NSA Suggested Clinton Use A $4,750 Windows CE PDA (arstechnica.com) 109
An anonymous reader writes from an article on Ars Technica: When former Secretary of State Hillary Clinton was pushing to get a waiver allowing her to use a BlackBerry like President Barack Obama back in 2009, the National Security Agency had a very short list of devices approved for classified communications. The General Dynamics' Sectera Edge and L3 Communications' Guardian were the two devices built for the Secure Mobile Environment Portable Electronic Device (SME PED) program. They were the only devices anyone in government without an explicit security waver (like the one the president got, along with his souped-up BlackBerry 8830) could use until as recently as last year to get mobile access to top secret encrypted calls and secure e-mail. At the time Clinton was asking for a phone, only the Sectera Edge was available (the Guardian was running behind in development) and it required multiple server-side and phone-side e-mail additions, desktop synchronization software, and other supporting products. The "Executive Kit" version of the Edge, priced for government purchase at $4,750, included: Type 1 Sectera Edge (GSM or CDMA) device plus: Executive Carry Case, Leather Holster Travel Charger, Red/Black USB Cables, Vehicle Charger, Earbud, Stylus 10-pack, microSD Card with User Manual, Spare Battery, Privacy Shield 4-pack, Antivirus Software, Apriva Email Client and Perpetual Rights fee and Office Suite for Windows CE.
Use this device (Score:5, Insightful)
It's totally safe; we totally can't hack it. Don't get one of those cheap devices, or an iPhone, because we'd be screwed.
Hillary said... (Score:1)
..."naw...too expensive. To save that money, I'll just hire and IT guy, buy a server and some hosting services and to save even more money, I'll keep in a bathroom closet."
Re: (Score:2)
Yep because a gen 2 iPhone from 2009 was a pinnacle of corporate security right?
Re: (Score:1)
I wasn't expecting a response as lame as that.
And clinton said... (Score:5, Insightful)
"No.. I know better than the NSA. I'll use what *i* want and there's nothing you can do about it!"
And so far... shes right about that last part..
Re: (Score:1)
The NSA spied on Hillary Clinton for a long time . . . and didn't like the stuff that they saw. So when she wanted something that would be even difficult for the NSA to crack . . . they said no. They wanted easy access to the stuff that she was doing.
Re: (Score:3)
On the one hand, the politicians (advised by the NSA) remind us that "Encryption is Bad" for the proles, and it must be outlawed, or some have some kind of backdoor.
And on the other hand, the NSA are advising what kind of devices people need to prevent their phonecalls/messages from being decrypted because "Encryption is Good" for the elite.
But please tell me where the prole/elite line is drawn? Is there a law which sets out what kind
Re:And clinton said... (Score:5, Insightful)
But please tell me where the prole/elite line is drawn? Is there a law which sets out what kind of person is Elite, and what kind is Prole. Are pop-stars elite? Or actors? Lawyers? Maybe just top Lawyers? Because I'm very interested in knowing about this line.
If you have to ask . . . you don't belong . . .
Re: (Score:2)
The classic ideas was to gift the world tame, junk crypto standards that would revert to plain text for the NSA but be resistant to any in the middle attacks.
That started to get more tricky into the 1980's. The GCHQ was also trying to collect all communications in and connecting to Ireland and did not want any advancements to network ano
Of course! (Score:1)
You don't really think they spend $5,000 on a toilet seat, do you?
Re:Of course! (Score:5, Funny)
I've worked for a government contractor before.
Yes, the toilet seat costs $5,000.
However, every last one of the $5,000 toilet seats will be free from unknown defects, meet the 20-page list of design requirements, fit every model of toilet the government requires (including those from other contractors who won't release their proprietary contracted design spec), be constructed from US-supplied materials by US workers, and every minute of each worker's time will be properly recorded and billed, including the time spent ensuring that the time was recorded correctly, and all of those details will be documented in the truckload of paperwork that accompanies each seat.
That truck driver also gets paid.
Re: (Score:2)
I suspect that the cost of a toilet seat purchased by the government is an artifact of the same accounting methods that charge you $26 for a $.30 pill...if it's administered by a nurse in a hospital.
Re:Of course! (Score:4, Interesting)
The toilet seat is a quote from a movie (Independence Day?) where the president becomes aware of a secret base (at Area 51 or something) and asks how they manage to keep it invisible to the presidents office and government budgets. The $5000 toilet seat is the answer.
Re: (Score:2)
They last 50 years and the government was only planning to keep a hundred or so of the planes... So a contractor had to build, set up and tear down an industrial mold for a production run of 20 units. That gets expensive.
Tear down? You mean dismount the mold from the injection machine? SO HARD it might take four or even six bolts!
