recommended reading

Pentagon Personnel Now Talking on 'NSA-Proof' Smartphones

Silicon Valley pioneer and Silent Circle co-founder Jon Callas holds up Blackphone with encryption apps displayed on it at the Computer History Museum in Mountain View, Calif.

Silicon Valley pioneer and Silent Circle co-founder Jon Callas holds up Blackphone with encryption apps displayed on it at the Computer History Museum in Mountain View, Calif. // Eric Risberg/AP

The Defense Department has rolled out supersecret smartphones for work and maybe play, made by anti-government-surveillance firm Silent Circle, according to company officials. 

Silent Circle, founded by a former Navy Seal and the inventor of privacy-minded PGP encryption, is known for decrying federal efforts to bug smartphones. And for its spy-resistant “blackphone.”

Apparently, troops don’t like busybodies either. As part of limited trials, U.S. military personnel are using the device, encrypted with secret code down to its hardware, to communicate “for both unclassified and classified” work, Silent Circle chairman Mike Janke told Nextgov.

In 2012, Janke, who served in the Navy’s elite special operations force, and Phil Zimmermann, creator of Pretty Good Privacy (PGP, in short), started Silent Circle as a California-based secure communications firm. The company is no longer based in the United States, ostensibly to deter U.S. law enforcement from seeking access to user records.

But that hasn’t stopped the Pentagon, a longtime Silent Circle apps customer, from buying the Android-based blackphone, which came out in 2014.

The “wild thing about it is, we’re a Swiss firm,” Janke said Monday. "Our phones aren’t produced in the U.S., but because of the fact that [DOD] can test our phone in a lab -- they can look at the code that’s open source -- they’ve been testing it for a year now and using it.”

The blackphone’s operating system and software options enable customers to essentially log in to the same phone under multiple personas, each with separate security restrictions. Specifically, a feature called “Spaces” insulates data activity in one profile from the actions happening in other compartments.

In effect, this means Facebook’s WhatsApp chat tool and family photos might be accessible on your personal space, while encrypted communications and classified maps might be available on your work space, Janke said. To move from one user profile to another, you would swipe the phone and put in a pin code.

DOD, not Silent Circle, configures the mobile email, private network, Web browser and other apps. The data flows through military servers and Silent Circle does not have access to the government’s encryption keys for unlocking secret messages.

“Your basic calls are encrypted and they run through device-to-device,” Janke said. “We can’t be evil. Neither can they.”

Federal authorities, particularly the FBI, have urged communications providers to install backdoors into their technology so that criminal activity can be monitored and stopped. The concern, they say, is that bad actors, including terrorists and pedophiles, are using encryption tools to mask their identities, whereabouts and illegal operations.

An undisclosed number of blackphones are “out in the field,” Janke said. DOD receives a discount off the $629 retail device by purchasing in bulk, just like Silent Circle’s corporate customer base, which includes at least one major U.S. oil company, Janke said. 

“We believe that encrypted and secure communications and devices are a given right whether you are working for DOD or you’re working for a human rights group in Botswana,” Janke said. “We speak out about governments of the world vacuuming up, abusing the privacy rights of their citizens, but we produce hardware and software that works for governments as well as human rights activists equally.”

Silent Circle sells services and products to many Fortune 500 companies concerned about intellectual property theft, as well as privacy-conscious citizens, but counts about 14 governments among its customer base.

On Monday, Defense officials declined to comment on specific brands that have been distributed to service members and referred to information that Pentagon Chief Information Officer Terry Halvorsen recently provided during a press briefing earlier this month.  

He said Defense personnel are using unclassified BlackBerry smartphones and a modified commercial Android-based phone configured for secret-level work.

A spokeswoman for the Defense Information Systems Agency, which oversees the Pentagon’s mobility program, said, “DISA’s top priority when it comes to secure mobile technology is producing enterprise capabilities that the entire DOD, as well as other federal agencies, can leverage.”

Another smartphone designed by veteran defense supplier Boeing, known as "The Black," also is vying for the military’s business. The Black looks and functions like a generic Android smartphone, but doubles as a top secret information system. The self-destructing phone can scan itself inside and out for signs of tampering and render itself inoperable if anything is amiss.

On Monday, Boeing officials said The Black is in production, but declined to comment on whether its phone is part of the program outlined by Halvorsen. The Black is NSA-approved to protect classified data and meets DOD's “National Information Assurance Partnership” standards, company spokesman Andy Lee said.

“Boeing Black is currently deployed to a number of defense and government customers,” he said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.