Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Government Security Windows Cloud Databases Encryption Microsoft Operating Systems Privacy Software United States News Build Hardware Technology Your Rights Online

NSA Suggested Clinton Use A $4,750 Windows CE PDA (arstechnica.com) 109

An anonymous reader writes from an article on Ars Technica: When former Secretary of State Hillary Clinton was pushing to get a waiver allowing her to use a BlackBerry like President Barack Obama back in 2009, the National Security Agency had a very short list of devices approved for classified communications. The General Dynamics' Sectera Edge and L3 Communications' Guardian were the two devices built for the Secure Mobile Environment Portable Electronic Device (SME PED) program. They were the only devices anyone in government without an explicit security waver (like the one the president got, along with his souped-up BlackBerry 8830) could use until as recently as last year to get mobile access to top secret encrypted calls and secure e-mail. At the time Clinton was asking for a phone, only the Sectera Edge was available (the Guardian was running behind in development) and it required multiple server-side and phone-side e-mail additions, desktop synchronization software, and other supporting products. The "Executive Kit" version of the Edge, priced for government purchase at $4,750, included: Type 1 Sectera Edge (GSM or CDMA) device plus: Executive Carry Case, Leather Holster Travel Charger, Red/Black USB Cables, Vehicle Charger, Earbud, Stylus 10-pack, microSD Card with User Manual, Spare Battery, Privacy Shield 4-pack, Antivirus Software, Apriva Email Client and Perpetual Rights fee and Office Suite for Windows CE.
This discussion has been archived. No new comments can be posted.

NSA Suggested Clinton Use A $4,750 Windows CE PDA

Comments Filter:
  • Use this device (Score:5, Insightful)

    by Threni ( 635302 ) on Friday March 18, 2016 @06:06PM (#51727475)

    It's totally safe; we totally can't hack it. Don't get one of those cheap devices, or an iPhone, because we'd be screwed.

    • by Anonymous Coward

      ..."naw...too expensive. To save that money, I'll just hire and IT guy, buy a server and some hosting services and to save even more money, I'll keep in a bathroom closet."

    • Yep because a gen 2 iPhone from 2009 was a pinnacle of corporate security right?

  • by Anonymous Coward on Friday March 18, 2016 @06:09PM (#51727495)

    "No.. I know better than the NSA. I'll use what *i* want and there's nothing you can do about it!"

    And so far... shes right about that last part..

    • The NSA spied on Hillary Clinton for a long time . . . and didn't like the stuff that they saw. So when she wanted something that would be even difficult for the NSA to crack . . . they said no. They wanted easy access to the stuff that she was doing.

      • I'm fuzzy on the whole 'Encryption is bad for the masses' thing.

        On the one hand, the politicians (advised by the NSA) remind us that "Encryption is Bad" for the proles, and it must be outlawed, or some have some kind of backdoor.

        And on the other hand, the NSA are advising what kind of devices people need to prevent their phonecalls/messages from being decrypted because "Encryption is Good" for the elite.

        But please tell me where the prole/elite line is drawn? Is there a law which sets out what kind
        • by PolygamousRanchKid ( 1290638 ) on Friday March 18, 2016 @08:04PM (#51728221)

          But please tell me where the prole/elite line is drawn? Is there a law which sets out what kind of person is Elite, and what kind is Prole. Are pop-stars elite? Or actors? Lawyers? Maybe just top Lawyers? Because I'm very interested in knowing about this line.

          If you have to ask . . . you don't belong . . .

        • by AHuxley ( 892839 )
          The NSA and GCHQ had two options to get to users. Privacy and anonymity could both be made collection friendly or one part could cover for the total loss of the another.
          The classic ideas was to gift the world tame, junk crypto standards that would revert to plain text for the NSA but be resistant to any in the middle attacks.
          That started to get more tricky into the 1980's. The GCHQ was also trying to collect all communications in and connecting to Ireland and did not want any advancements to network ano
  • by Anonymous Coward

    You don't really think they spend $5,000 on a toilet seat, do you?

