget for that.

    --
    "So long and thanks for all the fish."
  23. Price too low to care by voltaicsca · · Score: 1

    Who would actually do this? You *may* be awarded *up to* 150k? Then, maybe, possibly up to $1M for two years. Who kind of crazy person would take that gamble? Your first year costs might barely be covered, then you might have a chance to win in the "make a modest profit" lottery!? Do these figures seem crazy to anyone else, or have I lived in San Francisco too long?

  24. Re:better idea by cavreader · · Score: 1

    The US occupies Gitmo because both countries signed a lease agreement in 1903 which is still legal and in effect today. Thus the US base is there because of an agreement with the host country. And the US lease agreement took Cuba to the cleaners because they only pay $4,085 a year. Maybe Cuba has been unable to scrape up enough money to payoff the lease?

  25. Re:Don't Make It Too Good by Arterion · · Score: 1

    It sounds fishy! I see what you did there.

    --
    "That which does not kill us makes us stranger." -Trevor Goodchild