Making Android secure enough for secure government work

Making Android secure enough for secure government work

Summary: A custom-built Android kernel means that American security officials can take charge of message traffic.


Back in the middle 2007, I was spending a truly exciting day reading Congressional testimony. There isn't much you can do that is more fun or exciting than reading transcripts from Congress (he said, sarcastically). If you need help with insomnia, I strongly recommend digging into these things.

So, you can imagine my surprise when I suddenly felt my heart racing, I started to breath heavily, and I heard myself exclaim, "Oh s#*t!"

I was digging into how the Bush White House could have lost more than 5 million emails. One of the White House staffers testifying before Congress was a Susan Ralston, the assistant to then Deputy Chief of Staff Karl Rove. On Page 19, Line 10 of her testimony was this innocuous-seeming paragraph:

It may have been four or five times. I can't say specifically, but it seemed to be a number of times. Karl would get a new computer. He would lose a BlackBerry. Whenever this happened, there would be some conversation with the IS&T people about his mail file.

This was the first time I realized that smartphones could be a real security problem in the White House and within the federal government.

Later, when some BlackBerry devices were actually stolen from White House officials attending a leadership conference in New Orleans, it became clear that the whole secured smartphone thing was even more of a serious issue.

Although there was a hardened Windows CE smartphone, there were very few other truly military-grade smartphones back then. When Barack Obama was elected, we all found out about his fetish for mobile communications. In fact, some of my earliest articles for CNN were about President Obama's BlackBerry and the security implications.

There were other implications, which I reported in homeland security venues not available to you to read online. The biggest, of course, is that BlackBerry messaging traffic is managed by the very beleaguered and Research In Motion, a Canadian company. Running secure American government communication, especially messaging at the highest levels, through a non-American firm is a serious problem.

Back in 2007, smartphones were just beginning to be used outside the corporate world. Today, of course, smartphones are a force of nature. They're constant companions of almost anyone under the age of 40, and while they can waste a tremendous amount of time, they can also provide tremendous value for users.

This value can accrue to members of America's military, to our leaders, and anyone in government service. If collaborative communication makes us more effective and efficient, we certainly want to give our government officials every opportunity to practice effectiveness and become more efficient.

On the one hand, government agencies are feeling a pull to accept smartphones, simply because many of their employees have gone out and bought their own. On the other hand, to maintain operational security, the various agencies of the government need to control and secure all those little security nightmares wandering around.

And security nightmares they are. Are you ready for this? You better sit down and plant it, because it's breathtaking.

Back in 2008, when when I wrote about the stolen White House BlackBerry devices, I discussed how a BlackBerry of the time could hold about 64MB. I explained that that's the equivalent in strategic U.S. government information of about 28,000 printed pages of data, or seven complete sets of all seven Harry Potter novels.

Now, instead of 64MB of storage, your new iPhone can hold 64GB of storage. That's a thousandfold increase in storage in the space of, what, four years? So instead of being able to hold the text equivalent of seven sets of all seven Harry Potter novels, the typical high-end smartphone can hold seven thousand sets of all seven Harry Potter novels.

Instead of storing (and carrying to the neighborhood bar) the equivalent of strategic U.S. government information of about 28,000 printed pages of data, it's the equivalent of strategic U.S. government information of about 28 million printed pages of data. If you think about the level of harm the release of the Wikileaks cables caused, one smartphone filled with confidential information can contain vastly more information -- and cause even more harm.

So here we have a confluence of problems. First, we have the issue of running confidential messaging through messaging servers run by a company controlled by a foreign nation. Next, we have the issue of an absolutely mind-blowing amount of information that can be stored, exfiltrated, lost, or stolen, from every one of these little devices living in our pockets.

Those of you who are regular followers of my posts here on ZDNet Government know I have a substantial disdain for nearly all politicians. While I have little respect for the typical politician, I have an extremely high level of respect for members of the federal government security establishment. Almost every career government servant I've ever met who deals with government security is whip-smart, extremely capable, and highly thoughtful.

Some of those smart government servants are working on a security smartphone solution that is a genuinely good idea. Rather than relying on locked systems like Apple or BlackBerry, they've decided to rework the Android 3.0 kernel to make it secure enough for government work.

I'll let the GCN article tell you the details of the project. What I want to talk to you about is how good an idea this is.

It's not that the gov is using Android, it's that government developers are using an open-source operating system and building something accessible and under the control of government developers.

Android, on its own, is a fine OS. Built originally on the Linux kernel, we know that Linux can be nicely hardened. So it's clear that a modified Android kernel has the capability of being robust enough for secure government work.

So, technically, moving in this direction is a wise decision.

From a practical point of view, there are a lot of Linux and Android developers. So the government has a huge, ready pool of potential developers it can tap for maintenance and ongoing development.

For all the reasons that open source is good, using Android is also a better choice than the secure Windows CE platform currently used by some MIL-SPEC smartphones.

So, practically, moving in this direction is a wise decision.

Most important, though, a custom-built Android kernel means that American security officials can take charge of message traffic. No longer will American security messaging have to travel through BlackBerry servers.

So, from the perspective of national security, moving in this direction is a wise decision.

I applaud the teams from Google, George Mason University and the National Security Agency who are working on this project.

By contrast, can you imagine if the government had chosen Apple's iOS for their secure smartphone? Government officials wouldn't be able to even write a press release on their smartphones without mentioning unicorns and rainbows. Government productivity would grind to a halt, as if government decisions were made by politicians instead of professionals.

