updated 08:25 pm EST, Thu March 1, 2012
Phone uses off-the-shelf parts for secure calls
The National Security Agency has designed an Android-based phone for secure conversations between US government staff members. The phones meet the agency's strict information security rules, but are also built with commercially available components. About 100 of the phones are currently in use.
The phones run on a modified Android OS integrated with a special "police app" which monitors the device's operations. All conversations use VoIP technology, and are subjected to a "fishbowl" encryption process which routes them through a special enterprise server and also encodes them using both IPSEC and SRTP protective processes. The handsets are designed to let users install defense-related apps from an enterprise app store run by the US Defense Information Systems Agency, rather than requiring the NSA to verify the security of third-party apps.
Margaret Salter, who discussed the phone at this week's RSA security conference, said that design's use of off-the shelf parts was low in cost yet made it unnecessary to "speak in code" as when discussing classified information using conventional phones. Salter indicated that specifications of the phone were available online to let non-government organizations benefit from the NSA's design. [via Secure Business Intelligence]