    • by Sarten-X ( 1102295 ) on Friday March 18, 2016 @07:14PM (#51727879) Homepage

      I've worked for a government contractor before.

      Yes, the toilet seat costs $5,000.

      However, every last one of the $5,000 toilet seats will be free from unknown defects, meet the 20-page list of design requirements, fit every model of toilet the government requires (including those from other contractors who won't release their proprietary contracted design spec), be constructed from US-supplied materials by US workers, and every minute of each worker's time will be properly recorded and billed, including the time spent ensuring that the time was recorded correctly, and all of those details will be documented in the truckload of paperwork that accompanies each seat.

      That truck driver also gets paid.

      • by sycodon ( 149926 )

        I suspect that the cost of a toilet seat purchased by the government is an artifact of the same accounting methods that charge you $26 for a $.30 pill...if it's administered by a nurse in a hospital.

        • Re:Of course! (Score:4, Interesting)

          by guruevi ( 827432 ) <evi@sm o k i n g c u be.be> on Friday March 18, 2016 @09:34PM (#51728705) Homepage

          The toilet seat is a quote from a movie (Independence Day?) where the president becomes aware of a secret base (at Area 51 or something) and asks how they manage to keep it invisible to the presidents office and government budgets. The $5000 toilet seat is the answer.

      • I don't know why this is modded "funny" instead of "informative." Sarten nabbed every block on the Government-Contracting Bingo card except "woman-owned" (yes, a real thing).
    • Re:Of course! (Score:4, Informative)

      by Actually, I do RTFA ( 1058596 ) on Friday March 18, 2016 @09:59PM (#51728851)

      When you order 87 toilet seats that conform to the inside of a B2, you have to pay for all the tooling required to make the toilet. Which is usually amortized over hundreds of thousands of units.

      • by khallow ( 566160 )
        Yea, right. They wouldn't use the same manufacturing techniques as for large scale production. Even throwing in the costs of testing to milspec, they probably would have made significant profit at a tenth the price.
  • by barc0001 ( 173002 ) on Friday March 18, 2016 @06:20PM (#51727589)

    This totally sounds like the NSA's IT people were just being dicks for the sake of being dicks, and like in many companies, when a C level exec gets screwed around by red tape they step around it. I mean FFS, they have "too many Blackberries" to manage but the POTUS gets one and the Secretary of State does not?

  • by 14erCleaner ( 745600 ) <FourteenerCleaner@yahoo.com> on Friday March 18, 2016 @06:21PM (#51727595) Homepage Journal
    Damn, no wonder it was so expensive.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      the edge was so expensive because it's basically two phones jammed in one shell - one that never touches an unsecure network or unsigned anything and another that's just a phone.

      Literally the majority of the subsystems are physically separated. Easiest and dumbest way to do it. That's why the thing was so heavy and unwieldy

  • Guess the next POTUS will be using an iPhone 7 - assuming Tim Cook prevails in the fight against the very government looking for approved devices. I guess too secure is a problem, no?

  • by Anonymous Coward

    Could we please not have US political party bickering fucktardation on slashdot? Go back to Fox News, maybe someone there gives a fuck about this artificial piece of who-gives-a-shit non-news brainfart.

  • by fuzzyfuzzyfungus ( 1223518 ) on Friday March 18, 2016 @06:29PM (#51727647) Journal
    I'm having trouble locating the exact requirements the device had to fulfill to satisfy the SME PED program; but depending on what levels of physical tamper resistance and software quality assurance were involved, $4,750/unit for a fairly low volume device might actually be a pretty decent price.

    Mainstream winCE devices were pretty much extinct, or in the later stages of twitching and gasping, by 2009; but as a point of comparison you could find yourself spending ~$500 for a high-end Pocket PC device back in the 2005ish period, sometimes without any sort of cellular connectivity and obviously without the SCIF mode and keyfill ports and stuff. Prices for equivalent hardware had certainly fallen in the mass market by 2009; but I'm guessing that this thing's development time left it with hardware much more akin to that of older models than to that of whatever cellphones were hot off the presses in 2009.

