NSA Publishes Blueprint For Top Secret Android Phone 172
mask.of.sanity writes "The National Security Agency has designed a super-secure Android phone from commercial parts, and released the blueprints(Pdf) to the public. The doubly-encrypted phone, dubbed Fishbowl, was designed to be secure enough to handle top secret phone calls yet be as easy to use and cheap to build as commercial handsets. One hundred US government staff are using the phones under a pilot which is part of a wider project to redesign communication platforms used in classified conversations."
Hmmmm... (Score:3, Insightful)
Research In Motion (Score:4, Insightful)
I kinda doubt it (Score:4, Insightful)
So let's have a look and see what classified information has ever been leaked by Wikileaks. Looks like just the diplomatic cables and video that came from Bradley Manning. Well guess what? That wasn't a hack, that was a person with access, that misused their access to give the information to an unauthorized party. That kind of thing has been going on as long as there have been spys and it is something the intelligence community works on (preventing or exploiting depending on) all the time.
Past that? Nothing. I see nothing from Anonymous getting on to JWICS and grabbing and releasing tons of documents. They've DDoS'd webservers (and failed to DDoS others, Amazon proved to be too big a target) and gotten in to people who have security holes, but they don't seem to be able to get at the classified networks.
Maybe, just maybe, the NSA is a little better at signals security than you give them credit for.
You could RTFA (Score:3, Insightful)
Where you'd find out the encryption isn't about apps, but about the calls. The NSA requires it so that in the event there is a failure in the implementation of one of the encryption layers, that isn't an automatic compromise.
In terms of app control yes, it only gets apps from a DoD run app store. The phones can only get apps that the NSA has decided are ok. The control actually goes further than that, in that to place a call you connect to signals and they then route your call to the requested party. So you can't even just call whomever you'd like, you have to go through a central point (which means they can track who called who).
You have to remember the NSA is not new to this game. They are pretty much the best the world has ever seen at signals intelligence, and they were doing encryption back in the days when nobody had heard of such a thing. They are pretty good at it. Well their mission isn't only signals intelligence (as in capturing and decoding information from non-US entities) but also information assurance, meaning protecting US government communications.
Further, they have a mission to help protect US civilian interests like helping keep electronic banking secure. This is why you see things like this phone, or SELinux, released to the public.
Re:You could RTFA (Score:4, Insightful)
Are you suggesting they also invented time travel and ventured back in time to before AD?
Encryption is a VERY old discipline, and was being used for more than a thousand years by the time Leonardo da Vinci was even born.
Re:I want one. (Score:4, Insightful)
And so, the NSA will have created a phone that the NSA itself could not use.
And this surprises you how, exactly?
Most security boils down to "security by obscurity" when you get past all the smoke and mirrors. Someone at the top above all the compartmentalization made the decision that he simply won't tell anyone about the back door. Except for Dan in Dept A where such a backdoor would be very VERY useful, you know, to keep tabs on the operatives, etc; and Roger in Dept B whose job it is to keep tabs on Dept A. Both Dan and Roger are trustworthy and sworn to secrecy, so there's no way that this back-door will be abused or leaked. Ever. Except...
Re:Double Encryption??? (Score:2, Insightful)
Most of the time, yeah, it makes little to no difference. It may change the problem (though double encrypting with the same encryption may not even do that, depending on the cipher), but not make it any more difficult.
However, that's assuming that the ciphers you're using aren't flawed. Using multiple ciphers means that if a flaw is discovered for one, it (hopefully) won't apply to the combination of the two.
No not at all (Score:5, Insightful)
However cryptography wasn't widely used or known to the public back in the day. Also while the codes used were technically cryptography by the pure meaning of the word, they really weren't by modern thinking. They were, well, codes, secret language and the like. As an example the highly successful Navajo Code Talkers in WWII weren't using mathematical encryption, book cyphers, or the like, they were just speaking a language that nobody in Germany understood, and using special terminology.
The public really didn't have much of a study of cryptography in the modern sense back in the day. Heck, read up on the DES process. The NBS asked for submissions and nobody presented anything useful so they went to IBM and asked them to try (IBM being the biggest civilian employer of mathematicians at the time) and they developed DES, with some consultation with the NSA (who asked them to keep a lid on things like differential cryptanalysis).
When DES came out, it lead to a real jump start of civilian study of cryptography. People were curious about this new thing and started looking at it.
If you want to equate coded speech with mathematical crypto, ok fine then I guess, but it really isn't. Mathematical cryptography changed the game. With codes it was all about working to understand and guess the enemy's coding scheme, and such things were done all the time. With mathematical crypto, you can design a system that is unbreakable except through brute force (which you can make infeasible) or via some sort of new discovery in cryptology.
This is something the NSA was one of the very fist involved in, and indeed they came about due to the importance of code breaking in WWII. They were the largest employer of mathematicians in the world for a time (not sure if that is still true).
That's what I mean by "nobody had heard of it." I don't mean they invented it, I mean the concept was pretty much unknown to the public. The idea of a mathematical system that you could use to secure information was just not something people had heard of on any large scale. The NSA was writing crypto systems back when the geeks who now use crypto all the time were doing everything in plain text.