The craziest thing about a typical "top secret" U.S. Government phone is that you can probably spot it from a football field away. If your mental picture of a Hollywood-style NSA agent drives a black AMC Ambassador, wears a polyester suit and Ray-Bans, and smokes Luckies, then his phone may either be Maxwell Smart's shoe or a General Dynamics Sectera Edge (pictured left). At any distance, it looks like one of the pocket football games my junior high school vice principal used to confiscate and collect in his back drawer.

The National Security Agency wants a real-world smartphone, not the one it has now - not the one you see here. Of course, it must fulfill the Dept. of Defense's requirements for session encryption and data retention. But beyond that fact, the NSA wonders why its secure phone can't have multitouch, apps, and speed just like the civilians have. Based on looks alone, you'd think the civilians are a couple of pegs ahead of the G-men. This is a story of looks being more deceptive than even a security agency could have anticipated.

The real face of the National Security Agency looks more like Margaret Salter. At the RSA Conference in San Francisco last Wednesday, Salter told attendees the story of the NSA's Secure Mobility Strategy. She leads a department called the Information Assurance Directorate. For the better part of four decades, IAD has been tasked with securing secret government communications, and building specifications for the tools to do it. The NSA contracts with private suppliers to build a class of devices it calls GOTS (government off-the-shelf). The gestation cycle for each of these devices - from the conceptual stage, to development, to deployment - typically consumes years. Perhaps the best-known GOTS product is still in wide use today - 1987's STU-III secure telephone, which looks about as home on an agent's desk today as an IBM PC.

Still, as Salter told the RSA attendees, for the better part of half a century, the NSA explicitly defined its own market, a private universe of products made for its own exclusive consumption. "That was cool for us, for the longest time. We kinda had a monopoly on this from the very beginning," she remarked. "We were mostly building things like radios for combat, [and] big link encryptors to hook one site up to another site."

But their ease of use ranked right up there with a World War II cipher machine. "Once you get something in the hands of an individual user who's not a cleared COMSEC custodian, someone who knows what they're supposed to be doing with this stuff and understands all the details, ease of use became incredibly freakin' important. And it turned out that, although our stuff was incredibly secure, it was not incredibly easy to use."

Over time, it became more difficult over time for the agency to define "ease of use" on a comparative scale. In just the last five years, the consumer universe appeared to leave the NSA's secure market behind. "The world everyone wants is, I want to get what I want, when I want it, where I want it."

Salter's team considered whether it was feasible for NSA to utilize a real, commercial smartphone - one like all the kids are using nowadays - but with software that made the device perhaps more secure than the Sectera Edge. "The phones are so popular and exploding all over the place, because we can play Angry Birds on them, and do whatever you want. But we needed enterprise management - some control over it, because honestly, we didn't really want you to be able to go load Angry Birds on your TS [top secret] phone... That was not a business model that we could support, or even defend."

They launched Project Fishbowl, a pilot to produce a smartphone made of mostly commercial parts and infrastructure (more COTS than GOTS), capable of supporting classified voice and data, while remaining as easy to use as its civilian counterpart and staying inexpensive. The historical significance of the NSA embracing commercial crypto standards cannot be stressed enough. Anyone familiar with how RSA came to be in the first place will recall the fights its engineers faced keeping the government from classifying it, taking its power out of the public's hands. Perhaps the whole point of the RSA standard and the RSA conference is to promote the power of security for everyone through manageable encryption.

"So one of the things I harp on most is, why was that so hard?" remarked Salter.

Go here to see the original:
Anatomy of a Government Phone, or, Can the NSA Build an Android?