Oh, wait...

Topics: Hardware, Android, Google, Government, Government US, Mobility, BlackBerry, Security, Smartphones


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Making Android secure enough for secure government work

    I never trusted those shifty eyed Canadians and their ice hockey and french fries & gravy.
  • but the chips come from china

    and we all know that the chinese government has to be given the ip for any device, and that means they would be able to put in hardware back doors to any device if they felt like pulling a few strings or giving a few orders.
    sparkle farkle
    • re: but the chips come from china

      @sparkle farkle

      And Huwaei wonders why they have been shut out of a sensitive emergency communications contract. Too many concerns about its "connections" to the Chinese military.
  • RE: Making Android secure enough for secure government work

    It's not a security issue with Blackberries. RIM has the best security environment for smartphones available today. Thats why it's the only FIPS certified platform.
    With Blackberry Enterprise Server BES admin can wipe the phone remotely. The platform's Blackberry Balance Technology is so good it will let you wipe business work related data without deleting employee's personal stuff.
    I'd like to see these features on all platforms and for all users not just corporate.
    • Blackberry is so secure .... terrorists have copy of the source

      @SinfoCOMAR Blackberry is as secure as a bank safe with the door open and fake security video cameras.
      • RE: Making Android secure enough for secure government work

        @wackoae Why waste your time and mine by replying without thinking? Facts have merit, your verbal impulsivity has none. Despite it's flaws, Blackberry is still the most secure smartphone platform. No other system has End-to-End encryption as Blackberries do. And I mean high end encryption enough for the U.S. President to use.
        I dare you to show me which smartphone platform is better and why.
      • RE: Making Android secure enough for secure government work


        Since at least 2.3.4, Android and the Google gmail app have used allowed SSL encrypted connection and have the option of encrypting the data on the phone.
      • RE: Making Android secure enough for secure government work

        @SinfoCOMAR: K9 mail + APG (PGP encryption using RSA keys) ain't good enough?

        We're talking potentially +16000 bit RSA keys (APG can handle it, although it's gonna wear down the battery a whole lot if you go above 2048 bits) and AES256.
        Assuming the OS is secure, how can you beat that?
        There's also SIP clients that use ZRTP for VoIP calls. That definitely beats the default crypto in GSM!
    • RE: Making Android secure enough for secure government work


      Android has been doing this at least since 2.2.
      • RE: Making Android secure enough for secure government work

        @tkejlboom This article is about government strength security. Thats BES we are talking about. With BES, most of your data remains in a private, closed network. Your BlackBerry has a secure link directly to the corporate environment, because the BES server is located in the office somewhere. The only way for someone to monitor or intercept your data would be for them to infiltrate your organization.
      • RE: Making Android secure enough for secure government work

        @tkejlboom It???s all about privacy. In the case of BIS (the closest thing to other smartphone services), everything operates on a public network. Data from your phone to your carrier is encrypted, but ultimately your carrier is communicating with the Internet, which isn???t exactly the pinnacle of a secure environment. The odds of somebody intercepting your data, or worse, compromising the different systems you access, are much higher. I don???t want to scare anyone though: BIS is typically more secure than accessing the Internet from home using an ISP, and is WAY more secure than using WAP, WiFi or BlueTooth.
  • RE: Making Android secure enough for secure government work

    I guess none of you understand how BES works and how encryption works on BlackBerrys.
    John Hanks
  • You RESPECT Those Homeland Security Jobsworths?

    <A HREF="">You</A> <A HREF="">might</A> <A HREF="">like</A> to <A HREF="">rethink</A> <A HREF="">that</A>.
  • crying girl

    <u><b><i><a href="">best food for all</a></i></b> |
    <u><b><i><a href="">cheap hotels near disneyland</a></i></b> |
    <u><b><i><a href="">printable real estate forms</a></i></b> |
    <u><b><i><a href="">free printable rental lease agreement</a></i></b> |
  • RE: Making Android secure enough for secure government work

    @SinfoCOMAR<br><br>Surely 'BES' is just encapsulated over whatever protocol running at the local POP, therefore it is entirely open to numerous forms of attack, MIM and others. I think Andriod is an excellent base for developing a secure (possibly milspec) OS, we have to take other things into account also when looking at BB vs Andriod, BB as an OS has the majority of it's security based in obscurity (what's left of it) This might be good for propriety stuff when it's just been released to the public, but if something cannot withstand it's source being exposed, then it is at a disadvantage. <br><br> As for using foreign countries as carriers, perhaps it's not the most desirable situation, but the merits of any given carrier need to be taken into account based on the carrier's overall pros and cons, if another country is an (true)ally, then high-level security is often a shared issue/concern anyway. I just hope they disable any/all app stores and replace them with a government sanctioned service, with government sanctioned apps... With there exception of the version they hopefully release for domestic use ;-)
  • RE: Making Android secure enough for secure government work

    Anyone recall the phrase "good enough for gvt work? It still spplies dor msny, msny reasoncs, the gslutr to learn from the past is still leading the list!
  • Politicians and Smartphones

    By all means, Yes, I want politicians to have smart phones. That way they can stay in constant contact with lobbyists, and be able to tell the difference between the bribes and the campaign contributions!
  • Ya gotta be kiddn!

    That means 100% secure. There is no such thing and won't be any decade soon.