Making Android secure enough for secure government work

A custom-built Android kernel means that American security officials can take charge of message traffic.
Written by David Gewirtz, Senior Contributing Editor

Back in the middle 2007, I was spending a truly exciting day reading Congressional testimony. There isn't much you can do that is more fun or exciting than reading transcripts from Congress (he said, sarcastically). If you need help with insomnia, I strongly recommend digging into these things.

So, you can imagine my surprise when I suddenly felt my heart racing, I started to breath heavily, and I heard myself exclaim, "Oh s#*t!"

I was digging into how the Bush White House could have lost more than 5 million emails. One of the White House staffers testifying before Congress was a Susan Ralston, the assistant to then Deputy Chief of Staff Karl Rove. On Page 19, Line 10 of her testimony was this innocuous-seeming paragraph:

It may have been four or five times. I can't say specifically, but it seemed to be a number of times. Karl would get a new computer. He would lose a BlackBerry. Whenever this happened, there would be some conversation with the IS&T people about his mail file.

This was the first time I realized that smartphones could be a real security problem in the White House and within the federal government.

Later, when some BlackBerry devices were actually stolen from White House officials attending a leadership conference in New Orleans, it became clear that the whole secured smartphone thing was even more of a serious issue.

Although there was a hardened Windows CE smartphone, there were very few other truly military-grade smartphones back then. When Barack Obama was elected, we all found out about his fetish for mobile communications. In fact, some of my earliest articles for CNN were about President Obama's BlackBerry and the security implications.

There were other implications, which I reported in homeland security venues not available to you to read online. The biggest, of course, is that BlackBerry messaging traffic is managed by the very beleaguered and Research In Motion, a Canadian company. Running secure American government communication, especially messaging at the highest levels, through a non-American firm is a serious problem.

Back in 2007, smartphones were just beginning to be used outside the corporate world. Today, of course, smartphones are a force of nature. They're constant companions of almost anyone under the age of 40, and while they can waste a tremendous amount of time, they can also provide tremendous value for users.

This value can accrue to members of America's military, to our leaders, and anyone in government service. If collaborative communication makes us more effective and efficient, we certainly want to give our government officials every opportunity to practice effectiveness and become more efficient.

On the one hand, government agencies are feeling a pull to accept smartphones, simply because many of their employees have gone out and bought their own. On the other hand, to maintain operational security, the various agencies of the government need to control and secure all those little security nightmares wandering around.

And security nightmares they are. Are you ready for this? You better sit down and plant it, because it's breathtaking.

Back in 2008, when when I wrote about the stolen White House BlackBerry devices, I discussed how a BlackBerry of the time could hold about 64MB. I explained that that's the equivalent in strategic U.S. government information of about 28,000 printed pages of data, or seven complete sets of all seven Harry Potter novels.

Now, instead of 64MB of storage, your new iPhone can hold 64GB of storage. That's a thousandfold increase in storage in the space of, what, four years? So instead of being able to hold the text equivalent of seven sets of all seven Harry Potter novels, the typical high-end smartphone can hold seven thousand sets of all seven Harry Potter novels.

Instead of storing (and carrying to the neighborhood bar) the equivalent of strategic U.S. government information of about 28,000 printed pages of data, it's the equivalent of strategic U.S. government information of about 28 million printed pages of data. If you think about the level of harm the release of the Wikileaks cables caused, one smartphone filled with confidential information can contain vastly more information -- and cause even more harm.

So here we have a confluence of problems. First, we have the issue of running confidential messaging through messaging servers run by a company controlled by a foreign nation. Next, we have the issue of an absolutely mind-blowing amount of information that can be stored, exfiltrated, lost, or stolen, from every one of these little devices living in our pockets.

Those of you who are regular followers of my posts here on ZDNet Government know I have a substantial disdain for nearly all politicians. While I have little respect for the typical politician, I have an extremely high level of respect for members of the federal government security establishment. Almost every career government servant I've ever met who deals with government security is whip-smart, extremely capable, and highly thoughtful.

Some of those smart government servants are working on a security smartphone solution that is a genuinely good idea. Rather than relying on locked systems like Apple or BlackBerry, they've decided to rework the Android 3.0 kernel to make it secure enough for government work.

I'll let the GCN article tell you the details of the project. What I want to talk to you about is how good an idea this is.

It's not that the gov is using Android, it's that government developers are using an open-source operating system and building something accessible and under the control of government developers.

Android, on its own, is a fine OS. Built originally on the Linux kernel, we know that Linux can be nicely hardened. So it's clear that a modified Android kernel has the capability of being robust enough for secure government work.

So, technically, moving in this direction is a wise decision.

From a practical point of view, there are a lot of Linux and Android developers. So the government has a huge, ready pool of potential developers it can tap for maintenance and ongoing development.

For all the reasons that open source is good, using Android is also a better choice than the secure Windows CE platform currently used by some MIL-SPEC smartphones.

So, practically, moving in this direction is a wise decision.

Most important, though, a custom-built Android kernel means that American security officials can take charge of message traffic. No longer will American security messaging have to travel through BlackBerry servers.

So, from the perspective of national security, moving in this direction is a wise decision.

I applaud the teams from Google, George Mason University and the National Security Agency who are working on this project.

By contrast, can you imagine if the government had chosen Apple's iOS for their secure smartphone? Government officials wouldn't be able to even write a press release on their smartphones without mentioning unicorns and rainbows. Government productivity would grind to a halt, as if government decisions were made by politicians instead of professionals.

Oh, wait...

Editorial standards