National Security Agency develops secure Android phone for top-secret calls
The super-secret National Security Agency has developed an Android phone out of commercial parts that NSA researchers say is safe for top-secret conversations. The problem of secure mobile phone conversations has been a concern for military and intelligence agencies for years, and has resulted in such things as President Obama's struggle to retain his BlackBerry when he took office.
Obama is currently using a super-secure Windows 6.5-based phone custom built by General Dynamics. It lacks a number of features that most smartphone users have come to rely on, and it's big and sort of clunky (sometimes you can see him with it in news coverage). Such a phone isn't ideal for your average spook because it costs too much and doesn't do enough. Thus the need for something more closely resembling a normal smartphone.
Margaret Salter, a technical director at the NSA's Information Assurance Directorate, told SC Magazine that the new phone uses off-the-shelf components for Secure VoIP. The details of how this is accomplished were published (.pdf) by NSA on Feb. 27.
Salter said in her interview that actually getting the security components to work together was a bigger problem than the NSA had anticipated. She said that the vendors for the various hardware and software components were chosen because they had solutions that worked. Salter added that her agency's experience highlights the need for interoperability among users of the same standard. The NSA phone uses two types of encryption, IPsec (Internet protocol security) and SRTP (secure real-time transport protocol), simultaneously so that each signal is encrypted twice, providing a level of redundancy.
It's worth noting that the phone can't call just anywhere. In fact, the only place it can call is its own enterprise. Any further call switching is handled at the enterprise end.
While it's unlikely that you're going to see an Android phone like this at your company (unless you're a contractor for the NSA), there are features of this phone and how the phone operates that could help secure phones in commercial service. Currently the only phone that meets the security standards of many companies is the BlackBerry from RIM (NASDAQ: RIMM) because of the military-grade encryption used between the device and RIMs servers. The NSA phone goes quite a bit further by encrypting voice as well as data.
Even for companies that aren't dealing with top-secret information, it's a lot easier to meet compliance and privacy requirements and pass the resulting audits if you can prove that everything that travels between the phone and the enterprise is encrypted.