    If the requirements were more about knowing how to land contracts and tick feature checkboxes, then the price is on the high side. If the "trusted" label on various parts of the device, and whatever modifications to stock WinCE were necessary to get safe coexistence of the high and low security sides of the device, imply a substantial amount of very exacting software development; then I'm actually more surprised that they cost that little.

    Anyone know how these are supposed to stack up in EAL/CC/FIPS140-2 terms or any other measures that would be more helpful in drawing comparisons than membership in a group that only one other device was ever part of?
    • by whoever57 ( 658626 ) on Friday March 18, 2016 @06:49PM (#51727739) Journal

      I'm having trouble locating the exact requirements the device had to fulfill to satisfy the SME PED program; but depending on what levels of physical tamper resistance and software quality assurance were involved, $4,750/unit for a fairly low volume device might actually be a pretty decent price.

      Perhaps the requirements are based on campaign contributions from the seller?

      In this case, $4,750 is an utterly trivial amount to secure the communications of a secretary of state. It's a fraction of the price of a Vertu phone.

    • by guruevi ( 827432 )

      I can guarantee you that this was a stock phone with all the tick boxes checked and an assurance from earty 2000 Microsoft that it was as or more secure than their Desktop version of Windows. Any hacker worth their salt could've eaten that phone's content for breakfast as there was no such thing yet as native disk encryption for Windows phones (that has only been available for ~5y now and still doesn't work properly).

  • I know this phone (Score:5, Interesting)

    by Verdatum ( 1257828 ) on Friday March 18, 2016 @07:17PM (#51727903)
    I worked in mobile telecom in 2009, I wrote code for Mobile Switching Centers (MSCs). We purchased that Windows Phone to verify that our equipment properly handled everything needed to allow all the protocols to work as required. The phone was just horrible. It was extremely unfriendly to use, it devoured batteries, and it had effectively zero application development going on for it. I seem to recall the hardware aspects of it were at least pretty sturdy.
    • and it had effectively zero application development going on for it.

      I seem to recall that this was less than a year after the concept of applcation development actually became a thing. We're talking about a the year after the very first iPhone came out. Prior to that the idea of an "app" was non-existent and that's hardly a Windows phone's fault. I remember it being a pain in the arse phone, but a decent sort of calendar which was easy enough to use.

      • You are correct in that there wasn't much of an "app" as Apple wants you to think of it. But "applications" predates "app" by decades; it is synonymous with "program". The point is, there were almost none. Keep in mind, this was EIGHT YEARS after the development of Windows CE, which the phone of the time was based upon. That entire time, MS happily released the SDK to allow programs written for it. Appstore or no, no-one bothered to write for it, and that was an unfortunate clash to the realm of Windows Des
  • by PPH ( 736903 )

    And then they hit you up for the optional extended warranty.

    Covers you for parts and labor beyond the current administration's term.

  • ...for the Secretary of State? As I've read this on Slashdot (which means I read some of the summary and comments, so I'm probably way off), I seem to remember that they only offered this phone and it was expensive.

    First of all, does she have to buy it personally? That seems dumb, the Secretary of State is #4 in the line of succession and usually one of the highest profile members of the Federal Government and a phone using whatever's necessary to secure her communications isn't just standard?

    I would thin

  • State would have bought it for her, and she didn't want it. It's not like she couldn't have approved the expense.

  • What's a security waver? Does it move it up and down, or from side to side?

  • There are monthly news of publicly available iOS and Android exploits that give attacker access to device data, location and microphone. NSA itself snooped on cell phone of German head of state. Do we really want a likelihood that foreign intelligence agencies and even resourceful journalists are able to eavesdrop on everything top US government officials do? And the newer and "smarter" a technology is, the harder it is to be confident that it doesn't contain security weaknesses. Windows CE was probably the

  • could use until as recently as last year to get mobile access to top secret encrypted calls and secure e-mail

    Good thing they're trying to outlaw encryption! The Government will save so much money by no longer needing secured devices.

If you think the system is working, ask someone who's waiting for a prompt.

Working...