1. 54

  2. 8

    This feels like a dumb question, but does anyone have the power to do any of this forcefully? We are used to situations where if someone needs security clearances and restrictions or they will be fired.

    1. 16

      It was recently pointed out to me that many of our high-level political and government processes are based on behavioral norms and traditions, not laws. In the past, I suspect the president has taken security at least somewhat seriously because that is what has been expected and that is what his predecessors have done. Not to imply that things have worked perfectly, of course.

      This sort of “soft” pressure will never be perfect, but it can be good enough. For example, I recall that Obama resisted giving up his Blackberry, but did so once the situation was made clear to him and an alternative was offered.

      On the other hand, whatever you think of him, Trump seems relatively unswayed by convention and tradition, and without these there may be no way to force him to do much of anything.

      1. 4

        The people that do the arrests are in the Executive branch. The President controls them. Interference by others could be blocked on grounds of national security given we’re talking about classified information and systems.

      2. 11

        Off topic. Right.

        1. [Comment removed by author]

          1. 12

            Whoever flagged it probably did so because of what happens when political articles show up on these types of sites. The Hacker News and Schneier versions of the article turned into a pile of political bullshit that drowned out any relevant information. I quit reading both because the noise was too high to be worth whatever info was in it. The small number of comments this site attracts reduces that risk a lot. Yet, it’s still there and some people in meta discussions said they prefer to keep that content off this site. I’m neutral on the issue given the potential importance vs commenting risk doesn’t have clear answer for me in terms of whether I should censor it.

            Far as this article, the only actionable information is that the NSA should handle it. They have the ability between Green Hills, Galois, seL4 Systems, Rockwell, and private payment to Samsung. Samsung already has experience with two of those. They could give him an interim virtualization solution that keeps the personal stuff away from the private stuff with important crypto for the private stuff. Write drivers in SPARK or Astree-analyzed C. Use MILS-style partitioning for anything that’s shared. All in same form factor with same software with just a button press or something for trusted path to switch between them. Still not good enough to stop nation states but won’t be ridiculously insecure. I’d add a network and EM monitoring solution on top of it that someone following him could carry around with them.

            1. 48

              Lobsters threads consistently leap right over the political discussion into the meta-discussion of what political discussion is worthwhile or acceptable.

            2. 18

              This is an article written by a CS Ph.D working at ICSI ( http://www1.icsi.berkeley.edu/~nweaver/ ) on computer security, covering an interesting and topical issue in mobile security and national defense. And somehow it’s “off topic”.

          2. 2

            I think as the POTUS he would have the resources to have any version of Android he damn well pleases installed on his phone, I don’t think this guy waits around for his carrier to upgrade his OS.

            Edit: Also I don’t think he’s keeping his phone, he’s apparently getting a “Secret Service Verified Phone”: https://techviral.com/donald-trump-ditches-android-smartphone/

            1. [Comment removed by author]

              1. 3

                I hate to get into this because the whole point of the above comments by nickpsecurity and vyodaiken isn’t that political topics are intrinsically off-topic, it’s just that we can’t seem to get into them without devolving into sub-threads like this which are off-topic.

                However, I’m genuinely confused, how is the quote you mentioned a jab? Steve Bannon, who runs Breitbart, is in the white house and purportedly part of Trump’s inner circle. Watering hole attacks are well documented and given Bannon’s presence it sounds pretty likely Trump might at some point want to visit that site?

                1. [Comment removed by author]

                  1. 5

                    Breitbart is considered… to be bunch of fake news

                    Breitbart does not rise to the level of fake news. Breitbart is Nazi propaganda. Claiming otherwise makes you look either incredibly bigoted or unbelievably uninformed; pick your poison.

                    virtue signaling

                    Nobody has ever used this phrase in good faith. If you intend to be arguing in good faith, make a comment that amounts to more than “people don’t like Nazis and that’s unfair”.

                    at least he did not get owned yet

                    How do you know?

                    1. 6

                      Breitbart does not rise to the level of fake news. Breitbart is Nazi propaganda.

                      Proof? The Nazis were truly evil, claims like these trivialize the word.

              2. 1

                Evading the political high voltage issues: the conjunction of our deliberately insecure consumer phones becoming essential communication devices, the general insecurity of the commercial internet, and the atrocious insecurity of government IT, is a serious problem. I don’t see what technical issue would prevent phones from having an l.e.d. indicator of audio or video input at the very least - but that’s not congruent with the “gather all data” business model of the phone companies and internet companies. And from Wikileaks, to the compromise of the justice department email system (the one Hillary Clinton “should” have used), to OPM breach, to Snowden, to that guy who brought home terrabytes of NSA data …. - it’s not clear that an insecure handset makes things any worse.