These days, NSA's Commercial Solutions for Classified program[1] addresses a lot of these sorts of secure mobility use cases.<p>The underlying design principle behind CSfC is that the CNSA algorithms[2], when properly implemented are good enough to protect information classified up to TOP SECRET on their own. However, there's still a risk of exposure due to broken implementations, active exploitation or operational error.<p>To mitigate this, CSfC's "capability packages" (reference architectures) typically use two or more cryptographic layers of different provenance to reduce the risk that a vulnerability in one layer could be used to compromise the whole solution. For a VPN for example, they will use two tunnels; an inner tunnel using a solution from one vendor, and an outer tunnel from another.<p>There are other considerations apart from cryptography. They also specify the use of "retransmission devices" (mifi routers, basically) in favour of native cellular capability, presumably to mitigate the risk of a cellular baseband exploit being used to compromise a classified handset.<p>[1] <a href="https://www.nsa.gov/Resources/Commercial-Solutions-for-Classified-Program/" rel="nofollow">https://www.nsa.gov/Resources/Commercial-Solutions-for-Class...</a><p>[2] <a href="https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite" rel="nofollow">https://en.wikipedia.org/wiki/Commercial_National_Security_A...</a>
It's so strange to me how little information there is on the internet about how the BlackBerry really worked.<p>Other phone OSes, both modern ones like iOS and Android, as well as ancient ones like Symbian or even the Nokia 3310 firmware, have their internals well described. All I could find about the BlackBerry was that it used some Java-based OS, but no detailed information about its architecture, conventions, file system layouts, security properties or technical capabilities seems to be available. The communications protocols are just as mysterious, especially on the phone-to-server side. I know it required some kind of carrier integration to work, which makes me think it wasn't just a bog-standard connection over TCP/IP, but I have no idea what it actually was.<p>There's some information in BlackBerry programming books, which can still be found in the "usual places", some old BlackHat presentations, which seem to mostly focus on the enterprise server component, as well as some company history and brief descriptions of the technical choices made in "Losing the Signal", but that's about it. Even Nintendo's OS is understood much more widely, despite Nintendo being much more secretive and litigious.
Some dead linked content in TFA is resurrectable courtesy of archive.org (though I had to dig a bit, which is why I'm sharing):<p>Dubya's Sectera Edge, a BlackBerry-esque Ultra Secure PDA phone:<p><a href="https://web.archive.org/web/20120922044930/http://www.gdc4s.com/sectera-edge-(sme-ped)-proddetail.html" rel="nofollow">https://web.archive.org/web/20120922044930/http://www.gdc4s....</a><p>Product eventually deprecated in September, 2015:<p><a href="https://web.archive.org/web/20150926124453/http://www.gdc4s.com/sectera-edge-(sme-ped)-proddetail.html" rel="nofollow">https://web.archive.org/web/20150926124453/http://www.gdc4s....</a><p>The link finally died with a site redesign in Jan 2016:<p><a href="https://web.archive.org/web/20160131082757/http://www.gdc4s.com/sectera-edge-(sme-ped)-proddetail.html" rel="nofollow">https://web.archive.org/web/20160131082757/http://www.gdc4s....</a><p><i>Original (now deceased) link: <a href="http://www.gdc4s.com/sectera-edge-(sme-ped)-proddetail.html" rel="nofollow">http://www.gdc4s.com/sectera-edge-(sme-ped)-proddetail.html</a></i><p>P.s. The device was somewhat comically proportioned, with thick antenna and bezels, haha: <a href="https://gdmissionsystems.com/-/media/general-dynamics/cyber-and-electronic-warfare-systems/images/secure-voice/edge-unclassified-2010-full-image.ashx?h=800&w=456&la=en&hash=3517E8C5E64D32A23423376CA5EAA1E2" rel="nofollow">https://gdmissionsystems.com/-/media/general-dynamics/cyber-...</a><p>A teardown and chip analysis would be interesting! Though I imagine these devices aren't easy to come by?
I remember encountering one of these secure gov blackberry setups approximately one decade ago. The contractor who managed it up had some deep institutional knowledge. He was probably going to do that one job for the rest of his career until retirement.
(2013) Discussion at the time (83 points, 32 comments) <a href="https://news.ycombinator.com/item?id=6615066">https://news.ycombinator.com/item?id=6615066</a>
As a completely random aside the article mentions "This company was founded in October 2008 by W. Steven Garrett, who took the name from an item used in the 1986 computer game The Legend of Zelda." To my knowledge I don't think TLoZ had an item called a "genesis key." It has a "magic key" and the only references I could find for "the genesis key" on Google are a book that was published after the company was founded?
> On March 16, 2016, AP reported that in February 2009, secretary of state Hillary Clinton also wanted a secured BlackBerry like the one used by Obama, but that NSA denied that request. A month later, Clinton began using a private server, located in the basement of her home, to exchange e-mail messages with her top aides through her regular, non-secure BlackBerry. Later it came out that this rather risky solution was also used for sensitive messages.<p>A good reminder how IT departments need to provide solutions that actually work and are accessible to everyone. If not, "shadow IT" will emerge, rather sooner than later.<p>And Clinton was Secretary of State, not some low level clerk.
All seems rather cute when these days you can just chat about classified stuff with whoever you like on your presumably unsecured phone.<p>And then have an unsecured internet line connected to an unsecured computer in your Pentagon office[1]<p>[1] <a href="https://abcnews.go.com/Politics/hegseth-signal-app-connected-dirtly-line-computer-pentagon/story?id=121142551" rel="nofollow">https://abcnews.go.com/Politics/hegseth-signal-app-connected...</a>
I'm increasingly of the belief that modern governments have lost all advantage in the space of security hardware and software. They only have OpSec and a monopoly on violence to leverage in order to have an improved security situation over the public sector.<p>They don't seem to be using that OpSec superiority effectively right now.<p>I work public-sector in supply chain security and I am terrified that the situation we currently have in the corporate world is actually the best there is.
And now we have our top defense officials using a fork of Signal which sends copies of messages to a third party.<p><a href="https://www.404media.co/mike-waltz-accidentally-reveals-obscure-app-the-government-is-using-to-archive-signal-messages/" rel="nofollow">https://www.404media.co/mike-waltz-accidentally-reveals-obsc...</a>
<a href="http://archive.today/LyWDy" rel="nofollow">http://archive.today/LyWDy</a>