Late last year we heard rumblings that the National Security Agency was testing Android phones for use on a secured network, and now we've got confirmation that this is indeed happening. One hundred customized Motorola Android phones are in use by various employees at the NSA as part of Project Fishbowl. The project is part of the agency's Mobility Program, a two-pronged approach to developing secure mobile solutions without sacrificing the user experience of the modern smartphone. The NSA also wants to shift away from costly government-developed systems to inexpensive off-the-shelf solutions, which is where the Android handsets come in.
Speaking at the RSA Conference in San Francisco, Margaret Salter, a technical director in the NSA’s Information Assurance Directorate, outlined the beefed-up phone: it runs a stripped-down version of Android with multiple layers of encryption, has a custom VoIP app, and a "police app" that logs everything done on the device. Salter didn't reveal much about the hardware, but based on the agency's wish list of features, it seems like there may be modifications at that level as well. The NSA hopes to use Project Fishbowl as a reference design for manufacturers to incorporate the systems the agency needs into consumer devices. This would allow the same off-the-shelf phone used by a civilian to be authorized for use on the NSA's secured network, which is the other side of the equation.
To make a call, users dial out using the VoIP app, which then sends encrypted data over any given carrier's data network. However, instead of routing directly to another device, the data goes through the NSA's servers to be verified, logged, and re-encrypted, before being sent back out to the data network and on to its destination. Just like its Android phones, the NSA is building this infrastructure with existing enterprise-level equipment.
All of the Mobility Program is still in its early stages, and the NSA has said it isn't necessarily tied to Android — the platform was selected because it was easy to modify — but it does think this system is the future for its mobile communications. The agency wants to develop a closed app distribution system, get secure VoIP working over Wi-Fi, and hopefully get industry partners on board before it's fully ready to rollout Project Fishbowl.