Re: (Score:2)
Yes, six bolts... And a person using a wrench, and a supervisor to assign the task and manage the person with the wrench, and a contract manager to ensure that the job was done, and a material supervisor to take the government-funded mold and ship it to a government storage facility, and of course that truck driver, too, and the accountants to make sure all of the costs are properly documented.
It'd be a lot cheaper if the government didn't require contracts to be so thorough, but in an effort to completely
Re: (Score:2)
Re:Of course! (Score:4, Informative)
When you order 87 toilet seats that conform to the inside of a B2, you have to pay for all the tooling required to make the toilet. Which is usually amortized over hundreds of thousands of units.
Re: (Score:2)
Re: (Score:2)
This. I work in aerospace. We turn a 10 cent screw into a $10 screw because of the QA, Flam & Cert needed. You don't even want to know how much a sticker that says No Smoking costs to put on an airplane.
Be glad it's this way. You don't want to be stuck in a metal tube with fire.
Re: (Score:2)
Re: (Score:3)
It already had the NSAKEY built in...
Re:So, Fuck You , Then (Score:5, Interesting)
Yeah, pretty much. Couldn't she have escalated to Obama, though?
"Hi Barak, can you tell me how you got your BB? Cause the NSA is making me WinCE"
Re:So, Fuck You , Then (Score:5, Informative)
She had her personal server already set up before this whole thing with the NSA.
The personal email server was clearly about avoiding FOIA requests and not a reaction to the NSA refusing to give her an expensive device.
I'd post links in support of my claims, but last time I posted about Hillary and email with lots of references, I got moderated Troll. So I'll just post it anonymously without references.
Re:So, Fuck You , Then (Score:4, Interesting)
She had her personal server already set up before this whole thing with the NSA.
The personal email server was clearly about avoiding FOIA requests and not a reaction to the NSA refusing to give her an expensive device.
I'd post links in support of my claims, but last time I posted about Hillary and email with lots of references, I got moderated Troll. So I'll just post it anonymously without references.
I have as well and not only on this forum. But why not post refs even if you're anon?
Re: (Score:1)
why not post refs even if you're anon?
Just angry, I guess. I never troll... that's deliberately wasting other peoples' time and I don't think that's funny. Being falsely slapped down for trolling makes me less willing to go the extra mile and write solid posts with references.
But I'll start pretending to be a grownup again. Here are some references.
"clintonemail.com" was registered on January 13 2009, 8 days before she was confirmed as Secretary of State.
https://sharylattkisson.com/hillary-clintons-email [sharylattkisson.com]
Uh, why respect personal email? (Score:2, Insightful)
Clinton didn't want to read her email on a computer in her SCIF...she wanted her BlackBerry. It was good enough for everyone else in the government, but it wasn't good enough for her.
Re: (Score:3)
Clinton didn't want to read her email on a computer in her SCIF...she wanted her BlackBerry. It was good enough for everyone else in the government, but it wasn't good enough for her.
Apparently a BlackBerry was good enough for the president -- what's not clear is why it wasn't good enough for the secretary of state.
POTUS SecState (Score:2)
The math is simple. Even the VP is more important than SecState.
Re:Uh, why respect personal email? (Score:5, Insightful)
A BlackBerry was *not* good enough for the President. A one-off highly modified, custom device that looks and mostly works like BlackBerry was.
I think the NSA was like: "We hated doing this, but if the President gets this, we can at least get away with saying it is a one-off. If we give it to Clinton, every cabinet member and every person who thinks they are as important as a cabinet member is going to want one. Also, the President is our boss and we have to kiss his ass. She's not our boss, so fuck her entitled ass."
Secure equipment is no joke. It's understandable that no one wants a shitty, overpriced Windows CE phone, but it would be even more expensive to just ignore the program and give everyone what they want, creating one-offs for whoever. These are supposed to be civil *servants*.
Re: (Score:1)
... it would be even more expensive to just ignore the program and give everyone what they want...
Maybe, it depends. Spending extra on equipment can allow people to work more efficiently. If she's already familiar with a BB (which I think was the reason mentioned in a previous article) then it could actually save time (read: money) to give her one. Rather than having her have to be trained/learn to use a new device, and then take a lot of time to get comfortable with it.
Our civil servants, especially at that level, should get special perks if it makes them better able to do their job. I doubt Obama has
Re: (Score:2)
Re: (Score:3)
Why doesn't the US government spec out a secure phone? They can specify the hardware and software and ensure it meets all their needs perfectly. And then have some (friend of the government) contractor make half a million of them (for a high price).
The FBI seems to think that iPhones are completely unhackable even with all of the resources of the US government, so that might be a good place to start.
