Pentagon official worries about implications of British hacking scandal

The British phone hacking scandal demonstrates the need for fortified consumer smartphones that block call interceptions, said the U.S. Joint Chiefs of Staff vice chairman, noting that the Pentagon pays a pretty pound for such technology today.

While there is no evidence that reporters at the now-defunct News of the World tabloid eavesdropped on stateside mobile phones, U.S. citizens' wireless devices are penetrable by adversaries or unscrupulous journalists, Gen. James E. Cartwright told reporters July 14 after the Defense Department announced a new cybersecurity operational strategy.

Cartwright was less upset about the military repercussions of the alleged misconduct entangling Rupert Murdoch's news empire than the danger to the U.S. economy posed by most cellphones' vulnerability to industrial espionage and malicious activity.

"It did worry me, and it does worry me; more from the standpoint that, to date, industry, in the chip sets that we use in our displays, the chip sets that we use in our phones, our other endpoint devices, don't -- are not currently configured to encrypt," he said in response to a question about whether he was concerned by the wiretapping affair, given the U.S. military's recent experiments with soldiers using smartphones.

"Today, we pay a premium price to do that in the military," Cartwright said, referring to the special phones the military has ordered for classified conversations.

The BlackBerry-like Secure Mobile Environment Portable Electronic Devices that are certified by the Defense's National Security Agency for Top Secret communications with the president cost $3,150, said Warren Suss, president of Suss Consulting, a government adviser.

General Dynamics, the federal contractor providing the phones, is experimenting with a sleeve for commercial smartphones based on Google's Android operating system that would add a level of encryption somewhere between the security available on a government-issued handheld device and a SMEPED, he added.

Neighborhood Best Buys do not carry SMEPEDs or call-safety sleeves yet. But Cartwright said the protection of cellphones is "something that we're going to have to start to think our way through, because I think now the average citizen is starting to look for more secure ways to communicate and wants the opportunity to do that."

Eventually, cryptophones would cost less than a 3-D plasma television.

The reason for the steep cellphone pricing is that the Defense Department's user base is too narrow to cover the high cost of research and development, Suss said. If most American consumers bought the same products, then "the economics would change dramatically and the price point would be barely perceptible compared to today's devices," he said.

Demanding that stores stock shelves with secure smartphones could generate political opposition, however.

"There's a strong thrust in our country to allow the commercial sector to proceed uninhibited, and here we're running up against a conflict between a national security issue and a concern for overregulation," Suss said. He cited the uproar over a recent White House proposal to police computer networks that support power, financial and other critical services.

General Dynamics officials said the Pentagon awarded the firm a contract for the SMEPED devices, which are as branded Sectéra Edge, in 2005.

Unlike traditional PDAs that "use commercial, software-based encryption, the Sectéra Edge uses NSA-approved hardware and software technologies which provide comprehensive security to protect voice conversations, network access, email, file sharing, government websites" and other data, said Michael Guzelian, General Dynamics vice president for secure voice and data products.

He would not specifically comment on the trial Android sleeve but said, "Our government users expect their work devices to offer the same digital experience they have with their personal devices -- without compromising security. We are currently prototyping several solutions that will deliver both security and commercial functionality at a lower cost."