US Wants Its Own Secure and Self-Destructing Messaging App -- And It's Willing to Pay

Long time reader schwit1 writes: The Defense Advanced Research Projects Agency (DARPA), an agency within the Department of Defense historically known for creating the Internet itself, has published a call for companies to submit proposals to build a robust messaging platform that the military could use for secure communication of everything from intelligence to procurement contracts. "Troops on the ground in denied communications environments would have a way to securely communicate back to HQ and DoD back office executives could rest assured that their logistics system is efficient, timely and safe from hackers," according to the DARPA proposal. The request for proposals, reported earlier by the UK's Telegraph outlet, also says that the messaging platform should incorporate a customized blockchain, the distributed ledger technology that underpins the digital currency bitcoin, for recording messages and contract information. The proposal says such a distributed ledger would allow the military to conduct its business in a more efficient and secure fashion.Motherboard's Lorenzo Franceschi-Bicchierai reports that DARPA is willing to pay people to make this app. "This project falls under the rules of the Small Business Technology Transfer (STTR) program. During the first phase, according to the program's rules, successful applicants might be awarded no more than $150,000 for one year. The companies and researchers who are part of phase one can then be eligible for a phase two award of up to $1 million for two years. Lastly, during phase three, the company or companies can pursue commercialization, and receive no funds from the federal government."

Re:better idea

[cdrudge]

But it could work for within the US borders as well. All levels of government could benefit from a messaging system that was secure against against snooping investigations and other government oversight, but also to securely be deleted should those investigations progress and journalists or the public in general.

Re:Startup?

[WarJolt]

More precisely, they want one where only they can retain and decrypt the self destructing messages.

No, but yes.

[jxander]

"You must make weaker encryption so law enforcement can do it's job... hey, can you make some nice strong encryption for us? The military needs that to do its job."

Re:Blockchain = LMAO

[dgatwood]

The entire concept is nonsensical. It's a fairly fundamental truth that information cannot be destroyed. Self-destructing messages are basically the same problem as DRM; you have the data, you have a key, you're allowed to use the data to unlock the key, but only under somebody else's terms. If you trust the endpoint to be absolutely secure against tampering, the problem is trivial, but you don't need anything more than a simple "ask the server whether the data should be wiped before showing it" mechanism. If you don't trust the endpoint to be absolutely secure against tampering, then the problem is basically impossible, because any response from the server can be faked.

At best, you might come up with some screwball scheme involving a time-stamped response from the server that has to be within the last 30 seconds or else the app refuses to show the message (to prevent replay), but even then, if somebody can tamper with the device, they can patch out the check. Or you can make the app store nothing locally, and depend on the server to either provide the message or not do so, of course, but even then, there's no way to avoid the analog hole.

Re: Startup?

[easyTree]

As with all competions; we'll sit here with our five dollars whilst you expend twenty dollars of effort each. We'll take all the good ideas for ourselves and gift the winning team (mysteriously led by my wife's cousin) the five dollars.

Re:But...

[AchilleTalon]

From TFA:

"The advantages of this decentralized structure is that it would be more resilient, and there would be no centralized server where a spy or hacker could gather metadata, according to Frederic Jacobs, an independent security researcher who has worked as a developer for the encryption messaging app Signal."

Reading further:

"The third and last will “focus on commercialization and full-scale implementation,” so DARPA wants this to be out in the open, for everyone to use, eventually."