Re: (Score:3)
Re: (Score:2)
I'm no fan of Clinton, but (Score:5, Interesting)
This totally sounds like the NSA's IT people were just being dicks for the sake of being dicks, and like in many companies, when a C level exec gets screwed around by red tape they step around it. I mean FFS, they have "too many Blackberries" to manage but the POTUS gets one and the Secretary of State does not?
Re: (Score:2)
TWO USB Cables? (Score:5, Funny)
Re: (Score:2, Informative)
the edge was so expensive because it's basically two phones jammed in one shell - one that never touches an unsecure network or unsigned anything and another that's just a phone.
Literally the majority of the subsystems are physically separated. Easiest and dumbest way to do it. That's why the thing was so heavy and unwieldy
Re: (Score:3, Funny)
Honestly, I'd rather just have 2 phones, like a drug dealer.
Re: (Score:2)
Oh please (Score:1)
Could we please not have US political party bickering fucktardation on slashdot? Go back to Fox News, maybe someone there gives a fuck about this artificial piece of who-gives-a-shit non-news brainfart.
Re: (Score:2)
Forgive my for being naive, but when did the terrorists break into her email?
That might actually be pretty impressive... (Score:5, Insightful)
Mainstream winCE devices were pretty much extinct, or in the later stages of twitching and gasping, by 2009; but as a point of comparison you could find yourself spending ~$500 for a high-end Pocket PC device back in the 2005ish period, sometimes without any sort of cellular connectivity and obviously without the SCIF mode and keyfill ports and stuff. Prices for equivalent hardware had certainly fallen in the mass market by 2009; but I'm guessing that this thing's development time left it with hardware much more akin to that of older models than to that of whatever cellphones were hot off the presses in 2009.
If the requirements were more about knowing how to land contracts and tick feature checkboxes, then the price is on the high side. If the "trusted" label on various parts of the device, and whatever modifications to stock WinCE were necessary to get safe coexistence of the high and low security sides of the device, imply a substantial amount of very exacting software development; then I'm actually more surprised that they cost that little.
Anyone know how these are supposed to stack up in EAL/CC/FIPS140-2 terms or any other measures that would be more helpful in drawing comparisons than membership in a group that only one other device was ever part of?
Re:That might actually be pretty impressive... (Score:4, Informative)
Perhaps the requirements are based on campaign contributions from the seller?
In this case, $4,750 is an utterly trivial amount to secure the communications of a secretary of state. It's a fraction of the price of a Vertu phone.
Re: (Score:1)
I can guarantee you that this was a stock phone with all the tick boxes checked and an assurance from earty 2000 Microsoft that it was as or more secure than their Desktop version of Windows. Any hacker worth their salt could've eaten that phone's content for breakfast as there was no such thing yet as native disk encryption for Windows phones (that has only been available for ~5y now and still doesn't work properly).
I know this phone (Score:5, Interesting)
Re: (Score:2)
Re: (Score:2)
and it had effectively zero application development going on for it.
I seem to recall that this was less than a year after the concept of applcation development actually became a thing. We're talking about a the year after the very first iPhone came out. Prior to that the idea of an "app" was non-existent and that's hardly a Windows phone's fault. I remember it being a pain in the arse phone, but a decent sort of calendar which was easy enough to use.
Re: (Score:2)
$4,750 (Score:2)
And then they hit you up for the optional extended warranty.
Covers you for parts and labor beyond the current administration's term.
Isn't a secure smartphone just standard equipment? (Score:2)
...for the Secretary of State? As I've read this on Slashdot (which means I read some of the summary and comments, so I'm probably way off), I seem to remember that they only offered this phone and it was expensive.
First of all, does she have to buy it personally? That seems dumb, the Secretary of State is #4 in the line of succession and usually one of the highest profile members of the Federal Government and a phone using whatever's necessary to secure her communications isn't just standard?
I would thin
Cost is irrelevant (Score:2)
State would have bought it for her, and she didn't want it. It's not like she couldn't have approved the expense.
security waver (Score:2)
What's a security waver? Does it move it up and down, or from side to side?
Shut up and paint (Score:2)
There are monthly news of publicly available iOS and Android exploits that give attacker access to device data, location and microphone. NSA itself snooped on cell phone of German head of state. Do we really want a likelihood that foreign intelligence agencies and even resourceful journalists are able to eavesdrop on everything top US government officials do? And the newer and "smarter" a technology is, the harder it is to be confident that it doesn't contain security weaknesses. Windows CE was probably the
Good thing they're trying to outlaw it! (Score:2)
Good thing they're trying to outlaw encryption! The Government will save so much money by no longer needing secured devices.